THE UNIVERSITY OF THE SOUTH PACIFIC

SCHOOL OF ACCOUNTING AND FINANCE

AF 302 – INFORMATION SYSTEMS

(Semester 1 - 2017)

MID-SEMESTER EXAM

(Time allowed: 2hours + 10 min extra reading time)

(Exam Date: Wednesday 22nd March, 8-10pm)

(30% Weighting towards Coursework)

INSTRUCTIONS FOR CANDIDATES:

 THERE ARE 4 QUESTIONS IN THIS EXAM PAPER -

ATTEMPT ALL QUESTIONS.

QUESTION DESCRIPTION MARK SUGGESTED

ALLOCATION TIME
1 Multiple Choice Questions 25 30 MINUTES
2 Short - Answer Questions 25 30 MINUTES
3 Case Study 1 Questions 25 30 MINUTES
4 Case Study 2 Questions 25 30 MINUTES

TOTAL 100 2 HOURS

_______________________________________________________________
Question 1 Multiple Choice Questions [25 marks]
Circle the best answer in the multiple choice grid provided in your answer booklet.
Each question is worth 1 mark.

1. Enterprises can acquire the latest business apps and digital services as they are needed and
without large upfront investments by switching from owning IT resources to ________.

a. cloud computing
b. private data centers
c. data synchronization
d. machine-to-machine technology

2. The field of ________ involves managing and analyzing massive sets of data for purposes
such as target marketing, trend analysis, and the creation of individually tailored products
and services.

a. Data science
b. Cloud computing
c. Machine-to-machine technology
d. Business models

3. All of the following are examples of the influence of social, mobile, and cloud technologies
except ________.

a. Connections and feedback via social networks have changed the balance of
influence.
b. Customers expect to use location-aware services, apps, alerts, social networks,
and the latest digital capabilities at work and outside work.
c. Customer loyalty and revenue growth depend on a business’ ability to offer
unique customer experiences that wow customers more than competitors can.
d. Consumers are less likely to trust tweets from ordinary people than
recommendations made by celebrity endorsements.

4. Which if the following is not an example of the Internet of Things is being used by
businesses?

a. A network of ground sensors that allow agricultural operations to adjust the

amount of fertilizer and water applied to specific field locations.
b. Sensors in shoppers club cards that make it possible for retailers to offer
discounts or promotions to consumers at the point of sale.
c. Sensors in rental cars that allow companies to base rates on the driving behavior
of their customers
d. Sensors on packages of cereal, pasta, soup or other food products made for
children that allow companies to determine young consumer’s satisfaction with
the nutritional value of the product.

2
5. ________ is the control of enterprise data through formal policies and procedures to
help ensure that data can be trusted and are accessible.

a) Data governance
b) Master data management
c) Business strategy
d) Data standardization

6. Which of the following is not one of the reasons for information deficiencies?

a. Data silos
b. Lost or bypassed data
c. Distributed systems
d. Nonstandardized data formats

7. Which of the following descriptions about enterprise architecture (EA) is false?

a) EA is the blueprint that guides and governs software add-ons, upgrades,

hardware, systems, networks, cloud services and other IT.
b) EA is a well-thought out IT growth plan.
c) EA is needed for simple, single-user, nondistributed systems as well as
complex distributed systems.
d) EA starts with the organization’s target—vision of the future.

8. The overall goal of information management is ___________.

a) To reduce costs and maintain high standards of information security by setting

strict guidelines for access.
b) To design and implement a well–planned out IT architecture, policies, and
procedures needed to support the information and decision needs of an
organization.
c) To insure compliance with government regulations regarding privacy, security
and confidentiality.
d) Reduce the size of an organization’s workforce and reliance on skilled
employees.

9. The supply of oranges used by Coca-Cola has a three-month growing season, but orange
juice production is year-round. Therefore, producing orange juice with a consistent taste
year-round is complex. How does Coca-Cola deal with this complexity and keep their
orange juice taste consistent?

a. An orange juice decision model was developed that combines detailed data on
the 600+ flavors that make up an orange.
b. A decentralized data model was developed to respond to consumer
preferences.
c. Legacy systems were replaced with data silos to manage big data.
d. A data governance program was implemented to ensure that juice preferences
are achieved.

