1

IEI-4B2 – Enterprise Resource Planning

SECURITY

Ari Yanuar Ridwan

S1 Teknik Industri – Fakultas Rekayasa Industri

 2

INTORDUCTION

• Security and risk management is increasingly becoming a

global issue and during implementation of an
• enterprise wide system like ERP, this can not be neglected. In
most ERP projects, activities in risk management
• is mainly limited to project risk. However, managing risk is a
much larger issue and need to be seen
• as a whole to ensure that the ERP system is implemented and
operated successfully during its lifecycle.

2
 3

TYPES OF ERP SECURITY ISSUES

• Network Security
• System Access Security—Role and Authorisation
• Data security

3
 4

SYSTEM ACCESS SECURITY—AUTHORISATIONS

• Activity-based authorisation
• Identify the activities that a process may involve
• Prepare a ‘set’ of transaction codes for each identified activity
• Prepare an authorization role for each set of transactions
• Assign the user the specific authorization role

• Role-based authorisation
• Identify the transaction codes that each role in the organization require
• Prepare an authorization role for the list of transactions identified
• Assign the user the specific authorization role

4
 5

DATA SECURITY AND TECHNOLOGY FOR MANAGING

DATA SECURITY
• Data Masking
• It meets regulatory compliance requirements such as HIPAA.
• It enhances data security for outsourcing application and development.
• Data Masking Algorithms
• Shuffling/Reorder
• Random value:
• Hashing
• Date aging:
• Value changes in increments or decrements/Numeric alternation:
• Custom:
• Substitution with a random value:
• Data Masking Tools
5 • IBM Optim
 6

Summary

• For better access security roles and authorizations need to be defined in ERP system.
Authorization can be role-based or activity-based.
• In activity-based authorization, based on the number of transactions a person use, an
authorization profile is created for the individual including all those transactions and
assigned to him.
• In role-based authorization, an organization creates a set of roles based on organization's
functions and anyone performing that function will get that role and access to a set of
transactions associated with the role. Role can be sales manager, sales supervisor,
production manager, material manager, store clerk, etc.
• Data security is another important issue for the company going for ERP implementation and
technology like data masking can help here.

6
 7

THANK YOU