Abstract
This study investigates the lack of information ownership in current Enterprise Resource Planning (ERP) software systems. The purpose is to show how difficult, time consuming and costly the implementation of security within such systems is. The focus is on the investigation of security implementations within well-known ERP software packages such as SAP R/3 and Oracle E-Business Suite. The results of the study indicate that central administration, control and management of security within the ERP systems under investigation weaken security. It was concluded that central administration of security should be replaced by a model that distributes the responsibility for security to so-called information owners. Such individuals hold the responsibility for processes and profitability within an organization. Thus, they are best suited to decide who has access to their data and how their data may be used. Information ownership, coupled with tight controls can significantly enhance information security within an ERP system.
Chapter PDF
References
Joseph R. Dervaes, Internal Fraud and Controls, Washington Finance Officer’s Association, 48th Annual Conference, 19 September 2004
SAP AG, SAP R/3 Online Help CD-ROM, 2003
Oracle Corporation, Oracle Applications System Administrator’s Guide, Release 11i, Volume 1, 2002
Microsoft Business Solutions, Installation and System Management Manual: Navision Attain, Navision, 2002
Microsoft Corporation, Axapta System Administration Guide, Microsoft Business Solutions, 2002
M. Hertenberger, Prof. S.H. von Solms, Ph.D. study in progress: “Security in ERP environments” Rand Afrikaans University, Johannesburg, South Africa, 2004
K. Vuppula. BW security approaches, http://www.intelligenterp.eom/feature/2002/12/0212feat11.shtml, 2002
P. Manchester, Financial Times, 12 November 2003
Elizabeth M. Ready, Emerging Fraud Trends, State of Vermont, 2003
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 IFIP International Federation for Information Processing
About this paper
Cite this paper
von Solms, S.H., Hertenberger, M.P. (2004). A Case for Information Ownership in ERP Systems. In: Deswarte, Y., Cuppens, F., Jajodia, S., Wang, L. (eds) Security and Protection in Information Processing Systems. SEC 2004. IFIP — The International Federation for Information Processing, vol 147. Springer, Boston, MA. https://doi.org/10.1007/1-4020-8143-X_9
Download citation
DOI: https://doi.org/10.1007/1-4020-8143-X_9
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-8016-1
Online ISBN: 978-1-4020-8143-9
eBook Packages: Springer Book Archive