Reg.No.

PGIS/SC/MSC/IT/16/21
Assignment 2
Think of a possible application in your own workplace
1. Describe your application focusing on what data and processes it handles

I am working at South Eastern University of Sri Lanka. There are several applications
such as Attendance Management System, Library Management System, Learning
Management System(Moodle).

Here I am going describe about Library Management System. They are using koha open
source software for this Library Management System.

There are several input in Library system at our university

1) Book details (RFID / Barcode including info on title, author, publisher, rack #,
rack column & row etc),
2) Borrower details (student # etc)
3) Date & time borrow
4) Request info on a book borrowed too long by a previous borrower so that s/he
can't renew next but have to return the book (so that other new borrower can
borrow)

Using this input there are following process to produce output

1) Inquiry about books
2) Check availability of books
3) Validate member
4) Check number of books issued to member
5) Issue books
6) Add member, books and issues details
7) Update book details

2. Do an assessment of security based on data and process

Currently they are using separate login for each users and administrators and also they
have given password for each. If the user or administrator want to change their password
they can reset. At the same type there are several restriction for each. Only administrators
can view, update, and delete the details.

3. Evaluate and come up with Administrative, Technical and Physical Security Control
procedures and processes
Administrators have to login with the system using their valid user name and password,
after login to the system they can control whole system. They don’t have any restrictions.
They can insert, update, and delete details.
 In the technical part they are using some security control procedures and processes. If a
user want to change their profile or password first of all they have to send the request to
the administrator, if the request accepted only users can change their profile or password.

For the physical security they are using locks and keys, watchmen as the control
procedures.

4. Develop a policy for assigning

1. Authentication
2. Authorization & Control

Authentication- Authentication is the process by which computer systems verify the

identity of a user. This is typically done by providing a username and password.

Authorization & Control- Access to information resources will be granted on a “need to

know” or “minimum necessary” basis and must be authorized by the immediate
information owner. Any of the following methods are acceptable for providing access:
 Context-based access
 Role-based access
 User-based access