CS507 INFORMATION SYSTEM final term current paper 2012

Question No: 1 (Marks: 2)
Define the following:
a) Ethics
Ethics are moral choice made by individual in relation to the rest of the community, rules
of governing members and standards of acceptable behavior.
b) Code of ethics
Code of ethics is collection of rules as guide for the members of the organization.
Question No: 2 ( Marks: 2 )
What are the basic components of DSS?
There are two major components
DSS database
DDS is a collection of current and historical data from internal external sources. It can bea massive data warehouse.
Decision Support Software system
Decision support software system is the set of software tools used for data analysis.
Question No: 3 ( Marks: 3 )
What are the challenges to organizations for launching Ecommerce? Identify any three.
Security is the biggest challenge to for launching Ecommerce There is a consensus that the issue of computer and data security is the biggest hurdle in the growth of ecommerce. Web servers also face this security threat. Some other problems with launching e-commerce business is lack of trust of customers, culture and languages problems. Lengthy procedure of payment and receipt of products or services.
Question No: 4 ( Marks: 2 )
Define threat and identify its types.
A threat is some action or event that can lead to a loss.”
Types of Threats
There are 2 types of threats.
1-Physical threat
2-Logical Threat
Question No: 5 ( Marks: 2 )
How threats are identified?
Threats can be identified on the basis of nature of Threat which can either be accidental natural occurrences/force major, or deliberate-intentional act of harm or on the basis of sources of threat which can either be internal-threat caused within the organization or external-threat from some one outside the organization.
Question No: 6( Marks: 3 )
Define Active attacks?
Active Attacks
Once enough network information has been gathered, the intruder will launch an actual attack against a targeted system to either gain complete control over that system or enough control to cause certain threats to be realized. This may include obtaining unauthorized access to modify data or programs, causing a denial of service, escalating privileges, accessing other systems. They affect the integrity, availability and authentication attributes of network security.
Question No: 7 ( Marks: 3 )
Designing file or database is a major component of system designing. Identify its basic purposes.
Designing file or database has the following purposes.
1. Data convenience is ensured to the user as and when it is required.
2. Data updates in master file will mechanically keep posted the data in the whole system.
3. Data is professionally processed & stored.
4. Data reliability that is Correctness of data is ensured.
Question No: 8 (Marks: 3)
What is the responsibility of the management of the organization to ensure the security of information systems?
Executive or senior management take the responsibility to provide safe and secure information system environment to their employees and user of information system. Due to it employees will feel no harm or fear and can easily do the work with secure information system of an organization.
Question No: 9 (Marks: 3)
Discuss various steps in threat identification? Give any example of threat sources and threat actions.
Following are steps in threat identification.
• Threat source identification
• Motivation and threat actions
For example a hacker can hack a system and can delete or get any personal data or information.
Question No 10 ( Marks: 5 )
Can you classify E-Commerce into different classes? Identify any five.
E-Commerce classify into following classes:
1. E-Commerce models can be classified as
2. Business to Business (B2B),
3. Business to Consumer (B2C)
4. Consumer to Consumer (C2C)
5. Business to Employee (B2E),
6. E-Government
Question No: 11 (Marks: 5)
How Audit trails are technical mechanism that helps managers to maintain individual accountability?
In Audit trails are technical mechanism Users are recognized by the record being retain. Users are informed of what the password allows them to do and why it should be kept secure and confidential. Audit trails also help to give alternative from normal behavior
which can guide to illegal usage of resources.
Audit trails can be used together with access controls to identify and provide information
about users alleged of inappropriate modification of data.
Question No:12 ( Marks: 2 )
What are the physical threats to the information systems?
This refers to the damage caused to the physical infrastructure of the information
systems. Examples are natural disasters (Fire, earth quake, flood), pollution, energy
variations and physical Intrusion.
Question No: 13 (Marks: 2)
What is cryptography?
In literal terms, cryptography means science of coded writing. It is a security safeguard to
render information unintelligible if unauthorized individuals intercept the transmission.
