13-14 November, 2019 Amsterdam, The Netherlands

International SAP Conference on Application and Information SecurityBuilding Digital Trust

Michael HecknerSenior Director, Center of Excellence for GRCSAP EMEA North

Patricia Clemas SánchezPartner and SVP, Events,T|A|C Events

WelcomeFrom SAP and T|A|C Events

With data playing a more pivotal role for businesses, securely

managing access to your critical enterprise applications and

information is a greater priority than ever before. This two day event

will explore how leading organizations, with the help of SAP, are

building robust security measures to safeguard against risks, such as

downtime or loss of data.

Attendees will have the opportunity to attend customer case studies,

SAP solution and roadmap overviews, microforum sessions and

deep-dive workshops. Topics and themes are set to illustrate how to

build digital trust and leverage SAP security solutions for the

Intelligent Enterprise to achieve comprehensive systems monitoring,

data protection and compliant user access.

Designed for all experience levels, join customers, partners and SAP

solution experts all under one roof this November.

Kind regards

The preconference workshops are led by industry experts and feature presentations, demos, and real-life scenarios. Our work-shop leaders have considerable experience working with SAP solutions across a variety of business situations.

Please note that you cannot switch between parallel workshops. Each workshop includes refreshment breaks and lunch.

The following workshops will take place between 09:00 and 12:30.

Workshop 1: An Introduction to SAP Software for Information and Application Security - The GPS for a Cybersecurity Minefield

Join this half-day workshop to get an introduction to SAP® software for access governance, cybersecurity, and data protection. Find out how you can protect your SAP software, infrastructure, and business assets by actively managing emerging risks. Learn how to document and report overall security-level objectives.

You will leave this session with a better understanding of how to identify and apply the best solutions to meet today’s require-ments to achieve digital trust. You will know how each component can tie into your company’s overall objectives to manage security, risk, and compliance.

Workshop topics include:

• What measures to take to ensure proper data protection based on static and dynamic next-generation policies as well as solid approaches to embed into your security design

• Root-cause analysis of security alerts, how to establish an alert process as a permanent solution, and an introduction to con-tinuous monitoring based on state-of-the-art detection analysis and management solutions

• How to discover blind spots using alert-detection patterns, insight into what is going on at the SAP application level, discus-sion of why an alert-detection tool is important, and what functions the tool can bring to the table

• How to work together to determine the steps to take to manage data-loss prevention, cyberattacks, and data compliance challenges for your SAP software and infrastructure

Hosts: Bo Baade-Pedersen and Dr. Neil Patrick, SAP, and Jonathan Cooper, NextLabs Inc.

Workshop 2: Cybersecurity and Compliance with Regulations – Securing the Digital Company

This session helps you understand the overall challenge of meeting cybersecurity demands amid the constantly growing diversity of security compliance requirements. We show you how to build an integrated internal control system and explain the challenges diverse and global customers and stakeholders face. We discuss how SAP S/4HANA enables GDPR-compliant operation in your company and present SAP’s overall cybersecurity approach. And we provide insights into how you can prepare for a security-compliance audit.

In this session you receive:

• The big picture of cybersecurity and security-compliance demands• Insights on using a multicompliance framework to manage increasing compliance requirements• An overview of required data protection features based on SAP S/4HANA• An introduction to the cybersecurity approach of SAP and a global security architecture

Hosted by: Ralph Salomon, Volker Lehnert and Juri Frommer, SAP

Preconference WorkshopsNovember 13, 2019

08:00 Welcome Refreshments and Workshop Registration

09:00 Optional Preconference WorkshopsYou can find out more information about the preconference workshops on page 3. Please note that these are optional sessions which should be booked in advance of the event.

