CS507 Subjective from 6 Final papers 2011

Solved by Parishy Aziz 
CS507 : My Paper (Parishy Aziz)
2  marks:   What is off page connector
Answer: If the flowchart becomes complex, it is better to use connector symbols to reduce the number of flow lines. Off-Page Connector is used to connect remote flowchart portion on different pages.
3 marks : What is the data driven support system
Data Driven DSSAs opposed to model driven DSS, these systems use large pools of data found in major organizationalsystems. They help to extract information from the large quantities of data stored. These systems rely onData Warehouses created from Transaction Processing systems.• They use following techniques for data analysis• Online analytical processing, and• Data miningComponents of DSSThere are two major components• DSS data base – is a collection of current and historical data from internal external sources. It can be amassive data warehouse.• Decision Support Software system – is the set of software tools used for data analysis. For instance• Online analytical processing (OLAP) tools• Data mining tools• Models
 
2  marks :What do u know about hackers.
 
Hackers
A hacker is a person who attempts to invade the privacy of the system. In fact he attempts to gain un authorized entry to a computer system by circumventing the system’s access controls. Hackers are normally skilled programmers, and have been known to crack system passwords, with quite an ease. Initially hackers used to aim at simply copying the desired information from the system. But now the trend has been to corrupt the desired information.

3 marks : List down the component of an IDS
Components of IDSAn IDS comprises on the following:• Sensors that are responsible for collecting data. The data can be in the form of networkpackets, log files, system call traces, etc.• Analyzers that receive input from sensors and determines intrusive activity.• An administration console• A user interface.
 
3 marks : Identify the information that is required before conducting the impact analysis
Impact AnalysisThis phase determines the adverse impact resulting from a successful threat exercise ofvulnerability. Following information is required before conducting an impact analysis.1. System mission e.g. the process performed by IT system.2. System and data criticality e.g. the system’s value or importance to an organization3. System and data sensitivityThe information can be obtained from existing organizational documentation 
Impact needs to be measured by defining certain levels. E.g. high medium low as qualitativecategories or quantifying the impact by using probability distribution.• Mission Impact Analysis• Assess criticality assessment• Data criticality• Data sensitivityThe output of this phase is impact rating.
 
3 marks : What do u understand by supply chain management
There are lot of Material regarding this question in the Lesson No 42 of the handouts 
5 marks : Discuss why firewall is the primary method keeping  a  computer can be secure from intruders .
FirewallFirewall is the primary method for keeping a computer secure from intruders. A firewall allows orblocks traffic into and out of a private network or the user's computer. Firewalls are widely used togive users secure access to the Internet as well as to separate a company's public Web server fromits internal network. Firewalls are also used to keep internal network segments secure; for example,the accounting network might be vulnerable to snooping from within the enterprise. In the home,a personal firewall typically comes with or is installed in the user's computer. Personal firewalls mayalso detect outbound traffic to guard against spy ware, which could be sending your surfing habitsto a Web site. They alert you when software makes an outbound request for the first time. In theorganization, a firewall can be a stand-alone machine or software in a server. It can be as simple asa single server or it may comprise a combination of servers each performing some type of firewallprocessing.
 
Why we need to secure information systems
The information systems are vulnerable to modification, intrusion or malfunctioning. Hence they need tobe secured from all these threats be devising a sound security system.“Information assets are secure when the expected losses that will occur from threats eventuating oversometime are at an acceptable level.”28.1 Security IssuesSome losses will inevitably occur in all environments. So eliminating all possible losses is either impossibleor too costly. Level of losses should be specified. The level of losses decided should be linked with a timeperiod in which the occurrence would be tolerated. The definition mentions threats, which can be either• Physical, (e.g. Theft, rain, earthquake, disasters, fire) or• Logical (e.g intrusion, virus, etc)Examples of intrusionThe security might be required to stop unauthorized access to the financial system of a bank from executingfraudulent transactions. The purpose of intrusion may not only be to damage the database of the companybut may be limited to stealing customer list for personal use transferring money illegally. An employeebefore leaving the company may have to be stopped from data manipulation, though he is havingauthorized access to the system.
 