When the information is to be used, it can be decoded. “The conversion of data into a
secret code for the secure transmission over a public network is called cryptography.”
Question No:14 ( Marks: 3 )
Information system security association of USA has listed many ethical challenges,
identify any three of them?
1. Misrepresentation of certifications, skills
2. Abuse of privileges
3. Inappropriate monitoring
Question No:15 ( Marks: 5 )
What do you think what are the key benefits of Ecommerce to organizations?
Advantages of E-Commerce to the Online Business
•E-Commerce helps to Increase the sales revenue to the business
• Business people can spend less money and earn high profits with e-commerce
• Easily we can track the segment of customers who are happy with purchasing goods
through online
• Instantaneous global sales presence in quick time
• We can operate the business in 24 *7 basis
• Easily we can increase our business customers
• We set up shop anywhere in the world, self-governing of geographical locations
• Inexpensive way to turn your Web site into a revenue center
• Reduce Customer Support costs via e-mail marketing & customary newsletters
• We can create customized mailing list
• Easily we can drive free traffic to the website
• We can easily promote our business website by using various promotional activities
such as
Search Engine Optimization, Pay Per Click Management, Email Marketing
Question No:16 ( Marks: 5 )
What do you understand by Disaster Recovery Planning?
A disaster recovery plan is a comprehensive statement of consistent actions to be taken
before, during and after a disaster. The plan should be documented and tested to ensure
the continuity of operations and availability of critical resources in the event of a disaster.
This typically details the process IT personnel will use to restore the computer systems.
Disaster recovery plans may be included in the business continuity plan or as a separate
document all together. Business continuity plan may not be comprehensively available in
a non-critical environment but Disaster Recovery Plan should be there at least to manage
and help organization to recover from disasters. A subcomponent of business continuity
plan is the IT disaster recovery plan. IS processing is one operation of many that
keep the organization not only alive but also successful, which makes it of strategic
Question No:17 ( Marks: 2 )
Why we need to secure information systems?
Sound security is fundamental to achieving this assurance. Furthermore, there is a need
for organizations to protect themselves against the risks inherent with the use of
information systems while simultaneously recognizing the benefits that can accrue from
having secure information systems. Thus, as dependence on information systems
increases, security is universally recognized as a pervasive
Question No:18 ( Marks: 3 )
What is access control? Give example
Access Controls
These controls establish the interface between the would-be user of the computer system
and the computer itself. These controls monitor the initial handshaking procedure of the
user with the operating system.
For example
When a customer enters the card and the pin code in an automatic teller machine (ATM),
the access controls are exercised by the system to block unwanted or illegitimate access.
Question No:19 ( Marks: 3 )
Risk mitigation is a process that takes place after the process of risk assessment has
been completed. Discuss briefly various risk mitigation options?
Risk assumption:
To accept the potential risk and continue operating the IT system or to
implement controls to lower the risk to an acceptable level.
Risk Avoidance:
To avoid the risk by eliminating the risk cause and e.g. forgo certain functions of the
system or shut down the system when risks are identified.
Risk Limitation:
To limit the risk by implementing controls that minimize the adverse impact
of a threat’s exercising a vulnerability e.g. use of supporting preventive and detective
Risk Planning:
To manage risk by developing a risk mitigation plant that predicts implements
and maintains controls.
Research and acknowledgement:
To lower the risk of loss by acknowledging vulnerability or flaw and researching
controls to correct the vulnerability.
Risk Transference:
To transfer the risk by using other options to compensate loss such as purchasing
Question No:20 ( Marks: 3 )
What is off-page connector?
If the flowchart becomes complex, it is better to use connector symbols to reduce the
number of flow lines. Off-Page Connector is used to connect remote flowchart portion on
different pages.

Question No:21 ( Marks: 3 )
What is access control? Give example
These controls establish the interface between the would-be user of the computer system
and the computer itself. These controls monitor the initial handshaking procedure of the
user with the operating system.
For example when a customer enters the card and the pin code in an automatic teller
machine (ATM), the access controls are exercised by the system to block unwanted or
illegitimate access.
