Answer all of the questions below. You can use this file and expand it as necessary. If you wish, you can submit new Word file with your answers, with each question labelled with the questions number and sub-section letter (a, b, c, etc.) if it applies. In general for each sub-section of the question, use 2-3 sentences or bullet points to explain your answer. You can use more or less space as required. It is recommended that you use examples where possible.
1. A business has launched a new product line that has resulted in significant business and related data growth. A database/TPS application is facing issues with using too much disk storage. It is becoming critical and the organization may need to buy additional data storage at a cost of $20,000. The system has been storing information for the last 15 years and the business says this information is required for internal reporting. Data growth for years 1 through 12, was about 5% a year. For the past 3 years, it’s been a steady 20% per year. Similar data exists in the data warehouse, but specific business analysts say the data warehouse requires too much time to generate necessary reports.
a. (5 pts) How could you use the theory of 90/90 data use to determine how much data is actually required for real-time reporting? Provide an example of a proposed solution for the business to reduce the dependency on the TPS for reporting data that is 1 year old.
b. (5 pts) Explain why you would or would not just buy the data storage now to eliminate any additional debate and minimize any changes to the system.
c. (5 pts) You could just force the business to use only the last 90 days of data with the TPS application, and require them to use the data warehouse for any data 90 days. While technically this makes sense, explain why this may not be a good business move for the IT department.
2. A two (2) year old organization is growing at a 20% annual growth rate. As a result, the organization is hiring people on a global basis. This has created an increasing need to share information among its employees, interact with vendors, and do so in a very secure methodology. The employees are 90% remote, working from home or satellite offices around the world.
a. (10 pts) What are the 3 general types of networking technology that the organization should consider for providing a secure “tunnel” from their remote connections, share information only among the employees, and provide network access as required for external vendors and other business partners?
b. (5 pts) What is the order that the each of the networking technologies should be implemented? At a minimum, provide a 2-3 sentence justification for the network technology that you chose to be the first one implemented.
3. An oil exploration organization that has been in business for over 20 years, is considering reducing costs by eliminating physical office space, and allowing people to work from home. In addition, the sales force has an objective to increase visits to customer sites by 50% in the next 3 years. This implies the majority of the remote workers, during the next few years, will be traveling by car, to construction sites, as well as other “non-traditional” and outdoor locations.
a. (5 pts) The employees already have cable internet connections to their house that are paid for by the company. What is a low cost approach to providing phone service using these existing Internet connections? Provide an example of why the employee may want to use this technology, as opposed to using their cell phones when working from home.
b. (5 pts) For the sales force traveling to other remote sites, what technology should they consider for laptop connections in the field? Explain how this technology differs from Wi-Fi, and why it is better for use in the field.
4. (10 pts) A graphic design business with little prior knowledge of building web sites, is considering getting into the business of offering full web site design, support, and other services. A consultant advises the company that they should understand some of the protocols associated with web site design.
Name (3) communications protocols that the graphic design firm should gain an understanding. Include a one sentence explanation for each and why it is important to web site development and support.
5. (10 pts) Name two (2) common means of exploiting end user access (hacking) to web or other on-line systems . For each means of exploiting the system, explain what can be done, if anything, with User Authorization or Authentication, to reduce the likelihood of future occurrences of the exploitation. If you don’t believe either can positively impact the hacking process, explain your position.
6. (10 pts) Name three (3) general controls that are recommended for informational security and support of a Business Continuity Plan. Provide a one sentence overview of each control. Write “Lowest Automation” next to the control with the lowest amount of automation in its implementation. Write “Privacy Issues” next to the control that has the highest chance of impact with an individual’s right to privacy.
7. (10 pts) In the implementation of improved cyber-security, and organization is focusing on implementing the ______________ model. Of the four (4) general steps of the model, the organization has obtained senior management commitment and support. What are the next two (2) steps of the process, in order, should the organization be now focusing on implementing? At which of these steps are the notification procedures implemented?
8. (5 pts) True or False – Inventory systems should seek to maximize safety stock. Justify your answer.
9. (10 pts) Your organization is working with a consultant that is focusing on improving your business processes with the implementation of an SAP ERP system. Your organization has a number of older systems that currently operate very well in their selected core business processes. As you address the concept of integrating these older systems with the ERP system, the consultant is not very receptive to scoping the work and proposes a weak solution for this portion of the project. Name two (2) reasons, and explain why the consultant is not very enthusiastic about the integration of legacy and ERP systems.
10. (5 pts) Of the four (4) general categories of controls employed in information security, name one control (category) that can help detect fraud symptoms such as employees that do not take vacations. List the control along with a one sentence definition of the control. Select two (2) of the Fraud Symptoms that it can a) help detect, and b) how it would detect the symptom.