This was our final presentation for the EY Trajectory Program. This was the presentation we created in conjunction with the Third Party Risk Management workstream and the Regulatory Compliance workstream. We presented our findings to a panel of EY partners and senior managers in NYC.
This was our final presentation for the EY Trajectory Program. This was the presentation we created in conjunction with the Third Party Risk Management workstream and the Regulatory Compliance workstream. We presented our findings to a panel of EY partners and senior managers in NYC.
Talk on Kaspersky lab's CoLaboratory: Industrial Cybersecurity Meetup #5 with @HeirhabarovT about several ATT&CK practical use cases.
Video (in Russian): https://www.youtube.com/watch?v=ulUF9Sw2T7s&t=3078
Many thanks to Teymur for great tech dive
Delivered 1 - day Practical Threat Hunting workshop at sacon.io in Bangalore,India balancing on developing the threat hunting program in organization, how and where to start from as well threat hunting demos as it would look on the ground with hands on labs for 100+ participants.
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
a perfect example of your 6 weeks summer training ppt. Course-Ethical Hacking , its info and VAPT- Vulnerability Assessment n Penetration testing. about how vulnerability scanning , tools used , cracking password , etc.
Advanced Persistent Threats (APTs) are a serious concern as they represent a threat to an organization’s intellectual property, financial assets and reputation. In some cases, these threats target critical infrastructure and government institutions, thereby threatening the country’s national security itself.
Focused Study Material ICMA Pakistan (ICMAP) of Semester 3 subject Information Systems & IT Audit (BML303) in pdf format ( This just shared just student can have this book as a hand book in their cell phones, strictly for education purpose, does not want to break any rules or violate copyright. ICMAP was not providing this book in pdf version that's why it is shared)
Talk on Kaspersky lab's CoLaboratory: Industrial Cybersecurity Meetup #5 with @HeirhabarovT about several ATT&CK practical use cases.
Video (in Russian): https://www.youtube.com/watch?v=ulUF9Sw2T7s&t=3078
Many thanks to Teymur for great tech dive
Delivered 1 - day Practical Threat Hunting workshop at sacon.io in Bangalore,India balancing on developing the threat hunting program in organization, how and where to start from as well threat hunting demos as it would look on the ground with hands on labs for 100+ participants.
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
a perfect example of your 6 weeks summer training ppt. Course-Ethical Hacking , its info and VAPT- Vulnerability Assessment n Penetration testing. about how vulnerability scanning , tools used , cracking password , etc.
Advanced Persistent Threats (APTs) are a serious concern as they represent a threat to an organization’s intellectual property, financial assets and reputation. In some cases, these threats target critical infrastructure and government institutions, thereby threatening the country’s national security itself.
Focused Study Material ICMA Pakistan (ICMAP) of Semester 3 subject Information Systems & IT Audit (BML303) in pdf format ( This just shared just student can have this book as a hand book in their cell phones, strictly for education purpose, does not want to break any rules or violate copyright. ICMAP was not providing this book in pdf version that's why it is shared)
Evaluating different techniques for pneumoperitonium in comparison to Needle Scope, reaching a risk score for laparoscopy. Reaching best technique for pneumoperitonium for each individual patient..
The International Journal of Engineering and Science (The IJES)theijes
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
SOCIAL MEDIA ANALYSIS ON SUPPLY CHAIN MANAGEMENT IN FOOD INDUSTRYKaustubh Nale
This paper proposes the importance of
social media analysis in supply chain management in the
food industry. In this analysis, the social media platform
(Twitter) is used to obtain information. In this approach,
two different software (Nodexl and Nvivo) are used to
conduct data mining and text analysis. The outcome of this
analysis will help researchers to make decisions based on
customer feedback.
Modern drowsiness detection techniques: a reviewIJECEIAES
According to recent statistics, drowsiness, rather than alcohol, is now responsible for one-quarter of all automobile accidents. As a result, many monitoring systems have been created to reduce and prevent such accidents. However, despite the huge amount of state-of-the-art drowsiness detection systems, it is not clear which one is the most appropriate. The following points will be discussed in this paper: Initial consideration should be given to the many sorts of existing supervised detecting techniques that are now in use and grouped into four types of categories (behavioral, physiological, automobile and hybrid), Second, the supervised machine learning classifiers that are used for drowsiness detection will be described, followed by a discussion of the advantages and disadvantages of each technique that has been evaluated, and lastly the recommendation of a new strategy for detecting drowsiness.
Implementation Of The ISO/IEC 27005 In Risk Security Analysis Of Management I...IJERA Editor
The study conducted and explains about analysis result of Security Management Information System (SMKI) at
UPT SAMSAT Denpasar. This analysis has purpose to find out the level of SMKI at UPT SAMSAT Denpasar.
Framework to be used in this analysis process is the ISO/IEC 27005. Section that wants to be analyze is the
main task and function at the Section of Motor Vehicle Tax (PKB) and Motor Vehicle Mutation Charge
(BBNKB) and service process performed, in this case is which is done by the staff in the Section of PKB and
BBNKB that includes determining tax, to take data of progressive tax, data slot that involves in it, supporting
structure and infrastructure and, of course, the stackeholder who involve in the process. The analysis was
performed by implemented the ISO/IEC 27005 framework referring to clause 7 and clause 8. Clause 7 of
ISO/IEC 27005 in this analysis was performed to the organization structure, obstacles list that influence the
organization, reference list of legislative and regulation that valid to the organization. Whereas clause 8 of
ISO/IEC 27005 include asset identification, asset appraisal, impact assessment. Analysis result shows that asset
list that has the highest risk rate include the main asset those are: the process of coding selection, determining
tax, process of determining the progressive tax ownership status, process of determining the progressive tax
ownership order, process to repeat data capture of progressive tax, and supporting asset that cover: staff of
determination, staff of progressive data capture. Whereas asset list that has the highest threat level include main
asset those are: process of tax determination coding selection, process of progressive tax ownership status
determination, process of progressive tax ownership order determination, process to repeat data capture of
progressive tax, and supporting asset those are: the staff of determination, staff of progressive data capture.
Performance MNIST Special Publicatio.docxkarlhennesey
Performance MNIST Special Publication 800-55 Revision 1
easurement Guide
for Information Security
Elizabeth Chew, Marianne Swanson, Kevin Stine,
Nadya Bartol, Anthony Brown, and Will Robinson
I N F O R M A T I O N S E C U R I T Y
Computer Security Division
Information Technology Laboratory
National Institute of Standards and Technology
Gaithersburg, MD 20899-8930
July 2008
U.S. Department of Commerce
Carlos M. Gutierrez, Secretary
National Institute of Standards and Technology
James M. Turner, Deputy Director
Reports on Computer Systems Technology
nd Technology
ship for the Nation’s
ce data, proof of
ductive use of
strative,
s for the cost-effective security and privacy of sensitive
unclassified information in federal computer systems. This Special Publication 800-series reports on ITL’s
research, guidelines, and outreach efforts in information security, and its collaborative activities with
industry, government, and academic organizations.
The Information Technology Laboratory (ITL) at the National Institute of Standards a
(NIST) promotes the U.S. economy and public welfare by providing technical leader
measurement and standards infrastructure. ITL develops tests, test methods, referen
concept implementations, and technical analyses to advance the development and pro
information technology. ITL’s responsibilities include the development of management, admini
technical, and physical standards and guideline
ii
Authority
This document has been developed by the National Institute of Standards and Technology (NIST) in
nagement Act
rements, and for
t such standards and
security systems. This guideline is consistent with the requirements
ency
s. Supplemental
vided in A-130, Appendix III.
y nongovernmental
tion would be
Nothing in this document should be taken to contradict standards and guidelines made mandatory and
binding on federal agencies by the Secretary of Commerce under statutory authority. Nor should these
guidelines be interpreted as altering or superseding the existing authorities of the Secretary of
Commerce, Director of the OMB, or any other federal official.
furtherance of its statutory responsibilities under the Federal Information Security Ma
(FISMA) of 2002, Public Law 107-347.
NIST is responsible for developing standards and guidelines, including minimum requi
providing adequate information security for all agency operations and assets, bu
guidelines shall not apply to national
of the Office of Management and Budget (OMB) Circular A-130, Section 8b(3), Securing Ag
Information Systems, as analyzed in A-130, Appendix IV: Analysis of Key Section
information is pro
This guideline has been prepared for use by federal agencies. It may also be used b
organizations on a voluntary basis and is not subject to copyright regulations. (Attribu
appreciated by NIST.)
