Sep 12 2014

Information Security and Governance in ERP Implementation [Whitepaper]

VN:F [1.9.22_1171]
Rating: 4.0/5 (1 vote cast)

Integrity-Availability-ConfidentialityInformation is one of the most important assets of any organization. Hence it should be appropriately protected. Information needs to be available and accessible uninterruptedly for the smooth functioning of any organization. Information security describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage. Organizations assess threats, vulnerabilities and impact to sensibly manage these risks.

Critical Factors for implementing the ISMS (Information Security Management system) are

  • Confidentiality: Protecting information from unauthorized parties.
  • Integrity: Protecting information from modification by unauthorized users.
  • Availability: Making the information available to authorized users.

The information security is achieved through system based internal and operational controls. A generic information security framework consists of three components:

  • People
  • Policy
  • Technology

Enterprise resource planning (ERP) system security must be governed by the same principles as conventional information security. During an ERP implementation, however these three components: People, Policy and Technology need to be augmented to fit any co-existing system.

The ERP security framework is applied to an ERP model to illustrate how People, Policy and Technology can be incorporated into it. The framework is product and vendor independent and is characterized by rigidity of character but flexibility of use.

Authors Shirish Bapat (Oracle Certified, PMP, CISA) and Praseed Menon (MCA, CISA) have lined out the most overlooked factors of an ERP security implementation. Both the authors are Practicing Security and Project Management Professionals, and have a vast experience in JD Edwards EnterpriseOne implementations and support.

Download the JDE Security & Governance whitepaper to know more on the subject.

Published under the license.

VN:F [1.9.22_1171]
Rating: 4.0/5 (1 vote cast)
Information Security and Governance in ERP Implementation [Whitepaper], 4.0 out of 5 based on 1 rating
(Visited 106 times, 1 visits today)

About the author

Deepesh M Divakaran

Deepesh MD is more of a Gizmo Geek, and a techie.
A very experienced Technical Consultant on Oracle JD Edwards EnterpriseOne, and OneWorld. As a consultant he has worked for wide range of industries, from Manufacturing, Media, Oil & gas etc. and has worked on re-engineering modules, and areas of customization.
With a touch of class and understanding towards what ever he does, he is often regarded by his colleagues as the one stop answer for all Technical/Software related queries.

Leave a Reply