SAP System Security: Analysis, User Security, and Ethical Dilemmas
VerifiedAdded on 2019/10/18
|8
|3293
|314
Homework Assignment
AI Summary
This assignment delves into SAP system security, commencing with an examination of transaction codes (T-codes) and their role in navigating the SAP system, including specific codes like SM19 for security audit configuration and SM20 for analyzing the security audit log. The assignment then explores the user master record, detailing its components and importance in assigning authorizations. Furthermore, the assignment addresses the crucial topic of securing the SAP* user against misuse, outlining procedures to prevent unauthorized access. The latter part of the assignment shifts to ethical considerations, presenting scenarios involving software vulnerabilities and employee misconduct, and analyzing them through the lens of the ACS Code of Ethics, emphasizing principles like the primacy of public interest, honesty, and professional conduct. The cases discuss how ethical dilemmas should be addressed in the context of professional responsibilities and potential conflicts between company loyalty and public safety.
SAP System Security
Task 1.1
The SAP Transaction Code is basically a short cut key which is attributed to the screen. With the
help of this shortcut feature in SAP, we can easily navigate to a specific location in SAP by using
the Transaction code (T-Code) in the required field of the toolbar. The transaction code is
associated with each and every function in SAP system. The code is a four character command
and fundamentally consists of letters, numbers or may be both. It is inherently meant for saving
time and the navigation could take place in a single step (Ingvaldsen & Gulla, 2007). The
command that is used is – Type/n and then followed by the required transaction code and press
Enter/Return key. As an example, suppose the intended navigation path is User Menu >> Role
ZMIT >> Purchasing >> Requisition >> Create a Requisition. Instead of that we can type/nme51
in the given command field.
SAP Transaction Codes SM19
Description: Security Audit Configuration
Main Category: Basis
Sub Category: Security
SM19 SAP T-Code is associated with the Security Audit Configuration. It is a standard SAP T-
code that is used within R/3 SAP systems which depends on the version which is being released.
The command options that are available using this code are:
a) SAP GUI for HTML: it is a function that generates HTML pages for every SAP screen. The
use of this command is that any template is not needed to be created. However, because of
some restrictions, a few specific transactions are not able to run in this interface.
b) SAP GUI for JAVA: it is a plug in that is executed by downloading from the browser. The
GUI version for Java supports more controls as compared to HTML but the transaction is
still needed to be tested (Wun-Young & Hirao, 2009). The users are needed to install it on
their PC in order to make it the second choice after SAP GUI for HTML.
c) SAP GUI for Windows: the windows also provide transactions to run on it. So, it is also
needed to be flagged with SAP GUI for Windows.
Menu Path for Transaction SM19: SAP Menu->Tools->Administration->Monitor->Security
Audit Log->Configuration
SAP Transaction Codes SM20
Description: Analysis of Security Audit Log
Main Category: Basis
Sub Category: Security
SM20 SAP T-Code is associated with the Analysis of Security Audit Log is a standard SAP T-
code used in R/3 SAP systems. It is basically a software tool being designed to be used by the
Task 1.1
The SAP Transaction Code is basically a short cut key which is attributed to the screen. With the
help of this shortcut feature in SAP, we can easily navigate to a specific location in SAP by using
the Transaction code (T-Code) in the required field of the toolbar. The transaction code is
associated with each and every function in SAP system. The code is a four character command
and fundamentally consists of letters, numbers or may be both. It is inherently meant for saving
time and the navigation could take place in a single step (Ingvaldsen & Gulla, 2007). The
command that is used is – Type/n and then followed by the required transaction code and press
Enter/Return key. As an example, suppose the intended navigation path is User Menu >> Role
ZMIT >> Purchasing >> Requisition >> Create a Requisition. Instead of that we can type/nme51
in the given command field.
SAP Transaction Codes SM19
Description: Security Audit Configuration
Main Category: Basis
Sub Category: Security
SM19 SAP T-Code is associated with the Security Audit Configuration. It is a standard SAP T-
code that is used within R/3 SAP systems which depends on the version which is being released.