12:30 Networking Lunch and Registration for the Main Conference

13:30 - 14:15 Chairperson’s Welcome and Opening Keynote: The ‘Zero Day’ Reality• The increasing value and risks of data• The myth of ‘staying one step ahead of the hackers’ • Recent evolutions in cyberattacks• AI cops and robbers• Protecting the intelligent enterprise Chris Johnston, SAP

14:20 - 14:50 Customer Case Study: Compliant Access Management with SAP- Training and Access Risk Integration• How to simplify access management using business roles• How to define a compliant end-to-end access management approval workflow with SAP software• Integration of training compliance with access management (learning one source, SAP SuccessFactors solutions)• Integration of access risk compliance with the SAP Access Control application, one of the SAP governance, risk,

and compliance (GRC) solutions • Outlook (IdM Fiori UI, Extend Self Services)Daniel Gallego, Boehringer-Ingelheim

14:55 - 15:25 Case Study: How SAP’s Global Security Organization is Securing SAP Using the SAP Enterprise Threat Detection Solution• Building up an SEM Team• Dealing with big data • Set-up and implementation of security relevant processes• Attack vectors and how they can be analyzed• Typical handicaps that may not be obvious Daniel Vander Putten, SAP Global Security

15:30 Afternoon Refreshments and Networking

16:15 - 16:45 Customer Case Study: Implementation of UI Logging Component at the University of Haifa• University regulations and IT landscape• Considerations for selecting the UI logging component• The challenges in characterization and assimilation• Project overview and future considerationsNadav Azoulay, University of Haifa

16:55 - 17:40 SAP Insights: SAP Governance, Risk, Compliance and Security Roadmap for Access Governance, Data Protection and Cybersecurity Products• SAP’s strategy in the area of access control and identity access governance (IAG)• Recent developments for IAG in the cloud and access control• Road map and investment priorities for IAG in the cloud and access control • Identity provisioning and single sign-on• UI masking and logging• Enterprise threat detectionGero Maeder, Christian Cohrs and Michael Schmitt, SAP

17:40 Close of Day One

18:00 Evening Reception

Agenda Day OneNovember 13, 2019

Agenda Day TwoNovember 14, 2019

08:30 Welcome Refreshments and Registration

09:00 Welcome BackChris Johnston, SAP

09:10 - 09:55 External Keynote: “Trust Me! I Am a Social Engineer!• What exactly is Social Engineering?• Real world threats• Protecting your applications and assets• Managing users and their passwordsMarcel van der Velde, Ethical Hacker and Course Governor, Social Engineering at SECO Institute

10:00 - 10:30 Customer Case Study: Improving Enterprise Data Security and Compliance with Dynamic Authorizations• An overview of our IT landscape and our challenges• Enabling secure collaboration across the business• Enhance compliance by enforcing data access and sharing policies• Attribute-based access to strengthen the authorization system and protect our intellectual property• Apply consistent authorization policies across SAP applications• Simplify compliance reportingPeter Fitzpatrick, BAE Systems Submarines

10:35 - 11:05 Customer Case Study: Integrating Data Security Solutions as a Mandatory Mitigating Control within a Data Security and Privacy Governance Framework: Experience of a Global Swiss Pharmaceutical Organization• Business, compliance, and cybersecurity threats and risks to pharma and healthcare companies• Governing and protecting data as a top priority of chief information security officers• Data classification matrix as a part of a data security and privacy governance framework; use cases: how

data is protected with UI software from SAP• Data security solution; lessons learned, including competing interests within the organization; and impact

of IT outsourcingVishal Padiyar, CIPPE (Certified Information Privacy Professional)

11:05 Morning Refreshment Break and Browse Exhibition

11:45 - 12:15 Microforum 1: The GRC-IAG Bridge: A Concept to Run Hybrid On-Premise–Cloud Environments with Integrated SOD Analysis and Access Request Management• The GRC bridge concept• Identity access governance in the cloud• Key features and capabilities• Live demo of a hybrid analysis and provisioning

scenario• Key benefits and takeawaysGero Maeder, SAP

Microforum 2: SAP’s Identity and Access Governance Strategy for the Intelligent Enterprise• The Intelligent Enterprise integrates business

applications into end-to-end business processes• Identity and access governance is a major driver

for integration in the Intelligent Enterprise, bring-ing together identities and access across a broad landscape that includes on-premise and cloud and SAP and third-party software

• SAP Cloud Identity Access Governance software allows customers to extend an existing on-prem-ise setup toward the cloud and even to choose a pure cloud landscape

• In the session, you will learn about the capabilities of the solution, the integration options, and SAP’s direction for the future

