Hi
For beginning:
yearly
- Do upgrades/updates to highest available stable version of your products. The best if you can do it more than once. It will help you to cover not published security corrections and prepare for implementation new ones
- Do external security audit of your environment - helps to find ways for braking your SAP without even touching the system
monthly
- Implement notes released for the second Tuesday of every month - SAP Security Patch Day.
ongoing :
- monitor system/security logs
- monitor system health e.g with solution manager technical monitoring
- monitor system changes (parameters, services, defined connections...) e.g with solution manager RCA Change Analysis
Regards
Przemek