ERPSEC - a reference framework to enhance security in ERP systems

S. H. von Solms, M. P. Hertenberger

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


This paper proposes a method of integrating the concept of information ownership in an Enterprise Resource Planning (ERP) system for enhanced security. In addition to providing enhanced security, the reference framework ERPSEC developed for this study provides better manageability and eases implementation of security within ERP software packages. The results of this study indicate that central administration, control and management of security within the ERP systems under investigation for this study weaken security. It was concluded that central administration of security should be replaced by a model that distributes the responsibility for security to so-called information owners. Such individuals hold the responsibility for processes and profitability within an organization. Thus, they are best suited to decide who has access to their data and how their data may be used. Information ownership, coupled with tight controls can significantly enhance information security within an ERP system.

Original languageEnglish
Title of host publicationSecurity and Privacy in the Age of Ubiquitous Computing - IFIP TC11 20th International Information Security Conference
Number of pages16
Publication statusPublished - 2005
EventIFIP TC11 20th International Information Security Conference, IFIP/SEC2005 - Chiba, Japan
Duration: 30 May 20051 Jun 2005

Publication series

NameIFIP Advances in Information and Communication Technology
ISSN (Print)1868-4238


ConferenceIFIP TC11 20th International Information Security Conference, IFIP/SEC2005


  • Database security
  • authentication
  • information flow
  • misuse detection
  • security policy

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications
  • Information Systems and Management


Dive into the research topics of 'ERPSEC - a reference framework to enhance security in ERP systems'. Together they form a unique fingerprint.

Cite this