Модель гармонизованного стандарта защиты информации в системах управления ресурсами предприятия

Робота присвячена проблемі розробки гармонізованого стандарту захисту інформації в системах управління ресурсами підприємства. Завдання обмежене до рівня промислових систем управління ресурсами підприємства. Синтез гармонізованого стандарту здійснюється шляхом експертної оцінки на основі стандартів ISO/IES 17799:2005 та COBIT 4.1.The paper deals with the synthesis of the harmonised information security standard for Enterprise Resource Planning systems. The considerations are confined to the class of production Enterprise Resource Planning systems. Synthesis of the harmonised standard is achieved through expert evaluation based on ISO/IES 17799:2005 and COBIT 4.1 standards.Работа посвящена проблеме разработки гармонизированного стандарта защиты информации в системах управления ресурсами предприятия. Задача ограничена до уровня промышленных систем управления ресурсами предприятия. Синтез гармонизированного стандарта осуществляется посредством экспертной оценки на основании стандартов ISO/IES 17799:2005 и COBIT 4.1

The impact of social constructivism on ERP systems security: A critical social review

Little is understood about the effects of social constructivism that shapes conflicting concerns regarding Enterprise Resource Planning (ERP) security and usability during implementation. This work looks at social constructivism as produced and reproduced by stakeholders in the ERP systems implementation phase. Social constructivism is characterised by the embedded trade-off for usability, espoused by end-user and security, espoused by developers. Social constructivism was conceptualised qualitatively from a selected case study. Critical Social Theory (CST) was used as the theoretical lens. Stakeholders concerned with ERP security aspects in the implementation phase were interviewed and data transcribed and interpreted. Hermeneutical interpretation was applied towards understanding social constructivism. Exegesis techniques used include textual criticism and reduction criticism. The contribution of the work is twofold: the work provides insights regarding ERP systems security by attempting to explain how social constructivism shapes outcomes of ERP security; the article also shows how hermeneutics could be applied in the discipline of information systems security. Findings for this case reveal that social constructivism does shape ERP security in insightful ways

End-user authentication control in cloud-based ERP systems

Cloud Security is the use of latest technology and security techniques to safeguard data, applications and infrastructure associated with Cloud Computing. The set of policies, procedures, technologies, and controls that function jointly to safeguard cloud-based systems, infrastructures and data are known as the Cloud Computing Security Model. This paper reviews several Cloud Computing Security Models with a close look at the model that addresses data security challenges in cloud-based Enterprise Resource Planning (ERP) systems and proposes an End-User Authentication Control Model for Cloud-based ERP systems. This is a cloud computing security model that uses Enterprise Access Directory, Enterprise Data Fragmentation in cloud and End-user Access Queries, to ensure that End users share a greater security responsibility. The proposed model, when compared with other exiting models, will encourage more end-user participation in enterprise data security in the cloud. The proposed model also mitigates the impact that a malicious insider might have on the enterprise cloud data set, since no single user can gain access to the whole cloud-based enterprise database at the same time. The proposed model considers end-user role and responsibility within the enterprise to determine the level of access and to data in the cloud-based ERP system

Integration Framework of MES Toward Data Security Interoperation

© 2020, Springer Nature Switzerland AG. The core problem of the application of MES (Manufacturing Execution System) in intelligent manufacturing systems is integration, which solves the problem of the data interoperation between the distributed manufacturing systems. The previous researches on MES integration rarely considered the problem of system data security access. A three-level data security access mechanism based on the independence of the system administrators, security administrators, and security auditors is proposed which integrated into the MES integration framework to guarantee the business and engineering data security access for the related distributed clients. The principle is using the domain to make the logical isolation for different clients and data sources and applying the pre-defined data sharing rules for safe access. In the proposed MES integration framework model, the data interoperation between MES and the engineering software systems is discussed which includes ERP (Enterprise Resource Management), CAPP (Computer Aided Process Planning), DNC (Distribution Numerical Control), WMS (Warehouse Management System), and SCADA (Supervisory Control and Data Acquisition), etc., the implementation method of personalized data display GUI is discussed as well. The study is based on the KMMES developed by Wuhan KM-Software of China, and it has been deployed in over forty companies from the sections of aerospace, automotive, shipbuilding and other industries

Blockchain, enterprise resource planning (ERP) and accounting information systems (AIS):Research on e-procurement and system integration

Accounting information systems (AISs), the core module of any enterprise resource planning (ERP) system, are usually designed as centralised systems. Nowadays, the continuous development and applications of blockchain, or more broadly—distributed ledger technology (DLT), can change the architecture, overcome and improve some limitations of centralised systems, most notably security and privacy. An increasing number of authors are suggesting the application of blockchain technologies in management, accounting and ERPs. This paper aims to examine the emerging literature on this field, and an immediate result is that blockchain applications can have significant benefits. The paper’s innovative contribution and considerable objective are to examine if blockchain can be successfully integrated with AIS and ERPs. We find that blockchain can facilitate integration at multiple levels and better serve various purposes as auditing compliance. To demonstrate that, we analyse e-procurement systems and operations using case study research methodology. The findings suggest that DLT, decentralised finance (DeFI), and financial technology (FinTech) applications can facilitate integrating AISs and ERP systems and yield significant benefits for efficiency, productivity and security

Using an Integrated Humanitarian Supply Chain EPR System to Improve Refugee Flow Management:A Conceptual Framework and Validation

Effective coordination of relief efforts of organizations in the Humanitarian Supply Chain (HSC) is a challenge facing various organizations and stakeholders. Despite the importance of information sharing along the HSC, limited previous studies attempted to develop feasible information systems capable of facilitating the effective resource planning and inter-organizational coordination for better relief actions. This study proposes an integrated HSC Enterprise Resource Planning (ERP) system that utilizes the capabilities of the existing Maritime Transport Security Information Systems so as to improve lean operations of HSCs, and to optimize resources planning and usage during the stochastic assignment of accepting refugees and accommodating them in their journey to safer destinations. This paper introduces the conceptual framework of this integrated ERP system and validates the feasibility of this framework in the context of the Greek refugee crisis, involving perspectives of stakeholders in the Greek refugee crisis

Enterprise information security policy assessment - an extended framework for metrics development utilising the goal-question-metric approach

Effective enterprise information security policy management requires review and assessment activities to ensure information security policies are aligned with business goals and objectives. As security policy management involves the elements of policy development process and the security policy as output, the context for security policy assessment requires goal-based metrics for these two elements. However, the current security management assessment methods only provide checklist types of assessment that are predefined by industry best practices and do not allow for developing specific goal-based metrics. Utilizing theories drawn from literature, this paper proposes the Enterprise Information Security Policy Assessment approach that expands on the Goal-Question-Metric (GQM) approach. The proposed assessment approach is then applied in a case scenario example to illustrate a practical application. It is shown that the proposed framework addresses the requirement for developing assessment metrics and allows for the concurrent undertaking of process-based and product-based assessment. Recommendations for further research activities include the conduct of empirical research to validate the propositions and the practical application of the proposed assessment approach in case studies to provide opportunities to introduce further enhancements to the approach