Skip to Content
avatar image
Former Member

Role of a Security Consultant in an SAP implementation Project

Hi All,

What is the role of a Security Consultant in an SAP implementation Project and the stages in which he is involved?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • avatar image
    Former Member
    May 20, 2009 at 12:34 PM

    Hello Mohammed,

    The role of a Security consultant in any SAP product implementation (not just GRC) is wide enough and it's hard for anyone to sum up on a single forum post. Still I can give you some pointers.

    Security consultants come from different backgrounds, some from networking, database administration, infrastructure and even development like me. They contribute enormously to any product implementation from scratch (landscape design) to go-live (and continuous maintenance) so they are active on every phase of the implementation.

    Following are some of the activities they may perform (or participate)

    -System Landscape Design (work closely with BASIS and DBAs)

    -Check Infrastructure feasibility from security perspective (For Portals exposed to internet or extranet work closely with network providers for firewall security, VPS etc.)

    -Propose security guidelines, access policies, disaster recovery plan, business continuity roadmap (work closely with information security consultants and internal auditors or risk management teams)

    - Implement SAP solution specific Security measures (involves almost every SAP solution) for example: SAP R/3 security, GRC, BW/BI, HR, FI, Portal security etc.

    - participate in application integration for example: LDAP, IDM, SAP UME, shared directories etc (User master records security is on high priority).

    - Check for any possible backdoor access vulnerabilities (ex: open RFCs, function modules like ping_rfc), and it involves almost all SAP solutions and there are special procedures to analyze such vulnerabilities.

    there are many such activities that a security consultant perform on day to day basis. Please do not interprete the above mentioned activities (entirely) as a criteria for any security consultant profile. There are many many possibilities for a security consultants to work from pen testing to SoD violation remediation. That's why I said it's not easy to sum up security.

    Always remember, Security and GRC are two sides of a coin they work together. however GRC is more of a combination of policy, regulation, events and involves management participation whereas security is a purely technical practice.

    You may also be interested to know what it takes to become a forensic security specialist. Take a quick look at [http://amudee.com/?p=378|http://amudee.com/?p=378]

    Best Regards,

    Amol Bharti

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    May 20, 2009 at 10:29 AM

    Hi,

    Are you asking for SAP Implementation or SAP GRC implementation?

    I assume it is GRC implementation.

    The role of a security consultant is to design role and maintain authorization object. He is responsible to clean the system and make the system Risk free.

    There will be Risks in the system and he will be remediate the risk where violation is there. (Remove the unnecessary authorization from roles).

    And on the business needs he will mitigate risks.

    If you want anything else then please let me know.

    Thanks,

    Sudip.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      hi,

      can you pls provide step by step process in sap img project. pls give any some examples ..

      if u don't mine can u provide any doc's for this