The command options that are available using this code are:
a) SAP GUI for HTML: it is a function that generates HTML pages for every SAP screen. The
use of this command is that any template is not needed to be created. However, because of
some restrictions, a few specific transactions are not able to run in this interface.
b) SAP GUI for JAVA: it is a plug in that is executed by downloading from the browser. The
GUI version for Java supports more controls as compared to HTML but the transaction is
still needed to be tested (Wun-Young & Hirao, 2009). The users are needed to install it on
their PC in order to make it the second choice after SAP GUI for HTML.
c) SAP GUI for Windows: the windows also provide transactions to run on it. So, it is also
needed to be flagged with SAP GUI for Windows.
Menu Path for Transaction SM19: SAP Menu->Tools->Administration->Monitor->Security
Audit Log->Configuration
SAP Transaction Codes SM20
Description: Analysis of Security Audit Log
Main Category: Basis
Sub Category: Security
SM20 SAP T-Code is associated with the Analysis of Security Audit Log is a standard SAP T-
code used in R/3 SAP systems. It is basically a software tool being designed to be used by the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Auditors in order to monitor the activities in the SAP system (Linkies & Off, 2006). It helps to
see the Audit log. Once the Audit log is activated, it is easier to keep a record for those activities
that are considered for auditing. This information can be accessed later on to evaluate the audit
analysis report. There is a foxed period of time for which the Audit log can be scanned.
The navigation path for accessing Security Audit Log is:
Tools->Administration->Monitor->Security Audit Log->Analysis
or
Transaction SM20 – Analyzing the Audit Log
Task 1.2.1
User Master Record in SAP
The user master record is a function that is used to assign the required authorizations to the users
in order to execute transactions in SAP systems. It is primarily used in the process of
administrative and authorization management. The process starts with an SAP user that has users
ID having an authorization of transaction and each and every details of users could then be
monitored by SAP administrator (Hauge, 2007). All the essential details of users such as login
session, user rights and passwords etc. are listed under User Master Control. In other words, the
main purpose of user master record is to provide a storage that contains the user id along with a
huge amount of information that could be used by the administrators of SAP system for the
effective management of users.
Various components of User master record:
Address: it is the location where each and every detail of the user are stored. These details
are: personal data, communications details as well as company address.
Login data: in this location user type, validity period and cost center are stored.
Parameters: in this location all the default parameters are stored that are invariably assigned
to the user.
Roles: it is the location where roles to user are assigned.
Profiles: in this component a user group is assigned to the user, for example SAP provides
the predefined system authorizations as: SAP_ALL.
Personalization: it is the component where personalization to the user id is assigned.
License data: in this component the license data to the user are assigned such as user access
transactions, passwords, authorization profiles etc.
Whenever a user id is created for a user in SAP system and then he requires to perform certain
business activities according to his job profile, then the required number of T-codes are used to
perform the corresponding actions and the access to perform all the job tasks is granted through
the roles only.
Any user can only be given an authorization to log on to a SAP system whenever a user master
record exists with the corresponding passwords. Commonly the users are defined by one or more
see the Audit log. Once the Audit log is activated, it is easier to keep a record for those activities
that are considered for auditing. This information can be accessed later on to evaluate the audit
analysis report. There is a foxed period of time for which the Audit log can be scanned.
The navigation path for accessing Security Audit Log is:
Tools->Administration->Monitor->Security Audit Log->Analysis
or
Transaction SM20 – Analyzing the Audit Log
Task 1.2.1
User Master Record in SAP
The user master record is a function that is used to assign the required authorizations to the users
in order to execute transactions in SAP systems. It is primarily used in the process of
administrative and authorization management. The process starts with an SAP user that has users
ID having an authorization of transaction and each and every details of users could then be
monitored by SAP administrator (Hauge, 2007). All the essential details of users such as login
session, user rights and passwords etc. are listed under User Master Control. In other words, the
main purpose of user master record is to provide a storage that contains the user id along with a
huge amount of information that could be used by the administrators of SAP system for the
effective management of users.
Various components of User master record:
Address: it is the location where each and every detail of the user are stored. These details
are: personal data, communications details as well as company address.
Login data: in this location user type, validity period and cost center are stored.
Parameters: in this location all the default parameters are stored that are invariably assigned
to the user.
Roles: it is the location where roles to user are assigned.
