Verified Document

ERP And Information Security Term Paper

ERP and Information Security Introduction to ERP

Even though the plans of information security include the prevention of outsiders to gain access of internal network still the risk from the outsiders still exists. The outsiders can also represent themselves as authorized users in order to cause damage to the transactions of the business systems. Therefore, strict prevention measures should be taken to avoid such situations.

The threats of both the hackers have been increased with the software of the enterprise resource planning (ERP) (Holsbeck and Johnson, 2004). By performing acts of deception, the system privileges are neglected by them and take old of the assets which are mainly the cash. Its continuous integration has not succeeded in eliminating the threat of hackers who are either the insiders or enter through the perimeter security.

Considering the financial losses caused from the system-based frauds, errors and abuse by business transactions, new ways to maintain security needs to be generated in the world of integrated ERP (enterprise resource planning) and e-business (Holsbeck and Johnson, 2004).

Present Market Development for ERP systems

The market of ERP went to such an extent of maturation whereby the greatest level of competition in the market actually led to a fall in the level of sales. This led to the ERP sellers shifting their focus towards bringing in new functions such as the CRM as well as the web architectures which specialize in certain services, in order to attract more customers to their products and bring the sales back up. The sad part however is that there is still some security issues that remain intact (Holsbeck and Johnson, 2004).

With the rising threats from the external sources, it should not be forgotten that there are chances of cheating and fraud within the system itself. These insider abuses are rising with increasing speed due to the installation of the automatic systems that are devoted to the management of all the accounts that are to be paid, the benefits received by the employees and the other information that may be very integral for the company (Holsbeck and Johnson, 2004).

Taking a historical perspective and assessing the effectiveness of the ERP security systems, we can see that the systems were quite focused towards the inside threats and they were devoted to giving just a limited control to the workers so that the system keeps working effectively based on the network defenses provided such as the firewalls, detection of any intruder in the system, VPNs and so on. These systems are devoted to keeping out any intruders from logging into the ERP network. However, there is a rising need for an integrated system which possesses various systems and the users that need newer and more effective systems of dealing with such security related issues (Holsbeck and Johnson, 2004).

Gartner goes on to state that, the enterprises need to consider their entire security in the functionality as well as control the overall environment so as to ensure the effective running of the transactions. The analysts have suggested that any vulnerable point in the security system can be taken advantage of, essentially by the insiders so as to threaten the business in various ways (Holsbeck and Johnson, 2004).

While the ERP system is set out on permitting the enterprise to merge in all the information systems along with the countable partners who take care of all the supplies, the users who are authorized rapidly start increasing. This gives rise to the newly formed entries to the systems of the business from external perimeters of the conventional IT systems. The firms need to trust not only the employees of the organization but also the partners involved with the employees in the security system (Holsbeck and Johnson, 2004).

In many enterprises today, the ERP security is initiated on the basis of the user who has full control and can exercise that when the authorized people login to the system with the use of a personalized username and a password. The enterprise has full control to block or allow any individual depending on the level of permission they have and the accessibility extended towards them. For instance, the clerk who has to pay his accounts would not have any accessibility to the inventory or the department of human resources or any such area that is located inside the system of ERP (Holsbeck and Johnson, 2004).

Encrypted data is generally the part of many ERP systems. It basically limits the user from exporting the database. On the other hand, it has no such privacy system that protects unauthorized modules of the system to be accessed by the authorized insiders (Holsbeck and Johnson, 2004).

An important feature of ERP systems is an Audit log. It keeps record of every transaction being made or system alterations. However, the reason behind those transactions is...

Parts of this document are hidden

View Full Document
svg-one

Every transaction is documented independently, during which the working behind each transaction, like the events occurring before or after that transaction is made, is not traced by the audit log. After that, for the transactions coming in irregular order, audit logs are sampled by the internal auditors (Holsbeck and Johnson, 2004).
Nearly half of the organizations do not maintain their audit logs through configuration of ERP systems. There are two reasons behind it (Holsbeck and Johnson, 2004):

1. They think that this would affect the performance of their work and it would decline.

2. They do not consider it important.

It is a silent feature of such organizations that act conservative when talk about IT security. In their point-of-view, IT security only manages the layers of conventional perimeter security. Hence, a mid-way between security and performance is adopted which focuses on following two tasks (Holsbeck and Johnson, 2004):

Enterprises refrain themselves from detailing every minute detail of the activities performed by the system.

Only that information is collected which is relevant to the transaction.

Configuration of customized audit reports by system administrators is another feature of those organizations that use audit logs. Those reports employ easy logics to configure "outliers." Outliers are those system transactions that are beyond the following general parameters:

Date and time

Trace and location of the user that is logging into the system

Checks larger than a predefined setting

Customization of these reports is time consuming. However, it manually processes the large number of data points. They are often puzzled with false positives. Manual analysis of every event is required. This is so because audit reports fail in analyzing the event, so it cannot find out the reason for that concern (Holsbeck and Johnson, 2004).

ERP Security Failures

It is a known fact that when ERP security features, as described above, are not fulfilled, them fraud occurs due to which the average business suffer 3% to 6% losses of annual income. A worse scenario is that in which additional losses arises due to errors of duplicate payments. It is noticed that average enterprises make duplicate payments for 2% of the whole payments made. Out of these duplicate payments, almost 10% are lost and never recovered. This results in 0.2% loss of total payable accounts (Holsbeck and Johnson, 2004).

A most threatening fact always stays around which is the exposure of applications to external security threats. Some of them are listed below:

Simple dictionary attacks that breaks the easily detectable passwords (Whitman and Mattord, 2008).

Applications are crowded with buffer overflows until a hacker traces and enters it (Whitman and Mattord, 2008).

Most dangerous form is of the social engineering in which hackers place a trap for the users. They are made fool to divulge their personal information, identifications and qualifications etc. freely (Whitman and Mattord, 2008).

The extreme case of danger is the one in which hackers pretend to be authorized user, enter the system and divert the payments according to their needs and benefits (Whitman and Mattord, 2008).

ERP security failure is encountered in companies which ignores the implementation of control design in their plans until the last stage of performance. On the other hand, ERP projects are generally more than the required available budget and one step back the schedule. For this reason, cost and time consumption is maintained by employing strict internal controls (Holsbeck and Johnson, 2004; Whitman and Mattord, 2008).

Such internal controls are often hard to be followed. This is so because they add to the available tasks resulting in extra overhead which makes problems for the employees to carry out their daily work. This overall affects the efficiency quite badly. That is why most of the organizations make decisions contrary to such severe internal controls (Whitman and Mattord, 2008).

Internal controls for maintaining ERP security have various flaws. One of the biggest flaws is its high cost and large time consumption for those controls. A necessary update must be made continuously in the employees' authorization level in the business structures, for every employee being granted promotion, reassigned or fired. Modification is necessary in various other cases like (Holsbeck and Johnson, 2004; Whitman and Mattord, 2008):

Adding a new business partner.

Creating a new business department.

Entering new market or industry.

In other words, this ever going maintenance of the ERP systems results into resource drain.

One of the latest audit program conducted on various…

Sources used in this document:
References

Bell, T., Thimbleby, H., Fellows, M., Witten, I., Koblitz, N. & Powell, M. 2003. Explaining cryptographic systems. Computers & Education. Volume 40. pp 199 -- 215.

Blosch, M. & Hunter, R. 2004. Sarbanes-Oxley: an external look at internal controls. Gartner. August.

CobiT Security Baseline. IT Governance Institute. http://www.itgi.org

Dhillon, G. 2004. Guest Editorial: the challenge of managing information security. International Journal of Information Management. Volume 24. pp 3 -- 4.
Holsbeck, M.V. And Johnson, J.Z.2004. Security in an ERP World: Available at: http://hosteddocs.ittoolbox.com/MH043004.pdf
Cite this Document:
Copy Bibliography Citation

Related Documents

Technology in Film Fred Ott Was the
Words: 1898 Length: 6 Document Type: Essay

Technology in Film Fred Ott was the very first movie star that every existed. His brief starring role in the five-second film that showed him sneezing started the use of technology to make films. Since then, technology both in and out of film has changed immeasurably and what technology is used and is said about technology in these same films has evolved quite a lot and the statements sometimes made are

Technology Proposal Social Networking and
Words: 1070 Length: 4 Document Type: Term Paper

Creating an effective library social networking platform needs to start with a view of how to create a content management system (CMS) first (Dickson, Holley, 2010). The CMS serves as the system of record of all catalog and collection items, providing valuable statistics on how each book, content and collection item is being used (Shapira, Zabar, 2011). This is extremely valuable information for each department in the library to

Technology Acceptance Model Tam and Information Systems Success...
Words: 4229 Length: 15 Document Type: Literature Review

Technology Acceptance Model Using Technology Acceptance Model (TAM) to Assess User Intentions and Satisfaction on Software as a Service (SaaS): The Value of SaaS Software as a Service (SaaS) was researched by Benlian and Hess (2011) in an effort to determine its value to companies. Among the arguments was that SaaS is already declining in popularity even though it is very new. The majority of the arguments that lean in that direction have

Technology for Students With Disabilities
Words: 3214 Length: 11 Document Type: Research Paper

These benefits arise because of implementing both assistive technologies and Information Communication technology (ICT). The implementation of technology in classrooms usually has benefits to both the disabled students as well as the teachers (Kirk, Gallagher, Coleman, & Anastasiow, 2012, p.240). The general benefits of use of assistive technologies and ICT in teaching students with learning disabilities include greater learner autonomy and unlocking hidden potential with those with communication difficulties.

Technology in the Workplace the
Words: 2715 Length: 9 Document Type: Research Paper

Instead, organizations must strike a balance between the autonomy and independence offered by technology in the workplace and the need for employees to have some level of formal and informal commitment to the organization as a whole. Just as seemingly counterproductive activities such as doodling, daydreaming, or, in the information age, surfing the internet, can actually contribute to efficiency by offering employees productive mental stimulation, so too can the

Technology in the Classroom in Today's Society,
Words: 3260 Length: 10 Document Type: Research Paper

Technology in the Classroom In today's society, technology has become an accepted medium for communication. From email correspondence that has taken the place of mail, to texting instead of talking, advances in technology have become integrated into our daily lives. However, the line should be drawn when it comes to technology impeding academics and being incorporated into the classroom. Although many support the notion of technology in the class, others see

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now