CIS2005 Principles of Information Security - Assignment 2 Practical SAP Report
Description
Marks out of
Weighting
Due date
Assignment 2 – Practical report using SAP
50
5%
4th September 2014
Task 1 Specifications – Analyze SAP Security Audit Log Data.
You are provided with a data file – Userdata.xls.
Userdata.xls is a summarized record of user activity on a client’s SAP system. Each record contains the following fields:
USERID
YYYYMM
TCODE
TEXT
TCODESTAT
TCD
TSTATUS
TCOUNT
TTEXT
YYYYMM describes when the user action took place. YYYYMM is useful for summarising user activity by month. TCODE refers to the transaction (option on the menu) performed by the user. TEXT describes the outcome of the action, including its success or failure. Some tcodes are blank. Accordingly, TCODESTAT is an invented transaction code for each action indicating whether the action was successful (-0) or failed (-1). TCD is the same as TCODESTAT, except there is no -0 or -1. TSTATUS indicates whether the action was successful or not (0/1). TCOUNT is the number of times the user has performed this action, with this outcome, in the month YYYYMM. TTEXT is the narrative description of the TCODE.
Task 1 Requirements
You can use software of your choice (spreadsheet, database, statistical package etc) to analyze the provided SAP security audit log data (Userdata.xls), generate appropriate reports and provide an analysis of your findings (hint this assignment 2 task 1 can be done using excel pivot tables or Microsoft Access database SQL queries). Of particular interest are the following reports:
1. Alphabetic list of all actions and their frequency by any selected user, e.g. USER-040.
2. List of users performing unsuccessful activities.
3. List of transaction codes performed, with their frequency by each user.
4. List of users engaging in security-related actions.
5. Top 10 users in terms of frequency of activity.
6. List of users who are dormant – in the range USER-001 to USER-050.
7. You should also produce at least 3 reports/charts/plots based on any of the above previous reports that summarise activity over time using YYYYMM.
Note: Submission of your assignment report documents (an excel spreadsheet for task 1 if you use a spreadsheet for task1 or an Access database if you use a database for task 1) will be via Ease Assignment 2 submission link
PAGE
1
SAP_Security_LoguseridyyyymmftexttcodestattcdtstatustcountttextUSER-001201403SU10Transaction SU10 StartedSU10-0SU1001Mass Changes to User Master RecordsUSER-001201403SESSPassword changed for user USER-001 in client 400pwdc-0pwdc01USER-001201403Logon Successful (Type=A)logn-0logn01USER-001201403SESSLogon Successful (Type=A)logn-0logn01USER-001201403User Logoffloff-0loff01USER-001201403SESSLogon Failed (Reason = 3, Type = A)logn-1logn13USER-001201403SA38User Logoffloff-0loff01USER-001201403SESSLogon Failed (Reason = 1, Type = A)logn-1logn19USER-001201403SU03Transaction SU03 StartedSU03-0SU0301Maintain Aut ...
Z Score,T Score, Percential Rank and Box Plot Graph
CIS2005 Principles of Information Security - Assignment 2 Pract.docx
1. CIS2005 Principles of Information Security - Assignment 2
Practical SAP Report
Description
Marks out of
Weighting
Due date
Assignment 2 – Practical report using SAP
50
5%
4th September 2014
Task 1 Specifications – Analyze SAP Security Audit Log Data.
You are provided with a data file – Userdata.xls.
Userdata.xls is a summarized record of user activity on a
client’s SAP system. Each record contains the following fields:
USERID
YYYYMM
TCODE
TEXT
TCODESTAT
TCD
TSTATUS
TCOUNT
TTEXT
2. YYYYMM describes when the user action took place.
YYYYMM is useful for summarising user activity by month.
TCODE refers to the transaction (option on the menu)
performed by the user. TEXT describes the outcome of the
action, including its success or failure. Some tcodes are blank.
Accordingly, TCODESTAT is an invented transaction code for
each action indicating whether the action was successful (-0) or
failed (-1). TCD is the same as TCODESTAT, except there is no
-0 or -1. TSTATUS indicates whether the action was successful
or not (0/1). TCOUNT is the number of times the user has
performed this action, with this outcome, in the month
YYYYMM. TTEXT is the narrative description of the TCODE.
Task 1 Requirements
You can use software of your choice (spreadsheet, database,
statistical package etc) to analyze the provided SAP security
audit log data (Userdata.xls), generate appropriate reports and
provide an analysis of your findings (hint this assignment 2 task
1 can be done using excel pivot tables or Microsoft Access
database SQL queries). Of particular interest are the following
reports:
1. Alphabetic list of all actions and their frequency by any
selected user, e.g. USER-040.
