2. Agenda 01
02
03
04
Introduction to Cyber Security
Fundamentals of Cyber security
Enterprise Systems and Security
Fundamentals of ES and Security
Major Vulnerabilities on ES Security
and how to mitigate them
Common Security problems on ES platforms
Conclusion
Summary on what we discussed
4. Introduction to Cyber Security
Fundamentals of Cyber security
Modified only by
Authorized parties.
Integrity
Accessible to
the
authorized
parties in a
timely
manner .
Availability
Available to
authorized users
only.
Confidentiality
Least Privilege
Economy/ Simplicity
Open Design
Non-bypassability
Fail-safe default
Separation of privileges
Least Common mechanism
Psychological acceptability /
Easy to use
Common Design
Principals
6. Enterprise Systems and Security
Fundamentals of ES and Security
ES
Security
Integration of Information
systems
Contains most valuable data
Security at transit
Security at rest
Data breaches and Denial of
Services
SCM
CRM/SRM
HRM
PLM
FI
Enterprise Systems
8. Vulnerabilities and How to mitigate them
Log and Track the changes
Maintain authorization check list
Full access rights(Confidentiality
violation)
Select a vendor who practice
industry standard protocols
Introduce proper security policies
Failures to Comply
Evaluate the security aspect of the
product
Selecting the ideal vendor
Provide Standard training with help
of the vendor
Lack of Training
9. Carefully select the cloud provider
Ensure all the security measure are taken
Security concerns with cloud based
implementations
Frequent audit/Compliance testing
Security Audits
Use industry standards applications only
Use intermediate service(escrows)
Integrations with unsecure systems
Use Multi Factor Authentication(MFA)
techniques
Single Factor Authentication(SFA)
Vulnerabilities and How to mitigate them
10. Summary
Value of organizational
Data
Enterprise Systems
Why should you select a
reputed vendor
Vendor Selection
Confidentiality, Integrity,
Availability
Cyber Security
Why should you concern
about integration
mechanism
ES Integrations
Neediness of the MFA instead of
SFA.
Multi factor authentication
Important security measures
Cloud based Implementations
Full access should not come default
Vendor: backdoor
AWS: IAM
Network security (VPC)
Security Grops(Firewall)
Reference:
ERP security. (2019). Retrieved from https://en.wikipedia.org/wiki/ERP_security
Polyakov, A. (2019). Survey reveals the damage of fraud attacks against SAP system is estimated at $10m. Retrieved from https://www.cso.com.au/article/621185/survey-reveals-damage-fraud-attacks-against-sap-system-estimated-10m/
She, W., & Thuraisingham, B. (2007). Security for Enterprise Resource Planning Systems (pp. 1-13). Texas: Taylor & Francis Group.
Thuraisingham, B. (2005). Security standards for the semantic web (pp. 257-268). Bedford: Elsevier B.V.
What is cyber security and why is it important?. (2019). Retrieved from https://www.telstra.com.au/small-business/platinum-technical-support/articles/what-is-cyber-security-and-why-is-it-important
Yeo, S., Kim, S., & Cho, D. (2014). Dynamic Access Control Model for Security Client Services in Smart Grid. Daejeon, South Korea: International Journal of Distributed Sensor Networks.