IT GOVERNANCE

Time allowed- 3:30 hours

[N.B. - The figures in the margin indicate full marks. Questions must be answered in English. Examiner will take account of the
quality of language and of the manner in which the answers are presented. Different parts, if any, of the same question
must be answered in one place in order of sequence.]
Marks
1. a) What is the major objective area for the “Initiate ICT Professional Skill Assessment and
Enhancement Programme (IPSAEP)”, mentioned in National ICT Policy, 2009? Who are the
primary actors? How would this programme benefit the nation? What are the short term and mid
term goals of this action item? 4
b) What are the five moral dimensions of the information age that arise from major ethical, social,
and political issues? Describe in brief. 6
2. a) What are the four components used by the decision support systems to support semistructured
business decisions? 3
b) Among the major reporting alternatives of management information systems, one is the “exception reports”.
Describe the exception reports with examples. What benefit is provided by the exception reports? 3
c) Explain clearly how data visualization systems make data more meaningful to the user. 5
d) Describe in detail the natural interfaces mentioning the various components from the perspective
of artificial intelligence. 5
e) What is “conflicting blocks” in blockchain? How is this resolved in bitcoin? 4
3. a) What is the set of assumptions that organizational culture encompasses? Explain. How does the
concept of organizational culture apply to your university or college? How does it benefit as a
unifying force? What are the effects of organizational culture on technological change? 7
b) Explain how the use information systems allow one to focus on market niche. 3
c) What kind of organization should use IT governance? What should be done to ensure a smooth
implementation of and positive results from an IT governance framework? 5
4. a) Discuss in detail the security of Wi-Fi networks. 6
b) Which type of software are vulnerable to SQL injection attacks? Explain how this attack occurs. 3
c) Describe computer forensics from the perspective of court of law. What are the basic principles of an
effective electronic document retention policy? What are the problems that computer forensics deal with? 5
d) Explain how computer profiling and mistakes in the computer matching of personal data may act
as controversial threats to privacy. 3
e) Define digital certificates. What is the role of Public Key Infrastructure (PKI) in the context of
digital certificates? 3
5. a) When carrying out feasibility study of a proposed e-commerce system for a business, what are the
issues that human factors feasibility needs to focus? Elaborate. 3
b) During the analysis phase a logical model of the current system is constructed. Explain the concept
of logical model with a relevant example. 4
c) In the user interface design, what are the activities the designers need to concentrate on? Why is
user interface design frequently called a prototyping process? 3
d) Describe the scenario under which implementing new information systems for an organization
requires data conversion. What are the major data conversion activities? Why is a good data
conversion process essential? When should a data conversion be carried out? 5
6. a) What are the steps an IS auditor would perform to determine an organization’s level of compliance
with external requirements? 4
b) Explain the purpose of internal controls in the context of risk to an organization. What are the two
key aspects that internal controls should address? 6
c) Explain COBIT 5 with reference to GEIT. What are the five key principles COBIT 5 is based on? 4
d) Compare financial audit and operational audit. How is integrated audit related to these two? Elucidate. 3
e) What is the purpose of risk-based audit approach? Explain the major concept of risk-based audit. 3
---The End---
Page 1 of 1