5 marks : Discuss the detail of the 4 categories’ of ethical issue
Privacy and EthicsWhenever one has to talk of privacy, ethics is the second half of it. It won’t be wrong to say thatprivacy may not have been an issue had it not been linked with the ethical view a society has.There are certain aspects which when put together formulate a set of ethical issues. These are1. Privacy issues2. Accuracy issues3. Property issues4. Accessibility issues
Privacy issuesFollowing aspects should be covered when privacy is dealt with.• What kind of surveillance should be used by an employer on an employee?• What things can keep to themselves and not be forced to reveal to others?• What information about individuals should be kept in database and how secure is theinformation there – Issues of Data Protection• What can be revealed to others about oneself if one is required to do so?Accuracy IssuesFollowing are some of the accuracy issues.• How can we ensure that information will be processed and presented properly?• Who is responsible for checking the correctness of information collected?• Is there any track of errors, omissions made in the database and who has made them atwhat time.• Who is to be held accountable for the changes made in data base, whether authorized orunauthorized, intentional or unintentional.Property IssuesFollowing are some of the property issues.• There has to be defined owner of the information• Issues of software piracy
• Use of corporate computers for private use• Who should access which component of information database.Accessibility IssuesThese mostly comprise of two aspects.• Extent of access to be given to various employees in the organization.• The definition of privileges of each person.
5 marks : Write a complete note on the Focal Point.
What is focal Point?A corporate-level facilitator may serve as a focal point for assessments throughout the company,including those pertaining to information security because of familiarity with the tools and thereporting requirements. Each business unit in an organization may have a designated individualresponsible for the business unit's risk assessment activities. The computer hardware andsoftware company, may also create a team for the purpose of improving the overall riskassessment process and reviewing results of risk assessments in the hardware and softwaresystems from the perspective of offering a better, reliable and risk free product.
 
2  marks:   What is entity relationship management
2  marks:   Identify aspects which re necessary to be covered when property issues for privacy is dealt with.
Property IssuesFollowing are some of the property issues
.• There has to be defined owner of the information• Issues of software piracy
• Use of corporate computers for private use
• Who should access which component of information database.
 
 
2  marks:   Give a brief definition of ERP
“ERP (enterprise resource planning) is an industry term for the broad set of activities supportedby multi-module application software that helps a manufacturer or other business manage theimportant parts of its business, including product planning, parts purchasing, maintaininginventories, interacting with suppliers, providing customer service, and tracking orders.”
 
2  marks:   Define centralized processing
Centralized Processing is performed in one computer or in a cluster of coupled computers in a singlelocation. Centralized processing was the architecture that evolved from the very first computers; however,user access was via dumb terminals that performed none of the primary processing. Today, centralizedcomputers are still widely used, but the terminals are mostly full-featured desktop computers.
 
2  marks:   Identify the role of senior management and BODs in risk management Process
The Senior management and the board of Directors are responsible for identifying, assessing, prioritizing,managing and controlling risks. They should ensure that necessary resources are devoted to creating,maintaining and testing the BCP. The effectiveness of the BCP depends on management commitments andability to clearly identify what makes business processes work. BCP is not limited to the restoration of theIS technology and services or data maintained in electronic form. Without a BCP that considers every singlebusiness unit including personnel workspace and similar issues.
 
