AF302 2018 MST Suggested Solutions

Q1

1 C
2 D
3 A
4 B
5 C
6 D
7 D
8 C
9 D
10 B
11 C
12 D
13 C
14 B
15 C
16 D
17 B
18 A
19 B
20 D
21 A
22 D
23 C
24 D
25 C
Q2. United We Stand

1. The case mentioned that SEC’s “databases were not connected to each other” resulting
in data silos. What were some negative implications of data Silo’s to SEC? [5 marks]

The disconnect between the databases caused inaccuracies and inefficiencies. For example,
a technician sent to fix a problem with a line could use Qualcomm OmniTRACS – a device
with two-way satellite communication link – to exchange information with the dispatch
database. The technician could receive the customer’s address and the status of a repair for
the customer. However, when the repair was complete, no information, such as the repair
details and the charge for it, could be entered into the accounts receivable database. A clerk
had to receive the information from the technician and manually enter it into the accounts
receivable database.

Students can also mention issues such as;

-lack of productivity
-increase costs and effort in looking for information
-incomplete data sets
-low quality of decision being made
-erroneous decisions being made
-inability to combine data; lack of uniformity
-lack of consistency in the data view
-delay in decision making etc.
2. What is the value of business analytics to organization such as SEC? [5 marks]
Student need to first define what business analytics are [answers might vary, but they
must argue along the definition given below]
Business analytics refers to the skills, technologies, applications and practices for
continuous iterative exploration and investigation of past business performance to gain
insight and drive business planning. Business analytics focuses on developing new
insights and understanding of business performance based on data and statistical
methods.
Value of BA [ they need to also argue along these benefits]
- improving the decision making process (quality & relevance)
• Speeding up of decision making process
• Better alignment with strategy
• Realizing cost efficiency
• Responding to user needs for availability of data on timely basis
• Improving competitiveness
• Producing a single , unified view of enterprise information
• Increase revenues
• Sharing information with a wider audience
3. Explain the function of a DBMS to organizations such as SEC? [5 marks]

A DBMS- Database management system is a collection of systems or software’s that

allows users, other application/systems and the database itself to capture and analyze
data.
Functions
 Data Filtering and profiling- inspecting errors, inconsistencies, redundancies
and incomplete information.
 Maintaining Data Integrity- correcting, standardizing and verifying the integrity
of data.
 Data Synchronization- integrating, matching or linking data from disparate
sources.
 Data enrichment- enhancing data using information from internal and external
data sources.
 Data Maintenance-checking and controlling data integrity overtime.

4. Explain the data life cycle of an organization. [10 marks]

Question 3 solutions
Scotrail fleet to get free Wi-Fi

1. How can Wi-Fi enhance the experiences of customers during sporting events such as the
Commonwealth games and the Ryder Cup? [4 marks]

[Students can argue along these lines [answer will vary]]

 Keeping customers connected to the latest news and updates of such sporting
events
 Convenience in terms of booking of tickets, finding locations of events and
competitions
 Customers can share their experiences of the games in real time
 Allows connection while on the move etc.

2. What are some business benefits attributed to ScotRail as a result of implementing free
Wi-Fi in their trains? [6 marks]

6 Benefits
-product differential strategy
-increases customers loyalty
-ScotRail can engage in target advertising
-ScotRail can collect customer’s data for market research purposes
-attract new customers
-not costly
-enhance customer’s experience
-lock in strategy
-helps meet customers’ expectations etc.

3. What are WiMAX and wireless LANs and how are they related to Wi-Fi technology? [4
marks]

WIMAX, and wireless LANs are related to Wi-Fi technology in the sense that these are
two components of a wireless infrastructure.

WiMax- transmit voice, data and video over high frequency radio signals to business,
homes and mobile devices. Wimax range is 20 to 30 miles and does not require a clear
line of sight to function.