Certain commercial entities, equipment, or materials m ...
Guidelines on Security and Privacy in Public Cloud ComputingDavid Sweigert
Uploaded as a courtesy by:
Dave Sweigert
CEH, CISA, CISSP, HCISPP, PCIP, PMP, SEC+
Abstract
Cloud computing can and does mean different things to different people. The common characteristics most interpretations share are on-demand scalability of highly available and reliable pooled computing resources, secure access to metered services from nearly anywhere, and displacement of data and services from inside to outside the organization. While aspects of these characteristics have been realized to a certain extent, cloud computing remains a work in progress. This publication provides an overview of the security and privacy challenges pertinent to public cloud computing and points out considerations organizations should take when outsourcing data, applications, and infrastructure to a public cloud environment.
Citation: Special Publication (NIST SP) - 800-144
Many assets and products are either intended to be used many years or simply wind up that way. The financial impact of these decisions can easily be—and quite often is—a hundred times larger than the original investment. Moreover, safety and the environment are strongly influenced by the decisions that are made during the engineering stage. To properly balance the importance of all these aspects against each other, the involvement of all stakeholders in the design or acquisition of the new asset is necessary.
This application note discusses a practical approach to achieve this involvement: early equipment management (EEM). This methodology was originally was developed by the Japanese automotive industry. The intent was to reduce the total costs of production of cars and components and to assure a start-up without problems related to new equipment.
One of the most important ideas of the underlying philosophy of EEM is that all knowledge within the organization for working with similar assets should be incorporated into the design of a new asset. A key characteristic of EEM is that it puts significant emphasis on comprehensive prior testing procedures and consideration of the actual use to which the asset is to be put, rather than just theory. EEM is a concrete approach that describes what an organization should do during each step of the design, construction and acquisition stages to ensure the organization ends up with an asset that performs optimally throughout its entire life.
This application note goes deeper into four subjects that need to be considered during the design process:
Financial costs
Reliability
Energy consumption
Environmental impact
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Honest Reviews of Tim Han LMA Course Program.pptxtimhan337
Personal development courses are widely available today, with each one promising life-changing outcomes. Tim Han’s Life Mastery Achievers (LMA) Course has drawn a lot of interest. In addition to offering my frank assessment of Success Insider’s LMA Course, this piece examines the course’s effects via a variety of Tim Han LMA course reviews and Success Insider comments.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Information System & IT Audit Ml 303 past paper pack (UPdated)
1. Institute of Cost and Management
Accountants of Pakistan
Constituted under Cost and Management Accountants Act, 1966
INFORMATION SYSTEMS AND I.T. AUDIT (ML-303)
SEMESTER-3
PAST PAPERS
2. Institute of Cost and Management
Accountants of Pakistan
Constituted under Cost and Management Accountants Act, 1966
Past Papers Included
Syllabus
1. Model Paper
2. 2015 Spring (August) Examination
3. 2014 Fall Examination
4. 2014 Spring (August) Examination
5. 2014 May Extra Attempt Examination
6. 2013 Fall (February 2014) Examination
7. 2013 Extra Attempt, November Examination
8. 2013 Spring (August) Examination
9. 2012 Fall (February 2013) Examination
10. 2012 Spring (August) Examination
11. New Fall (E) 2011, April 2012 Examination
12. 2011 Winter (November) Examination
13. 2011 Summer (May) Examination
14. 2010 Fall (Winter) Examination
15. 2010 Spring (Summer) Examination
16. 2009 Fall (Winter) Examination
17. 2009 Spring (Summer) Examination
18. 2008 Fall(Winter) Examination
19. 2008 Spring (Summer) Examination
20. 2007 Fall (Winter) Examination
21. 2007 Spring (Summer) Examination
22. 2006 Fall (Winter) Examination
23. 2006 Spring (Summer) Examintion
3. Institute of Cost & Management Accountants of Pakistan
Education Department
ICMAP/HO/Edu/056/2015
August 10, 2015
CIRCULAR
Re-aligned Syllabus 2012
It is notified for all concerned that the syllabus of CMA qualification has
been re-aligned, which will be effective from Fall-2015.
Students are advised to visit ICMA Pakistan website at
https://www.icmap.com.pk/syllabus.aspx to check detailed outlines of re-
aligned courses.
Regards,
Rehana Ali
Acting Director Education
6. 1 of 2 ISITA/Model-Paper
ICMA.
Pakistan
MODEL PAPER
INFORMATION SYSTEMS AND I.T. AUDIT (ML-303)
SEMESTER- 3
Time Allowed: 02 Hours 40 Minutes Maximum Marks: 80 Roll No.:
(i) Attempt all questions.
(ii) Answers must be neat, relevant and brief.
(iii) In marking the question paper, the examiners take into account clarity of exposition, logic of arguments,
effective presentation, language and use of clear diagram/ chart, where appropriate.
(iv) Read the instructions printed inside the top cover of answer script CAREFULLY before attempting the paper.
(v) DO NOT write your Name, Reg. No. or Roll No. anywhere inside the answer script.
(vi) Question No.1 – “Multiple Choice Question” printed separately, is an integral part of this question paper.
(vii) Question Paper must be returned to invigilator before leaving the examination hall.
MARKS
Q.1 First question (MCQs Part) comprises 20 MCQs of one (1) mark each to be attempted in
20 minutes.
Q.2 Read the following CASE carefully and answer the questions given below:
C A S E
Megaton Corporation is a large industrial concern that has a complex network infrastructure
with multiple local area and wide area networks that connects Megaton headquarter with its
national and international offices. There is an Intranet site that is accessed only by
employees to share work-related information. An Internet EDI site is also available that is
accessed by customers and suppliers to place orders and check status of the orders. Both
sites have both open areas and sections containing private information that requires an ID
and password to access. User IDs and passwords are assigned by the central security
administrator. The wide area networks are based on a variety of WAN technologies
including frame relay, ATM, ISDN, and T1/T3. These network carry unencrypted, non-
sensitive information that are sent to international offices of Megaton but do not include any
customer identifiable information. Traffic over the network involves a mixture of protocols, as
a number of legacy systems are still in use. All sensitive network traffic traversing the
Internet is first encrypted prior to being sent. A number of devices also utilize Bluetooth to
transmit data between PDAs and laptop computers. A new firewall has been installed and
patch management is now controlled by a centralized mechanism for pushing patches out to
all servers. Firewall policy did not allow any external access to the internal systems. Various
database-driven Internet applications are in use and many have been upgraded to take
advantage of newer technologies. Additionally, an intrusion detection system has been
added, and reports produced by this system are monitored on a daily basis. Megaton
headquarter also maintains a data center consists of 15,000 square feet (1,395 square
meters). The access to data centre is controlled by a card reader and cameras monitoring
the entrance. Recently, Megaton has actively started supporting the use of notebook
computers by its staff so they can use them when travelling and when working from home.
In this regard Megaton desires that they can access the company databases and provide
online information to customers. A large organization-wide ERP software implementation
project is also under consideration. Megaton decided to buy a commercial off-the-shelf ERP
package and then customize it to fit their needs. Though Megaton was not in a hurry to
implement the project but sizeable customizations of ERP were anticipated. The last IS
audit was performed more than five years ago. The current business continuity and disaster
recovery plans have not been updated in more than eight years. During this time Megaton
has grown by over 300 percent. At the headquarters alone, there are approximately 750
employees. The IS auditor has been asked to evaluate the current environment and make
recommendations for improvement.
PTO
7. 2 of 2 ISITA/Model-Paper
MARKS
Questions:
a. What possible risks can be involved with the use of EDI system at Megaton? 08
b. What would be the most serious concerns regarding the wide area networks at
Megaton?
06
c. Many issues are involved when a company stores and exchanges the confidential
customer information over the network. What could some of the significant issues to
address if the information exchange between Megaton headquarter and its
international offices include personally identifiable customer information?
05
d. What role top management of Megaton can play for better IT governance? 05
e. Suggest some controls to strengthen the security of Data Centre at Megaton. 03
f. Based on the information given in the case, what would you recommend to Megaton
for preparing their disaster recovery plan?
