erp security1
DESCRIPTION
ERP Security1TRANSCRIPT
MANAGING ERP SECURITY
Introduction
To mange the risk regarding ERP implementation and ERP project is much larger issue and need to be seen as a whole to ensure that ERP system is implemented and operated successfully during the life cycle
TYPES OF ERP SECURITY ISSUES
Network Security :
Selected customers and suppliers with whom a company need collaboration should be allowed within company’s FIREWALL and should be able to see only relevant data.
Secured network to avoid hackers
TYPES OF ERP SECURITY ISSUES
System Access Security – Role & Authorisation
Valid authorization and authentication for each employee in the organization
“For example the person creating purchase order should not be allowed to release payment”
TYPES OF ERP SECURITY ISSUES
Data Security
During ERP implementation company’s sensitive data are visible to the implementation team members.
Security of the data are more important to the companies like bank,defence,credit card etc…
SYSTEM BASED SECURITY- AUTHORISATIONS
Depending upon the roles and responsibly of
the employees two types of authorization
strategies are supported by ERPs
(I) Activity based authorization(II) Role based authorization
Activity Based Authorizations
Steps:1. Indentify the activities of the
particular process may involve2. Prepare set of transaction code for
each activity3. Prepare authorization role for each
transaction4. Assign the user the specific role
For Example – Leave Approval Process
(I) Identify the activities(I) View Leave Balances(II) Execute and approve workflow for leave
request
(II) Prepare set of code(I) View Leave Balances - XX(II) Execute and approve workflow – YY
(III)Prepare authorization roleZ:HR_APPROVE_LEAVES will consists XX
and YY.
Advantage and Disadvantage
Advantage of activity based is Flexibility in
assigning various combination of transaction
sets.
Disadvantage is Transaction code should be
carefully created to avoid duplication
Role Based Authorization
Instead of focusing on individual activity hereauthorization is created for a “Role” for
example“Procurement Role”.Steps:(I) Identify the transaction codes that each
role in organization require(II) Prepare authorization role for list of
transaction(III)Assign role to the user.
Advantage and Disadvantage
Advantage of role based is authorization role becomes specific to identified role in a function, therefore future modification can be managed easily.
Disadvantage : This method requires careful standardization of roles.
Different Types of Authorization
Role Transaction Code Types of Authorization
Material Manager Material Master Create,Change,Delete,Display
Goods Issue Clerk Material Master Display
Data Security and Technology For Managing DATA
Data Masking:The Process of concealing sensitive data in
development, test or training environment so that developers or testers do not get exposed to this data.
Benefits:1. It meets regulatory compliance requirement2. It enhance data security for outsourcing application
Data Masking Algorithms
1. Shuffling / Reorder2. Random Value3. Hashing4. Date aging5. Numeric Alternation6. Custom7. Substitution with a random value IBM optim is popular data masking
tool