Abstract

With the rapid rise of Business to Business (B2B) transactions over the internet and the increasing use of e-procurement solutions by large organizations for purchasing, there is a need to reengineer current legacy supply chain management systems in order to integrate them with modern e-procurement systems. Although there is a great deal of research in the area of integration with e-procurement systems, there is little attention for security aspect of this integration that responds to the need for accurate and secure information exchange has become essential to doing business. Security is a consistent and growing problem for e-commerce and procurement solutions. As the number and frequency of security violations continues to rise, there is a corresponding dependence on information technology to drive business value, which in turn increases the importance and criticality of transaction data. The result is an increasing demand for secure e-procurement transactions to ensure the confidentiality, integrity and availability of data. Secure transactions are essential if organizations are to fully realize the benefits of e-procurement which include increased productivity, lower purchasing pricing, streamlined processes, reduced order fulfillment time and greater budgetary control; all of which can contribute to increasing an organization’s competitive advantage. This research is a case study which evaluates the security of transactions for the integration of an e-procurement solution in a large organization. It addresses both business and technological issues by examining the current threat model, security policies, system architecture, and security controls that have been implemented to ensure data integrity and confidentiality. Finally, a new model will be proposed for reengineering projects that require the integration of e-procurement systems which includes recommendations for improvements that will be benchmarked against common security designed principles.