INSTRUCTIONS TO STUDENTS 1) This assignment consists of THREE PART ONLY. 2) This assignment carries a 60% weightage towards your final grade. 3) Your assignment will be examined based on the followings criteria: • ability to show comprehension on the subjects • ability of using methods available in the learning materials. 4) Plagiarism in all forms is forbidden. Students who submit plagiarised assignment will be penalised. PART 1 Instructions: Each case is worth 10 marks. Total Marks is 40. • For each of the cases below, please respond to the question(s) appearing at the end of each case. • Strictly confine your responses to 250 - 350 words for each case. Penalty will be imposed if you do not follow the word limit. • Remember to document your sources (Internet sites, text material, outside readings, etc.). Your marks will depend heavily based on the originality of your answer. Case 1 Marcum State University [Marks 10] The personnel department at Marcum State University has recently purchased PCs for individual offices in the various departments so that they can keep their own records. In the past, all records were stored on the university's mainframe computer. By decentralizing this computer function, each department will have better control over its individual records, and the security of these records will be easier to manage. Most of the departments would like to transfer personnel records of faculty, staff, and student employees in their departments to their PCs from the mainframe. Dr. John Gould, Chairperson of the Accounting Department, would like to use the personnel data regarding the people in his department to generate some statistics concerning salaries, vacation days used, and absences. Rather than code the files or use social security numbers, Dr. Gould would like to keep the names of the individuals with the information that is recorded about them. • What are some of the security considerations in this conversion? • What are some of the ethical and legal ramifications of keeping files with a person's name attached? • What might be a better way of extracting (and storing) this information to ensure maximum security and control? Case 2 Bishop Enterprises [Marks 10] Bishop Enterprises, located in Seattle, Washington, is a medium-sized business specializing in building concrete structures (storage building, bridges, utility buildings, and various defense-related installations). Peter Bishop, president of the company, states that security of its computer systems is critical due to the competitiveness of the commercial concrete industry and the need to protect defense-related information. BE's computer system, as is typical of many, grew on an ad hoc basis as the company grew. Security was not an issue in the early days when there were only a few key employees and the day-to-day, hands-on-management style assured constant vigilance. Mr. Bishop now feels that a solid security package should be added to ensure the ongoing protection of the computer operation. Mr. Bishop has assigned the task of evaluating several security packages to the director of computer operations, James Clarke. The four objectives that Mr. Clarke has defined for the package selected are: 1. Accountability 2. Auditability 3. Integrity 4. Usability What factors should be included in an official policy statement sent out with the request for proposal to the vendors? Write a clear and concise statement so that the vendor is able to respond correctly. Case 3 Read the following scenario and then answer the questions below. [Marks 10] "Stafford, Cripps Stockbrokers, Accounts Dept, Susan Briggs speaking" "Susan – we need your help. I'm Dave Bloggs, manager of the new audit division. I'm doing a statutory audit of the accounts system and need a password to check access controls. What is your password?" "Are you from that new division in Manchester controlled by Mr Stafford himself?" "Yes - that's us" "I would like to help but I cannot give you my password without authorization from my manager" "Glad to see you're careful Susan - I'll contact your manager directly - what is his name?" "Michael Phillips" "Many thanks - I'll speak to Mike and mention your help" Later: "Stafford, Cripps Stockbrokers, Accounts Dept, John Nugent speaking" "Good morning John. I'm Dave Bloggs, assistant manager to Mr Stafford the CEO in Manchester. We are redesigning the accounts system with your manager Michael Phillips and John, we've decided to include you on our team" "Really? Thank you" "It will be a demanding role but it is a high profile project - do well and promotion could be yours. So, John, to get things rolling I need some help from you. We've already approached your colleague Susan Briggs for her password and now need yours." "Of course - it's o-p-e-n-d-o-o-r" "Thank you John" • In the context of the above scenario, define the term ‘social engineering’. • In the above scenario, identify FOUR (4) instances where the staff member was subject to a social engineering technique. Identify the technique and say why it was used. • Compare different methods of making staff more aware of ‘social engineering’ techniques.   Case 4 Bank of Shenandoah Valley [Marks 10] Today, banks are transferring large sums of money electronically and facing enormous exposure in the process. The Bank of Shenandoah Valley, located in Roanoke, Virginia, is actively involved in this process. The possibility of funds transfer fraud is prompting many banks to adopt protective measures. The two most common techniques used in the banking industry are encryption and message authentication. Encryption involves the scrambling of messages sent-for example, from a commercial bank to the Federal Reserve Bank. An authenticated message is sent clear-anyone who intercepts it can read it. Tacked on to the message is a related secret code that only the receiving party is capable of decoding. Most observers say that authentication offers more security than encryption because a key is involved. The Bank of Shenandoah Valley is considering both options and needs to address the following questions: • Are there major differences between the two techniques? • Are all messages critical or would encryption/authentication be applied only to certain transmittals? If so, which ones? • Will these processes slow down operations? • What other safeguards should be considered? (Provide 3 suggestions) PART 2 Instructions: This assignment consists of FIVE (5) questions. Answer ALL questions based on the the Working Paper No 3 – Educational Management Information System: A short Case Study of Mozambique (refer as WP3). Your assignment will be examined based on the followings  a complete working solution.  ability of using methods available in the learning materials. INSTRUCTION: Answer ALL questions. Refer to the Working Paper No 3 – Educational Management Information System: A short Case Study of Mozambique (refer as WP3). Total: 50 marks Question No. 1 State FIVE areas in which have been the major problems in managing the education development in Mozambique and such problems would be appropriate to be solved using information system. Explain in your words for each of the problem areas and describe why you think it can be solved using the Information System. [15 marks] Question No. 2 Give THREE examples of the educational process described in WP3 and state whether it can be supported with TPS (Transactional Processing System), MIS (Management Information System) or SIS (Strategic Information System). Explain the reason of your choice. (Note: One example for each type of Information System). [9 marks] Question No. 3 Identify ONE example for strategic decision and tactical decision that EMIS shall be able to support. In your example, describe in what way the system would be able to support. [6 marks] Question No. 4 Assume that the EMIS is to be developed. Construct a schematic diagram to illustrate the enterprise system of EMIS which includes AT LEAST THREE sub components of information system. Describe TWO functionalities for each of the sub components in terms of what it does and how does it interact with other subcomponents. [10 marks] Question No. 5 State TWO examples of strategic information system that can be built on EMIS and explain in what way the proposed SIS can assist in making strategic decisions. [10 marks] PART 3 INSTRUCTION: 1. Refer to the following articles – Article 1 – Kenya Case, Article 2 – IS Business and Article 3 – Measuring Model 2. Answer ALL questions (40 marks). Note: All questions must be answered in relation to the Article 1, Article 2 and Article 3. Question No. 1 State THREE variables that can be used in measuring the success of IS implementation. For each variable explain what are the factors that should be considered in order to ensure these targeted values for these variables are achieved. [12 marks] Question No. 2 Give TWO examples of IS failure in the context of “Environmental Failure” and “Use Failure” as far as ICT project failure is concern. [6 marks] Question No. 3 State THREE reasons why there is a misalignment between the ICT strategic planning and the business mission and objectives. [6 marks] Question No. 4 Consider that “Improving efficiencies and effectiveness in rendering services” as one of the critical success factor (CSF) in the IS strategic planning, in your opinion what would be the THREE goals that are essential to address this CSF. [6 marks] Question No. 5 Refer to the DeLone and McLean IS success model. Describe using your own words how it is being used in measuring the success of IS implementation.. [10 marks] END OF QUESTION