3  marks:   What should be the most important information required for large  organization in your opinion .
Information Requirements of Large OrganizationsWith such a large structure, it is inevitable that the detailed planning should be made for propermanagement control, for both short term and long term.Performance measurement against plans / targetsNature of the Business and Information Requirements• Manufacturing Sector• Service Sector• Trading Sector1. Manufacturing SectorManufacturing process involves more than one sub-processes, detailed information is required beforetransferring materials for warehousing, manufacturing and sale to final consumer.Information Requirements of Manufacturing SectorManagement is concerned with the day to day costs, production targets, quality of the product, deliveryschedules, etc.2. Service SectorFinal product is intangible, so information is critical at various steps, e.g. preparation, delivery and customer 
satisfaction. Quality maintenance is an issue which requires structured reporting.Information requirements of Service Sector• Quality of service provided.• Mode of delivery• Customer Satisfaction• Time Scheduling• Resource ManagementTrading SectorMonitoring requires information for each product, e.g.• Customer profiles• Customer Comments• Volume of sales• Profitability• Stock movements Manufacturing/Procurement Cycle• Market needs
 
Today my Current CS507 paper (unknown student)

( M a r k s: 2 )What is an entity?
EntityAn entity is an object that exists and is distinguishable from other objects. An entity is described using a setof attributes. For example specific person, company, event, plant, crop, department, section, cost center.

( M a r k s: 2 ) Why we need to secure information systems?
Importance of SecuritySound security is fundamental to achieving this assurance. Furthermore, there is a need for organizations toprotect themselves against the risks inherent with the use of information systems while simultaneouslyrecognizing the benefits that can accrue from having secure information systems. Thus, as dependence oninformation systems increases, security is universally recognized as a pervasive, critically needed, quality.
Management’s responsibilityExecutive management has a responsibility to ensure that the organization provides all users with a secureinformation systems environment. Importance for security should be sponsored by the senior management.This would make employees/users of IS, feel the importance of secure environment in which the IS worksand operates un-tampered.
 

( M a r k s: 2 ) Identify types of change management.
Change managementChange management means to plan, initiate, realize, control, and finally stabilize changeprocesses on both, corporate and personal level. Implementation of ERP or any otherintegration software needs commitment and proper management. Managing change inimplementation projects has become a serious concern for the management.Types of Change• Organizational Development: This is the more gradual and evolutionary approach tochange. It bases on the assumption that it is possible to align corporate objectives with theindividual employees’ objectives. In practice, however, this will rarely be possible.• Reengineering: This is known as corporate transformation or business transformation. Itis the more radical form of change management, since it challenges all elements ofprocesses or structures that have evolved over time.

( M a r k s: 2 ) What is CRM?
CRM is a business strategy that goes beyond increasing transaction volume.• Its objectives are to increase profitability, revenue, and customer satisfaction.• To achieve CRM, a company wide set of tools, technologies, and procedures promote the relationshipwith the customer to increase sales.• Thus, CRM is primarily a strategic business and process issue rather than a technical issue.
OR
Customer relationship management (CRM) is a widely-implemented strategy for managing a company’s interactions with customers, clients and sales prospects. It involves using technology to organize, automate, and synchronize business processes—principally sales activities, but also those for marketingcustomer service, and technical support. The overall goals are to find, attract, and win new clients, nurture and retain those the company already has, entice former clients back into the fold, and reduce the costs of marketing and client service.[1] Customer relationship management describes a company-wide business strategy including customer-interface departments as well as other departments.[2]
 

( M a r k s: 2 )Briefly discuss Risk Determination ?
Risk Determination/Exposure AnalysisThis phase relates to analyzing how much the information assets are exposed to various threats identifiedand thus quantifying the loss caused to the asset through this threat. This phase relates to analysis of bothphysical and logical threats and comprises of four steps. Four steps are usually followed while analyzing the exposure.

( M a r k s: 3 ) What are hackers?
 
