UIT - ERP Systems - IT Consultant

Task description

The scope of services includes the following tasks, which are independently performed by the external consultant:

- Meaningful & timely overview on state of IT security for COIT (unit) apps to be provided, focused on 5 predefined IT-Security issues: Virus attacks (incl. ransomware), Data theft through hacking, Accidental Development, Outage of business core applications, Admin misuse. Overview of Vulnerabilities and Lacks per SAP System Clustered by the Areas

- Comprehensive coverage (Overview of the Vulnerabilities, lacks and open Points) of relevant aspects (organization, procedures, technical) of each security issue. Used tools: EXCEL and Powerpoint. The security issues affect Application Management, IT Security Department and Vendors.

- Advice (via MS Teams) for internal App Managers who have teamed up with ISO / Cloud and Hana Cloud management teams, that includes to consult what are important from the different Guidelines for the different Teams

- Investigate on appropriate IT-Security framework, covering relevant aspects (Infrastructure, Plattform and Application), that means to give an Uniper tailored Framework related the SAP, BSI, DSAG, ISO 270* Guidelines. (Used tools: Microsoft 365 tools); So, get an Overview of the Uniper SAP Landscape; compare what parts of the Guidelines are relevant; collect this and send to Responsible

- Derive (To identify which of the Guidelines are relevant for Uniper) questions catalogue per aspect, identify adressees (DXC, HaCT Team, MS Azure, Application Manager); Used tool: EXCEL; Also get an Overview of the Uniper SAP Landscape, compare what parts of the Guidelines are relevant, create Questions which can ask for the Relevant aspects send to Responsible

- Prioritize & cluster COIT apps, that The COIT Apps are only Investigates (CIA classification & lifecycle) CIA = (Confidentiality, Integrity, Availability) Used tools: MS Office365, that means in detail; Collect Apps List COIT; Identify Responsible; Identify Application

- Select pilot app & conduct test run on questions based on catalog see Above (Tools: MS365); Present results to Uniper via MS Teams. In detail:

Identify Pilot App; Interview Application Manager against the Questions; Identified Responsible Contact for open Questions; Give an Overview on the Security Status of the App

- Start roll-out of questions for all application clusters (starting with highest prio) in detail: Prioritize Application regarding Security Classification (Integrity, Availability and Confidential); Information Meeting with all relevant Application Manager; Send Questions catalogue to AMs; Collect Answers in EXCEL Overview;

- Report on security status( open MS TEAMS Side where the Status can see). The consultant will report to Management COIT and Application Manager. The content of the report are Current Status of Activity, Timeline, finished and Next Tasks, Milestones.

Based on the Status of activity and the current Stage off Application Assessment; 2 Apects are covered here (Current Status of the Activity and Current Result of the Applications)

- Definition of countermeasures (For the Security Lacks and Vulnerabilities) in case of findings (minimum 1 per Finding) via MS 365. After that collect in Excel List and will send to the AMs

- Implementation of the concept (see above), that includes a creation of a project plan and a presentation to Uniper via MS Teams. Uniper will not sign off the plan.