Term Paper: ERP and Information Security

Pages: 26 (8373 words)  ·  Bibliography Sources: 1+  ·  Level: College Senior  ·  Topic: Business  ·  Buy This Paper

SAMPLE EXCERPT:

[. . .] Creating a new business department.

Entering new market or industry.

In other words, this ever going maintenance of the ERP systems results into resource drain.

One of the latest audit program conducted on various SAP systems identified that the SAP systems are instrumental in providing software management resources for financial management functions like (purchasing, accounts payable and receivable, general ledger) and human resource management processes which include project management and employee management - team management. However, it is claimed in a recent audit of Gartner that security risks in SAP systems are high mainly because of intervention causing vulnerability to these highly important and confidential assets of data. Following were the significant results of the audit:

Purchasing resource utility does not have proper filtering or checking mechanisms for accessibility; hence it becomes highly insecure because with that any employee can access the control data - purchasing cycle - and hence make alterations, which could result possibly in fraud and errors (Holsbeck and Johnson, 2004).

It is also a cause of great concern that many staff members are authenticated entry without following proper access restrictions to use Finance management and accounting utilities in the system. The solution to which is only continuous monitoring to ensure safety (Holsbeck and Johnson, 2004).

Internal security risk of the system have gained importance as the new subject in the field of information technology as clearly identified by Matthew Kovar of Yankee Group (Hong et al., 2003) explaining how corruption, fraud and security breach in governments and corporations are largely due to internal mischief of authority and rights (Whitman and Mattord, 2008).

It is hence established by the governments and the corporations that default access authority and design principles of the management applications are not appropriate and require constant surveillance. Instead of restricting the authorities at each section of departments which is quite hectic, the corporations have decided to monitor the complete systems to track fraud, error or misuse (Whitman and Mattord, 2008).

The mechanism of constant surveillance and monitoring works in such a way that it keeps track of sequence and patterns of transaction either intelligently or be feeding the data, to recognize and point out any fluctuation - using advanced algorithms and mechanisms - that occurs in the regular set up (Whitman and Mattord, 2008).

It becomes clear how these mechanisms for surveillance and monitoring are effective measures for transaction tracking, identifying and allocating employees with set of authorities to avoid business frauds, hacks and breaches. It is also probable that with the continuing use of resources the internal miscreants may find the key to access the confidential system however, with the use of these monetary resources, IT managers can track all the errors and incidents of high priority in the real time using these solutions with assurance. Similarly it protects the system from security breach from external users from business hacks and access violations (Whitman and Mattord, 2008).

Justification for an ERP Security system for Harley Davidson Company

Information handling is a vital element to any organization's sustainability. During the process of business transactions, dealings, accounting, purchasing and selling a constant stream of information keeps integrating in the system which is significantly confidential and important for the business organization. It hence becomes considerable that all this information and data be tightly secured or electronically encapsulated by the monitoring software, veiling all the operational and functional variables of the organizations. However, the encapsulation of enveloping should be such that this information should be available to the operators who use this information, at all times, enabling smooth operation, on the other side increasing the vulnerability of the system, running on the element of compromise (Scott and Krischer, 2002).

ERP (Enterprise resource planning) security systems are basically a system of utilities for customer management and finance management in the customer dealing. It is required that ERP systems should have the same accessibility profiles as adopted by the traditional information security, which established security walls for the external interventions while keeping the access and operational standards of auditing organizations such as Sarbanes-Oxyley (Blosch and Hunter, 2004). It is hence established that a security-based ERP system is mandatory for secure running of the system, constant store of information and its accessibility to authentic users. This study will develop an understanding of an ERP system hence provide such a secure ERP system for its integration into the general operation utilities of the organization.

As per Dhillon (Dhillon, 2004) there is always a reactive approach to security systems pertaining to information. It has been an orthodox ideology in the past to over look the significance of monitoring software resource in the general operational utilities of the organization; however with increasing amount of information streaming it became important to develop a means of control and security of that information which helps in identifying and formulating essential business management variables proactively. During the designing process of a system utility, it is critically analyzed that how this utility will be appropriate (or inappropriate) as a business security application. This application should be able to efficiently communicate and comply with general business tools while providing constant surveillance and complying with business essentials. However, it is stated that a number of ERM resources do not obey IT security regulations.

