Information
Please visit our international page to see all the numbers matching your region.
Flat rate
$19 per month
There is a lot of misunderstanding about how to apply cybersecurity principles to SAP software. Management expects that the SAP security team is prepared to implement a full cybersecurity project to integrate SAP software into a new or existing company cybersecurity program. It’s not that simple. This book provides a practical entry point to cybersecurity governance that is easy for an SAP team to understand and use. It breaks the complex subject of SAP cybersecurity governance down into simplified language, accelerating your efforts by drawing direct correlation to the work already done for financial audit compliance. Build a practical framework for creating a cyber risk ruleset in SAP GRC 12.0, including SOX, CMMC, and NIST controls. Learn how to plan a project to implement a cyber framework for your SAP landscape. Explore controls and how to create control statements, plan of action and milestone (POA&M) statements for remediating deficiencies, and how to document con- trols that are not applicable. The best controls in the world will not lead to a successful audit without the evidence to back them up. Learn about evidence management best practices, including evidence requirements, how reviews should be conducted, who should sign off on review evidence, and how this evidence should be retained.
A cybersecurity framework is a structured and detailed list of requirements that define how information technology systems, software, and networks should be managed.
The first cybersecurity framework acknowledged federally in the U.S. was developed by the National Institute of Standards and Technology (NIST). NIST started cybersecurity framework research in 2013, (see: History and Creation of the Framework – https://www.nist.gov/cyberframework/online-learning/history-and-creation-framework) after the President of the United States issued Executive Order 13636, requiring the creation of a set of standards and processes for identifying and managing cyber risk. The first iteration of a cybersecurity framework from NIST was released in February 2014. Prior to this, there were multiple guidelines from different organizations and companies that attempted to codify risk and automate the management and detection of risks and prevent data loss. The creation of this framework pulled all the different guidelines together into a single point of reference. This gave security practitioners a toolset for education about and management of risk that was tool-agnostic.
In this book, we cover the most widely used current and emerging cybersecurity frameworks in the U.S. We provide an overview of:
We do a deep dive into NIST SP 800-53 Rev. 5 and CMMC. We have chosen these two frameworks because NIST SP 800-53 is the global industry standard for the majority of risk management tools. The new CMMC framework’s requirements on supply chain security are based heavily on the NIST SP 800-53 foundation. We dive into CMMC to help security practitioners prepare for this new requirement moving forward.
CMMC is driven by a requirement to secure the U.S. Department of Defense (U.S. DoD) supply chain against cyber risk. This requirement is not just for direct U.S. DoD contractors and suppliers—it will also impact the suppliers of those contractors, suppliers, and other U.S. government agencies that supply or contribute to U.S. DoD. If your customer is a supplier for the U.S. government in any way, your company will be asked for its state of cyber hygiene according to the CMMC requirements. This requirement is similar to a direct customer or supplier of your company wanting to know that your cloud provider has a current positive audit on their System and Organization Controls (SOC 1, SOC 2, SOC 3) reports.
System and Organization Controls reports evaluate the audit controls of a cloud provider or other service organization. The reports have different levels of complexity.
The Statement on Standards for Attestation Engagements number 16 (SSAE 16) is an audit control report that is used to create the SOC 1 report.
The learning content is designed for anyone who wants to gain SAP knowledge in a simple, compact, and practical way. Our learning platform offers content for beginners, advanced learners, and experts. This enables you to expand your knowledge step by step and continuously develop your skills toward becoming an SAP expert.
Our products—whether books, videos, or online training—deliver SAP knowledge concisely and practically, so you can apply it directly in your daily work, even if you have limited time. You benefit from a broad coverage of relevant SAP topics, high-quality content in four languages, and learning formats designed to fit your individual needs. This ensures that you can stay up to date and continuously develop your expertise.
Our books are characterized by a clear practical focus and a compact, easy-to-understand presentation. We explain complex SAP topics concisely—without unnecessary marketing buzzwords—so readers can quickly grasp the essentials and apply the new knowledge directly.
Our print books can be returned within 14 days, in original condition. Return shipping is at your own cost.
We currently only ship books directly within Germany. If you are ordering from outside Germany, we recommend purchasing via Amazon. You can find the link by selecting “Buy eBook” on any product in our webshop and Amazon will then show you both the eBook and print versions available for purchase.
Alternatively, you can access all our content with a digital subscription, starting at $19 per month.
Our team is always happy to help and will respond to your questions as quickly as possible (usually within 1–2 days). You can also contact us if you have questions for one of the authors. Email: contact@espresso-tutorials.com
