This guide does not replace the daily operations handbook that we recommend customers to create for their specific productive operations.
· Technology consultants
· System administrators
This document is not included as part of the installation guides, configuration guides, technical operation manuals, or upgrade guides. Such guides are only relevant for a certain phase of the software life cycle, whereby the security guides provide information that is relevant for all life cycle phases.
With the increasing use of distributed systems and the Internet for managing business data, the demands on security are also on the rise. When using a distributed system, you need to be sure that your data and processes support your business needs without allowing unauthorized access to critical information. User errors, negligence, or attempted manipulation on your system should not result in loss of information or processing time. These demands on security apply likewise to Guided Procedures (GP). To assist you in securing the GP, we provide this security guide.
The security guide provides an overview of the security-relevant information that applies to GP.
The security guide comprises the following main sections:
· Before You Start
This section contains information about why security is necessary, how to use this document, and references to other security guides that build the foundation for this security guide.
· Technical System Landscape
This section provides an overview of the technical components and communication paths that are used by GP.
· User Administration and Authentication
This section provides an overview of the following user aspects of administration and authentication:
Ў Recommended tools to use for user management.
Ў Standard users that are delivered with GP.
Ў Overview of how integration into Single Sign-On environments is possible.
This section provides an overview of the authorization concept that applies to GP.
· Network and Communication Security
This section provides an overview of the communication paths used by GP and the security mechanisms that apply. It also includes our recommendations for the network topology to restrict access at the network level.
· Data Storage Security
This section provides an overview of any critical data that is used by GP and the security mechanisms that apply.
· Security for Third-Party or Additional Applications
This section provides security information that applies to third-party or additional applications that are used with GP.
· Other Security-Relevant Information
This section contains information about security aspects when developing applications that are exposed in GP.