Abstract

Cyber espionage and malware attacks pose a great danger to many organisations, particularly those that embrace the use of modern technology to enhance efficiency. Although new off-the-shelf applications for enterprise resources planning (ERP) and management provide higher availability and better service, they are often customised, that can leave some scope for security gaps. While organisations have put in place tight security measures, malicious end users use security loopholes found in various systems to commit common cybercrimes such as denial of services, web hacking and defacement, malware, spam and phishing. The Supply Chain Management System (SCMS) is no stranger to such cybercrimes and certainly requires an Information Systems (IS) Security Framework in fighting off malware attacks. This paper investigates the effectiveness of the implementation of the COBIT 5 Information Security Framework in the reduction of risk of Cyber Attacks on SCMS. In this effort, qualitative data was gathered for a comprehensive security questionnaire targeted to IS administrators and managers responsible for Supply Chain organizations that use COBIT 5 framework for security. The results indicated that COBIT 5 added a new dimension for IS security governance via strict policies and rule set that further strengthened enterprise applications security. Overall, we found that organization benefited from implementing the COBIT 5 framework security measures in SCMS and ERP systems.