03
Q.3 (a) ‘Capacity management’ is the planning and monitoring of computing and network
resources to ensure that the available resources are used efficiently and effectively. The
capacity plan should be developed based on input from both user and IS management
to ensure that business goals are achieved in the most efficient and effective way.
Discuss some types of information required for successful capacity planning.
08
(b) A database is a collection of information that is organized so that it can easily be
accessed, managed, and updated. List properties of three major types of database
structure: hierarchical, network and relational.
06
Q.4 (a) To develop an information system, the organization can either outsource the system
development or rely on its people. What are some of the risk involved when system
development is done by the end-users of an information system?
06
(b) E-commerce is a positive development for both business and individuals as it has made
transactions more convenient and efficient. E-commerce involves no physical interaction
between buyers and sellers and such virtual transactions have many associated risks.
Explain some of these risks and their mitigation strategies.
06
Q.5 (a) The acquisition of right hardware and software resources for organization is a complex
issue that requires careful planning. What are some of the issues involved in acquiring
hardware and software for an information system and the steps involved in the selection
of a computer system?
06
(b) An important objective of the IS auditor is to ensure that organization provides adequate
segregation of duties within the information system management structure. What are
some of the duties and responsibilities of the IS auditor to achieve this objective?
06
Q.6 (a) While performing IS audit of an organization, IS auditor needs to carefully examine
various IS controls implemented by the organization. What are some techniques IS
auditor can use to evaluate the application controls implemented in an information
system.
06
(b) An organization can hold a variety of sensitive information such as financial results, and
business plans for the year ahead. As more and more of this information is stored and
processed electronically and transmitted across company networks or the internet, the
risk of unauthorized access increases. What are some basic types of Information
Protection that an organization can use to minimize this risk?
06
THE END
8.
9.
10.
11.
12. ISITA-Mar.2015 1 of 2 PTO
ICMA.
Pakistan
INFORMATION SYSTEMS AND I.T. AUDIT (BML-303)
SEMESTER-3
FALL 2014 EXAMINATIONS
Thursday, the 5th March 2015
Time Allowed: 02 Hours 30 Minutes Maximum Marks: 70 Roll No.:
(i) Attempt all questions.
(ii) Answers must be neat, relevant and brief.
(iii) Read the instructions printed inside the top cover of answer script CAREFULLY before attempting the paper.
(iv) In marking the question paper, the examiners take into account clarity of exposition, logic of arguments,
effective presentation, language and use of clear diagram/ chart, where appropriate.
(v) DO NOT write your Name, Reg. No. or Roll No., or any irrelevant information inside the answer script.
(vi) Question No. 1 – “Multiple Choice Question” printed separately, is an integral part of this question paper.
(vii) Question Paper must be returned to invigilator before leaving the examination hall.
MARKS
Q. 2 (a) Xeon Limited is a large multinational Bank. It has recently received license to operate
banking business in Pakistan. The management of the bank has decided to develop its
own banking software and recently they have awarded a software development contract
to a local software consulting company. While project kicked off, the project manager
who had been assigned on this project; applied his own software development
methodology instead of internationally recognized Software Development Life Cycle
(SDLC).
08
The bank has deputed you on this project as IS auditor. As job responsibility, you are
required to identify risks associated with non-compliance of international standards for
software development methodology that has not been adopted by project manager.
List down at least four potential risks and suggested controls that may expose due to
incorporation of non-standard software development methodology.
(b) Audit risk is the risk of information or financial report that may contain material error or
IS auditor may not detect an error that has occurred. Explain in brief how would you
categorize audit risks?
08
Q. 3 (a) You are an IS auditor of Glorious (Private) Limited, a large accounting firm. As part of
human resource development plan, Glorious recently arranged overseas training of
Computer-Assisted- Audit-Techniques (CAATs) for its IS audit team. You were one of
the team members who travelled for CAATs training. When you resumed office after
successful completion of training, the senior management of Glorious asked you to
transfer CAATs knowledge to its IS Audit team members.
In order to conduct knowledge transfer session, you are required to develop a
presentation that should include:
i) Applications of CAATs (At least five)
ii) four advantages and four disadvantages of CAATs (At least four of each)
Describe the important points in brief.
13
(b) Lincoin Limited is a group of companies has branch offices in all major cities of
Pakistan. Lincoin Limited has good IT infrastructure all over its branches. Its data
processing facilities are highly sophisticated and running number of software
applications. A few months ago Lincoin’s IT facilities had shutdown for two weeks due
to unforeseen application server’s disaster that caused significant losses in business
since timely information was not available for decision making. The IT business
continuity plan (BCP) was in place but it did not recover the business applications
successfully as expected while applied in disaster recovery events. Due to
ineffectiveness of BCP, the management of Lincoin has decided to get it reviewed by an
external IS auditor.
State at least ten basic elements that should be verified by IS auditor while reviewing
BCP.
05
13. ISITA-Mar.2015 2 of 2
MARKS
Q. 4 (a) There are various project management techniques and tools available to assist project
manager in software development process. In current revolutionary age of information
technology, Agile project management process is considered highly successful.
Describe in brief the Agile project management method with at-least 10 Agile principles
that support project teams in implementing Agile project management method.
12
(b) Wolex Enterprises is a large distribution company dealing in life saving drugs. Currently
they have very small distribution network, however, the management intends to launch
its operation in all major cities of the country. Wolex operation’s feasibility team is in
consultation with various firms engaged in developing the infrastructure facilities and
recruiting the work force. However, outsourcing option for IT support services is also
under consideration.
You as a senior member of Wolex feasibility team; required to come-up with four
benefits and four limitations that support outsourcing proposal.
08
Q. 5 (a) A database is a collection of information of structured data organized in rows and
columns. The usage of database has various significant strengths such as:
reduced data redundancy
improved data integrity
allows data sharing
reduced development time
Explain each of the strengths as indicated above.
08
(b) Symbol Electronics Limited is a medium sized manufacturing company involved in
assembling and exporting domestic electronic goods. During last year, SEL had incurred
significant losses on several large export consignments due to three weeks over
scheduled shipments. Upon investigation by the internal IS Audit team, the production
manager of SEL held the suppliers responsible for not delivering the raw material on
time, while the suppliers were of the view that the delivery lead time was not considered
by SEL procurement department when raw material orders were placed. In order to
overcome the issue of delayed acquisition of raw material, the management of SEL has
decided to adopt Business-to-Business (B2B) model.
You, as a head of Information Technology of SEL, briefly explain B2B model and specify
its key characteristics. State advantages and disadvantages of B2B model.
08
THE END
14. 1 of 2 ISITA/August-2014
ICMA.
Pakistan
INFORMATION SYSTEMS AND I.T. AUDIT (ML-303)
SEMESTER- 3
SPRING (AUGUST) 2014 EXAMINATIONS
Thursday, the 21st August 2014
Time Allowed: 02 Hours 30 Minutes Maximum Marks: 80 Roll No.:
(i) Attempt all questions.
(ii) Answers must be neat, relevant and brief.
(iii) DO NOT write your Name, Reg. No. or Roll No., or any irrelevant information inside the answer script.
(iv) Read the instructions printed inside the top cover of answer script CAREFULLY before attempting the paper.
(v) In marking the question paper, the examiners take into account clarity of exposition, logic of arguments,
effective presentation, language and use of clear diagram/ chart, where appropriate.
(vi) Question Paper must be returned to invigilator before leaving the examination hall.
MARKS
Q.2 (a) Enterprise Resource Planning (ERP) is an industry term for integrated, multi-mode
application software packages that are designed and support multiple business
functions. Due to importance and effective operational needs, an automobile
manufacturing industry management plans to implement ERP system in order to
integrate its different departmental functions. Briefly explain different implementation
phases of ERP system. Discuss benefits achieved to the company by effectively
implementing ERP system in organization.
09
(b) Recent research shows that most of the time approx 80% CPU of computer system
remains in idle state. Operating system is a resource manager and optimize the CPU
resources. Discuss different classes of operating system.
05
Q.3 (a) A Decision Support System (DSS) is an interactive information system that provides
information, models and data manipulation tools to help make decisions in semi-
structured and unstructured situations. Discuss eight important techniques used in
decision making in Decision Support System (DSS).
10
(b) MIS system has been deployed in an organization and has advertised Data Base
Administrator (DBA), Project manager and application developer jobs in leading
newspaper to fulfil its vacant positions. Discuss role and job description of each post to
effectively implement and manage MIS system in organization.
06
Q.4 (a) A multinational bank has established a data center in its head office. 50 Terabyte
capacity Storage Area Network (SAN), Blade server, CISCO router and PIX firewalls
have been deployed in network infrastructure of data center. Proper environment and
physical controls can ensure equipment reliability as per manufacturer like IBM &
CISCO recommendations in equipments data sheets, which can reduce risk of any
downtime. The management of the bank has engaged an IT auditor for LAN and
Network operating review. Consider yourself as an IT Auditor, highlight the minimum six
requirements related to organization LAN and Network operating review.
10
(b) Due to revolution in networks technology, wireless security provide prevention of
unauthorized access or damage to computers using wireless networks. Discuss three
principal ways to secure wireless networks.
06
PTO
15. 2 of 2 ISITA/August-2014
MARKS
Q.5 (a) Students of XYZ University have developed mobile applications and have advertised on
university web site. To promote this product through e-commerce activity they need a
merchant account. Discuss need and requirement of merchant account in our country
to promote e-commerce business activities. Elaborate six different payment methods
used in e-commerce business?
09
(b) For all customers, partners, resellers, and distributors who hold valid Cisco service
contracts, Cisco Technical Support provides 24-hour-a-day, award-winning technical
assistance. The Cisco Technical Support Website provides online documents and tools
for troubleshooting and resolving technical issues with Cisco products and technologies.
M/s UNICOM network manager has decided to upgrade its CISCO12000 series router
as per CISCO TAC (Technical assistant support center) recommendation. Change
management procedure is used when changing hardware, upgrading operating system
and configuring various network devices. Discuss effects of proper procedures/ SOPs
followed and deployed during this migration process.
07
Q.6 (a) Most business continuity tests fall short of a full-scale test to all operational portion of
the corporation. The test should address all critical components and simulate actual
prime-time processing conditions. Discuss different tasks to be accomplished by
‘Continuity Plan Testing’? Explain five test phases that should be completed to perform
full testing.
09
(b) Software development practitioners have developed alternative development strategies
to reduce development time, maintenance costs or to improve the quality of software.
Compare advantages and disadvantages of waterfall model, spiral model and
prototyping models used in software development methodologies.
09
THE END
16. 1 of 2 ISITA/May-2014
ICMA.
Pakistan
EXTRA ATTEMPT, MAY 2014 EXAMINATIONS
Saturday, the 24th May 2014
INFORMATION SYSTEMS AND I.T. AUDIT (ML-303)
SEMESTER- 3
Time Allowed: 02 Hours 30 Minutes Maximum Marks: 80 Roll No.:
(i) Attempt all questions.
(ii) Answers must be neat, relevant and brief.
(iii) In marking the question paper, the examiners take into account clarity of exposition, logic of arguments,
effective presentation, language and use of clear diagram/ chart, where appropriate.
(iv) Read the instructions printed inside the top cover of answer script CAREFULLY before attempting the paper.
(v) DO NOT write your Name, Reg. No. or Roll No., or any irrelevant information inside the answer script.
(vi) Question Paper must be returned to invigilator before leaving the examination hall.
MARKS
Q.2 (a) A traditional system development life cycle (SDLC) approach is made up of a number of
distinct phases, each with a defined set of activities and outcomes. Identify the phases
and discuss in detail the purpose of each phase and the general activities performed by
each phase.
12
(b) Assume that you are helping an IT manager of a supermarket in managing databases.
What different methods of accessing data you will use for their databases?
06
Q.3 (a) Discuss the various types of E-commerce models. E-commerce highly depends on the
existence of a level of trust between two parties to avoid risk factor. State the most
important elements of risk in E-commerce.
09
(b) Wireless transmission does not need a fixed physical connection because it sends
signals through air or space. Discuss the four common types of wireless transmissions
with their applications’ differences in scale and complexity.
06
Q.4 (a) Outsourcing is one of the business practices and strategies of organizations to reduce
operational cost and concentrate on its core business areas. Cloud computing is one of
the techniques of outsourcing. Elaborate different cloud computing service models.
Discuss the advantages, disadvantages and business risks related to outsourcing.
08
(b) Adequate planning is necessary in performing effective IS audit. Discuss the various
types of audits, internally or externally, and the audit procedures associated with each
audit that an IS auditor should understand.
08
Q.5 (a) Disaster recovery planning “DRP” is a continuous process. When the normal production
facilities become unavailable, the business may utilize alternate facilities to sustain
critical processing until the primary facilities can be restored. Discuss the most common
recovery alternatives in detail.
10
(b) You have been assigned to audit a multinational company having its offices around the
globe. Discus the areas of IS auditing which should be kept in mind while performing
audit of any global presence company.
09
PTO
17. 2 of 2 ISITA/May-2014
MARKS
Q.6 The most critical factor in protecting information assets and privacy is laying the
foundation for effective information security management. Identify and discuss at least
six key elements of information security management system.
12
THE END
18. 1 of 2 ISITA/Feb-2014
ICMA.
Pakistan
FALL 2013 (FEBRUARY 2014) EXAMINATIONS
Saturday, the 22nd February 2014
INFORMATION SYSTEMS AND I.T. AUDIT (ML-303)
SEMESTER- 3
Time Allowed: 02 Hours 30 Minutes Maximum Marks: 80 Roll No.:
(i) Attempt all questions.
(ii) Answers must be neat, relevant and brief.
(iii) In marking the question paper, the examiners take into account clarity of exposition, logic of arguments,
effective presentation, language and use of clear diagram/ chart, where appropriate.
(iv) Read the instructions printed inside the top cover of answer script CAREFULLY before attempting the paper.
(v) DO NOT write your Name, Reg. No. or Roll No., or any irrelevant information inside the answer script.
(vi) Question Paper must be returned to invigilator before leaving the examination hall.
MARKS
Q.2 (a) Most of the business information systems are based on databases. In fact web is not a
database, however, it illustrates the capabilities of hypermedia databases. Discuss
features of hypermedia database. Also write difference between searching required
information using a traditional database and using World Wide Web metaphor.
09
(b) The expert system makes sure that important factors of event have not been ignored
and provide information that helps the person make a good decision. Differentiate with
the help of an appropriate example between forward chaining and backward chaining
logics used by expert system.
08
Q.3 (a) PeopleSoft ERP system of XYZ Courier Company has been crashed. Data backup is
key preventative measures .It ensures that the critical activities of an organization are
not interrupted in the event of disaster. Discuss different types of disk-based back up
system and criteria for choosing different types of back up devices and media for early
restoration of data.
09
(b) One of the most interesting market mechanism in e-commerce is electronic auction
which used B2C,B2B, C2B, G2B and G2C business models. Differentiate between
forward and reversed e-auction with examples. Also discuss the role of broker and
barter in e-marketplace.
08
Q.4 (a) To ensure high level of computer hardware and network availability, XYZ Company has
signed service maintenance contract including spare parts with IBM local vendor for
Information system support and maintenance work. The hardware maintenance
program is designed to document the performance of hardware maintenance. Discuss
mandatory information, which should be maintained in hardware maintenance program.
Also elaborate typical procedures and reports for monitoring the effective and efficient
use of hardware.
09
(b) A project team with participation by technical support staff and key users should be
created to write a request for proposal (RFP). Elaborate seven different areas which
should be included in this or any RFP document contents.
07
PTO
19. 2 of 2 ISITA/Feb-2014
MARKS
Q.5 (a) An IT audit firm is planning for its critical data migration from old FOXPRO database
system to new Oracle 9i database system. This large-scale data conversion becomes a
project within a project. Discuss necessary steps for a successful data conversion
process.
10
(b) Remote access is a common technique to monitor and configure network devices using
Telnet and others utility software’s. Discuss different remote access connectivity’s
methods. How can an organization implement remote access security to avoid any
chances of access to company’s intranet by any intruder, cracker, or hacker?