Hackers
A hacker is a person who attempts to invade the privacy of the system. In fact he attempts to gain un authorized entry to a computer system by circumventing the system’s access controls. Hackers are normally skilled programmers, and have been known to crack system passwords, with quite an ease. Initially hackers used to aim at simply copying the desired information from the system. But now the trend has been to corrupt the desired information

( M a r k s: 3 )Discuss Technical Limitations of Ecommerce in business?
 From Web
When the goods or services are sold or purchased over the Internet then this way of commerce is known as E-commerce. In this process consumers use the Internet to purchase goods and services online; added to this in e-commerce businesses sell and communicate with other businesses through the Internet.
There is no doubt behind the fact that E-commerce has given many companies the right to cheer but there are a few limitations of E-commerce too.
The companies or the businesses who are selling the products are not able to communicate with the customer face to face. Due to this they are not able to get the feedback about the products so that they may improvise on the products. Although online chat programs have solved this issue to some extent but it needs to be implemented on a large scale.
Another limitation with E-commerce is that you are not able to touch and check the quality of a product before buying it.
Credit Card security is a serious issue. People who are carrying out a transaction over the Internet are worried about the credit card security.
The next one is a technological limitation that the cost involved with bandwidth and server is too high.
Customers are still worried and fear about their online Credit Card orders.
Extensive database and technical knowledge and experience required.
Another limitation, in my view is that people are becoming more and more isolated without having a contact with other people. Due to this people are facing difficulty interacting with people.

(M a r k s: 3 ) Identify roles and responsibilities 
Controlled processing• The processing in a TPS must support an organization's operations. For example if an organisationallocates roles and responsibilities to particular employees, then the TPS should enforce and maintainthis requirement.

( M a r k s: 3 ) Differentiate CRM from ERP
 From Web 
CRM and ERP have a collaborative relationship. Imagine that CRM is the point of a large V that faces outward to your customer base, where it is used to track and predict sales. To back up that effort, information coordination with the sales department’s sister organizations — finance, manufacturing, product development andmarketing — smooth the way. But how do these teams communicate with each other effectively? That’s where ERP comes in. ERP is an internal system that coordinates information between various departments and ensures the lifeblood flows through your enterprise to help profitability.
What does it take to coordinate your CRM and ERP efforts? Consider these factors:

Getting Buy-In: All departments need to communicate what they contribute and what can be gained from collaboration to generate buy-in. Ideally, an overseer or project planner not associated with a particular function can bring all the stakeholders together.


Ownership: All players should consider their area as an element of the whole enterprise and work in concert with each other. Concealing proprietary information about customers or other aspects of doing business is detrimental.
Security: After departments agree that they should share information, protection must be offered for confidential employee, customer and industry data. A system to grant access to information is needed.
Common Data Formatting: Data already exists in each department that is useful to the organization. Back-end data from all departments, for example, is valuable to the on-the-firing-line sales team. But sometimes, the processes of sharing information are flawed. Make sure data isn't unnecessarily duplicated. Review information to ensure that it is not contradictory or out-of-date. The data format should also be the same for each department to avoid confusion.

Scalability: Any ERP system should accommodate enterprise growth and cross-company communication with business partners.


Cost: The initial cost of ERP can be high if communication between departments is seriously lagging. Implementing your solution might be done effectively in stages, perhaps growing outward from an existing CRM system. Ultimately, the improvement in focus on the customer should pay off.

(M a r k s: 3)Briefly describe Incremental Model?
Incremental ModelsIn incremental models, software is built not written. Software is constructed step by step in the same way abuilding is constructed. The products is designed, implemented, integrated and tested as a series ofincremental builds, where a build consists of code pieces from various modules interacting together toprovide a specific functional capability and testable as a whole.

( M a r k s: 3) What do u know about Key stroke Monitoring?
A record of every keystroke---- often called keystroke monitoring. Keystroke monitoring isthe process used to view or record both the keystrokes entered by a computer user and thecomputer's response during an interactive session. Keystroke monitoring is usually considered aspecial case of audit trails.

( M a r k s: 5 ) Identify tangible or intangible in splay Chan management?
( M a r k s: 5 ) What are the sources of critical success factor?
Sources of Critical Success FactorsCritical Success Factors have to be analyzed and established. CSF’s may be developed from various sources.Generally four major sources of identifying CSF’s are• Industry CSFs resulting from specific industry characteristics;• CSF’s resulting from the chosen competitive strategy of the business e.g. quick and timely deliverymay be critical to courier service business• Environmental CSFs resulting from economic or technological changes; and• Temporal CSFs resulting from internal organizational needs and changes.
 
