Research Report on Management of Information Security R2
you need to work on the three task
1) i have uploaded all the relevant files for this work
2) the word count is mentioned on each task you need flow the each task word cont and mention the task number , there are many sub tasks on each task, and every important you need to put heading and subheadings for each task
you need to use all the files given do not please need to attempt all the task and avoid revision request every time if you do not attempt i will 100% request for revision . so better dont uploaded the file with out attempting all the tasks
you need to flow the word count given and sure subheadings and heading for each topic 100%
Requirements for Handling the paper
CIS52005 Assignment 3 Research Report – Due Date 19th September
2016
Task 1 Research and write a critical analysis of the following SAP System Security Parameters
Task 1.1 Discuss what is a transaction code and its main purpose in the SAP R/3 System. Research the following related SAP Transaction Codes SM19 and SM20 and explain how you would use these two related SAP Transaction codes to under- take a security audit of an organisation’s SAP R/3 System (About 500 words)
Task 1.2.1 Discuss how the user master record in SAP plays an important role in ensuring assignment of appropriate rights, activity groups / roles and authorisations for individual users. (About 500 words)
Task1.2.2 As it is not possible to delete the SAP* user account describe two suggested controls to secure this account from misuse. (About 250 words)
Task 2 Ethical Behaviour for an Information Security Professional
Review the Wikipedia Link for Professional Ethics and ACS Code of Professional Practice and provided with the Assignment 3 and consider the following two case studies as an Information Security Professional:
Task 2.1 Security hole in Distributed Record Management System used by Company X and Company Y – Summary of case
Company X has just signed a business agreement with Company Y, which
entitles both of them to access each other clients’ records. Faisal, a software programmer at Company Z, was assigned the task of developing a software program that handles the access and retrieval of records from each Company’s database system into the other. A first run of the software on real data indicated that the work was well within the state of the art, and no difficulties were found or anticipated.
Several weeks later and during a normal test on the software developed, Faisal discovered a serious ‘security hole’ in the database system of Company Y by which hackers can easily obtain confidential information about clients. He was convinced that while the software he developed could correctly accomplish the task, the code in Company Y’s database system could not be trusted as the security hole posed a threat even on Company X’s database system. Faisal told his manager about the problem and explained its significance. The manager’s response was, “That’s not our problem; let’s just be sure that our software functions properly.” Faisal is not sure what to do. Refusing to work on the project means disobeying his manager’s orders. Continuing to work on the project, means disobeying one of God’s commands, which requires him to be truthful and sincere in his dealings.
Task 2.1.1 Identify and describe the key ethical concerns raised in this case study? (About 250 words)
Task 2.1.2 Identify and describe how specific values of ACS Code of Professional Practice would provide guidance on how to deal with key ethical concerns raised by Faisal in a recent distributed Records Management system project (About 250 words)
Task 2.2 – Carol Fraudulent Member of ACS Branch Summary of case Carol is a popular person who has worked hard in the ICT industry. She is currently a team leader of a group of software developers in a large company providing outsourced services to the Federal government. She is a Member of the ACS and decides to contribute to her profession by playing an active role in the local branch of the Society, and is elected Treasurer. Carol has some financial problems, and forges signatures on cheques to embezzle $5,000 from the branch’s reserves to pay for medical treatment for her child. When she is inevitably found out she returns the money, and her membership of the ACS is terminated, but she continues in her job. Several members of her team are also ACS members. How should they treat their team leader?
Task 2.2.1 Identify and describe key ethical concerns raised by Carol’s actions
outlined in this case study? (About 250 words)
Task 2.2.2 Identify and describe how specific values of ACS Code of Professional Practice would provide guidance on how to deal with key ethical concerns raised by Carol’s actions in this case study (About 250 words)
Task 3 Research the following advanced network attack type – the
Advanced Persistent Attack
Research the concept of an advanced network attack known as an Advanced Persistent Attack.Explain what is meant by the concept of an Advanced Persistent Attack and describe the steps, resources and activities that would need to be under-taken by a hacker to mount such as attack on an organisation and the possible consequences for an organisation if compromised by an Advanced Persistent Attack (About 500 words)
