CIS52005 Assignment 3: Management of Information Security R2

Buy Research Paper about this assignment here (Email us: essayscustom5@gmail.com)

CIS52005 Assignment 3 Research Report – Due Date 19th September 2016

Management of Information Security R2

Task 1 Research and write a critical analysis of the following SAP System Security Parameters

Task 1.1 Discuss what is a transaction code and its main purpose in the SAP R/3 System. Research the following related SAP Transaction Codes SM19 and SM20 and explain how you would use these two related SAP Transaction codes to under- take a security audit of an organisation’s SAP R/3 System (About 500 words) Task 1.2.1 Discuss how the user master record in SAP plays an important role in ensuring assignment of appropriate rights, activity groups / roles and authorisations for individual users. (About 500 words)

Task1.2.2 As it is not possible to delete the SAP* user account describe two suggested controls to secure this account from misuse. (About 250 words) Task 2 Ethical Behaviour for an Information Security Professional Review the Wikipedia Link for Professional Ethics and ACS Code of Professional Practice and provided with the Assignment 3 and consider the following two case studies as an Information Security Professional: Task 2.1 Security hole in Distributed Record Management System used by Company X and Company Y – Summary of case Company X has just signed a business agreement with Company Y, which entitles both of them to access each other clients’ records. Faisal, a software programmer at Company Z, was assigned the task of developing a software program that handles the access and retrieval of records from each Company’s database system into the other. A first run of the software on real data indicated that the work was well within the state of the art, and no difficulties were found or anticipated. Several weeks later and during a normal test on the software developed, Faisal discovered a serious ‘security hole’ in the database system of Company Y by which hackers can easily obtain confidential information about clients. He was convinced that while the software he developed could correctly accomplish the task, the code in Company Y’s database system could not be trusted as the security hole posed a threat even on Company X’s database system. Faisal told his manager about the problem and explained its significance. The manager’s response was, “That’s not our problem; let’s just be sure that our software functions properly.” Faisal is not sure what to do. Refusing to work on the project means disobeying his manager’s orders. Continuing to work on the project, means disobeying one of God’s commands, which requires him to be truthful and sincere in his dealings. Task 2.1.1 Identify and describe the key ethical concerns raised in this case study? (About 250 words) Task 2.1.2 Identify and describe how specific values of ACS Code of Professional Practice would provide guidance on how to deal with key ethical concerns raised by Faisal in a recent distributed Records Management system project (About 250 words)

Task 2.2 – Carol Fraudulent Member of ACS Branch Summary of case Carol is a popular person who has worked hard in the ICT industry. She is currently a team leader of a group of software developers in a large company providing outsourced services to the Federal government. She is a Member of the ACS and decides to contribute to her profession by playing an active role in the local branch of the Society, and is elected Treasurer. Carol has some financial problems, and forges signatures on cheques to embezzle $5,000 from the branch’s reserves to pay for medical treatment for her child. When she is inevitably found out she returns the money, and her membership of the ACS is terminated, but she continues in her job. Several members of her team are also ACS members. How should they treat their team leader? Task 2.2.1 Identify and describe key ethical concerns raised by Carol’s actions outlined in this case study? (About 250 words)

Task 2.2.2 Identify and describe how specific values of ACS Code of Professional Practice would provide guidance on how to deal with key ethical concerns raised by Carol’s actions in this case study (About 250 words) Task 3 Research the following advanced network attack type – the Advanced Persistent Attack Research the concept of an advanced network attack known as an Advanced Persistent Attack. Explain what is meant by the concept of an Advanced Persistent Attack and describe the steps, resources and activities that would need to be under-taken by a hacker to mount such as attack on an organisation and the possible consequences for an organisation if compromised by an Advanced Persistent Attack (About 500 words)

Buy Research Paper about this assignment here (Email us: essayscustom5@gmail.com)

