IDS typically deal with threats from sources external to the organizations computer networks. Still, it is common knowledge that organizations internal threats pose a greater risk and higher costs in lost revenue. External threats tend to get more publicity and focus since the internal problems in the organizations are typically kept confidential due to concerns with loss of reputation and good standing with the public or the market.
In addition to the risks involved with lack of internal control in computer networks, there are two main drivers for such a type of IDS. For one, the IS departments and IS consulting firms have to report deliveries of SLA (Service Level Agreements) to management. Parts of SLA status meetings can cover reporting of intrusions and misuse in the computer systems. Secondly, the concept of compliance has, in fact, become a major factor in computer systems management for larger organizations. The SOx (Sarbanes Oxley) legislation for corporations registered on the NYSE is a major initiator to this trend.
The largest share of assets in the industrialized world is managed in ERP systems. The most widely used ERP system, is SAP. This thesis presents a prototype IDS solution based on using SAP's own Security Audit Logging, in-house defined access roles, and the organizations own SOD matrix. The research for this new IDS solution includes ways to reduce the number of false positives and measures the systems efficiency in R/3, the update system, versus BW, the business warehouse.
