FINAL COURSE: GROUP – II
PAPER – 6: INFORMATION
SYSTEMS CONTROL & AUDIT
Question No. 1 is compulsory.
Attempt any five questions from the remaining six Questions.
1.
ABC Ltd. is a leading company engaged in the manufacturing
of various automobile parts having its sales offices in various major cities of
India. The company is facing the problems relating to its data management on
real time basis in spite of having various stand-alone computerized systems. To
overcome these problems, the company engaged a Technical Consultant to prepare
a detailed report regarding the issues and their possible solutions. The
consultant called a meeting of all the stakeholders and deliberated in-depth
for various issues. Afterwards, he prepared a detailed report and submitted to
the top management of the company. The key recommendation was to implement a
real time ERP package, which equips the enterprise with necessary capabilities
to integrate and synchronize the isolated functions into streamlined business processes
in order to gain a competitive edge in the volatile business environment. In addition,
the other major suggestion was to consider information security related issues on
top priority while going to implement ERP package. He further suggested that
the best practices of information security should be implemented right from the
inception of the system, which will in turn provide a more secure system having
capabilities like resistance, tolerance and recovery against any malicious
event.
Read the above carefully and answer the following:
a)
‘Discuss ‘Big Bang’ and ‘Phased’ implementation
techniques of ERP packages in brief.
b)
‘What are various backup techniques? Which backup technique you will
recommend and why?
c)
Moving forward how can ABC ltd, establish better information protection
?
d)
As an IS Auditor, what are the steps to be followed by you while
conducting IT auditing? (5 × 4 = 20 Marks)
Question 2:
a)
COBIT 5 Enablers (7 Marks)
b)
Limitations of MIS? (5 Marks )
c)
Discuss various Boundary control techniques? (4 Marks)
Question 3
a)
Revocation of Digital signature certificates (6 Marks)
b)
Contents of SRS (System requirement specification)? (6 Marks)
c)
Threats to computerized environment? (6 Marks)
Question 4
a) Myths of ERP System? ( 3
Marks)
b) ITIL as an IS Standard? ( 5 Marks )
c) Discuss various
technical exposures wrt various issues relating to logical access control ( 8 Marks)
Question 5
(a) Discuss
Alternate Processing facility arrangements? (5 Marks)
(b) Discuss
RAD approach along with its Strength and Weaknesses? (7 Marks)
(c) Snap shot? (4 Marks)
Question 6
(a) Responsibility
Allocation wrt Information Security Policy? (5 Marks)
(b) Define
the following:
·
Asset
·
Vulnerability
·
Countermeasure ( 5 Marks)
(c) What
are the factors on which Information requirement depends? (6 Marks)
Question 7
Write short notes on any
four of the following: (4 x 4 = 16 M)
(a) Business
Modeling (4 Marks)
(b) What
is meant by PIR? How it is done? (4 Marks)
(c) Objectives
of Information security (4 Marks)
(d) Protected
System (Section 70 – ITAA 2008) ( 4 Marks)
(e) 4
Phases of ISMS (4 Marks)