Question No:22 ( Marks: 5 )
How the scanners are used as the technical control against the spread of viruses?
They scan the operating system and application software for any virus based on the
viruses definitions they contain. Every virus has a different bit pattern. These unique bit
patterns act as an identity for the virus and are called signatures. These signatures are
available in virus definitions. Every scanner contains in it certain virus definitions which
in fact are signatures (bit patterns) for various kinds of virus.
The scanner checks or scans the operating system and other application software installed
on the hard drives. While scanning, it checks the bit patterns in all software against the bit
patterns contained in the virus definitions of the scanner. If they found similar, they are
labeled as virus.
Question No: 23 (Marks: 5)
Can you classify E-Commerce into different classes? Identify any five.
Classify E-Commerce into different classes which are:
• E-Commerce models can be classified as
• Business to Business (B2B)
• Business to Consumer (B2C)
• Consumer to Consumer (C2C)
• Business to Employee (B2E)
• E-Government
Question No 24 marks 2
What is off page connector?
Off page connector
If the flowchart becomes complex, it is better to use connector symbols to reduce the
number of flow lines. Off-Page Connector is used to connect remote flowchart portion on
different pages.

Question No:25 ( Marks: 3 )
Define Reengineering?
This is known as company transformation or business transformation. It
is the more essential form of change management, since it works for all the elements of
Processes or structures that have evolved over time.
Question No 26 marks 3
What is the data driven support system?
Data Driven System
Data Driven System DSS As opposed to model driven DSS, these systems use large
pools of data found in major organizational systems. They help to extract information
from the large quantities of data stored. These systems rely on Data Warehouses created
from Transaction Processing systems.• They use following techniques for data analysis•
Online analytical processing, and• Data mining Components of DSS There are two major
components• DSS data base – is a collection of current and historical data from internal
external sources. It can be a massive data warehouse.• Decision Support Software system
– is the set of software tools used for data analysis. For instance• Online analytical
processing (OLAP) tools• Data mining tools• Models
Question No 27(marks 2)
What does u know about hackers?
A hacker is a person who attempts to invade the privacy of the system. In fact he attempts
to gain UN authorized entry to a computer system by circumventing the system’s access
controls. Hackers are normally skilled programmers, and have been known to crack
system passwords, with quite an ease. Initially hackers used to aim at simply copying the
desired information from the system. But now the trend has been to corrupt the desired
Question No 28(marks 3)
List down the component of an ID
Components of IDS An IDS comprises on the following:
• Sensors those are responsible for collecting data. The data can be in the form of network
packets, log files, system call traces, etc.
• Analyzers that receive input from sensors and determines intrusive activity
• An administration console
• A user interface.
Question No 29 (marks 3):
Identify the information that is required before conducting the impact analysis
Impact Analysis this phase determines the adverse impact resulting from a successful
threat exercise of vulnerability. Following information is required before conducting an
impact analysis.1. System mission e.g. the process performed by IT system.2. System
and data criticality e.g. the system’s value or importance to an organization3. System and
data sensitivity the information can be obtained from existing organizational
Impact needs to be measured by defining certain levels. E.g. high medium low as
qualitative categories or quantifying the impact by using probability distribution.•
Mission Impact Analysis• Assess criticality assessment• Data criticality• Data sensitivity
The output of this phase is impact rating.
Question No 30 (Marks: 2)
What is CRM?
CRM is a business strategy that goes beyond increasing transaction volume.• Its
objectives are to increase profitability, revenue, and customer satisfaction.• To achieve
CRM, a company wide set of tools, technologies, and procedures promote the
relationship with the customer to increase sales.• Thus, CRM is primarily a strategic
business and process issue rather than a technical issue
Question No: 31 (Marks: 5)
Briefly discuss Risk Determination?
Risk Determination:
Risk determination means that phase of analyzing how much the information assets are
Uncovered to various threats known and thus count the loss cause to the asset through
this threat. This phase relates to analysis of both physical and logical threats and
comprises of four steps.
Four steps are usually followed while analyzing the exposure.
