Re: Security Blueprint doc

Former Member · ‎2008 Sep 18

Hello,

1.Do we have document / template for SAP security blueprint?

2. What is meaning of AS-IS processes, with respect to security?

3.How do we go about documenting To-Be processes, with respect to security?

Thanks in advance.

VJ

Former Member · ‎2008 Sep 19

Hi

1. Yes thankyou

2. As-Is means the current procesess. Your question can be interpreted in 2 ways.

i. your security design supports the business processes, e.g. transactions & restrictions used and allocation of those to users so they can run those business processes.

ii. Your current security processes e.g. your user & role creation process etc

3. The functional team will document the to-be processes. They (and you) can use these processes to identify inscope transactions, important restrictions (e.g. new doctypes being used) and creation of roles. There are lots of ways of documenting it, at the minimum you want to capture the new tx to role mapping, important restrictions per business process or functional area & to-be organisational structure.

Former Member · ‎2008 Sep 19

>alex

>1. Yes thankyou

If you are talking of ASAP doc then I am sorry to say the ASAP security plan is very complex to follow and doc are not comprehensive.

There is nothing as in blue print. Requirements gathering and Testing of role (its and documentation) is not properly explained.

Former Member · ‎2008 Sep 19

>


> >alex
> >1. Yes thankyou
> 
> If you are talking of ASAP doc then I am sorry to say the ASAP security plan is very complex to follow and doc are not comprehensive. 
> There is nothing as in blue print. Requirements gathering and Testing of role (its and documentation) is not properly explained.

I am not referring to ASAP, though from a security perspective, in my experience, ASAP is fine to follow & use if you spend the time required to get used to it.

I have seen many, many security blueprints which would benefit from using the various ASAP elements, despite it's weak points.

Former Member · ‎2008 Sep 19

Hello Alex,

Thank you for answers.

Is there any place i can get a sample of document / template of security blueprint.

Thanks,

Vijay

Former Member · ‎2008 Sep 19

I can't think of anywhere where blueprint docs are available. Blueprint docs usually take quite a while to put together & there is obvious reluctance of people to make available work which likely remains the property of their company/client.

Hussein did well to mention ASAP, you can download it and get some useful templates from there. More info here: https://websmp101.sap-ag.de/roadmaps

Have a think about stuff like the following:

Security Objectives

Security Approach

TX to Role Mappings

Restriction Requirements

Compliance Requirements (SOX, internal security standards)

Build Standards

Developer Security standards

User Management

Basically all the stuff you need to be able to build from your set of blueprint docs

Have fun & good luck

jurjen_heeck · ‎2008 Sep 19

> I can't think of anywhere where blueprint docs are available. Blueprint docs usually take quite a while to put together & there is obvious reluctance of people to make available work which likely remains the property of their company/client.

Very well put Alex! Julius, Maybe a small text like this one could enter the sticky?

By Category

Related Content

Activity Groups

Industry Groups

Influence and Feedback Groups

Interest Groups

Location Groups

Customer Only Groups

Forums

Related Resources

Products

Learning and Support

About

My Account

My Account

Security Blueprint doc