2. List of users performing unsuccessful activities.
3. List of transaction codes performed, with their frequency by
each user.
4. List of users engaging in security-related actions.
5. Top 10 users in terms of frequency of activity.
6. List of users who are dormant – in the range USER-001 to
USER-050.
7. You should also produce at least 3 reports/charts/plots based
on any of the above previous reports that summarise activity
3. over time using YYYYMM.
Note: Submission of your assignment report documents (an
excel spreadsheet for task 1 if you use a spreadsheet for task1
or an Access database if you use a database for task 1) will be
via Ease Assignment 2 submission link
PAGE
1
SAP_Security_Loguseridyyyymmftexttcodestattcdtstatustcounttt
extUSER-001201403SU10Transaction SU10 StartedSU10-
0SU1001Mass Changes to User Master RecordsUSER-
001201403SESSPassword changed for user USER-001 in client
400pwdc-0pwdc01USER-001201403Logon Successful
(Type=A)logn-0logn01USER-001201403SESSLogon Successful
(Type=A)logn-0logn01USER-001201403User Logoffloff-
0loff01USER-001201403SESSLogon Failed (Reason = 3, Type
= A)logn-1logn13USER-001201403SA38User Logoffloff-
0loff01USER-001201403SESSLogon Failed (Reason = 1, Type
= A)logn-1logn19USER-001201403SU03Transaction SU03
StartedSU03-0SU0301Maintain AuthorizationsUSER-
001201403FK01Transaction FK01 StartedFK01-0FK0103Create
Vendor (Accounting)USER-001201403SE11Transaction SE11
StartedSE11-0SE1102ABAP/4 Dictionary MaintenanceUSER-
001201403SU01Transaction SU01 StartedSU01-0SU0104User
MaintenanceUSER-001201403Start Transaction GL Failed-
111USER-001201403FS00Transaction FS00 StartedFS00-
0FS0005USER-001201403Start Transaction SOOO Failed-
111USER-001201403FB60Transaction FB60 StartedFB60-
0FB6002USER-001201403SU01Transaction SU01D
StartedSU01-0SU0101User MaintenanceUSER-001201403Start
Transaction S090 Failed-111USER-001201403Start Transaction
S009 Failed-111USER-002201403SA38Transaction SA38
StartedSA38-0SA3806ABAP reportingUSER-
002201403FK10Transaction FK10N StartedFK10-
4. 0FK1001Vendor Account BalanceUSER-
002201403SU01Transaction SU01D StartedSU01-0SU0102User
MaintenanceUSER-002201403SE11Transaction SE11
StartedSE11-0SE1101ABAP/4 Dictionary MaintenanceUSER-
002201403SU01Transaction SU01 StartedSU01-0SU0101User
MaintenanceUSER-002201403FS00Transaction FS00
StartedFS00-0FS0002USER-002201403FS00User Logoffloff-
0loff01USER-002201403SESSLogon Failed (Reason = 1, Type
= A)logn-1logn12USER-002201403SESSLogon Successful
(Type=A)logn-0logn01USER-002201403User Logoffloff-
0loff01USER-002201403Logon Successful (Type=A)logn-
0logn01USER-002201403SESSPassword changed for user
USER-002 in client 400pwdc-0pwdc01USER-
003201403SWUITransaction SWUI StartedSWUI-
0SWUI01Start WorkflowUSER-003201403SESSLogon
Successful (Type=A)logn-0logn01USER-003201403Password
changed for user USER-003 in client 400pwdc-0pwdc01USER-
003201403Logon Successful (Type=A)logn-0logn02USER-
003201403SESSLogon Failed (Reason = 1, Type = A)logn-
1logn16USER-003201403User Logoffloff-0loff02USER-
003201403FS00User Logoffloff-0loff01USER-
003201403SU3Transaction SU3 StartedSU3 -0SU301Maintain
Users Own DataUSER-003201403SESSLogon Failed (Reason =
3, Type = A)logn-1logn12USER-003201403SESSPassword
changed for user USER-003 in client 400pwdc-0pwdc01USER-
003201403FS00Transaction FS00 StartedFS00-0FS0002USER-
003201403SM30Transaction SM30 StartedSM30-0SM3001Call
View MaintenanceUSER-003201403SU01Transaction SU01
StartedSU01-0SU0101User MaintenanceUSER-
003201403FK10Transaction FK10N StartedFK10-
0FK1001Vendor Account BalanceUSER-
003201403SE11Transaction SE11 StartedSE11-
0SE1103ABAP/4 Dictionary MaintenanceUSER-
003201403FB60Transaction FB60 StartedFB60-0FB6002USER-
003201403SA38Transaction SA38 StartedSA38-0SA3803ABAP
reportingUSER-003201403SE43Transaction SE43N