<p>Enterprise Resource Planning (ERP) systems serve as critical infrastructure for modern organizations, yet their security assessment lacks standardized evaluation frameworks. This study develops and applies a structured Security Maturity Assessment Framework (SMAF) grounded in NIST Cybersecurity Framework (CSF) 2.0 and ISO/IEC 27001:2022 standards to evaluate eleven cloud-based and hybrid ERP platforms, including both full-suite ERP systems and widely adopted inventory and manufacturing management systems that serve as ERP alternatives for SMEs. Using a weighted multi-criteria decision analysis (MCDA) approach validated by expert surveys (<InlineEquation ID="IEq1"> <EquationSource Format="TEX">\(n=47\)</EquationSource> </InlineEquation>) and vendor documentation analysis, we assess security across five domains: authentication mechanisms, encryption protocols, access control models, vulnerability management, and compliance certifications. Our framework introduces quantifiable security maturity scores ranging from 1 (basic) to 5 (advanced), enabling objective comparison across platforms. Results indicate that enterprise-grade solutions (Oracle NetSuite OneWorld, SAP Business One Professional, Microsoft Dynamics 365) achieve consistently higher security maturity scores (<InlineEquation ID="IEq2"> <EquationSource Format="TEX">\(\mu =4.63\)</EquationSource> </InlineEquation>, <InlineEquation ID="IEq3"> <EquationSource Format="TEX">\(\sigma =0.17\)</EquationSource> </InlineEquation>) compared to SME-targeted solutions (<InlineEquation ID="IEq4"> <EquationSource Format="TEX">\(\mu =2.76\)</EquationSource> </InlineEquation>, <InlineEquation ID="IEq5"> <EquationSource Format="TEX">\(\sigma =0.39\)</EquationSource> </InlineEquation>), though small per-segment sample sizes (<InlineEquation ID="IEq6"> <EquationSource Format="TEX">\(n=3\)</EquationSource> </InlineEquation>–4) limit formal statistical inference. We extend our analysis to emerging security paradigms including Zero-Trust Architecture (ZTA) integration, federated learning for privacy-preserving analytics, blockchain-based audit trails, and digital twin implementations for Industry 5.0 alignment. The proposed SMAF provides organizations with an evidence-based methodology for ERP security evaluation, addressing a critical gap in both academic literature and practitioner guidance.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Security evaluation framework for cloud ERP systems using NIST and ISO standards

  • Adiah Qazi,
  • Sadiqa Arshad,
  • Ammad Ali Khan Jadoon

摘要

Enterprise Resource Planning (ERP) systems serve as critical infrastructure for modern organizations, yet their security assessment lacks standardized evaluation frameworks. This study develops and applies a structured Security Maturity Assessment Framework (SMAF) grounded in NIST Cybersecurity Framework (CSF) 2.0 and ISO/IEC 27001:2022 standards to evaluate eleven cloud-based and hybrid ERP platforms, including both full-suite ERP systems and widely adopted inventory and manufacturing management systems that serve as ERP alternatives for SMEs. Using a weighted multi-criteria decision analysis (MCDA) approach validated by expert surveys ( \(n=47\) ) and vendor documentation analysis, we assess security across five domains: authentication mechanisms, encryption protocols, access control models, vulnerability management, and compliance certifications. Our framework introduces quantifiable security maturity scores ranging from 1 (basic) to 5 (advanced), enabling objective comparison across platforms. Results indicate that enterprise-grade solutions (Oracle NetSuite OneWorld, SAP Business One Professional, Microsoft Dynamics 365) achieve consistently higher security maturity scores ( \(\mu =4.63\) , \(\sigma =0.17\) ) compared to SME-targeted solutions ( \(\mu =2.76\) , \(\sigma =0.39\) ), though small per-segment sample sizes ( \(n=3\) –4) limit formal statistical inference. We extend our analysis to emerging security paradigms including Zero-Trust Architecture (ZTA) integration, federated learning for privacy-preserving analytics, blockchain-based audit trails, and digital twin implementations for Industry 5.0 alignment. The proposed SMAF provides organizations with an evidence-based methodology for ERP security evaluation, addressing a critical gap in both academic literature and practitioner guidance.