@inproceedings{abc548c40d204c6c92ea97f368a6d05e,
title = "ERPSEC - a reference framework to enhance security in ERP systems",
abstract = "This paper proposes a method of integrating the concept of information ownership in an Enterprise Resource Planning (ERP) system for enhanced security. In addition to providing enhanced security, the reference framework ERPSEC developed for this study provides better manageability and eases implementation of security within ERP software packages. The results of this study indicate that central administration, control and management of security within the ERP systems under investigation for this study weaken security. It was concluded that central administration of security should be replaced by a model that distributes the responsibility for security to so-called information owners. Such individuals hold the responsibility for processes and profitability within an organization. Thus, they are best suited to decide who has access to their data and how their data may be used. Information ownership, coupled with tight controls can significantly enhance information security within an ERP system.",
keywords = "Database security, authentication, information flow, misuse detection, security policy",
author = "{von Solms}, {S. H.} and Hertenberger, {M. P.}",
year = "2005",
doi = "10.1007/0-387-25660-1_6",
language = "English",
isbn = "038725658X",
series = "IFIP Advances in Information and Communication Technology",
pages = "79--94",
booktitle = "Security and Privacy in the Age of Ubiquitous Computing - IFIP TC11 20th International Information Security Conference",
note = "IFIP TC11 20th International Information Security Conference, IFIP/SEC2005 ; Conference date: 30-05-2005 Through 01-06-2005",
}