Skip to content
NIS 2 webinar

Webinar: NIS2 – Appropriate SAP Application Security Measures

The new directive, NIS2 (Network and Information Security Directive), is part of the EU Cybersecurity strategy and a consequence of the increasing cybersecurity threat to the EU’s internal market. Worth noticing is that all direct suppliers to affected NIS2 organizations shall expect to meet similar cybersecurity requirements by 2024, as NIS2 highlights supply chain cybersecurity risk as essential for the critical suppliers’ ability to deliver. 

Many organizations using SAP as their core business operations platform are already aware of the challenges of maintaining proper Cyber and Information Security posture – resilience to loss of confidentiality, integrity, and the availability of assets important for its successful business operations. This includes Risk Management with an impact on the Business. With the introduction of EU GDPR in 2018, to regulate the processing of personal data, the Risk Management perspective of the Impact on the Data Subject was enforced as new EU regulation. With the NIS 2 directive, a third Risk Management perspective is added – Impact on the Functioning of Society and the Economy. While executing digital transformations, the requirements to the accountability of manufacturers and service providers are significantly increasing beyond their own business interest. 

The specific obligations of the organization under the Directive will depend on the sector in which it operates and the nature of the services it provides. NIS2 defines 3 main categories of cybersecurity obligations on organizations: 

  • Governance (Article 20) 
  • Cybersecurity Risk-Management Measures (Article 21) 
  • Reporting (Article 23) 
 

You’re kindly invited to attend our NIS2 webinar where Ivan Mans, CTO and Co-founder, SecurityBridge and Steen Schledermann, GRC Advisor, NTT DATA Business Solutions, will discuss and demonstrate appropriate SAP application technical, organizational, and operational security measures as required by NIS2.

When?

Wednesday, May 3rd, 2023 
10:00 CEST

Event Details

Date

May 3rd, 2023

10:00 CEST

Download the White Paper “Bridging the Gap – How SecurityBridge Supports NIST CSF in SAP Environments”. Learn how choosing the right tool can significantly shorten the journey of NIST CSF adoption and improve the security posture of SAP environments.
hacking
In SAP’s patch round of February 2022, an SAP Security Note was released with a CVSS score of 10/10 named, “Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher”. This particular type of vulnerability is not common in SAP systems and therefore interesting to look at. As patching the SAP kernel executables is often not done promptly, we can expect this vulnerability present in the customer’s systems for quite some time.
code pc
In one of our recent articles, we pointed out the use of Access Control Lists (ACLs) to better manage access control. Below, we will show a practical example of how this can be done for inbound HTTP communication with the ‘Internet Communication Manager’ (ICM) component of an SAP system.
SAP Security Patch Tuesday 2024
For February 2024, 13 new Security Notes have been released and 3 have been updated. Lets look at some highlights, starting with the ‘HowNews’ notes.