EAS-SEC SAP Cybersecurity Framework

Why SAP Cybersecurity Framework?

SAP systems are subjects to most targeted and skillful attacks: fraud, sabotage and espionage. Moreover, there are a lot of compliance requirements to implement: ISO27001, SOX, GDPR and so on. Every and each of them require to implement appropriate technical and organizational measures to ensure security of processing data. The first few steps of implementing security controls in SAP environment can be the most confusing. Where do you start? Who needs to be involved? How do you go about identifying and meeting all of your obligations? How will you prove that you’re meeting all of them? Maybe the best approach is to build a universal SAP security capabilities that can be tweaked to ensure compliance both now and in the years ahead. That’s why you need a framework for SAP protection processes.

What is SAP Cybersecurity Framework?

EAS-SEC SAP Cybersecurity Framework was created to form a conceptual bridge between integrated adaptive security architecture and actions. SAP Cybersecurity Framework implements Gartner’s approach to adaptive security architecture in area of ERP security and describes four categories for SAP protection processes: predictive, preventive, detective and responsive. The framework articulates critical areas of actions for establishing security of ERP systems, describes desired outcomes and provides 3-step approach to succeed in each area.

How to work with SAP Cybersecurity framework?

Each category describes specific protection processes, like asset management, incident management or threat intelligence. All the processes are in line with industry recognized frameworks and approaches from NIST, SANS, ISO, CIS, but reflects the specifics of ERP systems.

SAP Cybersecurity Framework provides you three-step roadmap towards the realization of each of ERP security processes: Implementing the first step is the minimum, Second step provides you with the sufficient level of security and requires medium level of effort. Third step includes all the advanced things like automation and other stuff, that provides you the cutting-edge security capabilities.

We encourage companies to start small and implement at least first steps for each of the processes. After that you will develop a good understanding of what SAP protection activities needs elaboration. Look them up in the whitepaper and implement as needed.


SAP Cybersecurity Framework is developed under the EAS-SEC initiative and sponsored by ERPScan. Cybersecurity practitioners are welcomed to participate in testing, development and application of the framework to get a common, agreed and efficient standard of SAP security operations. If you are interested, contact us: info@eas-sec.org

Get the White Paper