erp risk and challenges
DESCRIPTION
lkasdhTRANSCRIPT
November 11, 2000
Symbiosis Centre for Information Technology
SIU Code:30241408
Course Code: P305 Credit Points : 2Course Designer:
Mr. Sameer SaxenaRevised by S.Vijaykumar BharathiRevision Date:
15th March 2010 Reviewed Date : 16.03.2011
Course Name
ERP Risks and Challenges
Scope and Objectives
This course highlights security issues and raises awareness of security requirements in an ERP Environment. Students will learn how to apply concepts, strategies, and various tools to promote security of an ERP System. They will understand various aspects of ERP vulnerability, evaluating security of database tables, identifying separation of duty concerns and isolating critical authorizations that pose risks to system security. We will also look into an audit of an ERP system.
Prerequisite
Basic knowledge on Enterprise System, IT infrastructure, Good understanding on the principles of Information Security
Prescribed Books1) SAP Security and Authorizations: Risk Management and Compliance with Legal Regulations in the SAP Environment, by Mario Linkies, SAP PRESS America, MD, 2006. ISBN 1-59229-062-02) Security, Audit and Control Features SAP R/3: A Technical and Risk Management Reference Guide, 2nd Edition, by Deloitte Touche Tohmatsu Research Team, ISACA, Rolling Meadows, IL, 2006. ISBN: 1-933284-30-7
Reference books/Sites
Additional Readings:
TopicsDetailsCase Study
Introduction to
ERP systems
(2 Sessions) What is ERP?
History of ERP
Drivers for change
Uses of ERP Technology Drivers
Components of an ERP System
Implementation of an ERP System
Current ERP Systems
ERP Project (2 Sessions) True potential of ERP Software Projects Planning, Execution and Implementation
Project Management
Security in an ERP Arena (2 Sessions) Current State of Security Security Failures
Continuous Monitoring
ERP Risk Identification (2 Sessions) Inadequate selection Poor project team skills
Low top management involvement
Inadequate training and instruction
Complex architecture
Inadequate BPR
Inadequate IT systems and related issues
Authentication of Users and Group Security
(2 Sessions) Fundamentals/goals of system security
User authentication, passwords and policies
Roles and Profiles
Creating Roles
Role Maintenance
Standard v/s. Specialised Roles
Controlling and Monitoring User Access (2 Sessions) Protecting tables and programs Monitoring transaction usage
Securing Users and Group Administration
(2 Sessions) Centralized vs. Decentralized Security
Monitoring using trace tools
Securing standard users and setting parameters
Securing the Production System
(2 Sessions) Protecting system services
Protecting background and spool processes
Auditing ERP Systems(2 Sessions) Basics of auditing ERP Systems Configuring AIS Audit Logging Monitoring
Tools for general auditing
Auditing separation of duties
Identifying risky transactions
ERP Security Checklist(2 Sessions) Managing Role and Responsibilities
Passwords, IDs and PINs
Data Standards and Integrity
Process Documentation
Exporting Sensitive data
Evaluation PolicyInternal Evaluation : 60 Marks
External Evaluation : 40 Marks
MBA ITBM (Elec-ISM) 2011-13 2/2