Home   FAQs   New Arrivals   Specials   Pricing & Shipping   Location   Corporate Services   Why Choose Bookware?  
Call our store: 9955 5567 (from within Sydney) or 1800 734 567 (from outside Sydney)
 View Cart   Check Out   
Browse by Subject
 TAFE Accounting
 TAFE I.T./Computing
 TAFE - Other
 Windows 8
 Adobe CS6
 CCNA 2012
 CCNP 2012
 Web Design
 Project Management
 Mobile Devices
 Windows Server 2012
 SQL Server 2012
Economics and Business
 Business Information Systems
 Human Resources

Security and Data Protection for SAP Systems

by: Werner Hornberger, Jurgen M. Schneider, Jason M. Miskuly (Translator), J·gen Schneider

Notify me when in stock

On-line Price: $91.95 (includes GST)

Paperback package 352

13%Off Retail Price

You save: $14.00

OUT OF PRINT. But we may be able to find a copy for you! Please contact Bookware customer service for availability.

Retail Price: $105.95

Publisher: ,Dec-2001

Category: SAP Level: I/A

ISBN: 0201734974
ISBN13: 9780201734973

Add to Shopping Cart


      As SAP systems grow more closely integrated with the open environment of the internet, the effective use of SAP security and data protection functions has become an essential focus of corporate attention. Security and Data Protection with SAP Systems offers a complete overview of SAP security functions and their place in a company-wide security policy. It also covers the fundamentals of data protection and their global implementation with mySAP.com, SAP Business Warehouse and R/3.

  Written by two of SAP's foremost security professionals, and focusing strongly on practical measures, Security and Data Protection with SAP Systems provides a unique guide to best practice in this vital field.

  Contents include:

  Basic principles of enterprise security

Security in SAP systems and the SAP system landscape

mySAP.com -- security and data protection on the Internet

Basic principles and goals of data protection

Data protection and the law

The role of the data protection officer

The special role of the administrator

Remote support

Data protection and the SAP Business Information Warehouse



                  Author Bio

  Werner Hornberger has been the data protection officer at SAP AG since 1994. Jurgen Schneider has been SAP's director of development for security functions since 1997.


Table of Contents



      1. Enterprise security.


  Breaking out on to the internet.

Security controversies.

      Guidelines for security and data protection.

  Minimalists and maximalists.


      Security management.

  Security process.

      Security services in IT systems.

  General protection goals.

Security services.

              2. Security in the SAP System.

  User management.

  User master records.

Maintaining user master records.

Locking users.

      User authentication.

  Rules for password protection.

Monitoring adherence to password rules.

      Authorization concept.

  Authorization objects, authorizations, and roles.

Authorization check.

Authorization maintenance.

Creating the authorization concept.

      Data integrity and confidentiality.

  Transaction and posting concept.

Encryption methods.

      Recording, logging, and auditing.

  Security Audit Log.

Audit Information System.

      External security products and cryptography.

  Cryptography and legal regulations.

The SAP position.

SAP interfaces for external security products.

      External user authentication and protecting network Communications.

  User authentication with SNC.

Protecting integrity and confidentiality with SNC.

      Digital signatures and encryption.

  The SAP system with SSF.

SAP users and SSF.

Applications of the digital signature.

SSF and signature laws.



  Setting up secure networks for a standard SAP installation.


Using SNC.

      Operating system.

  Security of the SAP workstations.

Security of the SAP application servers.


  Database access and database user.

Database authorizations.

Database administration.


Remote function call (RFC).

  SAP Gateway.

The RFC environment in the SAP system.

RFC-enabled function modules.

RFC Software Development Kit (SDK).

      Correction and transport system.

  SAP system landscape with three systems.

Transport process.

      Application Link Enabling (ALE).

  Protecting the ALE distribution model.

Users and authorizations.

              4. mySAP.com--Security on the Internet.

  The internet: visions and fears.


