Task 1 Research and write a critical analysis of the
following SAP System Security Parameters
Task 1.1 Discuss how the user master record in SAP plays an
important role in ensuring assignment of appropriate rights, activity groups /
roles and authorisations for individual users. (About 500 words)
Task 1.2.1 SAP R/3 creates a number of default accounts
which deserve special attention. Describe what is special about the default
user account SAP*. (About 250 words)
Task1.2.2 As it is not possible to delete the SAP* user
account describe two suggested controls to secure this account from misuse.
(About 250 words)
Task 2 Ethical Behaviour for an Information Security
Professional
Review the Wikipedia Link for Professional Ethics and ACS
Code of Professional Practice and provided with the Assignment 3 and consider
the following two case studies as an Information Security Professional:
Task 2.1 Helen the IT Consultant - Summary of case
Three years ago Helen started her own consulting business.
She has been so successful that she now has several people working for her and
many clients. Their consulting work included advising on how to set up
corporate intranets, designing database management systems, and advising about
security.
Presently she is designing a database management system for
the personnel office of a medium-sized company. Helen has involved the client
in the design process, informing the CEO, the director of computing, and the
director of personnel about the progress of the system.
It is now time to make decisions about the kind and degree
of security to build into the system. Helen has described several options to
the client. Because the system is going to cost more than they planned, the
client has decided to opt for a less secure system.
She believes the information they will be storing is
extremely sensitive. It will include performance evaluations, medical records
for filing insurance claims, salaries, and so forth. With weak security,
employees working on client machines may be able to figure out ways to get
access to this data, not to mention the possibility of on-line access from
hackers.
Helen feels strongly that the system should be much more
secure. She has tried to explain the risks, but the CEO, director of computing
and director of personnel all agree that less security will do. What should she
do? Should she refuse to build the system as they request?
Task 2.1.1 Identify and describe the key ethical concerns
raised in this case study? (About 250 words)
Task 2.1.2 Identify and describe how specific values of ACS
Code of Professional Practice would provide guidance on how to deal with key
ethical concerns raised by Helen in a recent consultancy job (About 250 words)
Task 2.2 Fred in the State Department - Summary of case
Fred works in a large state department of alcoholism and
drug abuse. The agency administers programs for individuals with alcohol and
drug problems, and maintains a huge database of information on the clients who
use their services. Some of the data files contain the names and current
addresses of clients. Fred has been asked to take a look at the track records
of the treatment programs. He is to put together a report that contains the
number of clients seen in each program each month for the past five years,
length of each client’s treatment, number of clients who return after
completion of a program, criminal histories of clients, and so on. In order to
put together this report, Fred has been given access to all files in the
agency’s mainframe computer. After assembling the data into a file that
includes the clients’ names, he downloads it to the computer in his office.
Under pressure to get the report finished by the deadline, Fred decides he will
have to work at home over the weekend in order to finish on time. He burns the
information onto a CD and takes it home. After finishing the report he leaves
the CD at home and forgets about it.
Task 2.2.1 Identify and describe key ethical concerns raised
by Fred’s actions outlined in this case study? (About 250 words)
Task 2.2.2 Identify and describe how specific values of ACS
Code of Professional Practice would provide guidance on how to deal with key
ethical concerns raised by Fred’s action (About 250 words)
Task 3 Research the Top Ten OSWASP Vulnerabilities and one
Zero Day Software vulnerability
Review the OWASP Top Ten Web Application Vulnerabilities and
then identify, research and write a critical analysis of a recent Zero Day
Software Vulnerability in the context of the OWASP Top Ten Web Applications
Vulnerability Framework and the possible consequences for an organisation if
compromised by this Zero Day Software vulnerability (About 500 words)
0 comments:
Post a Comment