Popis: |
Open-source enterprise resource planning (ERP) software has become a preferred alternative for modern organizations due to its affordable cost, availability and ease of access. Open-source software allows access to customizable code which in most instances may have security loop holes due to the nature of its releases. The study is motivated by need for accountability and security assurance by stakeholders and the need for justification of investments towards information security. The objective was to analyse security indicators for open-source resource planning software. Papers and journals published between 2017 and 2021 from IEEE, ACM, Springer, arXiv, Wiley online library and EBSCO were reviewed. Out of the publications generated through the Google search, 62 publications were selected by reading the title, abstract, introduction and full text. Results indicate un-updated software, full access rights, inadequate training, failure to comply, single authentication and unauthorized software as some of the factors that indicate open-source enterprise resource planning software security. In conclusion effectiveness of mitigation measures to address these factors shows security or insecurity. Notably, there is need to institute security control measures and metrics for the identified factors to help assess security posture of enterprises during ERP software implementation. We recommend the design of security a measurement framework and definition of a metrics suite for assessing open-source ERP software security. |