FINAL COURSE: GROUP – II
PAPER – 6: INFORMATION SYSTEMS CONTROL & AUDIT
Question No. 1 is compulsory.
Attempt any five questions from the remaining six Questions.
1. ABC Ltd. is a leading company engaged in the manufacturing of various automobile parts having its sales offices in various major cities of India. The company is facing the problems relating to its data management on real time basis in spite of having various stand-alone computerized systems. To overcome these problems, the company engaged a Technical Consultant to prepare a detailed report regarding the issues and their possible solutions. The consultant called a meeting of all the stakeholders and deliberated in-depth for various issues. Afterwards, he prepared a detailed report and submitted to the top management of the company. The key recommendation was to implement a real time ERP package, which equips the enterprise with necessary capabilities to integrate and synchronize the isolated functions into streamlined business processes in order to gain a competitive edge in the volatile business environment. In addition, the other major suggestion was to consider information security related issues on top priority while going to implement ERP package. He further suggested that the best practices of information security should be implemented right from the inception of the system, which will in turn provide a more secure system having capabilities like resistance, tolerance and recovery against any malicious event.
Read the above carefully and answer the following:
a) ‘Discuss ‘Big Bang’ and ‘Phased’ implementation techniques of ERP packages in brief.
b) ‘What are various backup techniques? Which backup technique you will recommend and why?
c) Moving forward how can ABC ltd, establish better information protection ?
d) As an IS Auditor, what are the steps to be followed by you while conducting IT auditing? (5 × 4 = 20 Marks)
a) COBIT 5 Enablers (7 Marks)
b) Limitations of MIS? (5 Marks )
c) Discuss various Boundary control techniques? (4 Marks)
a) Revocation of Digital signature certificates (6 Marks)
b) Contents of SRS (System requirement specification)? (6 Marks)
c) Threats to computerized environment? (6 Marks)
a) Myths of ERP System? ( 3 Marks)
b) ITIL as an IS Standard? ( 5 Marks )
c) Discuss various technical exposures wrt various issues relating to logical access control ( 8 Marks)
(a) Discuss Alternate Processing facility arrangements? (5 Marks)
(b) Discuss RAD approach along with its Strength and Weaknesses? (7 Marks)
(c) Snap shot? (4 Marks)
(a) Responsibility Allocation wrt Information Security Policy? (5 Marks)
(b) Define the following:
· Countermeasure ( 5 Marks)
(c) What are the factors on which Information requirement depends? (6 Marks)
Write short notes on any four of the following: (4 x 4 = 16 M)
(a) Business Modeling (4 Marks)
(b) What is meant by PIR? How it is done? (4 Marks)
(c) Objectives of Information security (4 Marks)
(d) Protected System (Section 70 – ITAA 2008) ( 4 Marks)
(e) 4 Phases of ISMS (4 Marks)