Subjective Part of Final Term paper Share by one student
Total Qs 45
Total MCQs 30
6 Qs having 2 ,2 marks
6 Qs having 3 ,3 marks
3 Qs of 5 marks

MCQs mostly related from symbols and some related from past chapters ( 1- 23)
Q1 . 2 Figures thein un k bary mein likhna tha.
Q2 1 Q related from supply chain management
Q3 Stand alone 
Stand Alone ProcessingStand-alone, self-contained computer is usually a microcomputer that is not connected to a network ofcomputers and can be used in isolation from any other device. The processing activities undertaken onsuch a computer are usually termed as stand-alone processing.Stand alone environment may exist in some organization, but is not the generally followed practice intoday's business environment. Therefore we will not be discussing this environment.
USB port enabled devices should not be used until it has been scanned on a stand-alonemachine that is used for no other purpose and is not connected to the network.
These are primarily stand alone systems isolated from major organizational information systems (finance,manufacturing, HR, etc). They are developed by end users and are not reliant on central informationsystems control. These systems combine• Use of a strong model, and• Good user interface to maximise model utilityThey are not usually data intensive, hat is very large data bases are usually not need for model-driven DSS.They use data and parameters usually provided by decision makers to aid in analyzing a situation.
Q4 . An event oriented log
(1) An event-oriented log ---- this usually contain records describing system events, applicationevents, or user events. An audit trail should include sufficient information to establish what eventsoccurred and who (or what) caused them.

Q5. Types of threats
Types of Threats• Physical threat – This refers to the damage caused to the physical infrastructure of the informationsystems, e.g.• Fire• Water• Energy Variations• Structural damage• Pollution• Intrusion• Logical – This refers to damage caused to the software and data without physical presence.• Viruses and worms• Logical intrusion

Q6. How to secure our computer from virus?
Risk Determination/Exposure AnalysisThis phase relates to analyzing how much the information assets are exposed to various threats identifiedand thus quantifying the loss caused to the asset through this threat. This phase relates to analysis of bothphysical and logical threats and comprises of four steps. Four steps are usually followed while analyzing the 
exposure.• Figure out whether there are any physical or logical controls in place• Employees are interviewed• Walk trough’s are conducted• How reliable are these controls• Check whether the firewall stops a virus from entering the organization’s system• Check whether the antivirus installed stops the virus from execution• We cannot start an earthquake to see if the building can absorb shocks or not• What is the probability that occurrence of threat can be successful against these controls• Compare assets identified with threats identified to see if controls exists• Estimate the probability of occurrence based on past experience and futureapprehensions/expectations• How much loss can occur due to the threat being successful• scenarios are written to see how an identified potential threat can compromise control
 
 Q7. Write down the steps or order of EC fulfillment esa kch tha
  1. Subjective Part of Final Term paper Share by one student 
  2. 1) types of threats 5 marks
    2)describe control analysis marks 5
This phase includes assessment of controls already been implemented or planned, probability thatthey can be broken, assessment of potential loss despite such controls existing. Controls are alsoclassified as non-technical controls also called management controls and technical controls –software, hardware controls. The output of this step is current or planned controls used for the ITsystem to measure the likelihood of vulnerability being exercised and reduce the impact of loss.

  1. 3) how to secure the system through virus marks 5
    4)describe E-supply 3 marks
    5)list any general 6 impacts 3 marks
    6) define CRM 3 marks
    7)how to secure threats from internet 3marks
    8)describe security audit 3marks
    9)componenets of IDS and its limitations 3 marks
Components of an IDSAn IDS comprise of following components:• Sensors that are responsible for collecting data. The data can be in the form of networkpackets, log files, system call, traces, etc.• Analyzers that receive input from sensors and determine intrusive activity• An administrative console – it contains intrusion definitions applied by the analyzers.• A user interface
Limitations of IDSAn IDS can not help with the following weaknesses :• Incorrectness or scope limitation in the manner threats are defined• Application-level vulnerabilities• Backdoors into application• Weakness in identification and authentication schemes
 

  1. 10) define IDS 2 marks
Intrusion Detection Systems (IDS)Another element to securing networks is an intrusion detection system (IDS). IDS is used incomplement to firewalls. An IDS works in conjunction with routers and firewalls by monitoringnetwork usage anomalies. It protects a company’s information systems resources from external aswell as internal misuse.