08
Q.6 Why organizations need Transaction Processing System (TPS), Management
Information System (MIS) and Executive Information System (EIS)? How management
Information system (MIS) emerged partly as a response to the shortcoming of the first
computerized transaction processing system? Similarly Executive Information system
(EIS) attempts to take over the short falls of traditional MIS approach. Elaborate this
revolution in Information system. Do MIS and EIS really solve manager’s problem?
12
THE END
20. 1 of 2 ISITA/E-Attempt.2013
ICMA.
Pakistan
EXTRA ATTEMPT, NOVEMBER 2013 EXAMINATIONS
Tuesday, the 26th November 2013
INFORMATION SYSTEMS AND
I.T. AUDIT – (ML-303)
SEMESTER- 3
Time Allowed: 02 Hours 45 Minutes Maximum Marks: 90 Roll No.:
(i) Attempt all questions.
(ii) Answers must be neat, relevant and brief.
(iii) In marking the question paper, the examiners take into account clarity of exposition, logic of arguments,
effective presentation, language and use of clear diagram/ chart, where appropriate.
(iv) Read the instructions printed inside the top cover of answer script CAREFULLY before attempting the paper.
(v) DO NOT write your Name, Reg. No. or Roll No. anywhere inside the answer script.
(vi) Question No.1 – “Multiple Choice Question” printed separately, is an integral part of this question paper.
(vii) Question Paper must be returned to invigilator before leaving the examination hall.
MARKS
SECTION – “A”
Q.2 (a) Modern E-commerce architectures consist of a variety of complex integrated
components. Explain four significant components of e-commerce architecture.
06
(b) E-businesses use a variety of computer hardware architectures. These computers are
used both at client and service provider end. Explain any three types of computers
based on their processing power, size, and architecture.
09
Q.3 (a) There are three major forms of organizational alignment for project management
within a business organization. Discuss each.
06
(b) Problem management is one of the key functions of information system operations.
Discuss three important duties of IS manager with respect to the problem
management function.
09
Q.4 (a) Information system development may involve developing a new system or modifying
the existing one. In either case, IS management is required to prepare various types of
feasibility studies. What are the five important functions of IS auditor while analyzing
these feasibility studies?
05
(b) There exists a variety of models of databases used in information systems today.
Explain any five key features of network database model and relational database
model.
10
SECTION – “B”
Q.5 (a) A risk-based audit approach is usually adopted to develop and improve the continuous
IS audit process. Explain five stages of risk-based audit approach.
10
(b) Steering Committees play a strategic role in information systems management and
ensure that IS department is in harmony with the corporate mission and objectives.
List five primary functions performed by the Steering Committee.
05
PTO
21. 2 of 2 ISITA/E-Attempt.2013
MARKS
Q.6 (a) Data conversion is a significant activity in information system development life cycle.
Explain five significant points to be considered in a data conversion project.
05
(b) System development life cycle (SDLC) approach doesn’t guarantee successful
completion of IS development project. This involves a magnitude of risk that needs to
be controlled. Explain six responsibilities of IS auditor to control risks of inadequate
system development life cycle.
06
Q.7 (a) Firewalls generally act as a first line of defence in securing corporate internal networks
from external threats. List six general features of firewalls. Also list three problems
faced by organizations after implementing firewalls.
09
(b) The IS processing insurance policy is usually a multi-tiered policy designed to provide
various types of IS risk coverage. Explain five types of coverage provided in IS
processing insurance policy.
10
THE END
22.
23.
24. 1 of 2 ISITA/February.2013
INSTITUTE OF COST AND MANAGEMENT ACCOUNTANTS OF PAKISTAN
Fall 2012 (February 2013) Examinations
Saturday, the 23rd February 2013
INFORMATION SYSTEMS & I.T. AUDIT – (ML-303)
SEMESTER - 3
Time Allowed – 2 Hours 45 Minutes Maximum Marks – 90 Roll No.:
(i) Attempt ALL questions.
(ii) Answers must be neat, relevant and brief.
(iii) In marking the question paper, the examiners take into account clarity of exposition, logic of arguments,
presentation and language.
(iv) Read the instructions printed inside the top cover of answer script CAREFULLY before attempting the paper.
(v) DO NOT write your Name, Reg. No. or Roll No. anywhere inside the answer script.
(vi) Question No.1 – “Multiple Choice Question” printed separately, is an integral part of this question paper.
(vii) Question Paper must be returned to the invigilator before leaving the examination hall.
MARKS
SECTION – “A”
Q. 2 (a) What do you understand by ‘Data Integrity Testing’? A multinational stock exchange
company uses online multi-user transaction processing system controlled by Oracle
DBMS. Discuss properties of ACID principle used in this online Oracle based transaction
processing system.
07
(b) Discuss importance of Customer Relationship Management (CRM) to meet expectations
of customers. Distinguish between Operational and Analytical CRM.
08
Q. 3 (a) ‘Modern operating system provides virtualization features’. Elaborate the statement. ABC
Company is planning to reduce its operational cost by implementing virtualization
solution. Compare advantages and disadvantages of this solution.
06
(b) Moving data in a batch transmission process through the traditional Electronic Data
Interchange (EDI) process involves three functions within each trading partner’s computer
system. Enlist and briefly explain these functions used in traditional EDI process.
09
Q. 4 (a) Software development organizations implement process methodologies. Discuss
features of waterfall and spiral models. How spiral model is supportive in risk
management?
07
(b) A multinational bank is establishing its different branches all over the country. These will
be integrated through WAN. Discuss different WAN technologies alongwith their features
to provide point to point secure connectivity of all its branches to bank’s Head Office.
(any eight)
08
PTO
25. 2 of 2 ISITA/February.2013
MARKS
SECTION – “B”
Q. 5 (a) ‘Encryption’ is the need of today’s e-business. Discuss why Symmetric Encryption is
used for Data Encryption and Asymmetric Encryption is used in Key exchange
mechanism. If an individual wants to send messages using a public key cryptographic
system, how does s/he distribute the public key in secure way?
08
(b) The changing technological infrastructure requires specific reviews of hardware,
operating systems, IS operations, databases and networks. As an IS auditor, discuss
main areas which need to be reviewed related to hardware.
06
Q. 6 (a) ‘Policies and procedures’ reflect management guidance in developing controls over
information systems. IS auditors should use policy as a benchmark for compliance.
Discuss main features of information security policy document. How IS auditor can
ensure Acceptable Internet Usage Policy?
06
(b) How CAAT helps IS auditor in gathering information from hardware and software
environment. Generalized audit software (GAS) is a main tool used in CAAT. Discuss
different functions supported by GAS.
09
Q. 7 (a) There are various reasons to create Access Control Lists (ACLs). Discuss. How can
network administrator secure network by implementing extended ACL’s on company
router interface?
08
(b) Discuss the process of developing and maintaining an appropriate ‘Business Continuity
Plan’. Explain what are the major tasks involved when an IS auditor is evaluating the
suitability of business continuity plan.
08
THE END
26. ISITA/August.2012 1 of 2
INSTITUTE OF COST AND MANAGEMENT ACCOUNTANTS OF PAKISTAN
Spring (August) 2012 Examinations
Thursday, the 30th August 2012
INFORMATION SYSTEMS & I.T. AUDIT – (S-602)
STAGE-6
Time Allowed – 2 Hours 45 Minutes Maximum Marks – 56 Roll No.:
(i) Attempt ALL questions.
(ii) Answers must be neat, relevant and brief.
(iii) In marking the question paper, the examiners take into account clarity of exposition, logic of arguments,
presentation and language.
(iv) Read the instructions printed inside the top cover of answer script CAREFULLY before attempting the paper.
(v) DO NOT write your Name, Reg. No. or Roll No. anywhere inside the answer script.
(vi) There will also be a computer based practical examination of 10 marks and presentation of a project of 20
marks, which form the part of this paper.
(vii) Question No.1 – “Multiple Choice Question” printed separately, is an integral part of this question paper.
(viii) Question Paper must be returned to the invigilator before leaving the examination hall.
MARKS
SECTION – “A”
Q. 2 (a) What are five major components of an idealized expert system? Expert system logic
combines forward chaining and backward chaining. Explain
10
(b) Distinguish between data base and data modeling. Give an example through illustrating
basic entity-relationship diagram tool for data modeling.
05
Q. 3 (a) The systems in organisations are built and maintained in terms of four phases. Illustrate
these phases. Also list out the common reasons of project failure for each phase.
