November 11, 2000

Symbiosis Centre for Information Technology

SIU Code:30241408

Course Code: P305 Credit Points : 2Course Designer:

Mr. Sameer SaxenaRevised by S.Vijaykumar BharathiRevision Date:

15th March 2010 Reviewed Date : 16.03.2011

Course Name

ERP Risks and Challenges

Scope and Objectives

This course highlights security issues and raises awareness of security requirements in an ERP Environment. Students will learn how to apply concepts, strategies, and various tools to promote security of an ERP System. They will understand various aspects of ERP vulnerability, evaluating security of database tables, identifying separation of duty concerns and isolating critical authorizations that pose risks to system security. We will also look into an audit of an ERP system.

Prerequisite

Basic knowledge on Enterprise System, IT infrastructure, Good understanding on the principles of Information Security

Prescribed Books1) SAP Security and Authorizations: Risk Management and Compliance with Legal Regulations in the SAP Environment, by Mario Linkies, SAP PRESS America, MD, 2006. ISBN 1-59229-062-02) Security, Audit and Control Features SAP R/3: A Technical and Risk Management Reference Guide, 2nd Edition, by Deloitte Touche Tohmatsu Research Team, ISACA, Rolling Meadows, IL, 2006. ISBN: 1-933284-30-7

Reference books/Sites

Additional Readings:

TopicsDetailsCase Study

Introduction to

ERP systems

(2 Sessions) What is ERP?

History of ERP

Drivers for change

Uses of ERP Technology Drivers

Components of an ERP System

Implementation of an ERP System

Current ERP Systems

ERP Project (2 Sessions) True potential of ERP Software Projects Planning, Execution and Implementation

Project Management

Security in an ERP Arena (2 Sessions) Current State of Security Security Failures

Continuous Monitoring

ERP Risk Identification (2 Sessions) Inadequate selection Poor project team skills

Low top management involvement

Inadequate training and instruction

Complex architecture

Inadequate BPR

Inadequate IT systems and related issues

Authentication of Users and Group Security

(2 Sessions) Fundamentals/goals of system security

User authentication, passwords and policies

Roles and Profiles

Creating Roles

Role Maintenance

Standard v/s. Specialised Roles

Controlling and Monitoring User Access (2 Sessions) Protecting tables and programs Monitoring transaction usage

Securing Users and Group Administration

(2 Sessions) Centralized vs. Decentralized Security

Monitoring using trace tools

Securing standard users and setting parameters

Securing the Production System

(2 Sessions) Protecting system services

Protecting background and spool processes

Auditing ERP Systems(2 Sessions) Basics of auditing ERP Systems Configuring AIS Audit Logging Monitoring

Tools for general auditing

Auditing separation of duties

Identifying risky transactions

ERP Security Checklist(2 Sessions) Managing Role and Responsibilities

Passwords, IDs and PINs

Data Standards and Integrity

Process Documentation

Exporting Sensitive data

Evaluation PolicyInternal Evaluation : 60 Marks

External Evaluation : 40 Marks

MBA ITBM (Elec-ISM) 2011-13 2/2