@inproceedings{182e0359e54f4d06817c2a6a9d850e79,
title = "A case for information ownership in ERP systems",
abstract = "This study investigates the lack of infomation ownership in current Enterprise Resource Planning (ERP) software systems. The purpose is to show how difficult, time consuming and costly the implementation of security within such systems is, The focus is on the investigation of security implementations within well-known ERP software packages such as SAP R/3 and Oracle EBusiness Suite. The results of the study indicate that central administration, control and management of security within the ERP systems under investigation weaken security. It was concluded that central administration of security should be replaced by a model that distributes the responsibility for security to so-called infonnation owners. Such individuals hold the responsibility for processes and profitability within an organization. Thus, they are best suited to decide who has access to their data and how their data may be used. Information ownership, coupled with tight controls can significantly enhance infonnation security within an ERP system.",
keywords = "Authentication, Database security, Infonnation flow, Misuse detection, Security policy",
author = "{von Solms}, {S. H.} and Hertenberger, {M. P.}",
year = "2004",
doi = "10.1007/1-4020-8143-x_9",
language = "English",
isbn = "9781475780161",
series = "IFIP Advances in Information and Communication Technology",
publisher = "Springer New York LLC",
pages = "135--149",
booktitle = "Security and Protection in Information Processing systems - IFIP 18th World Computer Congress, TC11 19th International Information Security Conference, SEC 2004",
note = "IFIP TC11 19th International Information Security Conference, SEC 2004 ; Conference date: 22-08-2004 Through 27-08-2004",
}