Abstract
Enterprise Resource Planning (ERP) software is business-management software that allows an organization to use a system of integrated applications to manage the business. ERP software often contains highly confidential information that is vital to a firm's competitiveness, so it is critically important that appropriate security be implemented to reduce its vulnerability. In this chapter, security issues are presented that could arise when ERP software is integrated with many systems and with web environments. The security issue is one of the major issues with ERP software, and it has not been a major focus of the developers of the software, who leave this issue to different components of the system and to vendor implementation. In this chapter, The author presents a new security model for ERP software. The author also presents a new authentication model that consists of the following layers: Role base, Data mining, Risk-based access control, and PKI.
TopIntroduction
Enterprise Resource Planning is a business integration approach; it was first developed by the Gartner Group in 1990 as the next generation of manufacturing business system and manufacturing resource planning software. Today, ERP software is considered to be “the price of entry for running a business” (Kumar, 2000).ERP software integrates internal and external information across an entire organization, including finance, accounting, manufacturing, sales and service, customer-relationship management, and others. ERP software computerize these activities with a unified software application. The objectivesare to facilitate the flow of information between all business functions inside the limits of the organization and to manage the connections outside the organization (Bidgoli, 2003). ERP software can be used to manage and modernize all the resources in an enterprise, and it incorporates the business processes within and across the functional boundaries in the organization. With ERP software, an enterprise can systematize its central and essential business applications; decrease thecomplexity and cost of collaboration; ensure that the enterprise takes part in the BPR to optimize its operations, and become a successful business (She, 2007; Thuraisingham, 2006). ERP softeware allows enterprises to share information systems with trusted associates over supply chain management, and the number of authorized users and operators continues to rise. The ERP approach represents a new way of managing business systems that is beyond the perimeter of conventional IT security. Enterprises must trust the actions of employees and trust their partners' employees and perimeter security. For most ERP systems, security starts with user-based controls, which limit a user's access to the system based on her or his individual, customized, authorization level. The fact that security is a big issue is evidenced by the following statement:“When you consider that the average business loses 3 percent to 6 percent of annual revenue due to fraud, most agree that the ERP security features listed above are not working” (Holsbac & Johnson, 2004).
In this work, The general architucture of ERP software has been presented,and security issues are presented that could arise when ERP software is integrated with many systems and with web environments. The work is focused on current issues in ERP, such as:
The major contribution of this chapter is a new authentication model that consists of the following layers:
These layers are presented in:
TopErp Systems And Applications
Enterprise Resource Planning (ERP) is an industry expression for the wide set of accomplishments that assist and manage the significant parts of a business. The information is presented through an ERP system that provides great assistance in meeting the industry’s objectives. ERP software applications can be used to purchase parts, manage product planning, provide customer service, assess inventories, interact with suppliers, and track orders. ERP software can also include applications for the finance and human resources aspects of a business. Classically, an ERP system uses a relational database system or is integrated with such a system. The deployment of an ERP system includes significant business process analysis, employee retraining, and new work procedures.
Key Terms in this Chapter
Permission: A description of the type of authorized intersections a subject can have within an object.
Access Control: The selective restriction of access to a physical or logical resource.
Authentication: Any process by which a system verifies the identity of a User who wishes to access it. Since Access Control is normally based on the identity of the User who requests access to a resource.
ERP: Enterprise Resource Planning is business process management software that allows an organization to use a system of integrated applications to manage the business and automate back office functions.
Authorization Check: Used to protect the transactions or data and is embedded in the program logic.
Business Intelligence: The concept has a wide range of concealment of all the processes and conducts analysis and/or evaluation of the work at the strategic level, tactical level, or operational level by providing direction for optimizing business performance.
PKI: An arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique within each CA domain.