Profiles: in this component a user group is assigned to the user, for example SAP provides
the predefined system authorizations as: SAP_ALL.
Personalization: it is the component where personalization to the user id is assigned.
License data: in this component the license data to the user are assigned such as user access
transactions, passwords, authorization profiles etc.
Whenever a user id is created for a user in SAP system and then he requires to perform certain
business activities according to his job profile, then the required number of T-codes are used to
perform the corresponding actions and the access to perform all the job tasks is granted through
the roles only.
Any user can only be given an authorization to log on to a SAP system whenever a user master
record exists with the corresponding passwords. Commonly the users are defined by one or more
than one roles in which they are restricted by assigning proper authorization to perform their
operations. The user master records are client based and therefore the users have to maintain
their clients’ records in SAP system (Föse, Hagemann & Will, 2012). If a user has two clients in
SAP system with different roles for different clients, then the user has to perform activities in his
client only. The user master record has the following SAP objects:
Object S_USER_ GRP - Authorization to create and/or maintain user master records
Object S_USER_ PRO - Authorization for the authorization profiles
Object S_USER_ AUTH - Authorization to create and maintain authorizations
Object S_USER_ AGR - Authorization to protect roles
Object S_USER_ TCD - Authorization for transactions
Object S_USER_ VAL- Authorization to restrict the values
Task1.2.2
Securing User SAP* Against Misuse
In order to make sure that nobody could misuse the standard user SAP*, a new super user is
defined and at the same time SAP* is to be deactivated in all the clients that were existed in the
table T000. However, SAP* is coded in AS ABAP which is a difficult platform and it doesn’t
need any user master record. Even if a client doesn’t have a user master record for SAP*, anyone
can have an access to the AS ABAP as the user SAP* with the help of password PASS. In this
condition, SAP* can hardly be termed as vulnerable towards the authority checks and therefore
has all the authorizations. So, do not delete SAP* account of any client ("Securing User SAP*
Against Misuse - User and Role Administration of Application Server ABAP - SAP Library",
n.d.).
The mitigation of creation of SAP* is done by profile parameter. The code for that is:
login/no_automatic_user_sapstar. The parameter is activated by default. Just after the setting of
this profile parameter and deleting SAP* user master record, it will straight away activate hard-
coded SAP* with a password PASS and hence there will be an unrestricted system
authorizations.
As the clients are always stored in table T000 and in order to find out any particular client, the
report used is: RSAUDIT_SYSTEM_STATUS and the transaction used is SA38.
Procedure of securing User SAP*:
1. A user master record is created for new super user.
2. This super user is assigned an emergency role
3. Change initial password
operations. The user master records are client based and therefore the users have to maintain
their clients’ records in SAP system (Föse, Hagemann & Will, 2012). If a user has two clients in
SAP system with different roles for different clients, then the user has to perform activities in his
client only. The user master record has the following SAP objects:
Object S_USER_ GRP - Authorization to create and/or maintain user master records
Object S_USER_ PRO - Authorization for the authorization profiles
Object S_USER_ AUTH - Authorization to create and maintain authorizations
Object S_USER_ AGR - Authorization to protect roles
Object S_USER_ TCD - Authorization for transactions
Object S_USER_ VAL- Authorization to restrict the values
Task1.2.2
Securing User SAP* Against Misuse
In order to make sure that nobody could misuse the standard user SAP*, a new super user is
defined and at the same time SAP* is to be deactivated in all the clients that were existed in the
table T000. However, SAP* is coded in AS ABAP which is a difficult platform and it doesn’t
need any user master record. Even if a client doesn’t have a user master record for SAP*, anyone
can have an access to the AS ABAP as the user SAP* with the help of password PASS. In this
condition, SAP* can hardly be termed as vulnerable towards the authority checks and therefore
has all the authorizations. So, do not delete SAP* account of any client ("Securing User SAP*
Against Misuse - User and Role Administration of Application Server ABAP - SAP Library",
n.d.).
The mitigation of creation of SAP* is done by profile parameter. The code for that is:
login/no_automatic_user_sapstar. The parameter is activated by default. Just after the setting of
this profile parameter and deleting SAP* user master record, it will straight away activate hard-
coded SAP* with a password PASS and hence there will be an unrestricted system
authorizations.
