Symbiosis Centre for Information Technology

SIU Code:

30241408

Course Code: P305 Credit Points : 2

Course Name
Scope and
Objectives

Prerequisite
Prescribed Books

Course Designer:
Mr. Sameer Saxena
Revised by
S.Vijaykumar Bharathi

Revision Date:
15th March 2010 Reviewed
Date : 16.03.2011

ERP Risks and Challenges

This course highlights security issues and raises awareness of security
requirements in an ERP Environment. Students will learn how to apply
concepts, strategies, and various tools to promote security of an ERP
System.
They will understand various aspects of ERP vulnerability, evaluating security
of database tables, identifying separation of duty concerns and isolating
critical authorizations that pose risks to system security.
We will also look into an audit of an ERP system.
Basic knowledge on Enterprise System, IT infrastructure, Good
understanding on the principles of Information Security
1) SAP Security and Authorizations: Risk Management and Compliance
with Legal Regulations in the SAP Environment, by Mario Linkies,
SAP PRESS America, MD, 2006. ISBN 1-59229-062-0
2) Security, Audit and Control Features SAP R/3: A Technical and Risk
Management Reference Guide, 2nd Edition, by Deloitte Touche
Tohmatsu Research Team, ISACA, Rolling Meadows, IL, 2006.
ISBN: 1-933284-30-7

Reference
books/Sites
Additional Readings:

Topics
Introduction to
ERP systems
(2 Sessions)

Details

ERP Project

(2 Sessions)

Security in an ERP

Arena (2 Sessions)

MBA ITBM (Elec-ISM) 2011-13

Case Study
What is ERP?
History of ERP
Drivers for change
Uses of ERP
Technology Drivers
Components of an ERP System
Implementation of an ERP System
Current ERP Systems
True potential of ERP Software Projects
Planning, Execution and Implementation
Project Management
Current State of Security
Security Failures
Continuous Monitoring

1/2

Symbiosis Centre for Information Technology

ERP Risk
Identification
(2 Sessions)

Authentication of
Users and Group
Security
(2 Sessions)

Controlling and
Monitoring User
Access
(2 Sessions)
Securing Users
and Group
Administration
(2 Sessions)
Securing the
Production System
(2 Sessions)
Auditing ERP
Systems
(2 Sessions)

ERP Security
Checklist
(2 Sessions)

Evaluation Policy

Inadequate selection
Poor project team skills
Low top management involvement
Inadequate training and instruction
Complex architecture
Inadequate BPR
Inadequate IT systems and related issues
Fundamentals/goals of system security
User authentication, passwords and policies
Roles and Profiles
Creating Roles
Role Maintenance
Standard v/s. Specialised Roles
Protecting tables and programs
Monitoring transaction usage

Centralized vs. Decentralized Security

Monitoring using trace tools
Securing standard users and setting parameters

Protecting system services

Protecting background and spool processes

Basics of auditing ERP Systems

Configuring AIS
Audit Logging
Monitoring
Tools for general auditing
Auditing separation of duties
Identifying risky transactions
Managing Role and Responsibilities
Passwords, IDs and PINs
Data Standards and Integrity
Process Documentation
Exporting Sensitive data
Internal Evaluation : 60 Marks
External Evaluation : 40 Marks

MBA ITBM (Elec-ISM) 2011-13

2/2