3
10. Which of the following data management technologies store data that are generated by
business apps and operations?

a) Data marts
b) Data warehouses
c) Databases
d) Transaction-processing systems (TPS).

11. Data in a ________ are volatile because record transactions.

a. Database
b. Data warehouse
c. Data mart
d. Data silo

12. An accurate and consistent view of data throughout the enterprise is needed so one can
make informed, actionable decisions that support the business strategy. A function
performed by a DBMS to integrate, match, or link data from disparate sources is data
_____________.

a) filtering
b) profiling
c) synchronization
d) maintenance

13. Basic functions of business networks are all of the following except _______.

a. Search
b. Mobility
c. Collaboration
d. Routers

14. Network ________ are devices that transmit ________from their source to their
destination based on IP addresses.

a) switches and routers: data packets

b) APIs; data packets
c) routers; digital signals
d) firewalls; digital signals

15. In terms of digital transmissions, _______ transfers data in small blocks based on the
destination IP address.

a) Chunking
b) Circuit switching
c) Packet switching

4
 d) IP Streaming
16. To insure QoS of a network, an alternative to “prioritizing traffic” is to __________,
which means holding back traffic from non-time sensitive apps so that apps like voice
and video run more effectively.

a) Throttle traffic
b) Block traffic
c) Re-direct traffic
d) Filter traffic

17. The main cause of data breaches is ________, which is so successful because of
________ when management does not do enough to defend against cyberthreats.

a. Hacking; highly motivated hackers

b. Hacking; negligence
c. Malware; BYOD
d. Malware; negligence

18. Which of the following represents a cybersecurity concern about employees using their
own smartphones for work purposes?

a. Employees will spend too much time playing games or using entertainment and
recreation apps, thus reducing productivity.
b. Managers will be unable to monitor the time spent on personal calls made
during work hours.
c. Many personal smartphones do not have anti-malware or data encryption apps,
creating a security problem with respect to any confidential business data
stored on the device.
d. Consumer-quality equipment are more likely to break or malfunction than
enterprise quality devices.

19. One of ________ specialties is finding websites with poor security, and then stealing and
posting information from them online.

a. LulzSec’s.
b. .RSA’s
c. Fraudsters’
d. Botmasters’

20. Government and corporate officials concerned about security threats do not bring their
own cell phones or laptops when traveling overseas. Instead, they bring loaner devices
and follow strict security procedures including not connecting to their domestic network
while out of the country. These procedures are referred to as _________.

a. Black Ops procedures

b. Do-Not-Carry rules
c. Foreign Threat Prevention procedures

5
 d. Strict Security standards
21. Nike’s website had been built using Java technology, which created attractive webpages.
However, the site was practically invisible to tools called ________ that search engines
use to crawl webpage content.

a. browsers
b. scripts
c. spiders
d. swellpaths

22. Changing the design and content of a website to improve its ranking in SERPs is called
______.

a) Semantic search
b) Organic search
c) SEO
d) SEM

23. ________ rely on sophisticated computer programs called spiders or crawlers that surf
webpages, links, and other online content that are then stored in the search engine’s
page repository.

a) Crawler search engines

b) Information retrieval engines
c) Semantic search engines
d) Web directories

24. Forrester Research estimates that ________ is the largest segment of the digital
marketing category.

a) Pay-per-click advertising
b) Search marketing
c) Social media optimization
d) Mobile search

25. ________ systems base their recommendations on factors such as age and income; and
________ filtering systems typically rely on information about a person’s behavior, such
as purchases and product ratings.

a. Demographic; collaborative
b. Similarity; comparison
c. Knowledge; expert
d. Content; collaborative

6
_______________________________________________________________
Question 2 Short Answer Questions [25 marks]

A. Explain Porters’ five forces model and give an example of each force. [5 Marks]

B. What is a data silo and why do organizations still have information deficiency
problems? (5 Marks]

C. What is the function of master data management (MDM)? Also explain the four V’s of
data analytics. [5 Marks]

D. What is Net neutrality? What factors should be considered when selecting a mobile
network? [5 Marks]

E. What are the four steps in the defense-in-depth IT security model? [5 Marks]

7
_______________________________________________________________
Question 3 Data Management [25 marks]

