Recent Question/Assignment

Description Marks Weighting Due date
Assignment 2 – SAP Practical Written Report 100 15% 22th August 2016
The key concepts and frameworks covered in modules 1–4 are particularly relevant for this assignment. Assignment 2 relates to the specific course learning objectives 1, 2 and 3:
1. analyse information security vulnerabilities and threats and determine appropriate controls that can be applied to mitigate the potential risks
2. demonstrate an ability to communicate effectively both written and orally about the management of information security in organisations
And assesses the following graduate skills: The Academic & Professional Literacy and Written & Oral Communication at level 2.
Assignment 2 consists of three specific tasks regarding SAP R/3 System Security. Your Assignment 2 report must be structured as follows:
? Cover page for your assignment 2
? Table of contents
? Body of report – main section for each task with appropriate use of subsections for each task sub report
? Task 1 Login to SAP System Student Account and Complete and Save System/User Profile/Own Data Fields
? Task 2 – Eight reports as specified (include an Excel spreadsheet or Access database) with your submission of Assignment 2 report ? Task 3 – SAP System Security Settings
? List of References
Task 1 Specifications - Login to SAP R/3 System using your student SAP userid and password and Complete System/User Profile/Own Data fields that are currently blank as per Screenshot below
Task 1 Requirements - Complete and save following fields in your SAP R/3 Student Account User Profile
Title, Last name, First name, Function, Department, Room Number, Floor and Building and provide a screen capture of completed fields in System/User Profile/Own Data Screen in your SAP R/3 Student Account for Task 1 in your Assignment 2 Report
1
Task 2 Specifications – Analyze SAP Security Audit Log Data.
Userdata.xls is a spreadsheet log file containing summarized records of user activity on a client’s SAP R/3 system. Each record contains the following fields:
Field Description
USERID USERID identifies an unique user
YYYYMM
YYYYMM describes when the user action took place. YYYYMM is useful for summarising user activity by month.
TCODE TCODE refers to the transaction (option on the menu) performed by the user.
TEXT TEXT describes the outcome of the transaction action, including its success or failure. Some tcodes are blank.
TCODESTAT
TCODESTAT is an invented transaction code for each action indicating whether the action was successful (-0) or failed (-1).
TCD TCD is the same as TCODESTAT, except there is no -0 or -1.
TSTATUS TSTATUS indicates whether the action was successful or not (0/1).
TCOUNT
TCOUNT is the number of times the user has performed this action, with this outcome, in the month YYYYMM.
TTEXT TTEXT is the narrative description of the TCODE.
Task 2 Requirements
Use a software of your choice (spreadsheet, database, statistical package etc) to analyze the provided SAP Security Audit Log File (Userdata.xls), and generate the required eight user activity reports listed below and provide a brief description for each user activity report (About 500 words in total for all eight required reports/graphs) (hint this assignment 2 task 2 is best done using MS Excel pivot tables or Microsoft Access database SQL queries). The required eight user activity reports are:
1. Alphabetic list of all actions and their frequency by any selected user, e.g. USER-040.
2. List of users performing unsuccessful activities.
3. List of transaction codes performed, with their frequency by each user.
4. List of users engaging in security-related actions.
5. Top 10 users in terms of frequency of activity.
6. List of users who are dormant – in the range USER-001 to USER-050.
7. You should also produce at least 2 reports or charts based on any of the above previous reports that summarise user activity over time using YYYYMM date format.
2
TASK 3 Specifications – Analyze and discuss SAP System-Wide Security Settings.
You are required to review the system-wide security settings on a SAP R/3 system. The data file
SAP_RSPARAM_Basis.xlsx contains an extract from the client’s system. Note you should open this file using an excel spreadsheet to view the system-wide security settings so the fields are aligned correctly. Hint you can use the search function to locate the appropriate SAP system wide security settings and their related values in the data file SAP_RSPARAM_Basis.xlsx. Note you will need to research the relevant SAP System Security literature in order to determine what are recommended values for each SAP System Security Setting.
Task 3 Requirements complete the following sub tasks:
Task 3a) For each SAP System Security Setting listed in Table 1 complete the User Defined Value, System Default Value and Recommended Value based on your analysis of the SAP_RSPARAM_Basis.xlsx file and the relevant SAP System Security Literature.
GLOBAL BIKE COMPANY
Table 1 SAP System-Wide Security Settings Date: Prepared by:
SAP System Security Settings User-Defined Value System Default Value Recommended Value
No auto user SAP*
Failed logins to end
Failed logins to lock
Auto failed unlock
Min password length
Password expiry (days)
Idle Screen logout (seconds)
No check on Tcodes
Login client No
Task 3b) Provide a written evaluation of each SAP System Security Setting, in terms of User Defined Value, System Default Value and Recommended Value in the completed Table 1, describing the SAP System security setting, highlighting any weaknesses exist and if so provide recommendations for improving the current SAP System Security Setting. Your discussion here should be supported by appropriate in-text references (1000 words approx). Note some relevant literature resources on SAP System Security Settings will be provided in Tutorials and Assignment 2 discussion forum.
Note: Submission of your assignment 2 report documents will be via the Assignment 2 submission link on the course studydesk. Assignment 2 submission consists of two documents (1) a word document for the Assignment 2 report and (2) an accompanying spreadsheet or an Access database for task 2 of Assignment 2.
Note carefully University policy on Academic Misconduct such as plagiarism, collusion and cheating. If any of these occur they will be found and dealt with by the USQ Academic Integrity Procedures. If proven Academic Misconduct may result in failure of an individual assessment, the entire course or exclusion from a University program or programs.
3

Looking for answers ?