Sample Coursework Paper on Management of Information

Security
globalcompose.com /technology-papers/sample-coursework-paper-on-management-of-information-security/

TASK 2

Alphabetic list of all actions and their frequency by any selected user, e.g. USER-040.

Description

The alphabetic list was extracted from the excel sheet. The frequencies for the selected user were arranged in
alphabetical order as the question suggested. I did choose USER-001, arranged the user frequencies in
alphabetic order, and then removed the remaining columns. The user was filtered out using the pivot tables.

List of users performing unsuccessful activities.

Description

The data that was used was extracted from the spreadsheet and the question address on the unsuccessful
activities as we go through the TSTATUS that indicates whether the chosen action is successful or not. From the
results, the users with TSTATUS 1 had unsuccessful activities. It is clear that all users had unsuccessful
activities as shown by the data.

3.List of transaction codes performed, with their frequency by each user.

Description

The list of the transactions performed codes with their frequency by each user were also derived from the
spreadsheet. In every category, the user only picked the required field (TCODE) and calculated the sum of the
TCODE as well as the grand totals for different users as shown by spreadsheet. The idea also is supported by
Peltier (2013) and Peltier (2016).

List of users engaging in security-related actions.

Description

The extracted data shows a breakdown on the list of users that engaged in security-related actions, thereby
separating the users who engaged in security-related issues such as the authorization, and when the transaction
started. The results were finally listed on the table as shown on the spreadsheet.

Top 10 users in terms of frequency of activity.

Description

The data of the top 10 users with respect to the frequency of the activity were also derived from the listed data.
1/6
The TCOUNT will then help in determining the frequency of activity thus the listing consist of the users with the
highest to low performance of the frequencies.

User ID Total Frequency

USER-041 77

USER-012 65

USER-040 62

USER-022 60

USER-006 57

USER-018 55

USER-020 55

USER-026 55

USER-017 53

USER-007 52

List of users who are dormant in the range USER-001 to USER-050.

Description

The table also highlights a list of dormant users as per the data presented listing USER-33 appearing four times
in different period. The dormant users are individuals who have not performed any action along the spreadsheet.
The users are represented by * in the TSTATUS columns. The dormant users are separated from users list,
tabled and shaded in yellow as presented.

userid yyyymm tcode text tcodestat tcd tstatus tcount ttext

USER- 201601 SESS User USER-033 in Client 400 SESS-* SESS * 1 Starting
033 Unlocked After Being the R/3
menu

USER- 201601 SESS User USER-033 Locked in Client SESS-* SESS * 3 Starting
033 400 After Erroneo the R/3
menu

USER- 201602 SESS User USER-033 in Client 400 SESS-* SESS * 1 Starting
033 Unlocked After Being the R/3
menu

USER- 201602 SESS User USER-033 Locked in Client SESS-* SESS * 1 Starting
033 400 After Erroneo the R/3
menu

You should also produce at least 2 reports or charts based on any of the above previous reports that
summarize user activity over time using YYYYMM date format.

Description
2/6
The question requires the user to generate either a chart, plot or report on the three questions listed from
questions one to six in the first task. A random selection of the questions was carried out and settled on
questions one, five and six. The charts were generated using columns and bars for this question, and a
description for the question is listed below the chart.

Top 10 users in terms of frequency of activity

The chart represents top 10 users on how the frequency of the activities was noted. It, therefore, represent the
highest frequencies of the users within a particular year. The table shows that USER-041 scored the highest
frequency of the activity of 77 in the year.

It is evident, that dormant users who could not perform any transaction dominated the chart. The chart shows
that the dormant user is USER 33.

Task 3A

Table 1 SAP System- User- System Recommended User-

Wide Security Settings Defined Default Defined
Value Value Value Value

No auto user SAP* 0 0 0 0

Failed logins to end 0 3 3 0

Failed logins to lock 5 5 5 5

Auto failed unlock 0 0 1 0

Min password length 0 6 7 0

Password expiry (days) 0 0 40 0

Idle Screen logout 1800 1800 -300 1800

(seconds)

No check on Tcodes 0 0 Y 0

Login client No 100 100 100 100

TASK 3B

1) No auto user SAP*

No auto user SAP* as the first parameter is also referred to as login. It is used to control the activation of the
identity (ID), also called SAP* and from the RSPARAM a 0-automatic user sap* is permitted as 1-automatic user
sap* being deactivated. When a user is deleted in SAP, the default value will be set to 1. It means that no deleted
user can login with ID SAP* using the password PASS in the system. However, Sinha et al. (2015) affirm that the
ID SAP* is not preferably recommended as it gives rights to customize the activities. The parameter should be
secured just as the administration and other application maintenance. If it is left open to any user, it will be a
security breach since anyone can tamper with the companys details thus the ID SAP* should not be used as the
emergency user since the user will have rights to control the SAP system.

3/6
2) Failed logins System to end

The second parameter is the Failed logins System to end used to control the number of false login attempts.
The false login is only accepted three times which the first parameter acknowledges as system default value
(Ireland 2013, p. 5; Mishra, Vimal and Michael, 2013). If three consecutive wrong logins attempts are made, the
current system will then automatically lock the user. It is, therefore, to control all the unauthorized users from
accessing the current system when users use false login details.

