Integrated IT Structure: ERP Systems
18
obligations: edit the contact and profile data. A similar procedure needs to be
followed when an existing contact needs to be edited or deleted. Certain guidelines
are necessary when working with modules in an ERP system, because all entered
data is stored in a central database following a specific pattern (Hesseler, 2009, pp.
37-39).
4.3
Security Measures
Based on the consideration that all business relevant data is stored within an ERP
system, it is vital for a sustainable operation of the company to provide a secure
environment for its files. Any attacks to alter, disclosure to others or usage outside
the premises for non-company related reasons must be avoided at all cost. In this
case it makes no difference if these attempts of data mishandling originate from
inside or outside the company, like for example Denial of Service (DoS) attacks,
where repeatedly requests sent from various devices rendering the database to
crash and enabling unauthorized access to information (Schwabach, 2006, pp. 83-
84).
Security in an ERP system starts with basic procedures like using a username and
password for each employee or limiting the user access rights based on their roles
in the company (Glenn, 2008, p. 97).
More advanced security features offers the so-called “Three-System-Landscape”
model or firewalls, monitoring the data traffic based on established security routines.
4.3.1
Inside Security: Three-System-Landscape
Görtz & Hesseler (2007) describe the Three-System-Landscape as an ERP-system
infrastructure, which is divided into a development system, a test system and a
productive system.
