Professional Documents
Culture Documents
ITMAC Summer 2014 - Ans
ITMAC Summer 2014 - Ans
(i) XBL may start its full fledge operations within targeted time.
(ii) Experienced working team would be available to XBL from Day 1.
(iii) XBL would be free from substantial HR related overheads and issues as
outsourcing agent would be responsible for hiring, firing, training and salary
issues.
(iv) More services may be available to XBL at lower price, especially for 24/7/365
days requirement.
(b) There are some inherent risks associated with the outsourcing of IT services; however,
most of these risks could be mitigated if appropriate clauses have been included in the
outsourcing agreement.
(c) XBL should consider the following matters in making a choice between the two service
providers:
(i) Prices offered by each vendor for its deliverables in comparison with other.
(ii) Financial viability – through its past annual reports and market feedbacks etc.
(iii) Available resources – manpower, machines, infrastructure etc.
(iv) Commitment to quality – through its existing clients and market feedback.
(v) Controls in place for disaster recovery and continuity of operations.
(vi) Comprehensive insurance and commitment to compensate the client’s loss.
Ans.2 (a) The hacker may have been able to penetrate NC’s network due to following reasons:
(i) Though the firewall was well configured, its default password may not have been
changed. This gives hacker an easy opportunity to break in the network.
(ii) The firewall logs may not be reviewed vigilantly or may not be reviewed
periodically at an appropriate level. Hence any unauthorized attempt to violate
the firewall policy may remain undetected which gives hacker ample opportunity
to find and exploit the weaknesses in the firewall policy.
Page 1 of 6
INFORMATION TECHNOLOGY MANAGEMENT, AUDIT AND CONTROL
Suggested Answers
Final Examination ‐ Summer 2014
(iii) There may exist some systems on the network that may connect to the Internet
bypassing the firewall. Such systems give the hacker a firewall free passage to
attack the network.
(iv) The method and periodicity of antivirus repository updates is not specified. The
larger the difference between two successive updates of antivirus repository, the
greater the chances for a hacker to inject his code in the system.
(v) No software is installed at NC that can analyse and detect files/objects with
suspected behavior. This gives rise to the possibility of advance attacks like zero-
day or advanced persistent threat attacks as having a properly configured firewall
and updated antivirus definitions are not capable to counter such attacks.
(vi) Users may not be aware of the risks associated with sharing of passwords and or
keeping a common password for official and all personal/social networking sites.
Such mistakes by users give hackers an opportunity to exploit.
(vii) Controls as regards the terminated employees are not specified. If the user IDs of
terminated employees is not deleted immediately, such employees may access
the company’s network using their credentials.
(viii) Users may not be aware of the risks of storing confidential documents on the
shared drive. Some high privilege user may have stored such information on the
shared network drive which may have been exposed to low privilege users and
hence reached in the hands of unauthorized users.
Ans.3 (a) To ensure successful data migration following objectives should be achieved:
Completeness: Ensure the completeness of the data conversion i.e., the complete
data is converted from source to destination
Integrity: The data should not be altered by the person or program during transfer
to the new system.
Confidentiality: The confidentiality of the data should be ensured.
Consistency: Ensure that the data is consistent within the defined ranges of data
conversion.
(b) Key steps that should be taken during data conversion are as follows:
(i) Establish the parameters/criteria for successful conversion.
(ii) Identify business owners responsible for data conversion validation and signing
off.
(iii) Determine what data should be converted programmatically and what, if any,
should be converted manually.
(iv) Perform the data cleansing ahead of conversion.
Page 2 of 6
INFORMATION TECHNOLOGY MANAGEMENT, AUDIT AND CONTROL
Suggested Answers
Final Examination ‐ Summer 2014
(v) Identify the methods to be used to verify the conversion, such as automated file
compressions, comparing record counts and control totals etc.
(vi) Scheduling the sequence of data conversion tasks
(vii) Design audit trail reports to document the conversion, including data mappings
and transformations.
(viii) Design exception reports that will record any items that cannot be converted
automatically.
(ix) Development and testing of conversion programs, including functionality and
performance.
(x) Performing one or more conversion rehearsals to familiarize persons with the
sequence of events and their roles and to test conversion process end-to-end with
real data.
(xi) Running the actual conversion with all necessary personnel onsite, or at least
able to be contacted.
(xii) Final testing of the converted data.
Ans.4 (a) SS may gain following potential benefits by making use of latest IT tools and resources:
(b) Following are the key responsibilities that would be handled by an IS/IT Manager:
(i) Development of IT strategy, duly aligned with the overall strategy of the
organization.
(ii) Management of IT risks by implementing appropriate disaster recovery plan.
(iii) Play key role in establishing and supporting IT Steering Committee, facilitate
Board and executive management in understanding and their involvement in
overseeing IT.
(iv) Setting standards for the purchase and use of hardware and software.
(v) Ensuring that knowledge and skills of IT department’s staff remain updated.
(v) Reducing the time and expense of the Information Systems life cycle. Adding
time to the beginning of the process for strategic planning will significantly reduce
the amount of time spent in vendor review, selection and project approval.
Careful planning and prioritising the implementation can reduce the
implementation time.
(b) Following are the limitations of software testing due to which bugs/errors may have
remained undetected in spite of rigorous testing of the software application by AEW’s
team:
Ans.7 (a) ZZC may gain following advantages by establishing a centralized IT department:
(i) Uniform security standards can be enforced, and it gives better security/control
over the data and files.
(ii) Standardization of IT equipment and IT processes in all units.
(iii) Economies of scale would be available in purchasing computer equipment and
supplies.
(iv) IT staff and resources are available at a single location, and more expert staff can
be employed. Career paths for IT staff also become available.
Ans.8 The company needs to plan the following matters in order to ensure customers’ satisfaction:
(i) Effective interaction with its existing and prospective customers. For that it needs to:
develop and post Frequently Asked Questions on its website;
set fast response standards, at least to match anything offered by the competitors;
establish ease of navigation around its website and enhance the site’s stickiness.
(iii) Maintain the satisfaction level of its existing customers. For this it may need to:
ensure that accuracy of product’s specification mentioned on the website;
develop a customer feedback area at the website where customers can give their
feedback on company’s services and products freely; and
plan the way to follow-up adverse customers’ comments/feedback till the
resolution of the matter.
(iv) Customise solutions to meet needs of different segments of customers. For this it may
need to gather customers’ data to identify their buying behavior and future needs
(THE END)
Page 6 of 6