The main reason of this step is to assess the level of risk to the IT system. The
determination of exacting threat can be spoken as a meaning of
1 The likelihood of a given threat-source’s attempting to exercise a given weakness.
2. The magnitude of the impact should a threat source successfully exercise a
3. The competence of planned or existing security controls for reducing or minimizing
Question No 32 (marks 5)
Identify the objective and scope of security?
The concept of security applies to all information. Security relates to the protection of
valuable assets against loss, disclosure, or damage. Valuable assets are the data or
information recorded, processed, stored, shared, transmitted, or retrieved from an
electronic medium. The data or information must be protected against harm from threats
that will lead to its loss, inaccessibility, alteration or wrongful disclosure.
Question No: 33 (Marks: 5)
Discuss Technical Limitations of Ecommerce in comparison with Non-Technical
Limitations in organizations?
Technical Limitations of Ecommerce in comparison with Non-Technical limitation in
Organization are that more cost to use for software and technology, reliability for certain
Processes. In sufficient communications the reason is that people don’t know about it.
Software tools are not fixed and used in regular manner. People has No enough access of
internet and they have difficulty to adopt e-commerce infrastructure instead of
organizational systems
Question No: 34( Marks: 2 )
Why is a “risk matrix” necessary?
A problem when you have a number of possible risks is to decide which ones are worthy
of further attention. The Risk Matrix is a simple tool to help prioritize risks.
Question No: 35 ( Marks: 2 )
What do you understand by OLAP?
Online Analytical Processing Decision support software that allows the user to quickly
analyze information that has been summarized into multidimensional views and
hierarchies. The term online refers to the interactive querying facility provided to the user
to minimize response time
Question No: 36 ( Marks: 2 )
Define Firewall.
Firewall is the primary method for keeping a computer secure from intruders. A firewall
allows or blocks traffic into and out of a private network or the user’s computer.
Question No:37 ( Marks: 3 )
In accounting and finance terms, audit is a process which includes an examination
of records or financial accounts to check their accuracy, an adjustment or
correction of accounts an examined and verified account. Discuss the concept of
Audit in IS?
An information technology (IT) audit or information systems (IS) audit is an examination
of the controls within an entity’s Information technology infrastructure. IS audit focuses
more on examining the integrity of controls and ensuring whether they are properly
working. Obtained evidence evaluation can ensure whether the organization’s information
systems safeguard assets, maintains data integrity, and is operating effectively and
efficiently to achieve the organization’s goals or objectives.
Question No: 38 (Marks: 5)
Differentiate object from class.
An object is an instance of some class. All objects are instances of some class. Instance
also carries connotations of the class to which the object belongs. For example,
computers are the domain/Class which can be divided into following sub-classes:
1. Laptop computer
2. Desktop computer
3. Palmtop
Question No:39 (Marks 2)
Define Risk Mitigation.
Risk Mitigation
Risk mitigation is a process that takes place after the process of risk assessment has been
completed. Systematic reduction in the extent of exposure to a risk and/or the likelihood
of its occurrence. Also called risk reduction.
Question No:40 (Marks: 2)
Identify what information is needed before conducting an Impact analysis?
Before beginning the impact analysis, it is necessary to obtain the following necessary
1. System mission
2. System and data criticality
3. System and data sensitivity
Question No:40 (Marks 2)
What are the value sets?
Each attribute has a Value Set (domain) i.e. defined parameters or the range in which
value of the attribute may fall.
Question No:41 ( Marks: 2 )
What do you understand by Intrusion Detection Systems?
An element to securing networks is an intrusion detection system (IDS). IDS are used in
complement to firewalls. An IDS works in conjunction with routers and firewalls by
monitoring network usage anomalies. It protects a company’s information systems
resources from external as well as internal misuse.
Question No:42 ( Marks: 3 )
What is the purpose of decision symbol in the flow chart?
The purpose of decisional symbol in flow chart are:
• The symbol is used when a choice can be made between the options available.
• Such options are mutually exclusive.
• Only one flow line should enter a decision symbol, but two or three flow lines,
one for each possible answer, should leave the decision symbol.
