CIS52005 Assignment 3Research Report – Due Date 30th September 2015
Task 1 Research and write a critical analysis of the following SAP System Security Parameters
Task 1.1Discuss how the user master record in SAP plays an important role in ensuring assignment of appropriate rights, activity groups / roles and authorisations for individual users. (About 500 words)
Task 1.2.1 SAP R/3 creates a number of default accounts which deserve special attention. Describe what is special about the default user account SAP*. (About 250 words)
Task1.2.2As it is not possible to delete the SAP* user account describe two suggested controls to secure this account from misuse. (About 250 words)
Task 2 Ethical Behaviour for an Information Security Professional
Review the Wikipedia Link for Professional Ethicsand ACS Code of Professional Practiceand provided with the Assignment 3 and consider the following two case studies as an Information Security Professional:
Task 2.1 Helen the IT Consultant- Summary of case
Three years ago Helen started her own consulting business. She has been so successful that she now has several people working for her and many clients. Their consulting work included advising on how to set up corporate intranets, designing database management systems, and advising about security.
Presently she is designing a database management system for the personnel office of a medium-sized company. Helen has involved the client in the design process, informing the CEO, the director of computing, and the director of personnel about the progress of the system.
It is now time to make decisions about the kind and degree of security to build into the system. Helen has described several options to the client. Because the system is going to cost more than they planned, the client has decided to opt for a less secure system.
She believes the information they will be storing is extremely sensitive. It will include performance evaluations, medical records for filing insurance claims, salaries, and so forth. With weak security, employees working on client machines may be able to figure out ways to get access to this data, not to mention the possibility of on-line access from hackers.
Helen feels strongly that the system should be much more secure. She has tried to explain the risks, but the CEO, director of computing and director of personnel all agree that less security will do. What should she do? Should she refuse to build the system as they request?
Task 2.1.1 Identify and describe the key ethical concerns raised in this case study? (About 250 words)
Task 2.1.2Identify and describe how specific values of ACS Code of Professional Practice would provide guidance on how to deal with key ethical concerns raised by Helen in a recent consultancy job (About 250 words)
Task 2.2 Fred in the State Department - Summary of case
Fred works in a large state department of alcoholism and drug abuse. The agency administers programs for individuals with alcohol and drug problems, and maintains a huge database of information on the clients who use their services. Some of the data files contain the names and current addresses of clients. Fred has been asked to take a look at the track records of the treatment programs. He is to put together a report that contains the number of clients seen in each program each month for the past five years, length of each client’s treatment, number of clients who return after completion of a program, criminal histories of clients, and so on. In order to put together this report, Fred has been given access to all files in the agency’s mainframe computer. After assembling the data into a file that includes the clients’ names, he downloads it to the computer in his office. Under pressure to get the report finished by the deadline, Fred decides he will have to work at home over the weekend in order to finish on time. He burns the information onto a CD and takes it home. After finishing the report he leaves the CD at home and forgets about it.
Task 2.2.1Identify and describe key ethical concerns raised by Fred’s actions outlined in this case study? (About 250 words)
Task 2.2.2Identify and describe how specific values of ACS Code of Professional Practice would provide guidance on how to deal with key ethical concerns raised byFred’s action(About 250 words)
Task 3 Research the Top Ten OSWASP Vulnerabilities and one Zero Day Software vulnerability
Review the OWASP Top Ten Web Application Vulnerabilities and then identify, research and write a critical analysis of a recent Zero Day Software Vulnerability in the context of the OWASP Top Ten Web Applications Vulnerability Frameworkand the possible consequences for an organisation if compromised by this Zero Day Software vulnerability (About 500 words)