Assignment 3 Marking Criteria

Student No: Student Name: Task Marks Obtained Comments Task 1.1 Discuss what is a transaction code and its main purpose in the SAP R/3 System. Research the following related SAP Transaction Codes SM19 and SM20 and explain how you would use these two related SAP Transaction codes to under- take a security audit of an organisation’s SAP R/3 System (About 500 words) 10 Excellent coverage and critical analysis 8 Very good coverage and critical analysis 6 Good coverage and critical analysis 4 Poor coverage and critical analysis 2 Very poor coverage and critical analysis 0 No attempt 0 Task 1.2.1 Discuss the important role that the user master record in SAP plays in ensuring assignment of appropriate rights, activity groups / roles and authorisations for individual users. (About 250 words) 5 Excellent coverage and critical analysis 4 Very good coverage and critical analysis 3 Good coverage and critical analysis 2 Poor coverage and critical analysis 1 Very poor coverage and critical analysis 0 No attempt 0 Task 1.2.2 As it is not possible to delete the SAP* user account describe two suggested controls to secure this account from misuse. (About 250 words) 5 Excellent coverage and critical analysis 4 Very good coverage and critical analysis 3 Good coverage and critical analysis 2 Poor coverage and critical analysis 1 Very poor coverage and critical analysis 0 No attempt 0 Task 2.1.1 Identify and describe the key ethical concerns raised in this case study? (About 250 words) 10 Excellent coverage and critical analysis 8 Very good coverage and critical analysis 6 Good coverage and critical analysis 4 Poor coverage and critical analysis 2 Very poor coverage and critical analysis 0 No attempt 0 Task 2.1.2 Identify and describe how specific values of ACS Code of Professional Practice would provide guidance on how to deal with key ethical concerns raised by Faisal in a recent distributed Records Management system project (About 250 words) 5 Excellent coverage and critical analysis 4 Very good coverage and critical analysis 3 Good coverage and critical analysis 2 Poor coverage and critical analysis 1 Very poor coverage and critical analysis 0 No attempt 0 Task 2.2.1 Identify and describe key ethical concerns raised by Carol’s actions outlined in this case study? (About 250 words) 10 Excellent coverage and critical analysis 8 Very good coverage and critical analysis 6 Good coverage and critical analysis 4 Poor coverage and critical analysis 0 2 Very poor coverage and critical analysis 0 No attempt Task 2.2.2 Identify and describe how specific values of ACS Code of Professional Practice would provide guidance on how to deal with key ethical concerns raised by Carol’s actions in this case study (About 250 words) 5 Excellent coverage and critical analysis 4 Very good coverage and critical analysis 3 Good coverage and critical analysis 2 Poor coverage and critical analysis 1 Very poor coverage and critical analysis 0 No attempt 0 Research the concept of an advanced network attack known as an Advanced Persistent Attack. Explain what is meant by an Advanced Persistent Attack and describe the steps, resources and activities that would need to be under-taken by a hacker to mount such as attack on an organisation and the possible consequences for an organisation if compromised by an Advanced Persistent Attack (About 500 words) 30 Excellent coverage and critical analysis 25 Very good coverage and critical analysis 20 Good coverage and critical analysis 15 Poor coverage and critical analysis 8 Very poor coverage and critical analysis 0 No attempt 0 Quality of Research, Writing, Presentation and Referencing 20 Excellent research, writing, presentation and referencing 16 Very good research, writing, presentation and referencing 12 Good research, writing, presentation and referencing 8 Poor research, writing, presentation and referencing 4 Very poor research, writing, presentation and referencing 0 No attempt 0 Total Date Marked: Marker Initials: General Comments and Feedback: Task 2.1 Helen the IT Consultant ACS Code of Professional Conduct values and relevant clauses of the Code of Professional Conduct 1.2.1 Public Interest b) raise with stakeholders any potential conflicts between your professional activity and legal or other accepted public requirements; e) endeavour to preserve the integrity, security, continuity and utility of ICT; g) endeavour to preserve the confidentiality and privacy of the information of others. 1.2.2 Quality of Life c) understand, and give due regard to, the perceptions of those affected by your work; 1.2.4 Competence a) endeavour to provide products and services which match the operational and financial needs of your stakeholders; e) advise your stakeholders when you believe a proposed project, product or service is not in their best interest Task 2.2 Fred in the State Department ACS Code of Professional Conduct values and relevant clauses of the Code of Professional Conduct 1.2.1 Public Interest d) take into consideration the fact that your profession traverses many other professions, and has implications for other social systems and organisations; g) endeavour to preserve the confidentiality and privacy of the information of others. 1.2.2 Quality of Life a) recognise, in your work, the role that ICT can play to enhance the quality of life of people, particularly the disadvantaged or those with disabilities; 1.2.4 Competence d) respect and protect your stakeholders’ proprietary interests;

Buy Research Paper about this assignment here (Email us: essayscustom5@gmail.com)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: