1. Page 1 of 2
IT GOVERNANCE
Time allowed – 3 hours
Total marks – 100
[N.B. – The figures in the margin indicate full marks. Questions must be answered in English. Examiner will take account of
the quality of language and of the manner in which the answers are presented. Different parts, if any, of the same
question must be answered in one place in order of sequence.]
Marks
1. One employee of your organization has been associated with writing false and negative write ups about
your company that is harming its reputation. Finding this out, you have decided to take measures against
this action following a legal way.
a. Does this type of behavior fall under the ICT Act, 2006 of Bangladesh? If so, describe the extent of
behavior it covers. 3
b. What is the punishment of such action under this act? 2
2. The government organizations of Bangladesh are currently being equipped with IT infrastructure to
enable IT services. As a result, an important decision to make is whether to buy proprietary software,
operating system and office applications or to use the open source ones.
a. According to the National IT Policy, 2009, what should be the decision in this case? Describe. 3
b. Describe the convenience of the decision according to the National IT Policy, 2009. 2
3. Your company and BitX.com are on a financial agreement that has led to both parties relying on the same
data. To facilitate trade between both parties, a clearing house is formed. However, the clearing house is
a third-party and the centralized point of failure. You want to increase trust in such multi party cross
boundary transactions.
a. How you will achieve such goals? Justify your answer. 5
b. In this connection, explain the blockchain technology. 5
4. You have been appointed as the business analyst of a well-known multi-national company. The company
has some experts who collaboratively work toward providing business solutions. Often, it takes time to
resolve conflict in expert opinions. Furthermore, the company suffers problems after an expert leaves the
organization. You have been assigned the task to overcome these problems.
a. Mention what you will use to solve these problems. Justify your choice. 3
b. Describe the components of such system that will give a good solution. 7
5. You are the manager of a newly opened local restaurant. As a newcomer in the area, you are to compete
with the big names that are available around you. To do this, you have decided to exploit information
technology which the other restaurants have not adopted yet.
What competitive strategy will you follow to provide special services to the most profitable customers? 5
6. Although you have planned on using information technology to gain competitive advantage, you still are
not sure on which area this can be applied. It is important that you understand what and where you need
to apply competitive strategies to get the full picture of the organization’s competitive advantage model.
a. What model you will follow to develop this type of understanding? Justify your answer. 5
b. Draw a diagram of such model mapping specific areas and corresponding information technology
support for that area. 5
2. Page 2 of 2
7. (a) Your company is considering to set up a system for email marketing. During email marketing, you
aim to sign customers for receiving emails about promotions, newsletters etc. However, according
to company policy, the user may back out from receiving emails. What is the email marketing
strategy you would follow in this case? Justify your answer. 5
(b) If a customer tells you that you’ve been sending them strange emails or spamming their social media
pages with posts that you aren’t likely to send, you’re probably already aware what happened: your
email account has been hacked. What are the four things you should do when your email gets
hacked? 5
(c) One of the most important factors of a company is to provide security to its information resources.
As an information security consultant of a well-known company which has recently gone through
security exposures and attacks, you hold the responsibility to design an effective information
security management technique.
What are the key elements you need to ensure for such level of information security? Describe the
inventory and classification of information assets of the company. 5+5
8. You, as a part of the system design team, are planning to perform analysis and design of a new product
of the company. You are thinking about which design approach to follow. The requirement is that parallel
activities should be supported and you may get back to previous activities to improve on them.
a. What is the appropriate system analysis and design approach according to this requirement? Justify
your answer. 3
b. Describe the approach in a step by step manner. 7
9. Your company has been using a software solution for managing its transactions for a long time. Currently,
a more improved version of the software has been developed. To use the new system, the old system has
been directly turned off and the new system has been turned on in place of the old system.
a. What are the dangers associated with such conversion procedure? 3
b. How can you overcome such danger within a limited cost? 2
10. (a) What is an information system (IS) audit? What is focus of an IS audit? 2+2
(b) Why do you think IS Audit is necessary in different Sectors: (i) Telecommunication companies,
(ii) Bank and non-bank financial institutions, (iii) Insurance companies, (iv) Manufacturing
companies like Pharmaceuticals and Textiles? 4x3=12
(c) Describe the role of an IS auditor in governance of Enterprise IT. 4