ELICITATION OF SECURITY REQUIREMENTS FOR ERP

Abstract

This report addresses the topic of Elicitation of security in Enterprise Resource Planning (ERP) software systems. Specific attention is given in extending a security modelling technique for ERP software packages. Existing software packages to control business processes are widely accepted and have become the central data repository for most information relating to an enterprise. Each of these systems provides a method by which data may be protected. Access to information may be restricted to authorized users only. To protect the business, access to critical resources must be limited to authorized and authenticated users only. The aim of this study is to investigate existing security and threats modelling techniques and implement ERP systems in the best available technique for modelling security. The deliverable of the study is to provide a clear and concise process to provide organizations with a better security requirement elicitation process for ERP. Such an implementation should enable the organization to be aware of problem areas and to be able to address them confidently. Organizations are unsure as to how security requirements are elicitated within their selected product, the methodology proposed by this study should enable such organizations to gain a better understanding of how security could and should be implemented to best effect.