08
(b) Define ‘Business Intelligence (BI)’. Identify its area of application. Three main factors
have been responsible for increasing use of BI as a distinct field of IT. Explain these
factors.
06
SECTION – “B”
Q.4 (a) ‘Testing’ is an essential part of the development process. Discuss testing and the
elements of a software testing process. Enlist various types of testing.
08
(b) A large-scale data conversion requires considerable analysis, design and planning.
Discuss the necessary steps for a successful data conversion.
06
PTO
27. ISITA/August.2012 2 of 2
MARKS
Q.5 (a) A recovery strategy indentifies the best way to recover a system (one or many) in case of
interruption including disaster, and provides guidance for developing recovery
alternatives. There are different strategies and recovery alternatives available. Explain
the most common recovery alternatives.
07
(b) General controls apply to all areas of the organization including IT infrastructure and
support services. Discuss.
06
THE END
28. 1 of 2 ISITA/April.2012
INSTITUTE OF COST AND MANAGEMENT ACCOUNTANTS OF PAKISTAN
New Fall (E) 2011, April 2012 Examinations
Thursday, the 19th April 2012
INFORMATION SYSTEMS & I.T. AUDIT – (S-602)
STAGE-6
Time Allowed – 2 Hours 45 Minutes Maximum Marks – 56 Roll No.:
(i) Attempt ALL questions.
(ii) Answers must be neat, relevant and brief.
(iii) In marking the question paper, the examiners take into account clarity of exposition, logic of arguments,
presentation and language.
(iv) Read the instructions printed inside the top cover of answer script CAREFULLY before attempting the paper.
(v) DO NOT write your Name, Reg. No. or Roll No. anywhere inside the answer script.
(vi) There will also be a computer based practical examination of 10 marks and presentation of a project of 20
marks, which form the part of this paper.
(vii) Question No.1 – “Multiple Choice Question” printed separately, is an integral part of this question paper.
(viii) Question Paper must be returned to the invigilator before leaving the examination hall.
MARKS
SECTION – “A”
Q. 2 (a) Information technology and information systems are powerful and valuable tools for
individuals, and organizations. Identify and briefly discuss the obstacles and real world
limitations that have slowed the pace of implementation for IT-based innovation.
06
(b) The Principle-Based Systems Analysis (PBSA) method is an approach to improve a work
system. PBSA converts the four steps of systems analysis into three steps that can be
pursued in a situation. Briefly discuss these three steps.
06
Q. 3 (a) There are four system approaches of system life cycles, each involving different
processes and helps in deciding what method is appropriate for a particular situation.
Discuss four system life cycles approaches.
04
(b) The four main factors related to information usefulness are information quality,
accessibility, presentation and security. Briefly discuss them.
08
(c) Briefly discuss the four aspects of the convergence of computing and communications. 04
SECTION – “B”
Q. 4 (a) An IS department can be structured in different ways and IS auditor should determine
whether the job description and structure are adequate. Briefly discuss the IS roles and
responsibilities reviewed by an IS auditor related to the following:
i) Media Management
ii) System Administration
iii) Security Administration
iv) Quality Assurance
v) Database Administration
vi) Network Administrators
06
PTO
29. 2 of 2 ISITA/April.2012
MARKS
(b) Discuss the policies and procedures that reflect management guidance and direction in
developing controls over information system. Explain the key points contained by the
information security policy document.
08
Q. 5 (a) The IS auditor should be familiar with the different types of sampling techniques and its
usage. Briefly touch upon two general approaches to audit sampling. Identify the
statistical sampling terms need to be understood while performing variable sampling.
08
(b) Discuss the various roles and responsibilities of groups/individuals that may be involved
in the development process of a project management structure.
06
THE END
30. 1 of 2
INSTITUTE OF COST AND MANAGEMENT ACCOUNTANTS OF PAKISTAN
Winter (November) 2011 Examinations
Monday, the 21st November 2011
INFORMATION SYSTEMS & I.T. AUDIT – (S-602)
STAGE-6
Time Allowed – 2 Hours 45 Minutes Maximum Marks – 56 Roll No.:
(i) Attempt ALL questions.
(ii) Answers must be neat, relevant and brief.
(iii) In marking the question paper, the examiners take into account clarity of exposition, logic of arguments,
presentation and language.
(iv) Read the instructions printed inside the top cover of answer script CAREFULLY before attempting the paper.
(v) DO NOT write your Name, Reg. No. or Roll No. anywhere inside the answer script.
(vi) There will also be a computer based practical examination of 10 marks and presentation of a project of 20
marks, which form the part of this paper.
(vii) Question No.1 – “Multiple Choice Question” printed separately, is an integral part of this question paper.
(viii) Appearing in Project, Presentation and Practical parts of the paper is compulsory.
(ix) Question Paper must be returned to the invigilator before leaving the examination hall.
MARKS
SECTION – “A”
Q. 2 (a) What is an information system plan? 04
(b) Why do users and managers have to participate in information system planning and
development?
04
(c) Modern electronic communication systems capabilities help people work together by
exchanging or sharing information in many different forms. Discuss six main tools of
modern electronic communication systems being used in present environment.
06
Q. 3 (a) Identify and explain five product performance variables used to evaluate any stage in the
customer experience.
05
(b) Discuss common roles of information systems in improving the product of a work system. 04
(c) What is the difference between efficiency and effectiveness, and how is this related to
the work system framework?
05
SECTION – “B”
Q.4 (a) Explain the term ‘Risk Management’ and the prerequisite of developing a risk
management program.
05
(b) Discuss the three methods used for ‘risk analysis’. 03
(c) ‘Changeover technique’ refers to shift users from existing (old) system to the new
system. This technique can be achieved in three different ways. Discuss these in detail.
06
PTO
31. 2 of 2
MARKS
Q.5 (a) The IS audit process must continually change to keep pace with innovation in
technology. Explain the three evoking changes in IS audit process including automated
work papers, integrated auditing and continuous auditing.
08
(b) Discuss the impact of laws and regulations on IS audit planning. 06
THE END
32. 1 of 2
INSTITUTE OF COST AND MANAGEMENT ACCOUNTANTS OF PAKISTAN
Summer (May) 2011 Examinations
Thursday, the 26th May 2011
INFORMATION SYSTEMS & I.T. AUDIT – (S-602)
STAGE-6
Time Allowed – 2 Hours 45 Minutes Maximum Marks – 56 Roll No.:
(i) Attempt ALL questions.
(ii) Answers must be neat, relevant and brief.
(iii) In marking the question paper, the examiners take into account clarity of exposition, logic of arguments,
presentation and language.
(iv) Read the instructions printed inside the top cover of answer script CAREFULLY before attempting the paper.
(v) DO NOT write your Name, Reg. No. or Roll No. anywhere inside the answer script.
(vi) There will also be a computer based practical examination of 10 marks and presentation of a project of 20
marks, which form the part of this paper.
(vii) Question No.1 – “Multiple Choice Question” printed separately, is an integral part of this question paper.
(viii) Question Paper must be returned to the invigilator before leaving the examination hall.
MARKS
SECTION – “A”
Q. 2 (a) Information systems are the tools for decision-making. Each type of information system
supports both communication and decision-making in a number of ways. Explain in detail
system types and its impact on communication and decision-making.
6
(b) (i) Define each of the process performance variables. Describe how an information
system can improve performance related to each of these variables?
5
(ii) What are the phases of building and maintaining a system? 5
Q. 3 (a) A computer system finds stored data either by knowing its exact location or by searching
for the data. Different DBMSs contain different internal methods for storing and retrieving
data. Explain sequential access, direct access, and indexed access methods for
accessing data in a computer system.
6
(b) Define each of the five levels of integration. What kinds of problems sometimes result
from tight integration?
6
SECTION – “B”
Q. 4 (a) IS auditors’ conclusions must be based on sufficient, relevant and competent evidence.
Explain. Enumerate the determinants for evaluating the reliability of audit evidence.
5
(b) What are the project phases of physical architecture analysis? Explain. Different project
phases are involved in planning the implementation of infrastructure. Discuss each
phase.
6
PTO
33. 2 of 2
MARKS
Q. 5 (a) Control self assessment (CSA) is a management technique. Illustrate. What are the
objectives of CSA? Highlight benefits and disadvantages of CSA.
6
(b) (i) Testing is an essential part of the development process. An IS auditor plays a
preventive role in the testing process. Enumerate the elements of a software testing
process. Also explain the classifications of testing.
6
(ii) Contrast corporate governance and I.T Governance. Explain the role of audit in IT
Governance.
5
THE END
34. 1 of 2
INSTITUTE OF COST AND MANAGEMENT ACCOUNTANTS OF PAKISTAN
Fall (Winter) 2010 Examinations
Sunday, the 28th November 2010
INFORMATION SYSTEMS & I.T. AUDIT – (S-602)
STAGE-6
Time Allowed – 2 Hours 45 Minutes Maximum Marks – 56
(i) Attempt ALL questions.
(ii) Answers must be neat, relevant and brief.
(iii) In marking the question paper, the examiners take into account clarity of exposition, logic of arguments,
presentation and language.
(iv) Read the instructions printed inside the top cover of answer script CAREFULLY before attempting the paper.
(v) DO NOT write your Name, Reg. No. or Roll No. anywhere inside the answer script.
(vi) There will also be a computer based practical examination of 10 marks and presentation of a project of 20
marks, which form the part of this paper.
(vii) Question No.1 – “Multiple Choice Question” printed separately, is an integral part of this question paper.
MARKS
SECTION – “A”
Q. 2 (a) (i) “Computer hardware owned and managed within a corporation can exist at any or
all of the following levels: corporate headquarters, regional processing centers,
workgroup processors and individual work stations.” Briefly elaborate.
04
(ii) What is the difference between centralized and decentralized approaches? How an
intermediate situation can be different from them, the two extreme modes?
05
(b) How can Principle-based system analysis (PBSA) be applied to work systems,
information systems and projects?
05
Q. 3 (a) An experienced manager who worked for the last 30 years, and gradually moved from
management trainee to the top executive position, is about to retire from his position. The
company has a greater reliance on the expertise of this senior executive and considers
him as the hub of tacit knowledge. An information technology expert of the company
suggested that the core knowledge of the experienced manager along with the tacit
knowledge related to vast and diverse experience can be captured and utilized efficiently
through “expert system”. The CEO asked the IT specialist to justify his idea and
elaborate it to the board.
Required:
What is an Expert System? Discuss the building blocks of an Expert System. 09
(b) Intellectual property is different from other forms of property therefore requires a different
form of protection laws. Define intellectual property and differentiate it from other
copyright laws.
05
SECTION – “B”
Q. 4 (a) Describe the phases involved in System Development Life Cycle (SDLC). 06
(b) There are three elements or dimensions of a project that should always be taken into
account. Explain.
03
PTO
35. 2 of 2
MARKS
(c) The IS auditor should understand the various types of audits that can be performed,
internally or externally, and the audit procedures. Explain classification of audits.
07
Q. 5 (a) An IS auditor plays a vital role in ascertaining the appropriateness of Business Continuity
Planning (BCP) and Disaster Recovery Planning (DRP). Explain what are the tasks
involved when IS auditor evaluating the suitability of business continuity?
04
(b) What crucial factors are to be considered when reviewing the BCP? 04
(c) How emergency procedures can be ensured during the evaluation of DRP? 04
THE END
36. 1 of 2
INSTITUTE OF COST AND MANAGEMENT ACCOUNTANTS OF PAKISTAN
Spring (Summer) 2010 Examinations
Thursday, the 20th May 2010
INFORMATION SYSTEMS & I.T. AUDIT – (S-602)
STAGE-6
Time Allowed – 2 Hours 45 Minutes Maximum Marks – 56
(i) Attempt ALL questions.
(ii) Answers must be neat, relevant and brief.
(iii) In marking the question paper, the examiners take into account clarity of exposition, logic of arguments,
presentation and language.
(iv) Read the instructions printed inside the top cover of answer script CAREFULLY before attempting the paper.
(v) DO NOT write your Name, Reg. No. or Roll No. anywhere inside the answer script.
(vi) There will also be a computer based practical examination of 10 marks and presentation of a project of 20
marks, which form the part of this paper.
(vii) Question No.1 – “Multiple Choice Question” printed separately, is an integral part of this question paper.
SECTION – “A” MARKS
Q.2 (a) Customers think about product performance in terms of variety of performance
variables. Identify product performance variables that can be used to evaluate any stage
in customer experience. Also illustrate typical performance measures for each variable
and common ways information systems are used to improve the product.
07
(b) Neural network is an offshoot of artificial Intelligence. It is an attempt to model human
brain.
(i) Explain the term ‘neural network’. 02
(ii) How does it operate? Explain the procedure. 03
(iii) Give any two real-life examples where neural network is applied. 02
Q.3 (a) ABC Corporation has its office in a multistoried building. Its various departments are
spread over different floors in the same building. The physical security of the IT
infrastructure like computers, peripherals, and network devices is up to the mark;
however, the CTO is concerned about “controlling access to data.” Assume that CTO of
the company has hired you to address this issue. Prepare an account of ‘control
techniques’ including manual data handling, access privilege, and data flow through
networks and other media.
07
(b) Electronic commerce (e-commerce), is one of the most popular e-business
implementations. What do you understand by e-commerce models? Discuss.
07
SECTION – “B”
Q.4 (a) After developing an audit program and gathering audit evidence, the next step is the
evaluation of the information gathered in order to develop an audit opinion. This
requires the IS auditor to consider a series of strengths and weaknesses and then
develop audit recommendations.
(i) How can an IS auditor assess the strengths and weaknesses of the evidence
gathered?
03
(ii) How can a control matrix be employed in this regard? 03
PTO
37. 2 of 2
MARKS
(iii) What critical role the concept of materiality can play in shifting relevant
information for audit report?
03
(b) Today, telecommunication networks are the key to business processes in both large
and small organizations. However, organizations often do not give due priority to them
as data centers. What are the telecommunication network disaster recovery methods
and how can we protect a network by using these methods?
05
Q.5 (a) Generally, each IT platform that runs an application, supporting a critical business
function needs a recovery strategy. Discuss different alternative strategies in terms of
cost and relevant level of risk.
07
(b) “System maintenance practices refer primarily to the process of managing change to
application systems while maintaining the integrity of both the production source and
executable code.” In the light of this statement answer the following questions:
(i) Describe change management process.
(ii) How changes are deployed?
(iii) Why system documentation is important in change management process?
03
02
02
THE END
38. 1 of 1
INSTITUTE OF COST AND MANAGEMENT ACCOUNTANTS OF PAKISTAN
Fall (Winter) 2009 Examinations
Thursday, the 19th November 2009
INFORMATION SYSTEMS & I.T. AUDIT – (S-602)
STAGE-6
Time Allowed – 2 Hours 45 Minutes Maximum Marks – 56
(i) Attempt ALL questions.
(ii) Answers must be neat, relevant and brief.
(iii) In marking the question paper, the examiners take into account clarity of exposition, logic of arguments,
presentation and language.
(iv) Read the instructions printed on the top cover of answer script CAREFULLY before attempting the paper.
(v) DO NOT write your Name, Reg. No. or Roll No. anywhere inside the answer script.
(vi) There will also be a computer based practical examination of 10 marks and presentation of a project of 20
marks, which form the part of this paper.
(vii) Question No.1 – “Multiple Choice Question” printed separately, is an integral part of this question paper.
SECTION – “A” MARKS
Q.2 (a) Information systems are designed to support decision-making and management
performance in one way or another. Identify and explain each step involved in
decision-making process with the help of process flow diagram.
08
(b) How are social context and nonverbal communication important when
communication technologies are used?
06
Q.3 (a) Describe the main uses of high-level, fourth-generation, object-oriented, and web-
oriented programming languages and tools.
08
(b) Define the elements of a work system framework with the help of a diagram. 06
SECTION – “B”
Q.4 (a) IS auditors appreciate a well-managed IS department to achieve the organization’s
objectives. An effective IS department includes information systems management
practices such as personal management, sourcing and IT change management.
Explain these in detail.
08
(b) What are the typical physical access controls employed by different organizations
having sufficient IT assets and specific budgets allocated for their protection?
06
Q.5 (a) A medium-sized company is operating in a client-server environment to establish a link
with its several branches to the head office located in the same city. How can an IS
auditor ensure security of this client-server environment? Enumerate.
06
(b) Control Self-Assessment (CSA) can be defined as a management technique.
Explain. What are the benefits and disadvantages of CSA? Define IS auditor’s role in
implementation of CSA.
08
THE END
39. 1 of 2
INSTITUTE OF COST AND MANAGEMENT ACCOUNTANTS OF PAKISTAN
Spring (Summer) 2009 Examinations
Wednesday, the 20th May 2009
INFORMATION SYSTEMS & I.T. AUDIT – (S-602)
Stage-6
Time Allowed – 2 Hours 45 Minutes Maximum Marks – 56
(i) Attempt ALL questions.
(ii) Answers must be neat, relevant and brief.
(iii) In marking the question paper, the examiners take into account clarity of exposition, logic of
arguments, presentation and language.
(iv) Read the instructions printed on the top cover of answer script CAREFULLY before
attempting the paper.
(v) DO NOT write your Name, Reg. No. or Roll No. anywhere inside the answer script.
(vi) There will also be a computer based practical examination of 10 marks and presentation of a
project of 20 marks, which form the part of this paper.
(vii) Question No.1 – “Multiple Choice Question” printed separately, is an integral part of this
question paper.
MARKS
SECTION –“A”
Q.2 (a) The data communication provides the underpinning of network and electronic
commerce. Explain how the data transmits from one computer to another with
reference to OSI model?
07
(b) Information systems depend on software resources to help end-users use
computer hardware to transform data into information products. What are the
different types of such software resources? Explain each by illustrating various
examples.
07
Q.3 (a) Illustrate some benefits of using expert systems by different organizations. What
are the problems faced during the development and usage of an expert system?
05
(b) A software development life cycle (SDLC) is a logical process that ‘System
Analysts’ and ‘System Developers’ use to develop software packages. What is the
purpose of using SDLC? Explain different phases of SDLC.
05
(c) One of the tools of software development is prototyping. How does prototyping
help the software engineers in software development?
04
PTO
40. 2 of 2
MARKS
SECTION –“B”
Q.4 (a) What are the typical categories of authentication? What is two-factor
authentication? Give an example. What are TOKEN based authentication devices?
Briefly describe their working. Which category of authentication they belong to and
how?
07
(b) Describe the significance for IS auditor to ensure that hiring and termination
procedures are clear and comprehensive. How an IS auditor can ensure whether
these procedures are being practiced?
07
Q.5 (a) Briefly describe how laws and regulations affect IS audit? How IS auditors would
perform to determine an organization’s level of compliance with external
requirements?
05
(b) How unnecessary system outages resulting from system configuration can be
controlled? How IS auditors can ensure that the appropriate controls are present in
this regard? How media controls address the media transportation, storage, reuse,
and disposal activities? Give media control example for each type of activity.
05
(c) What is contracting? Define different elements of a contract? What is the purpose
of these contracts besides third-party outsourcing?
04
THE END
41. 1 of 2
INSTITUTE OF COST AND MANAGEMENT ACCOUNTANTS OF PAKISTAN
Fall (Winter) 2008 Examinations
Wednesday, the 19th November 2008
INFORMATION SYSTEMS & I.T. AUDIT – (S-602)
Stage-6
Time Allowed – 2 Hours 45 Minutes Maximum Marks – 56
(i) Attempt ALL questions.
(ii) Answers must be neat, relevant and brief.
(iii) In marking the question paper, the examiners take into account clarity of exposition, logic of
arguments, presentation and language.
(iv) Read the instructions printed on the top cover of answer script CAREFULLY before
attempting the paper.
(v) DO NOT write your Name, Reg. No. or Roll No. anywhere inside the answer script.
(vi) There will also be a computer based practical examination of 10 marks and presentation of a
project of 20 marks, which form the part of this paper.
(vii) Question No.1 – “Multiple Choice Question” printed separately, is an integral part of this
question paper.
MARKS
SECTION –“A”
Q.2 (a) With technology being getting advanced, purchasing over the internet has
become a norm. A successful e-commerce system must address many
stages consumers experience in the sales life cycle. Discuss the multi-stage
model for purchasing over the internet in detail with the help of illustration.
10
(b) There are number of challenges that must be overcome for a company to
convert its business processes from the traditional form to e-commerce
processes. Elaborate the challenges with examples.
4
Q.3 (a) How does enterprise software work? Name some business processes
supported by enterprise software. Why are enterprise systems difficult to
implement and use effectively? Name at least three (03) commonly known
popular ERP solution platforms.
4
(b) How have the value chain and competitive forces models changed as a
result of the internet and the emergence of digital firms? Briefly discuss.
4
PTO
42. 2 of 2
MARKS
(c) There were few actions by major hardware and software vendors in the past
that initiated discussion about the need for consumers to be on guard to
protect their privacy. Describe and discuss at least two most important
cases in this regard.
6
SECTION –“B”
Q.4 (a) Why the test of Disaster Recovery and Business Continuity Planning is so
important? What are the important elements to be considered and what
tasks should be accomplished by such test?
7
(b) Why are digital signatures and digital certificates important for electronic
commerce? What are three major issues when a certificate is needed to be
revoked? Also describe a CRL.
4
(c) What are controls? Distinguish between general controls and application
controls.
3
Q.5 (a) It is a general belief that an IS auditor’s conclusions must be based on
sufficient, relevant and competent evidence. Elaborate the techniques for
gathering evidence.
5
(b) What is Artificial Intelligence System (AIS) and what are the major branches
of (AIS)? Discuss expert systems along with their capabilities and
characteristics limiting their current usefulness.
9
THE END
43. 1 of 2
INSTITUTE OF COST AND MANAGEMENT ACCOUNTANTS OF PAKISTAN
SPRING (SUMMER) 2008 EXAMINATIONS
Sunday, the 25th
May, 2008
INFORMATION SYSTEMS & I.T. AUDIT – (S-602)
Stage-6
Time Allowed – 2 Hours 45 Minutes Maximum Marks – 56
(i) Attempt ALL questions.
(ii) Answers must be neat, relevant and brief.
(iii) In marking the question paper, the examiners take into account clarity of exposition, logic of
arguments, presentation and language.
(iv) Read the instructions printed on the top cover of answer script CAREFULLY before
attempting the paper.
(v) DO NOT write your Name, Reg. No. or Roll No. anywhere inside the answer script.
(vi) There will also be a computer based practical examination of 10 marks and presentation of a
project of 20 marks, which form the part of this paper.
(vii) Question No.1 – “Multiple Choice Question” printed separately, is an integral part of this
question paper.
Marks
SECTION –“A”
Q.2 (a) It is a fact that the majority of enterprises could not succeed without the
possession of data concerning their external environment and their internal
operations. How can the use of data flow diagrams aid enterprises through
the provision of better quality decision – making information?
4
(b) A system must pass the ACID test to be considered as a true transaction
processing system. What are the properties of ACID test?
5
(c) Fuzzy logic system deals with “approximate reasoning”. Does it make sense
to apply it to control systems? Why or why not?
5
Q.3 (a) The accuracy of the outcome of a cost-benefit analysis is dependent on how
accurately costs and benefits have been estimated. Inaccurate cost-benefit
analysis may be argued to be a substantial risk in planning, because
inaccuracies of the size documented are likely to lead to inefficient decisions.
What are the causes of inaccuracies in cost and benefit estimations?
6
PTO
44. 2 of 2
Marks
(b) ABC Software Company has to develop a software automation system for a
local textile company with a very basic IT infrastructure. Is it a good idea to
develop prototype of the system before developing full – fledged system?
Discuss.
4
(c) The biggest concern with the biometric security is the fact that once a
fingerprint or any other biometric source has been compromised it is
compromised for life, because user can never change their fingerprints. Is this
concern valid? Discuss with reasoning.
4
SECTION –“B”
Q.4 (a) Describe automated evaluation techniques along with their complexity levels
applicable to continues online auditing. Also mention the circumstances under
which each type can be used.
7
(b) What are the physical and logical access points that need to be checked for
unauthorized exposures of critical IT assets?
7
Q.5 (a) Give details of active and passive attacks with two examples of each type? 4
(b) Why a proper configuration for firewalls is essential? 3
(c) Describe the purpose of library control software. 7
The End