Practical Approach for Data Breach Cases in ERP Systems

Practical Approach for Data Breach Cases in ERP Systems

Pedro Sousa (Higher Polytechnic Institute of Gaya, Portugal), José Costa (Higher Polytechnic Institute of Gaya, Portugal) and Vitor Manso (Higher Polytechnic Institute of Gaya, Portugal)
DOI: 10.4018/978-1-4666-4526-4.ch015
OnDemand PDF Download:
No Current Special Offers


This chapter is based on a case study scenario where a major data breach happens in one institution of public sector, a municipality, in Portugal. The focus of this chapter is to explain the gap between software development and security specialists because these are two fields of information and technology with specialized staff, but they do not work together. Quality Software may increase if these two fields work together and all specialists work for a good end product. At the other extreme are organizations with security problems because the software is bad in the security field, and these organizations do not have mechanisms that help internal teams in case of security incidents. If security is not a concern when companies are developing software, the security specialists have a lot of problems when trying to audit the system.
Chapter Preview

Literature Review

The security problem of ERP starts before implementing in the organizations, ie, starts in the development phase and in software development companies. Traditionally companies that produce software don’t have security concerns, in the initial stages of development, and don’t have the human resources with expertise in this field. There are some concerns in terms of users and passwords and the need to create a model for privileges inside the software, but the focus of professional in software development are the features and purpose of the operation of the product, according to customer specifications or market where the software is located. There is a gap between software development and the field of computer security and information security. We found highly specialized human resources in software development and highly specialized human resources in computer security. The problem lies in the lack of cooperation and communication between these two fields in the area of information and technology (van Wyk & McGraw, 2005).

The software development companies wake up to this issue only after the implementation of software to their customers and when security incidents happen. Creating a culture of interdisciplinary work between software development and computer security can lead to the development of a top quality product and avoid many future problems in the implementation of systems. It is not only necessary to implement an interdisciplinary culture between the two fields, it is necessary to create models for the various specialists to communicate and understand the concerns and both parties, because the human resources software development does not dominate the themes of information security and information security specialists are not programmers or developers. You can find security methodologies to software development, the same way we found the UML (Unified Modeling Language) or other languages for communication between the client, analysts and programmers (van Wyk & McGraw, 2005).

Complete Chapter List

Search this Book: