A case for information ownership in ERP systems

S. H. von Solms, M. P. Hertenberger

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Citation (Scopus)

Abstract

This study investigates the lack of infomation ownership in current Enterprise Resource Planning (ERP) software systems. The purpose is to show how difficult, time consuming and costly the implementation of security within such systems is, The focus is on the investigation of security implementations within well-known ERP software packages such as SAP R/3 and Oracle EBusiness Suite. The results of the study indicate that central administration, control and management of security within the ERP systems under investigation weaken security. It was concluded that central administration of security should be replaced by a model that distributes the responsibility for security to so-called infonnation owners. Such individuals hold the responsibility for processes and profitability within an organization. Thus, they are best suited to decide who has access to their data and how their data may be used. Information ownership, coupled with tight controls can significantly enhance infonnation security within an ERP system.

Original languageEnglish
Title of host publicationSecurity and Protection in Information Processing systems - IFIP 18th World Computer Congress, TC11 19th International Information Security Conference, SEC 2004
PublisherSpringer New York LLC
Pages135-149
Number of pages15
ISBN (Print)9781475780161
DOIs
Publication statusPublished - 2004
EventIFIP TC11 19th International Information Security Conference, SEC 2004 - Toulouse, France
Duration: 22 Aug 200427 Aug 2004

Publication series

NameIFIP Advances in Information and Communication Technology
Volume147
ISSN (Print)1868-4238

Conference

ConferenceIFIP TC11 19th International Information Security Conference, SEC 2004
Country/TerritoryFrance
CityToulouse
Period22/08/0427/08/04

Keywords

  • Authentication
  • Database security
  • Infonnation flow
  • Misuse detection
  • Security policy

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications
  • Information Systems and Management

Fingerprint

Dive into the research topics of 'A case for information ownership in ERP systems'. Together they form a unique fingerprint.

Cite this