Christian Cohrs, SAP

Agenda Day TwoNovember 14, 2019

12:20 - 12:50 Microforum 3: How Cyber-Attacks Can Expose Sensitive Data From Your SAP System• Real cyber-attack scenarios against SAP

environments• Illustrating cyber-security countermeasures• Exploring how to tackle cyber-attacks in real time

with SAP Enterprise Threat DetectionArndt Lingscheid, SAP

Microforum 4: Details Available SoonSpeaker to be Announced

12:50 Networking Lunch and Browse the Exhibition

14:15 - 14:45 SAP Insights: SAP Security Research – Examples of Security Innovations at SAP for Intelligent Enter-prises• SAP security research strategy – an overview• ETD: Innovation from SAP Security Research and novel approaches in operating it at SAP• Open Source: Manage OS security today, while the next attack vector is already coming• Deceptive applications - early alerts and proactive measures to let applications defend themselves• Security for an intelligent enterprise - apply machine learning for security and secure machine learningDr. Roger Gutbrod, SAP

14:50 - 15:20 Customer Case Study: Adapting Role-Based Access Control (RBAC) to the Agile Way of Working - This is How We Did It!• Our SAP IdM implementation• Agile transition• From RBAC to ABAC• Keeping a high automation percentage• DataqualityKoen Vincent, Alliander

15:20 - 15:30 Final Remarks and Close of ConferenceChris Johnston, SAP

NextLabs

NextLabs Inc., an SAP partner who develops solution extensions for SAP® software, provides data-centric security software to protect business-critical data and applications. Its patented dynamic authorization technology and industry-leading attribute-based policy platform helps enterprises identify and protect data, monitor and control access to sensitive data, and prevent regulatory violations – whether in the cloud or on premise. Software from NextLabs automates enforcement of security controls and compliance policies to enable secure information-sharing across the extended enterprise. NextLabs has some of the largest global enterprises as customers and strategic relationships with industry leaders such as SAP SE, Siemens AG, Microsoft Corporation, and IBM. NextLabs is privately held and headquartered in San Mateo, California, with offices in Boston; London; Singapore; Malaysia; and Hangzhou, China. For more information, please visit: www.nextlabs.com.

Turnkey Consulting

Turnkey Consulting is a specialist GRC and IT security company that combines business consulting, implementation and managed services to deliver information security solutions in support of SAP systems. It focuses on the delivery of specialised services in support of SAP in the areas of security, governance, risk and compliance (GRC).

It works with service providers, audit partners and SAP clients directly to provide the security controls and solutions that safeguard a company’s implementation of an SAP system.

Clients include some of the world’s largest blue-chip companies alongside systems integrators and a number of government agencies.

For more information, please visit: www.turnkeyconsulting.com

Silver Sponsor

How to Register

Contact for InquiriesJessica DuffyTel.: +44 (0)121 200 3810Fax: +44 (0)121 212 1623E: j.duffy@tacook.com

To register online for this event,please visit: www.tacevents.com/sapsecurity

This event is organized by: T|A|C Events in cooperation with SAP.

The registration fee includes access tothe event, lunch on all days,refreshments, and the evening event, and documentation material for download. Please note that accommodation and travel are not included in the registration fee.

Conference VenueLeonardo Royal Hotel AmsterdamPaul van Vlissingenstraat 24,1096 BK,AmsterdamEmail: info.royalamsterdam@leonardo-hotels.comPhone: +31 (0)20 250 00 00

Registration and Contact OfficeT.A. Cook Consultants Ltd.4th Floor, McLaren Building46 The Priory Queensway, Birmingham, B4 7LR, UKPhone: +44 (0)121 200 3810Email: info@tacook.com

Event Fees

* Early Bird Deadline: Friday October 4, 2019

NOTE: Payment should also be received by the deadline for the early bird

discount to apply.

Terms and conditionsRegistration Cancellation and SubstitutionsCancellations must be made in writing at least two weeks before the beginning of the event. In this case we will charge a processing fee of £175.00, €200.00 or $250.00 dependent on the currency of the event that you have registered for. Cancellations received less than two weeks before the event will be liable for the full registration fee. This also applies to registrants who do not attend the event. If a participant cannot attend for whatever reason, it is of course possible to nominate a substitution. Substitutions must be received in writing, must be addressed to the registration office and must include the names of both the original and the substitute registrants. We reserve the right to cancel your registration or refuse access to the event.

