|
When establishing your company
security policy, you need to decide what information or processes you consider
critical. You need to decide what type of protection you need for this
information.
Your security policy should at least encompass the following aspects such as: ** Authentication It is important to only allow legitimate users access to your system and prevent users from being impersonated. A basic, necessary security task is to make sure that users and information in a system are authentic. You need to know that the users who operate within your system are known users and that they cannot be impersonated. ** Authorization It is important that users can only perform tasks for which they are authorized. It is important that users can only perform those tasks for which they are authorized. A typical company has various roles in its organization, and the personnel who fill these roles perform certain tasks. Data and processes should not be accessible by roles where they are not needed. ** Integrity It is important that data cannot be changed without detection. You need to protect the information that you process on a daily basis from unauthorized changes, either through error or deliberate acts. If a user processes a transaction (for example, makes a payment on an account), he or she needs to be sure that the information remains consistent throughout processing. ** Privacy It is important to protect data or communications from unauthorized viewing or eavesdropping. It has always been necessary to protect sensitive and private information from viewing by unauthorized parties. For example, when you exchange personal information, you mark it as "confidential". Employers are obligated to keep contracts and employee information secret. ** Obligation (non-repudiation) It is important to be able to ensure liability and legal obligation. The proof of obligation (non-repudiation) in reference to electronically saved or transmitted data is indispensable in electronic commerce. A message is considered obligatory if you can guarantee who the creator of the message is, as well as the correctness of the message. Only so can electronic commerce establish itself in today's business world. ** Auditing and Logging It is important to record activities and events for future references (for example, audits). It is also important to record events and activities for future reference. It is not only necessary to save certain information for legal purposes - logs and audits can also prove to be indispensable in monitoring the security of your system and tracking events in case of problems. |
|
See Also
Get help for your Basis problems
SAP Basis Admin Books
SAP Basis Tips
Administration In SAP - Sapgui, Unix, SAP ITS, Router, Client Copy and IDES Main Index
All the site contents are Copyright © www.erpgreat.com
and the content authors. All rights reserved.
|