When Access Fails Quietly : A Privilege Maturity and Control Drift Framework for Governance Risk in Open-Source ERP Systems

Authors

  • Hussam Khalid Ahmed Mohammed * Cybersecurity Lead and Consultant – Riyadh, Saudi Arabia

DOI:

https://doi.org/10.54938/ijemdcsai.2025.04.1.513

Keywords:

ERPNext, Access Governance, Privilege Maturity Index (PMI), Control Drift Taxonomy (CDT), Access Governance Risk Score (AGRS), ERP Security, GRC, NIST

Abstract

Open-source ERP systems such as ERPNext provide flexibility for resource-constrained enterprises but often lack mature governance controls. This paper introduces a driftaware framework for access governance, centered on three novel constructs: the Privilege Maturity Index (PMI), Control Drift Taxonomy (CDT), and Access Governance Risk Score (AGRS). Validated through a longitudinal ERPNext case study in a Gulfbased firm, the model reveals how silent erosion of access discipline undermines governance integrity. Findings emphasize that systemic risks stem less from external breaches and more from organizational drift. In addition to highlighting an original framework, we show how the model naturally aligns with emerging guidance such as NIST CSF 2.0 and zero-trust architectures, ensuring both originality and applicability in modern governance contexts.

Downloads

Published

2025-08-28

How to Cite

Hussam Khalid Ahmed Mohammed *. (2025). When Access Fails Quietly : A Privilege Maturity and Control Drift Framework for Governance Risk in Open-Source ERP Systems. International Journal of Emerging Multidisciplinaries: Computer Science & Artificial Intelligence, 4(1), 14. https://doi.org/10.54938/ijemdcsai.2025.04.1.513

Issue

Vol. 4 No. 1 (2025)

Section

Research Article

Categories

License

Copyright (c) 2025 International Journal of Emerging Multidisciplinaries: Computer Science & Artificial Intelligence

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Crossref
Scopus
Google Scholar
Europe PMC