As the clients are always stored in table T000 and in order to find out any particular client, the
report used is: RSAUDIT_SYSTEM_STATUS and the transaction used is SA38.
Procedure of securing User SAP*:
1. A user master record is created for new super user.
2. This super user is assigned an emergency role
3. Change initial password
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
4. User master record for SAP* is created
5. SUPER user group to SAP* is assigned to ensure that only authorized administrators can
have access to change user master record.
6. All authorizations for SAP* are deactivated.
Task 2.1.1
In the present scenario, the software program developed by Faisal had performed reasonably well
in the first run and therefore was declared as state of the art and was expected to function well in
the future as well. So, in this premise, it was about to be dispatched to the two companies for the
deployment. However, later on it was discovered that the software contained a serious security
hole and company Y’s database system became vulnerable for the hackers to be attacked and
easily steal confidential information about clients. Also, even the company X’s database system
is not secure on account of security flaw. On top of that, the manager told Faisal to continue the
way the project was going on. So, Faisal is in dilemma whether to obey his manager’s
instructions or follow his moral conscience. Now, there are two important situations that have
developed here – professionalism and public interest. As, Faisal is the employee of the company
Z, he has to be somehow remain loyal to his own company and therefore it is fine to follow what
his manager has told him. However, as per the ACS code of ethics, the primacy to public interest
is the pertinent thing to do so that the action taken at that time by any professional should not
bring any harm to the public (Bowern, Burmeister, Gotterbarn, & Weckert, 2006).
Task 2.1.2
According to the ACS Code of Professional Practice, there are three different points of view,
through which the above scenario should most likely be looked at – Professionalism, The
Primacy of the Public Interest and Honesty. Professionally, there are certain compulsions for
Faisal to obey the orders of his manager, even if he thinks there needs to be done something
towards fixing the problem, because he is working for the company and he will have to put the
interests of his company first. Secondly, from another perspective, the primacy of the public
interest should take precedence above all and if there is any conflict because of that, it should be
resolved in the favor of public. The public interest invariably includes matters of public health,
safety as well as environment. Moreover, it is the job of the professional to identify those
elements that are potentially impacted by his work and therefore explicitly consider their
interests. Also, Faisal being in the work, should feel the priority to safeguard the interests of his
immediate stakeholders (manager and company), however, the interests of these stakeholders
should not coincide with the duty and loyalty that he owes to the people. The third and very
crucial perspective is honesty and by virtue of it any professional should not breach the trust of
his stakeholders and public trust as well. So, Faisal needs to understand here that after knowing a
certain loophole is being developed in the software, he should try to fix the problem so that his
the two companies would be saved from the attack of hackers. He should remain true to himself
and listen to his conscience first. The principle of honesty, according to the ACS codes of
5. SUPER user group to SAP* is assigned to ensure that only authorized administrators can
have access to change user master record.
6. All authorizations for SAP* are deactivated.
Task 2.1.1
In the present scenario, the software program developed by Faisal had performed reasonably well
in the first run and therefore was declared as state of the art and was expected to function well in
the future as well. So, in this premise, it was about to be dispatched to the two companies for the
deployment. However, later on it was discovered that the software contained a serious security
hole and company Y’s database system became vulnerable for the hackers to be attacked and
easily steal confidential information about clients. Also, even the company X’s database system
is not secure on account of security flaw. On top of that, the manager told Faisal to continue the
way the project was going on. So, Faisal is in dilemma whether to obey his manager’s
instructions or follow his moral conscience. Now, there are two important situations that have
developed here – professionalism and public interest. As, Faisal is the employee of the company
Z, he has to be somehow remain loyal to his own company and therefore it is fine to follow what
his manager has told him. However, as per the ACS code of ethics, the primacy to public interest
is the pertinent thing to do so that the action taken at that time by any professional should not
bring any harm to the public (Bowern, Burmeister, Gotterbarn, & Weckert, 2006).