  1. 11) describe trojans virus 2 marks
A Trojan horse is a malicious program that is disguised as or embedded within legitimate software.They may look useful or interesting (or at the very least harmless) to an unsuspecting user, but areactually harmful when executed. Examples are• Logic bomb – Trojan horses are triggered on certain event, e.g. when disc clean up reaches acertain level of percentage• Time bomb – Trojan horse is triggered on a certain date.
  1.  
Subjective Part of Final Term paper Share by one student

Total Qs were 45 out of them 10 were subjective.

short Qs which i have in my memory were

Define data and information------ 2 marks
attributes of ERP, eaplain______ 5 marks
what are the change agents, explain their role in change------- 3 marks
what factors are helpful for the successful implementation of
cahnge.-------------- 3marks
property issues regarding privacy------------ 3 marks
what is ethics and code of ethics---------------------3 marks
what are physical threats-------------- 3 marks
the role of audit in MIS----------------- 3 marks
input of risk determination--------------------- 2 marks
risk variance ---------- 2 marks
 
  1. Today’s subjective paper by Fatima
  2. 1) How the scanners are used as the technical control against the spread of viruses?
 
 
  1. 2) What is logical intrusion?
  1. 3) Identify the rule that DFD as an analytical tool follows the rule in achieving the level of standarzate?
  1. 4) What do you mean by Masquerading?
  1. 5) List any two tolls used to implement TQM?
  1. 6) Identify any two methods of IS integration?
 
  1. 7) What is E-Supply chain?
  1. 8) What is off-page connecter?
  1. 9) Discuss various steps in threat
Steps in threat identificationFollowing steps are followed in this phase1. Threat source identification – sources vary from being human to natural threats2. Motivation and threat actions – Reasons why someone should instigate a threat and whatactions he can take in such instigation are discovered.
Information is used as an input to determine and identify what kind of threats the system isexposed to history of system attack, data from intelligence agencies. The out put of this phase is athreat statement identifying and defining threats.
 

  1. 10) How can we make our password secure?
Passwords“Password is the secret character string that is required to log onto a computer system, thuspreventing unauthorized persons from obtaining access to the computer. Computer users maypassword-protect their files in some systems.”Misuse of passwordsA very simple form of hacking occurs when the password of the terminal under the use of aparticular employee is exposed or become commonly known. In such a situation access to theentire information system can be made through that terminal by using the password. The extent ofaccess available to an intruder in this case depends on the privilege rights available to the user.33.5 Best Password practices• Keep the password secret – do not reveal it to anyone• Do not write it down – if it is complex, people prefer to save it in their cell phone memory, orwrite on a piece of paper, both of these are not preferred practices.
• Changing password regularly – Passwords should be associated with users not machines.Password generation program can also be used for this purpose.• Be discreet – it is easy for the onlookers to see which keys are being used, care should be takenwhile entering the password.• Do not use obvious password – best approach is to use a combination of letters, numbers,upper case and lower case. Change passes word immediately if you suspect that anyone elseknows it
 

  1. 11) Identify components of Intrusion detection system?
Components of an IDSAn IDS comprise of following components:• Sensors that are responsible for collecting data. The data can be in the form of networkpackets, log files, system call, traces, etc.• Analyzers that receive input from sensors and determine intrusive activity• An administrative console – it contains intrusion definitions applied by the analyzers.• A user interface

Leave a Reply

Related Posts Plugin for WordPress, Blogger...