Dangers and fears.

Requirements and desires.


Market and governmental measures in Germany.

Security goals of mySAP.com.

      SAP Internet Transaction Server.

  Secure network setup with the ITS.

User authentication with ITS.

Security of the ITS applications.

      SAP Business Connector.

  Secure network setup with the SAP Business Connector.

User authentication with the SAP Business Connector.

Security of SAP Business Connector applications.

      mySAP Workplace.

  Secure communication.

Central user management.

User authentication and single sign-on.

Role concept.

      mySAP Marketplace.

  Secure communication.

User registration and management.

User authentication and single sign-on.

Service registration and circulation of user data.

A look ahead.


                  5. Basics and Goals.


  A slightly different view.

Laws and compliance.

Secure data transfer.

The true danger.

      SAP systems and data protection.

  International aspects.


      The European view.

  Free enterprise.

The proper level of protection within the EU.

Data categories.

Basics of data quality.

Responsibilities, rights, and obligations.

Validity in law.

Information on the data subject.

Appropriateness of measures.

Disclosure and advance control.

Supervisory authorities and investigations.

Appropriate level of protection in third countries.

Liability and sanctions.

      Corporate culture.

Guidelines for data protection.

      6. Data Protection Law.

  Secure data communication.

  Open borders in the European market.

Relationships to third parties.

Data exchange with third countries.

Rights and obligations during the transfer of data.

Appropriate level of protection.

      Legality of processing.


Right to informational self-determination.

User data.

Data categories.

Data quality.

Data austerity.

Responsible persons in the company.

      Rights of subjects.




Cooperation with employ.

      Security and confidentiality.


Technical and organizational Measures.

      Compliance and liability.

  German data protection legislation.


Control instances.

Controlling abuse.

Sanctions and damages.



      Transfers to third countries.

  Appropriate level of protection.


'Culture wars' .

              7. Tasks of the Data Protection Officer.

  Legal requirements.

Persons responsible and tasks.

  Persons responsible.

Information policy.



Obligations of employees.


      Tools for data analysis.

  Table overview.

Determining tables with personal data.

Audit Information System.

File register with default variants.

Where-used list for populated database tables.

Overview of infotypes in HR.

Where-used lists.

              8. Use of the Internet.


  Stormy development.

Political assessment.

Rigid legislation.

English as the internet language.

Free exchange of information and the consideration of privacy.

Demands of the software and hardware industry.

      Delimitation of theory and practice.

Privacy policy.

Hopes and wishes.

  Self-regulation versus government control.

Uniform regulations.


                  9. The Special Role of the Administrator.



      Some experience with secure operating systems.

  Rights of system administrators.

Rights of those responsible for applications.

      Administrators and Windows NT.

The susceptible personal compute.

Multi-user PCs.


  Distribution of roles.

Logging and controls.

              10. Remote Support.

  SAP Support Services.

  Remote Support.

Remote Consulting.


GoingLive Check.

Remote Upgrade.

Technical Security Check.


      SAP security measures.

  Network security.

WAN protocols.

Hardware router.



Connections with customers.

Transmitting passwords.

Monitoring connections.


Obligations of employees.

      Customer security measures.

  Monitoring the connections.

The necessity and advantages of remote service.

      Recommendations from supervisory authorities for data protection.

  Required security measures.

Maintenance contracts.

      Closing remarks.

      11. Data Warehouses and Data Protection<107>A Contradiction.

  Mastering the flood of information.

The SAP Business Information Warehouse.

  The components of the SAP BW.

New features in Release 2.0.

      The problems of data protection.

  Application of the principles of data protection.

Corporate self-interest.

Reference to persons.


Access authorization.


  Obligating all users in a project.

Security contracts with third parties.

Limiting data storage to the absolutely necessary scope.


      Data protection checklist for SAP BW.

      Appendix A. Obligation to secrecy.

Appendix B. Glossary.

Appendix C. References.