Task 2.1.2
According to the ACS Code of Professional Practice, there are three different points of view,
through which the above scenario should most likely be looked at – Professionalism, The
Primacy of the Public Interest and Honesty. Professionally, there are certain compulsions for
Faisal to obey the orders of his manager, even if he thinks there needs to be done something
towards fixing the problem, because he is working for the company and he will have to put the
interests of his company first. Secondly, from another perspective, the primacy of the public
interest should take precedence above all and if there is any conflict because of that, it should be
resolved in the favor of public. The public interest invariably includes matters of public health,
safety as well as environment. Moreover, it is the job of the professional to identify those
elements that are potentially impacted by his work and therefore explicitly consider their
interests. Also, Faisal being in the work, should feel the priority to safeguard the interests of his
immediate stakeholders (manager and company), however, the interests of these stakeholders
should not coincide with the duty and loyalty that he owes to the people. The third and very
crucial perspective is honesty and by virtue of it any professional should not breach the trust of
his stakeholders and public trust as well. So, Faisal needs to understand here that after knowing a
certain loophole is being developed in the software, he should try to fix the problem so that his
the two companies would be saved from the attack of hackers. He should remain true to himself
and listen to his conscience first. The principle of honesty, according to the ACS codes of
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
professionalism, also say that any professional should not knowingly mislead the client for the
suitability of his product/service (Davison, 2000).
Task 2.2.1
Although Carol had financial problems and at the same time a medical treatment was necessary
for her child, therefore, on account of that she took a decision to go ahead and forge signatures to
embezzle $5,000 from the reserves of the branch. So, as per the ACS Code of Ethics, Carol has
clearly breached the prerequisite values here. The values that were breached are – primacy of the
public interest by embezzling the public money, honesty by making forged signatures,
competence by not being diligent to her stakeholders and breach of professionalism by not
enhancing the integrity of ACS and disrespecting its members (Burmiester, 2000). So, it will not
be easy for her team members to forget the act that she had committed. However, to some extent
her compulsions to perform the act seem to be motivated by the illness of her child. So, from the
viewpoint of empathy, they would somehow try to reconcile with her.
Task 2.2.2
According to the ACS Code of Professional Practice, there are certain ethical concerns that
emerge here on account of actions taken by Carol. The first concern is the breach of public
interest. As she is playing an important role in the society by getting elected as a treasurer, she is
always expected to put the interest of the people and the society first, no matter what, because
that was what she had been elected for. Even though she was facing a serious crisis in her
personal life but that doesn’t mean that she would forget her position as a responsible
professional in the social forum. She should have find other options such as taking consultation
to the other member of the group about the money that she needed. Secondly, as per the ACS
codes of ethics, honesty is something which always guides anyone to remain true to oneself. But
Carol threw her honesty out of the window the moment she tried to forge the signatures. The
clear intention of this act is to embezzle money out of the reserve ("ACS Code of Professional
Conduct", 2014). Thirdly, the breach of competence stopped her from using due diligence in
order to taking care of the interest of the organization. The stakeholders or the public would have
been the first priority of Carol. Moreover, being an ACS member she must not have done any
such act that would send a wrong message to the public at large. It does not suffice on her part
that she would do exactly opposite of what she is expected to do. It is understandable that she
was helpless and that’s why went this far but there are certain rules that should remain unbroken
and how the people would view this, the jury is out.
Task 3
Advanced Persistent Attack
An Advanced Persistent Threat (APT) refers to a cyber-attack that utilizes multiple phases in
order to break into a network by avoiding detection and gain extremely valuable information
over a longer period of time. So, staying in the network for long that too by remaining
undetected points at the only one intention of the attack that is, to steal data rather than causing
suitability of his product/service (Davison, 2000).
Task 2.2.1
Although Carol had financial problems and at the same time a medical treatment was necessary
for her child, therefore, on account of that she took a decision to go ahead and forge signatures to
embezzle $5,000 from the reserves of the branch. So, as per the ACS Code of Ethics, Carol has
clearly breached the prerequisite values here. The values that were breached are – primacy of the
public interest by embezzling the public money, honesty by making forged signatures,
competence by not being diligent to her stakeholders and breach of professionalism by not
enhancing the integrity of ACS and disrespecting its members (Burmiester, 2000). So, it will not
be easy for her team members to forget the act that she had committed. However, to some extent
her compulsions to perform the act seem to be motivated by the illness of her child. So, from the
viewpoint of empathy, they would somehow try to reconcile with her.