Wireless LANs- uses high frequency radio waves to communicate between computers,
devices or other nodes on the network. Wireless LANs typically extends and existing
wired LAN by attaching a wireless AP to a wired network.
4. Identify factors contributing to the increasing global demand for Wi-Fi or wireless
technology? [3 marks]

• New wireless technologies such as WiMAX-Wireless Broadband and standards such as

8.11n
• High-speed wireless networks such as 4G
• Multitasking mobile devices
• More robust mobile OSs and their applications
• Increased competitive pressure as others start adopting mobile technology for strategic
applications

5. What are the major security concerns associated with wireless technology? [4 marks]

-authentication issues
-vulnerable to Denial of services [DOS]
-vulnerable data being intercepted
-vulnerable to hacking [can be a back door to a network]
-wireless devices [mobile] can be easily stolen
-data vulnerable to alteration
-unauthorized use of resources

6. Identify some ethical issues associated with the use of wireless technology? [4 marks]

- Driving while yakking- can cause road accident [crime??]

- Health risks eg. Causes cancer, eating disorder etc.
- Pollution- carbon emission
- Social implications- family time vs work, disconnected from reality etc.
Question 4 solutions
Geisinger Health Systems and Du Pont: Security Management

1. What is Geisinger Health Systems doing to protecting the security of their data
resources? Are these measures adequate? Explain your evaluation.

Discussion points would include:

 Understanding workflow, assessing risk and educating users are all key
components of their security system.
 Security needs dictated that the database that powers MvChart be installed on
hardware separate from the EMK system.
 Evaluating and considering biometric and proximity devices as ways to streamline
secure network access.
 Requiring caregivers accessing patient information via the Internet to use
electronic token identification in addition to a virtual private network or other
encryption method.

2. What security measures is Du Pont taking to protect their process control networks? Are
these measures adequate? Explain your evaluation.

Discussion points would include:

 On all of the critical manufacturing processes, Du Pont Co. is either going to

totally isolate the process systems from the business systems by not connecting
our networks, or it is going to put in firewalls to control access.
 A team comprising three groups of IT staffers, process-control engineers, and
manufacturing employees was established to:
o Discern which control devices are critical to manufacturing, safety and
continuity of production.
o Identify the assets of each – hardware, data, and software applications –
then research relevant vulnerabilities.
o Testing fixes and workarounds to see which ones might work for which
machines.
o Recognizing that precise vulnerabilities differ by environment – water
treatment process differs from vessels under high-temperature and high-
pressure conditions.
o Determining how to separate networks and where process-control
firewall appliances should go.
 3. What are several other steps Geisinger and Du Pont could take to increase the security of
their data and network resources? Explain the value of your proposals.
Students discussion should include the concepts presented in the chapter material and
additional considerations they are able to locate on the Internet.

4. An important element in any security system is the business continuity plan, also known as
the disaster recovery plan. Such a plan outlines the process by which businesses should
recover from a major disaster.

• Disaster recovery.
• Disaster avoidance.
• Hot sites.
 Formalized procedures to follow in the event a disaster occurs including:

 Which employees will participate

 What their duties will be
 What hardware, software, and facilities will be used
 Priority of applications that will be processed
 Use of alternative facilities
 Offsite storage of an organization’s databases

 Systems that have redundant processors, peripherals, and software that provide a:

 Fail-over capability to back up components in the event of system failure

 Fail-safe capability where the computer system continues to operate at the same
level even if there is a major hardware or software failure

5. Cyber crime - Relates to unauthorized:

 use, access, modification, and destruction of hardware, software, data, or network
resources
 release of information
 copying of software
 Denying an end user access to his or her own hardware, software, data, or network
resources
 Using or conspiring to use computer or network resources illegally to obtain information.

Cybertheft -Computer crime involving the theft of money.

 A popular type of online vandalism is hacktivist or cyberactivist activities.
 Hacktivist or cyberactivist use technology for high-tech civil disobedience to protest
operations, policies, or actions.
 Cyberterrorism is a premeditated, politically motivated attack against information,
computer systems, computer programs, and data.
 Cyberwar. War in which a country’s information systems could be paralyzed from a
massive attack by destructive software.
 Theft is the illegal taking of property that belongs to another individual or organization.
THE END