Information is one of the most important assets of any organization. Hence it should be appropriately protected. Information needs to be available and accessible uninterruptedly for the smooth functioning of any organization. Information security describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage. Organizations assess threats, vulnerabilities and impact to sensibly manage these risks.
Critical Factors for implementing the ISMS (Information Security Management system) are
- Confidentiality: Protecting information from unauthorized parties.
- Integrity: Protecting information from modification by unauthorized users.
- Availability: Making the information available to authorized users.
The information security is achieved through system based internal and operational controls. A generic information security framework consists of three components:
Enterprise resource planning (ERP) system security must be governed by the same principles as conventional information security. During an ERP implementation, however these three components: People, Policy and Technology need to be augmented to fit any co-existing system.
The ERP security framework is applied to an ERP model to illustrate how People, Policy and Technology can be incorporated into it. The framework is product and vendor independent and is characterized by rigidity of character but flexibility of use.
Authors Shirish Bapat (Oracle Certified, PMP, CISA) and Praseed Menon (MCA, CISA) have lined out the most overlooked factors of an ERP security implementation. Both the authors are Practicing Security and Project Management Professionals, and have a vast experience in JD Edwards EnterpriseOne implementations and support.
Download the JDE Security & Governance whitepaper to know more on the subject.