Task 2.2.2
According to the ACS Code of Professional Practice, there are certain ethical concerns that
emerge here on account of actions taken by Carol. The first concern is the breach of public
interest. As she is playing an important role in the society by getting elected as a treasurer, she is
always expected to put the interest of the people and the society first, no matter what, because
that was what she had been elected for. Even though she was facing a serious crisis in her
personal life but that doesn’t mean that she would forget her position as a responsible
professional in the social forum. She should have find other options such as taking consultation
to the other member of the group about the money that she needed. Secondly, as per the ACS
codes of ethics, honesty is something which always guides anyone to remain true to oneself. But
Carol threw her honesty out of the window the moment she tried to forge the signatures. The
clear intention of this act is to embezzle money out of the reserve ("ACS Code of Professional
Conduct", 2014). Thirdly, the breach of competence stopped her from using due diligence in
order to taking care of the interest of the organization. The stakeholders or the public would have
been the first priority of Carol. Moreover, being an ACS member she must not have done any
such act that would send a wrong message to the public at large. It does not suffice on her part
that she would do exactly opposite of what she is expected to do. It is understandable that she
was helpless and that’s why went this far but there are certain rules that should remain unbroken
and how the people would view this, the jury is out.
Task 3
Advanced Persistent Attack
An Advanced Persistent Threat (APT) refers to a cyber-attack that utilizes multiple phases in
order to break into a network by avoiding detection and gain extremely valuable information
over a longer period of time. So, staying in the network for long that too by remaining
undetected points at the only one intention of the attack that is, to steal data rather than causing
damage to the organization (Tankard, 2011). The organizations that are the primary targets of
such attacks are the databases of national defense, manufacturing company and financial
industry. The cyber criminals that carry out such attacks use the full potential of advance hacking
techniques. Even if the individual components may not be the termed as advanced, but the expert
criminals typically develop more advanced tools and software. When combined together, the
multiple attack methodologies are utilized and directed towards the target organizational system.
Being persistent makes it even more dangerous because these attacks are intended to carry out
specific tasks, rather than achieving immediate financial gains. The attack is carried out with the
help of continuous monitoring and supervision so that the stated objectives are achieved
successfully (Brewer, 2014). The threat is very real as a coordinated human intelligence is being
applied to carry out this attack not any random piece of code. These cyber criminals are highly
skilled, extremely motivated, properly organized and well-funded.
The following methods are used by the hackers to carry out APT:
1. Reconnaissance: the hacker utilizes the information by leveraging a different set of factors
to take a clear idea about their target.
2. Incursion: by processing all the information taken above, the hackers break into the network
by using advanced computer engineering in order to deliver the targeted malware to the
organizations that are vulnerable.
3. Discovery: while keeping a low key to avoid detection, the attackers find an opportune
moment to try and map the organization’s secret information from the inside.
4. Capture: the hackers then take an access of unprotected systems and absorb as much as
information as it can for a longer period.
5. Exfiltration: the information being absorbed is then sent back to the team for the analysis to
check its relevance and further exploitation is carried out.
such attacks are the databases of national defense, manufacturing company and financial
industry. The cyber criminals that carry out such attacks use the full potential of advance hacking
techniques. Even if the individual components may not be the termed as advanced, but the expert
criminals typically develop more advanced tools and software. When combined together, the
multiple attack methodologies are utilized and directed towards the target organizational system.
Being persistent makes it even more dangerous because these attacks are intended to carry out
specific tasks, rather than achieving immediate financial gains. The attack is carried out with the
help of continuous monitoring and supervision so that the stated objectives are achieved
successfully (Brewer, 2014). The threat is very real as a coordinated human intelligence is being
applied to carry out this attack not any random piece of code. These cyber criminals are highly
skilled, extremely motivated, properly organized and well-funded.
The following methods are used by the hackers to carry out APT:
1. Reconnaissance: the hacker utilizes the information by leveraging a different set of factors
to take a clear idea about their target.
2. Incursion: by processing all the information taken above, the hackers break into the network
by using advanced computer engineering in order to deliver the targeted malware to the
organizations that are vulnerable.
