How to ensure information security in the applicat

  • Detail

How to ensure information security in the application deployment of enterprise ERP

erp system is like the "black box" of the enterprise, which covers the most critical and sensitive information resources of the application enterprise. Therefore, how to ensure security on the basis of application has always been the biggest challenge in ERP deployment

safety is urgent

erp is characterized by large and comprehensive, from which users can find information about an enterprise's organizational structure, management philosophy, customer resources, human resource composition, enterprise capacity, sales channels, partners, competitors and other aspects. Because of this, it is urgent to establish information security management mechanism and protect the security of ERP. Some experts suggested that in the process of ERP application, information security should become the focus of the industry and an urgent problem to be solved

however, at present, when many enterprises discuss and promote the construction of ERP projects, they do not establish the prediction and response mechanism of accidents and disasters. It is often difficult to effectively consider the requirements of information security, and often ignore the construction of ERP system information security. No matter the product suppliers, implementation service providers, or third-party consulting agencies of ERP system, they also pay too much attention to the functions of ERP system, and mostly underestimate the problems related to ERP information security

at the same time, due to the relatively complex implementation process of ERP system and the limited technical force of manufacturers, it is also difficult to establish an effective information security management mechanism of ERP system in the implementation process, making ERP in the weakest link of the information security management of the whole enterprise. Perfect and reliable information security management is the central link that affects the successful implementation of ERP system. If the information security problems of ERP system cannot be effectively controlled, it may not only increase the implementation cost of the system, but also limit the full application of system functions to a great extent, and finally make the ERP Construction work with half the effort or even lose one, resulting in the success rate of ERP project construction in China being less than 35%

safety summary of ERP

it can be said that with the widespread application of ERP system in domestic enterprises, the safety problems of ERP are increasingly exposed and becoming more and more serious. The main reasons are summarized as follows: first, the physical environment, mainly water, fire, power supply and other disasters, as well as the low level of personnel use, decision-making, control and so on; Second, the system hardware, mainly for monitoring and control equipment, computer systems, network equipment, connecting lines and other defects; Third, system software, mainly computer operating system, database management system, server and other defects; Fourth, the application software is mainly caused by the design defects and weak technology of ERP system itself; Fifth, foreign intrusion, mainly tampering and destruction by viruses and hackers; Sixth, internal abuse, mainly operational errors, human sabotage, internal crimes, etc

today, with the rapid popularization of information applications, especially the ERP system based on the Internet, which can be accessed remotely from multiple sources inside and outside, is always exposed to the risks of viruses, hackers and even competitors' acquisition, tampering and destruction. A little carelessness will bring huge risk losses to enterprises. Therefore, how to give consideration to the security and efficiency of ERP system, and enhance the management and control ability of enterprises to identify, prevent, reduce and control the organization's information security risks Establishing a safe, reliable and effective safety management system and mechanism is becoming the top priority of enterprise information construction, and it is also a major problem faced by many enterprises

four key points

erp information system security should include physical security, information security, operation security and personal security. Among them, physical security refers to the measures and processes related to the protection of computer equipment, infrastructure (including networks) and other facilities from natural and man-made damage; Information security refers to the measures and processes to prevent information from being intentionally or accidentally illegally authorized to leak, change, destroy or make information be identified and controlled by illegal systems; Operation safety refers to the measures and contents of system risk management, audit tracking, backup and recovery, and emergency response; Personal safety mainly refers to the use of the system, the safety awareness, legal awareness and safety skills of managers

the purpose of establishing the ERP system security management mechanism is to ensure that the usability and confidentiality of the user's enterprise information system do not conflict with the maintainability of ERP information system engineering in terms of the current utilization of graphene battery; On the premise of controlling investment, ensure that there are no loopholes in the security design of information systems; Urge the ERP information system management personnel and application personnel of the enterprise to strictly implement safe operation and management under the safety management system and Safety specifications, and always establish safety awareness; Supervise the construction unit to implement in accordance with the technical standards and construction plan, and check whether the construction unit has any non safety hidden danger behaviors or phenomena in the design process

strategy and technology

erp security is more important than Taishan. For the majority of enterprises, it is very important and necessary to establish a reliable, reasonable and economic information security management system. On how to establish the information security management system, although there are many technical methods and means, and the specific details are more numerous, the fundamental method is to establish a sound ERP information security management system and adopt the corresponding basic strategies and main technologies, through the organic combination of systems and means, in order to achieve the best information security management effect

the first is to establish the ERP security risk prediction and control mechanism, which is the first step of the information security management system. Using the "error model and consequence analysis method" technology, we can predict and find the (or potential) error conditions in each link of the system, so as to reduce the potential risks for the continuous and safe operation of ERP system. In addition, it is also important to do a good job in the implementation of initialization, establishment and operation

the second is to establish ERP security protection strategies and systems, and clarify the scope of use and processing of enterprise ERP information by determining key information, job allocation, and staff permissions. Protect computer equipment and facilities, prevent viruses, hackers and other intrusion, tampering and destruction, and supervise administrators and application personnel to strictly implement safe operation and management under the security management system and security specifications

the third is to fully implement ERP security protection technology, mainly including server security control, login security control and database security control. This is a means of monitoring the implementation of information security protection strategies and systems, and a guarantee for maintaining the information security management system. Information security protection technology is an important link in the information security management system and an important implementation and guarantee means of information security protection system and strategy

the fourth is to analyze, summarize and evaluate the effect of ERP security protection, which provides a necessary basis for improving the future dynamic information security management system. By analyzing and evaluating the effect of information security management, we can constantly find new security vulnerabilities and hidden dangers, further improve the performance of the information security universal experimental machine, and greatly improve the protection strategy and system

of course, any reason is relative. ERP information security is also a relative concept, and there is no absolute security. That is, we should not neglect safety because of overemphasis on system function, nor significantly reduce the quality and efficiency of system operation because of overemphasis on system safety. Properly handle the relationship between information security and operation quality and efficiency, give consideration to the safety and efficiency of ERP system, further standardize the system operation rules, and establish safety measures that meet the standards and combine reasonably, so as to comprehensively improve the overall operation effect of enterprise ERP system

as long as we treat information security issues with a scientific, rigorous and serious attitude, and establish a set of practical and effective ERP information security management system that adapts to the enterprise environment, we will minimize the security risks of the enterprise ERP system and achieve the best construction and implementation results

ERP security construction experience

establishing a reliable and effective security management system and mechanism is the premise to ensure the security of ERP application

reliability, availability, confidentiality, integrity and maintainability are the connotation of ERP security

risk prevention and control mechanism is the basis of ERP security management system in Hengshanqiao squadron of Wujin District Environmental Supervision Brigade

in order to be well documented, Enterprises must establish their own ERP security strategy and system

Security and function complement each other, and ERP construction must balance the relationship between the two. (end)

Copyright © 2011 JIN SHI