Soteria Layered Defence

Soteria Layered Defence

Soteria can help organisations create an integrated layered defence strategy based on powerful standard SAP ® security products that can be integrated with other market offerings such as firewalls and anti-virus. We can work with your organisation to define a bespoke security posture, or we can provide resources to implement your security policy as part of your ongoing security implementation. We provide experienced security consultants to help you achieve compliance with most common security frameworks (PCI DSS, ISO27000, NIST SP 800-53) and IT governance (CobiT 5).

PCI Compliance

Most e-commerce websites will use an external secure payment service firm such as Worldpay, Sagepay or PayPal for handling their payment card transactions. This simplifies certain aspects of payment card handling, but for PCI compliance, all touch points where card details may be communicated or transmitted need to be reviewed. This will touch IT systems at OS, Db, and application levels. PCI Compliance requirements can also require changes to current business processes (e.g. the cessation of staff practices such as the recording of details on paper, and changes to telephone systems – including telephonic recording systems). Most firms will find that they may need to adopt new technology and alter working practices in order to achieve PCI compliance.

Principles of Layered Defence

Enterprise security architecture will usually involve a combination of administrative, logical and technical policies. The layering and overlapping of security measures at each level provides a defence in depth, with the resilience of the overall system subject to the strength of its weakest link. A layered defence strategy ensures that should one defensive measure be compromised, there are alternative defensive measures in place that continue to provide overall protection for organisational data. During its lifetime, data may pass through many different information systems and there are many different ways the data and information systems can be threatened. To provide full protection over the data lifecycle each component of the information system must have its own protection mechanisms. Data should be protected while ‘in motion’ and while ‘at rest’. Application security for SAP® can be achieved using standard SAP® security and monitoring products that can be incorporated into an enterprise wide security posture. Soteria work with the principles of layered defence to help protect your SAP® assets. We can help an organisation identify its critical data and then put measures in place to protect the business process and SAP® applications that support and utilise the information.

SAP® Security Products

Security portfolio for Layered Defence

Security portfolio for Layered Defence

Soteria can identify and implement the combination of standard SAP® products that are most suitable for your security posture for both cyber security and internal security.

Layered Defence for Critical Assets

Layered Defence for Critical Assets

Contact us to discuss implementing Soteria Layered Defence in depth.