IT GOVERNANCE

Time allowed – 3:30 hours

Total Marks - 100
[N.B. – The figures in the margin indicate full marks. Questions must be answered in English. Examiner will take
account of the quality of language and of the manner in which the answers are presented. Different parts,
if any, of the same question must be answered in one place in order of sequence.]
Marks
1. (a) The policy document is structured as a hierarchical pyramid with a single vision and 10
broad objectives in National ICT Policy, 2009 and also in National ICT Policy, 2015.
Write down what are the vision and 10 broad objectives in the national ICT policy? 5
(b) When was the latest Digital Security Act passed in Bangladesh Parliament? What offenses
does the Act deal with and what are major punishments under its different sections? 5
2. One of your clients Rahman Superstores Limited (RASL) that owns and operates the first
supermarket chain Abir Supermarkets in Bangladesh as subsidiary company to sell cosmetics,
crockeries, stationery, sweetmeat, grocery, fresh fruits and vegetables, fresh fishes, fresh meat &
poultry, dry food, baby food, fast food, drinks, garments, showpiece & fancy items, herbal
products and toiletries. The company is operating 10 Abir superstore retail branches in Dhaka, 1
in Chittagong and 1 in Sylhet and has plan expand its network in other major cities. RASL’s
management is planning to use advanced & intelligent Decision Support System (DSS) like
virtual reality (VR) and artificial intelligence (AI) to create virtual stores having virtual products
where customers can have easy access using their smartphones or computer devices to show their
interest about new products, desired quality, design & display, even preorder it. The effort will go
beyond the usual cardboard displays and sample handouts where retail executives can see how
the new product would actually look on the shelf and fit in with existing assortment and
management hopes these virtual shopping aisles will help it better understand consumer behavior
and make the testing of new products faster, more convenient, and more precise by way of data
mining and data analytics. A group including manufacturers showed keen interest to collaborate
with the project by way of funding and supplying new product demo.
As the above mentioned intelligent DSS project requires significant investment the CEO of
RASL sought your advice regarding various aspects of DSS and AI.
Required:
a) Describe in brief what are four basic types of analytical modeling RASL can do using
the decision support system (DSS)? What are the main benefits of using data analytics
in a DSS? 4+4
b) Should RASL employ a data analyst? What will be the benefits of using data analysts in
their proposed DSS? 3
c) What are the attributes of intelligent behavior that AI is attempting to duplicate in
computer-based systems? Briefly describe the domains of AI with the help of a diagram.
Advise RASL CEO what are the prospective commercial applications of AI? 2+4+3
3. Ethical, social and political issues are related to each other so closely. The social and political
debate rising through the information system are the main confusion you face when you are sitting
in a commanding position. In a society with effective traffic signal vehicles, the individuals are
maintaining a perfect stream of balance of traffic lights to stay out of accidents. The whole thing
maintains a perfect equilibrium, until someone puts a rookie driver in the middle, which causes
all the disturbance, accidents and crashes, that renders traffic signals redundant.
Required:
Name three key technology trends that raise ethical issues as their impact? Briefly elucidate
what is NORA? 3+2
4. “X Sheba Limited” is an IT governance organization. It is using an information system for

Page 1 of 2
 helping rural people. The system is not strong enough to meet all the demands of its clients,
also the system is not secure enough. Therefore, rural people are loosing their interest of
getting help from “X Sheba Limited.”
Required:
(a) What type of framework regarding IT governance can be implemented in X Sheba 5
Limited to get rid of this problem? 5
(b) What are the tips for implementing IT governance using the COBIT 5 framework?
5. In information security authentication mechanisms today, one creates a double layer
gateway prior to unlocking any protected information.
Required:
(a) Explain, One Time Password (OTP) algorithm in authentication. 5
(b) What are the basic security guideline to Prevent Hacking? 5
6. Cyber-crime is becoming one of the fastest growing menace globally. Today, cyber
criminals are doing everything from stealing intellectual property and committing fraud to
unleashing viruses and committing acts of cyberterrorism.
Required:
(a) How does cyber-crime impact business and national security? 5
(b) Being an IS auditor how will you advise your clients to protect themselves against
cyber-crime? 5
7. The E-commerce is the demand of time, customers, business and nations. We spend our
daily time more on the internet for work, study, marketing, business, learning and
entertainment.
Required:
(a) What is E-commerce and why is the E-commerce different today? Elucidate in a
tabular format the eight unique features of E-commerce technology today based on
technology dimension and corresponding business significance. 4+6
(b) Describe the growth of E-commerce in the context of business transformation,
technology foundations and new emerging business models. 5
8. New and emerging technologies will enable companies to derive increased insight and
superior value from data. Data protection and privacy are recognized as fundamental rights.
When considering privacy, the first consideration comes where the data are stored and/or
from where they are derived that may include social media, cloud computing, mobile
devices, big data analytics/machine learning/AI, Internet of Things (IoT), personal devices,
drones, CCTV, or GPS devices. Consequences of data privacy breach may include financial
theft, involvement in malicious ad campaigns, and even stolen identities.
Required:
(a) What is auditing of data privacy? 2
(b) i. What considerations do you include in performing Pre-Audit Planning and 4
ii. determine audit procedures and steps for data gathering? 4
9. “X-group of companies” are spending large amounts of money on computer-based
information systems because it recognizes the tremendous benefits that information
systems can bring to its operations and services. However, they need to ensure that their
information systems are reliable, secure and not vulnerable.
Required:
(a) Define IT Audit and its objectives. 5
(b) How is IT Audit carried out? 5

-The end-

Page 2 of 2