3) Failed logins to lock

The Failed logins to lock as the third parameter is used to control the false login until the user is locked (Platt et
al. 2013; Vidal 2012, p. 372). The system default value only can accept false logins up to 3 times, after which the
user gets locked.

4) Auto failed to unlock

The fourth parameter Auto failed unlock is used to control users when the user ID stays locked after false login
attempts. When the value is set 0, it means that the ID will be stay locked until manually unlocked and when 1 is
used, the ID will automatically be unlocked at midnight (Qiu et al. 2016). The current system default value is set
as 1, meaning that the user ID will be unlocked at the midnight. Nevertheless, a 0 value is highly recommended.
After the false logins, the password should be entered manually.

5) Min password length

Min password length takes the fifth parameter and is used to controls the minimum length of the users
password. The minimum default value in the current SAP system is set at 7, thus all users must have a minimum
password length of 7 characters both numeric and symbols. The recommended value ranges from 7 to 10 and is
limited up to 40 (Tsai et al. 2006, p. 108; Das et al. 2014).

6) Password expiry (days)

The Password expiry (days) is used to control the number of days the password is required to change. It,
therefore, helps to prevent the password breach from the system in the current system. According to Schneider
and Red Hat (2015); Dar (2015, p. 159)., the system default value is 40 up to 90 days to change the password.
The users are highly recommended to change the password frequently to prevent access from unauthorized
users.

7) Idle logout (seconds)

The seventh parameter is the Idle logout (seconds) that the active user uses to login to the system in seconds.
The default login is set at 1800 seconds after which the user will be logged out on the current system. The
recommended value lapses between 900 and 1200 t protect unauthorized users from logging into the current
system (Sklar, 2004).

8) No, check on T codes

The No check on T codes is used to enables or disables the faculty of checking T codes. When T codes are
used in the system, a No check on T codes will checks whether the T code is valid or invalid, or locked/unlocked.
It, therefore, consists of Y and N values as Y represents the system default. It means that the system will not
check the Tcode in the current system and will be disabled (Bombin et al. 2012). However, value N is highly
recommended as the Tcode is checked by the current system and will be enabled. The SAP system does the
comparison with the stored value as it checks the stored Tcode or ones, not in the TSTC table.

9) Default login client

The Default Login Client, also known as Default System Client is the last parameter where the client is set as
the default client (represented by 000) in the sap systems. The number can be any as long as it is within the

4/6
three digits (Buckler, 2013 p. 370). The default client number (000) is usually used by users when working on the
same SAP system.

References List

Bombin, H., Andrist, R.S., Ohzeki, M., Katzgraber, H.G. and Martin-Delgado, M.A., 2012. Strong resilience of
topological codes to depolarization. Physical Review X, 2(2), p.021004.

Buckler, D., Symantec Corporation, 2013. Systems and methods for detecting the insertion of poisoned DNS
server addresses into DHCP servers. U.S. Patent 8,370,933.

Dar, W.M., 2015. Cyber Security Challenges in Higher Education System of J & K with Special Reference to
Islamic University of Science & Technology Awantipora, Pulwama, J&K, India. Advances in Computational
Research, 7(1), p.159.

Das, A., Bonneau, J., Caesar, M., Borisov, N. and Wang, X., 2014, February. The Tangled Web of Password
Reuse. In NDSS (Vol. 14, pp. 23-26).

Ireland, E., 2013, December. Intrusion detection with genetic algorithms and fuzzy logic. In UMM CSci senior
seminar conference (pp. 1-6).

Mishra, K.K., Vimal, C. and Michael, G., 2013. Prevention of Online Password Hacking Process with Secured
Multi Authentication Scheme.

Peltier, T.R., 2013. Information security fundamentals. CRC Press.

Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for effective information
security management. CRC Press.

Platt, D.C., Royer, C., Berg, K., Wallingford III, J.H. and Olden, E., Symplified, Inc., 2013. System, method, and
apparatus for managing access to resources across a network. U.S. Patent 8,418,238.

Qiu, L., Muslukhov, I. and Beznosov, K., 2016, June. Advancing the Understanding of Android Unlocking and
Usage. In Twelfth Symposium on Usable Privacy and Security (SOUPS 2016) . USENIX Association.

Schneider, J.P., Red Hat, Inc., 2015. Managing password expiry. U.S. Patent 8,959,618.

Sinha, A., Sheel, V. and Ramu, G.T., Sap Se, 2015. Zero-step auto-customization of mobile applications. U.S.
Patent 9,197,501.

Sklar, D., 2004. Working with Authentication, Users, and Passwords. In Essential PHP Tools: Modules,
Extensions, and Accelerators (pp. 241-261). Apress.

Tsai, C.S., Lee, C.C. and Hwang, M.S., 2006. Password Authentication Schemes: Current Status and Key
Issues. IJ Network Security, 3(2), pp.101-115.

Vidal, J., 2012. Device, system, and method of accessing electronic m

5/6
6/6