Question No: 43 (Marks: 2)
List down the inputs to Risk Determination phase ?
Likelihood of threat exploitation
Magnitude of impact
Adequacy of planned and current controls
Question No: 44 (Marks: 2)
What is Stand Alone Processing?
Self contained is a micro computer that is not connected to a network. Processing on this
Computer is called stand alone processing.
Question No 45 (Marks: 3)
How can we make our password secure?
Make our password secure
1: Keep secret
2: Don’t write anywhere
3: Always use the password with combination of letters, numbers, upper and lower cases
4: change password regular basis
Question No:46 ( Marks: 3 )
What are some of the things you should keep in mind when
Identifying risks?
The network attackers are getting smarter every day. Organizations and people want their
data to be protected. Businesses must operate within a similar risk management culture.
A comprehensive risk based approach starting from identifying risks may be a better
Question No: 47 (Marks: 3)
What is Data Driven Decision Support System?
Data driven DSS use large pool of data in major organizational systems. They help to
extract information from large quantities of data stored. These systems rely on Data
Warehouses created from Transaction Processing systems.
They use following techniques for data analysis
• Online analytical processing, and
• Data mining
Question No: 48 ( Marks: 3 )
Define Re-engineering?
Re engineering is the fundamental rethinking and redesigning of business process to
achieve dramatic improvement in critical, contemporary measures of performance, such
as cost, quality, service and speed.
Question No: 49 ( Marks: 3 )
How virus and worms can be transmitted into computers? Identify any three
Virus or worms are transmitted easily from the internet by downloading files to
computers web browsers. Other methods of infection occur from files received though
online services, computer bulletin board systems, local area networks. Viruses can be
placed in various programs, for instance
1. Free Software – software downloaded from the net
2. Pirated software – cheaper than original versions
3. Games software – wide appeal and high chances
4. Email attachments – quick to spread
5. Portable hard and flash drives – employees take disks home and may work on their
own personal PC, which have not been cleaned or have suitable anti-viruses installed on
Question No: 50 ( Marks: 3 )
Identify components of Intrusion detection system ?
Sensors that are responsible for collecting data. The data can be in the form of network
packets, log files, system call, traces, etc.
Analyzers that receive input from sensors and determine intrusive activity
An administrative console – it contains intrusion definitions applied by the analyzers.
A user interface
Question No:51 ( Marks: 3 )
How the information is kept in the purchase system?
A simple example can be given of a purchase and sales system. In a typical purchase
system information related to purchase of materials is kept, for instance,
1. Orders for the purchase of various materials
2. Status of deliveries received against specific orders
3. Changes in the order quantity, time, day or other information
4. Quality inspection reports and whether they need to be communicated to the
5. Updated status report of stock
6. Issues made out of the stock
Question No: 52 ( Marks: 2)
What is information Quality Checklist?
The information can also be ranked in accordance with the qualities it has in it. The
Experts have devised certain criteria to evaluate the quality of information. Those some
points which are used to evaluate the quality are known as quality checks.
Question No:53 ( Marks: 2 )
What are Active monitors? Define.
Active monitors
This software serves the concurrent monitoring as the system is being used. They act as a
guard against viruses while the operating system is performing various functions e.g
connected to internet, transferring data
Question No: 53(Marks: 3)
Briefly describe Incremental Model.
In incremental models, software is built not written. Software is constructed step by
step in the same way a building is constructed. The product is designed, implemented,
integrated and tested as a series of incremental builds, where a build consists of code
pieces from various modules interacting together to provide a specific functional
capability and testable as a whole.
Question No: 54(Marks: 5 )
List any five reasons that attract organizations to ERP?
Reasons that attract organizations to ERP
1. Planning the operations
2. Integrated customer related information – order tracking with customer database,
inventory and shipment at different locations.
3. Standardized HR information – A company with multiple business units will require a
comprehensive and all-encompassing method of locating employees and communicating
with them.
4. Integrated financial information and analysis.
5. Monitoring the operations including those of sub-vendors and manufacturers