A proposed mechanism to tackle the above mentioned issues is as follows:

1. A security software tool, generally available, is studied to extract its useful sections for ERP systems;

2. If the security tool lacks required level to of ERP system security, the deficiencies should be identified;

3. After identifying the deficiencies, an ERP security system should be designed with additional security resources of the studied system, aligned with IT security standards (Dhillon, 2004).

Section 4: ERP system Implementation Plan for Harley Davidson (Securing hardware, software and networking systems)

Implementation plan for Harley Davidson's ERP system consists of three correlated elements namely the people, policy and technology - status of one element has projections on the others (Von Solms and Von Solms, 2004).

People Element

People element of the security system is divided into two different groups: one is the group (IT managers and network security administrators) which defines the security variables of the system, monitors and manages it and provides support to the system users, who are classified as the second group under consideration (Von Solms and Von Solms, 2004).

The user group should be essentially acknowledged about the security measures in place and should know the consequences of misuse or violation. As suggested by Martin (Martins, 2003) there can be nine elements that the people element can be considered in context of:

Policy and regulations - the administration defines rules and regulations for the employees to follow under the implemented security system to become a responsible part of security system (Martins, 2003).

Benchmarking - IT security measures implemented in other similar organizations under the IT governance regulations, should be studied in comparison to the currently implemented system to analyze the efficiency of the system and identify room for improvement (Martins, 2003).

Risk Analysis - during the design of the security mechanism it is significant to identify external threats and possible routes to important information databases to strengthen security through additional measures (Martins, 2003).

Budget - To design a security culture, a financial plan is required involving employee technical training and control and risk management training for the system assessment and general know-how (Martins, 2003).

Management - management develops a physical firewall to secure access to important information. This is done through proper strategic management to protect assets of information (Martins, 2003).

Trust - management is also responsible to form an environment of trust in the workplace so that this responsibility is shifted in each of the administrator and the user equally (Martins, 2003).

Awareness - since the constant surveillance is vital to the security system, for employees to adhere to security monitoring principles, they need to behave according to the expectations. Learning of expected behavior is a part of employee training and employees should stay aware while they are in monitored security environments (Martins, 2003).

Ethical conduct - morality and ethical behavior in a security environment should also be according to the expectations of monitoring system learnt in the training sessions (Martins, 2003).

Change - acceptability of changes in the security system, change in rules and regulations, expected behavior, awareness and ethical conduct should be a trait of people element, since advancements in information security system are vital to its effectiveness.

These nine contexts of consideration encompass all the issues related to people element (Martins, 2003).

Policy Element

IT structure of an organization has its core responsibility to protect information assets of the organization (CobiT Security Baseline, 2010). Numerous definitions of information security have been provided by international security standards for example ITIL, ISO 17799 and CobiT.

Following are some of the organizational security standards:

King II - report on Corporate Governance for South Africa 2002 (King Committee on Corporate Governance, 2002) was documented by King Committee as an… [END OF PREVIEW]

Four Different Ordering Options:

?
Which Option Should I Choose?

1.  Buy the full, 26-page paper:  $26.88

or

2.  Buy & remove for 30 days:  $38.47

or

3.  Access all 175,000+ papers:  $41.97/mo

(Already a member?  Click to download the paper!)

or

4.  Let us write a NEW paper for you!

Ask Us to Write a New Paper
Most popular!

Information Security in Cloud Computing Platforms Research Paper


Information Systems Multi-Chapter Personal Trainer Case Study


Information Systems and Information Technology Essay


Enterprise Saas ERP System for Workforce Dynamics Business Proposal


Challenges of Enterprise Resource Planning ERP Implementation Dissertation


View 70 other related papers  >>

Cite This Term Paper:

APA Format

ERP and Information Security.  (2011, December 8).  Retrieved April 20, 2019, from https://www.essaytown.com/subjects/paper/erp-information-security-introduction/5329431

MLA Format

"ERP and Information Security."  8 December 2011.  Web.  20 April 2019. <https://www.essaytown.com/subjects/paper/erp-information-security-introduction/5329431>.

Chicago Format

"ERP and Information Security."  Essaytown.com.  December 8, 2011.  Accessed April 20, 2019.
https://www.essaytown.com/subjects/paper/erp-information-security-introduction/5329431.