3. Discovery: while keeping a low key to avoid detection, the attackers find an opportune
moment to try and map the organization’s secret information from the inside.
4. Capture: the hackers then take an access of unprotected systems and absorb as much as
information as it can for a longer period.
5. Exfiltration: the information being absorbed is then sent back to the team for the analysis to
check its relevance and further exploitation is carried out.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
References
ACS Code of Professional Conduct. (2014). Australian Computer Society. Retrieved 16
September 2016, from https://www.acs.org.au/__data/assets/pdf.../Code-of-Professional-
Conduct_v2.1.pdf
Bowern, M., Burmeister, O., Gotterbarn, D., & Weckert, J. (2006). ICT Integrity: bringing the
ACS code of ethics up to date. AJIS, 13(2). http://dx.doi.org/10.3127/ajis.v13i2.50
Brewer, R. (2014). Advanced persistent threats: minimising the damage. Network
Security, 2014(4), 5-9. http://dx.doi.org/10.1016/s1353-4858(14)70040-6
Davison, R. M. (2000). Professional ethics in information systems: A personal
perspective. Communications of the AIS, 3(2es), 4.
Föse, F., Hagemann, S., & Will, L. (2012). SAP NetWeaver AS ABAP System Administration.
Galileo Press.
Hauge, O. C. (2007). Application Based IDS Reporting in the ERP system SAP R/3.
Ingvaldsen, J. E., & Gulla, J. A. (2007, September). Preprocessing support for large scale process
mining of SAP transactions. In International Conference on Business process management (pp.
30-41). Springer Berlin Heidelberg.
Linkies, M., & Off, F. (2006). SAP Security and Authorizations. Galileo Press.
Securing User SAP* Against Misuse - User and Role Administration of Application Server
ABAP - SAP Library. Help.sap.com. Retrieved 16 September 2016, from
https://help.sap.com/saphelp_nw73/helpdata/en/4f/3eb3f249aa2eb5e10000000a42189c/
content.htm
Tankard, C. (2011). Advanced Persistent threats and how to monitor and deter them. Network
Security,2011(8), 16-19. http://dx.doi.org/10.1016/s1353-4858(11)70086-1
Wun-Young, L. & Hirao, J. (2009). SAP security configuration and deployment. Burlington,
MA: Syngress Pub.
ACS Code of Professional Conduct. (2014). Australian Computer Society. Retrieved 16
September 2016, from https://www.acs.org.au/__data/assets/pdf.../Code-of-Professional-
Conduct_v2.1.pdf
Bowern, M., Burmeister, O., Gotterbarn, D., & Weckert, J. (2006). ICT Integrity: bringing the
ACS code of ethics up to date. AJIS, 13(2). http://dx.doi.org/10.3127/ajis.v13i2.50
Brewer, R. (2014). Advanced persistent threats: minimising the damage. Network
Security, 2014(4), 5-9. http://dx.doi.org/10.1016/s1353-4858(14)70040-6
Davison, R. M. (2000). Professional ethics in information systems: A personal
perspective. Communications of the AIS, 3(2es), 4.
Föse, F., Hagemann, S., & Will, L. (2012). SAP NetWeaver AS ABAP System Administration.
Galileo Press.
Hauge, O. C. (2007). Application Based IDS Reporting in the ERP system SAP R/3.
Ingvaldsen, J. E., & Gulla, J. A. (2007, September). Preprocessing support for large scale process
mining of SAP transactions. In International Conference on Business process management (pp.
30-41). Springer Berlin Heidelberg.
Linkies, M., & Off, F. (2006). SAP Security and Authorizations. Galileo Press.
Securing User SAP* Against Misuse - User and Role Administration of Application Server
ABAP - SAP Library. Help.sap.com. Retrieved 16 September 2016, from
https://help.sap.com/saphelp_nw73/helpdata/en/4f/3eb3f249aa2eb5e10000000a42189c/
content.htm
Tankard, C. (2011). Advanced Persistent threats and how to monitor and deter them. Network
Security,2011(8), 16-19. http://dx.doi.org/10.1016/s1353-4858(11)70086-1
Wun-Young, L. & Hirao, J. (2009). SAP security configuration and deployment. Burlington,
MA: Syngress Pub.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1 out of 8
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.