With the advent of ERP softwares (Enterprise Resource Planning), applications have become complex and productive in managing business processes and are creating concerns in Confidentiality, Integrity and Availability of IT. This includes concerns about application customization & configuration, interfaces & integration and end-user appropriateness & usability.
Note: The terms software, application and system are interchangeable in this document.
It is important to note that Software provides services that are adequate for the intended application with respect to being: (1) usable, (2) correct, (3) trustworthy, and (4) available on demand. With respect to software services, a broader meaning for “reliable” is needed because it is still not realistic to presuppose that software services are usable, correct, and trustworthy. Usable means that the user receives services that are effective for his application. Correct means that the software meets its functional specifications. If the specifications are in- complete, then correct software may not be usable. Trustworthy means that there is a minimum level of services that is provided correctly, and there is an effective way to evaluate or measure the performance of the software with respect to this minimum level of service. Software may be correct even if there is no effective way to demonstrate its correctness; however, trustworthy software must be structured so that testing, auditing, and/or proofs of correctness can be used to achieve a reasonable level of confidence in the software. There is much current research aimed at relieving the problem of unreliable software. NIST.gov.
Reliable software is not only an end in itself, it is also a means to support system security. Typically, security depends on the reliability of much of the system software, and that reliability must be preserved through many versions and modifications of the software. Faulty system software is the system security problem that has been most difficult to deal with.
The following are some important considerations that GetAdvise is concerned about;
- Application controls – edit checks, verify calculations & examine data for reasonableness.
- Excessive application access rights that does not commensurate to user job.
- Segregation of duties violation with respect to access to conflicting roles in application modules.
- Application security configuration and user provisioning controls.
- Change management to Application for version upgrades, functionality modernization.
- Vendor analysis for applicaton/system selection business process.
- End user Application Usability effectiveness issues caused by new applications/systems and effects of mergers & acquisition.