Abstract
Over the past half a century, organizations have implemented information systems for managing their business processes. These information systems have now evolved into what are more commonly known as enterprise information systems. An important facet of implementing an enterprise information system in an organization is the development of security related issues within the information system for the business processes. In this paper, we review the relevant literature related to the security policies that are associated with the use of enterprise information systems within organizations. Based on this literature review, we identify four major issues which are security policy documentation, employee awareness, top management support, and access control. A conceptual framework based on these four issues is then presented within the context of corporate governance for the security of the enterprise information systems. We conclude our work with the future direction for this research.
Chapter PDF
Similar content being viewed by others
References
Davenport, T.: Putting the Enterprise into the Enterprise System. Harvard Business Review 76(4), 121–131 (1998)
Sherr, I.: Sony Faces Lawsuit Over PlayStation Network Breach (April 28, 2011), http://online.wsj.com/article/BT-CO-20110428-720452.html (accessed on April 30, 2011)
Barret, D.: NASDAQ Acknowledges Security Breach (February 6, 2011), http://online.wsj.com/article/SB10001424052748704843304576126370179332758.html (accessed on April 30, 2011)
Cyber-Ark Snooping Survey (April 2011), http://www.cyber-ark.com/downloads/pdf/2011-Snooping-Survey-data.pdf (accessed on April 30, 2011)
Kalish, B.: Security Breach of Employee Data at GSA (November 8, 2011), http://techinsider.nextgov.com/2010/11/work_at_gsa_your_social_has_been_e-mailed.php (accessed on April 30, 2011)
Boss, S., Kirsch, L., Angermeier, I., Shingler, R., Boss, R.: If Someone is Watching, I’ll Do What I’m Asked: Mandatoriness, Control, and Information Security. European Journal of Information Systems 18(2), 151–164 (2009)
Keller, S., Powell, A., Horstmann, B., Predmore, C., Crawford, C.: Information Security Threats and Practices in Small Businesses. Information Systems Management 22(2), 7–19 (2005)
Sumner, M.: Information Security Threats: A Comparative Analysis of Impact, Probability, and Preparedness. Information Systems Management 26(1), 2–12 (2009)
Walsh, K.: The ERP Security Challenge (January 8, 2008), http://www.cio.com/article/216940/The_ERP_Security_Challenge (accessed on April 30, 2011)
Siponen, M.T.: An Analysis of the Traditional IS Security Approaches: Implications for Research and Practice. European Journal of Information Systems 14(3), 303–315 (2005)
Herath, T., Rao, H.R.: Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations. European Journal of Information Systems 18(2), 106–125 (2009)
McNulty, E.: Boss, I Think Someone Stole Our Data. Harvard Business Review, 37–50 (September 2007)
Vroom, C., von Solms, R.: Towards Information Security Behavioural Compliance. Computers & Security 23(3), 191–198 (2004)
Kankanhalli, A., Teo, H.H., Tan, B.C.Y., Wei, K.K.: An Integrative Study of Information Systems Security Effectiveness. International Journal of Information Management 23(2), 139–154 (2003)
Swartz, N.: Protecting Information from Insiders. Information Management Journal 41(3), 20–24 (2007)
D’aubeterre, F., Singh, R., Iyer, L.: Secure Activity Resource Coordination: Empirical Evidence of Enhanced Security Awareness in Designing Secure Business Processes. European Journal of Information Systems 17(5), 528–542 (2008)
Knapp, K., Morris, R., Marshall, T., Byrd, T.: Information Security Policy: An Organizational-Level Process Model. Computers & Security 28(7), 493–508 (2009)
Kadam, A.W.: Information Security Policy Development and Implementation. Information Systems Security 16(5), 246–256 (2007)
Myyry, L., Siponen, M., Pahnila, S., Vartiainen, T., Vance, A.: What Levels of Moral Reasoning and Values Explain Adherence to Information Security Rules? An Empirical Study. European Journal of Information Systems 18(2), 126–139 (2009)
Sengupta, A., Mazumdar, C., Bagchi, A.: A Formal Methodology for Detecting Managerial Vulnerabilities and Threats in an Enterprise Information System. J. Netw. Syst. Manage. 19, 319–342 (2011)
von Solms, R., von Solms, S.H.B.: Information Security Governance: A Model Based on the Direct-Control Cycle. Computers & Security 25(6), 408–412 (2006)
Doughty, K.: Implementing Enterprise Security: A Case Study. Computers & Security 22(2), 99–114 (2003)
Hagen, J.M., Albrechtsen, E., Hovden, J.: Implementation and Effectiveness of Organizational Information Security Measures. Information Management & Computer Security 16(4), 377–397 (2008)
Chang, A.J.T., Yeh, Q.J.: On Security Preparations Against Possible IS Threats Across Industries. Information Management & Computer Security 14(4), 343–360 (2006)
Ma, Q., Schmidt, M., Pearson, J.: An Integrated Framework for Information Security Management. Review of Business 30(1), 58–69 (2009)
Pollitt, D.: Energis Trains Employees and Customers in IT Security. Human Resource Management International Digest 13(2), 25–28 (2005)
She, W., Thuraisingham, B.: Security for Enterprise Resource Planning Systems. Information Systems Security 16, 152–163 (2007)
Allen, V.: ERP Security Tools. The Internal Auditor 65(1), 25–27 (2008)
Rinderle Ma, S., Reichert, M.: Comprehensive life cycle support for access rules in information systems: the CEOSIS project. Enterprise Information Systems 3(3), 219–251 (2009)
Maccoby, M.: The Leaders We Need: And What Makes Us Follow. Harvard Business School Press, Boston (2007)
Tracey, R.P.: IT Security Management and Business Process Automation: Challenges, Approaches, and Rewards. Information Systems Security 16, 114–122 (2007)
Da Veiga, A., Eloff, J.: An Information Security Governance Framework. Information Systems Management 24(4), 361–372 (2007)
Weill, P., Ross, J.: A Matrixed Approach to Designing IT Governance. Sloan Management Review 46(2), 26–34 (2005)
von Solms, S.H.B.: Information Security Governance: Compliance management vs. operational management. Computers & Security 24, 443–447 (2005)
Khoo, B., Harris, P., Hartman, S.: Information Security Governance of Enterprise Information Systems: An Approach to Legislative Compliant. International Journal of Management and Information Systems 14(3), 49–55 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Chaudhry, P.E., Chaudhry, S.S., Reese, R., Jones, D.S. (2012). Enterprise Information Systems Security: A Conceptual Framework. In: Møller, C., Chaudhry, S. (eds) Re-conceptualizing Enterprise Information Systems. Lecture Notes in Business Information Processing, vol 105. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28827-2_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-28827-2_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-28826-5
Online ISBN: 978-3-642-28827-2
eBook Packages: Computer ScienceComputer Science (R0)