Payment Participation in an event is only possible if payment has already been received, or if it is submitted at the event via credit card payment or bankers draft/cheque. Please note that non-attendance for any reason is subject to the cancellation terms laid out above.

Liability You agree to indemnify and hold T.A. Cook Consultants and its business lines harmless against any and all loss, liability, damage, costs, expense, claims, proceedings and actions arising out of any negligent act or omission of client or their representatives; including any breach of these terms and conditions. The attendee is responsible for arranging appropriate insurance cover in connection with their attendance at this event, including prevention, postponement or abandonment. T.A. Cook and its business lines cannot be held liable for any loss, liability or damage to personal property. T.A. Cook and its business lines are not liable for damages due to technical malfunctions that may occur. We bear no responsibility if it is necessary to exchange, cancel, modify or postpone an event due to an unforeseen event or act of God, including, but not limited to, armed conflict, civil unrest, terrorist threats, natural disasters, severe weather, significant influence on transport.

Organisers’ Changes We reserve the right to make changes to the event programme or to cancel the event in nnthe case of insufficient delegate numbers. In this case, the delegate attendance fee will be refunded in full, though we are not liable for any further costs incurred by delegates in connection with their attendance. We do our best to ensure all presentations are available for electronic download, but in some cases, cannot guarantee that speakers will make their presentations available for sharing post-conference.

Data Policy By registering for this event, you grant us permission to keep you informed of future events and content within your field of interest. We will only send you relevant information (by email, post or telephone) and you can unsubscribe at any time. Your details will only be held on the T.A. Cook internal database and will not be supplied to 3rd parties without your prior knowledge and permission. If you wish to unsubscribe immediately, please send an email to info@tacook.com with “unsubscribe” in the subject line. For further information, please visit

www.tacevents.com/uk/privacy-cookie-policy/

Photography and Videos We plan to take photographs and video material at the event and reproduce them in educational, news or promotional material, whether in print, electronic or other media, including event websites. All photos and videos become the property of T.A. Cook. These may be displayed, distributed or used by T.A. Cook for any purpose. You have every right to opt-out of having your photograph taken. Please contact us at info@tacook.com for more information.

Governing Law/Place of Jurisdiction/Place of Performance(1) The law of the Federal Republic of Germany is solely applicable. Application of the UN Convention on Contracts is expressly excluded.(2) The place of jurisdiction is Berlin.(3) The place of performance is the announced event location.

  I agree to the above terms and conditions (This must be ticked in order for the registration to be processed)

Email to j.duffy@tacook.com Fax to +44 (0)121 212 1623 or register online at: www.tacevents.com/sapsecurity

Registration FormInternational SAP Conference on Application and Information Security

First Name Last Name

Company Job Title

Department Street

City, State Zip Code, Postal Code

Country Phone

Fax E-mail

Date Signature

I would like to register for this conference. (Please complete clearly in block capitals)

I wish to attend the following:

Payment Method

Credit Card  Invoice

T|A|C Events Consent

I would like to receive information and updates relevant to my field of interest

SAP Consent

I am happy to share my contact information with SAP for post-event communication (name, job title, department, company name, country and company address).

I am happy to additionally include:

Email Telephone Both

Sponsor Consent

I am happy to share my details with the event’s sponsors and exhibitors (Name, Job Title, Company Name, Country, Phone Number, Email Address)

Day and a Half Conference (November 13 PM - November 14 Full Day)

Optional Half-Day Workshop (November 13 AM). Please select from one of the below:

W1 W2

Evening Event (November 13 - Open to Conference Registrants Only)

Type Early Bird Standard

Conference Only €1150 €1350

Half Day Workshop €425 €425

© 2018 SAP SE or an SAP affiliate company. All rights reserved.No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company. These materials are provided for information only and are subject to change without notice. SAP or its affiliated companies shall not be liable for errors or omissions with respect to the materials. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All other product and service names mentioned are the trademarks of their respective companies. See http://www.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices.

www.sap.com/contactsap