SECURING ERP SYSTEMS: THE ROLE OF INFORMATION SECURITY ANALYSTS IN U.S. TEXTILE AND MANUFACTURING ENTERPRISES

Abstract

This study addresses a persistent problem in U.S. textile and manufacturing enterprises: Enterprise Resource Planning environments are integral to operations yet remain vulnerable, and there is limited sector-specific, quantitative evidence on how information security analysts shape ERP security effectiveness. The purpose is to quantify the associations between analyst-centered capabilities and measurable ERP security outcomes. Design is quantitative, cross-sectional, and multi-case. The sample comprises N = 178 firm-level cases spanning cloud, on-premises, and hybrid ERP deployments. The literature review informing the framework synthesized 44 peer-reviewed sources. Key variables include an outcome composite for ERP security effectiveness incident frequency, severity, time to recover, segregation-of-duties posture, and audit signals, and focal predictors for analyst competency, staffing adequacy, and practice maturity, with security culture as a mediator and deployment model as a moderator. The analysis plan specified descriptive statistics, reliability checks, correlations, and multiple regression with heteroskedasticity-robust errors, plus mediation via bootstrap and moderation by cloud, with robustness checks using negative binomial for incident counts, ordinal logit for severity, and log-linear models for recovery time. Headline findings show analyst competency and practice maturity as the strongest unique predictors of effectiveness standardized β ≈ 0.28 and 0.31, adjusted R² ≈ 0.46, staffing adequacy is positive but smaller, security culture partially mediates these relationships, and the competency effect is steeper among cloud adopters; incident counts and recovery time improve materially incidence-rate ratios around 0.79 to 0.75 and 11 to 13 percent faster recovery per one-point increase on five-point scales. Implications are to prioritize ERP-specific IAM and SoD engineering, cadence-driven practice maturity, ERP-aware monitoring, and culture building, and to leverage cloud platform affordances to amplify competency gains.