$55 Million Data Breach at American Point

American Point is a leading data broker and credentialing service organization in United
States. It maintains 19 billion public records on more than 220 million U.S. citizens. The
company buys personal data, including names, Social Security numbers, birthdates,
employment data, and credit histories, and then sells the data to businesses and
government agencies. Marketing, human resources, accounting, and finance departments
rely on American Point’s data for customer leads, background checks, and verification.
Roughly 70 percent of American Point’s revenue is generated by selling consumer
records for insurance claim verifications and workplace background screenings.
American Point was exposing the data to risk by ignoring its policy to verify that
potential customers were legitimate before selling data. Disaster was foreseeable. In early
2000, without doing an adequate background check, American Point provided hackers
with customer accounts, which they used to illegally access databases and steal
confidential data. By May 2008, that security lapse had cost the company over $55
million in fines, compensation to potential victims of identity theft, lawsuit settlements,
and legal fees. Then in June 2008, the company also paid $10 million to settle a class
action lawsuit.

Disclosing the Problem Publicly

On February 15, 2005, American Point reported that personal and financial data of
145,000 individuals had been “compromised.” All of the individuals were at risk of
identity theft after Olatunji Oluwatosin, a Nigerian national living in California, had
pretended to represent several legitimate businesses. Ironically, Oluwatosin’s credentials
had not been verified, which enabled him to set up over 50 bogus business accounts.
Those accounts gave him access to databases containing personal financial data.
Oluwatosin was arrested in February 2005, pleaded guilty to conspiracy and grand theft,
and was sentenced to 10 years in prison and fined $6.5 million. The state and federal
penalties facing American Point were much larger. Privacy and antifraud laws required
that American Point disclose what had happened. California’s privacy breach legislation
requires that residents be informed when personal information has been compromised.
Outraged attorneys general in 44 states demanded that the company notify every affected
U.S. citizen. At the federal level, American Point was charged with multiple counts of
negligence for failing to follow reasonable information security practices. In 2005, the
company was hit with the largest fine in Federal Trade Commission (FTC) history—$15
million. The FTC charged American Point with violating:
• The Fair Credit Reporting Act (FCRA) for furnishing credit reports to subscribers
who did not have a permissible purpose to obtain them and for not maintaining
reasonable procedures to verify its subscribers’ identities.
• The FTC Act for false and misleading statements about privacy policies on its
Web site.
On March 4, 2005, in what was a first for a publicly held company, American Point filed

8
an 8-K report with the SEC warning shareholders that revenue would be adversely
affected by the data breach. In January 2006, with the public announcement of the extent
of the fines, American Point’s stock price plunged.

The Solution

When a company violates SEC, federal, or state laws, the solution to its problem is going
to be dictated to it. The solution to American Point’s risk exposure was mandated by the
FTC. The company had to implement new procedures to ensure that it provides consumer
reports only to legitimate businesses for lawful purposes. In addition, the FTC ordered
American Point to establish and maintain a comprehensive information security program
and to obtain audits by an independent third-party security professional biyearly until
2026. To reassure stakeholders, American Point hired Carol DiBattiste, the former deputy
administrator of the Transportation Security Administration, as chief privacy officer
(CPO).

The Results

American Point reformed its business practices and data security measures, which were
too lax relative to its risk exposure. The company had to stop putting risky business
practices that focused on short-term revenues ahead of long-term profitability. This
business decision is a necessary and ethical trade-off. American Point’s data breach
brought businesses’ security policies to national attention. It signaled the need for
improved corporate governance. Although there is no generally accepted definition,
corporate governance refers to the rules and processes ensuring that the enterprise
adheres to accepted ethical standards, best practices, and laws. Companies that collect
sensitive consumer information have a responsibility to keep it secure. Together with
high-profile frauds and malware, data breaches have triggered an increase in laws and
government involvement to hold companies and their management accountable for lapses
in governance. Yet, since American Point’s record-setting data breach, many other
infosec incidents and data thefts of greater magnitude have occurred.
Sources: Compiled from ftc.gov, Gross (2005), Kaplan (2008), Mimoso (2006), and
Scalet (2005).

Required:

a) What was the root cause of the data breach in the above case? [5 marks]

b) Explain how could this data breach have been prevented? [5 marks]

c) How effective are the changes implemented by American Point at deterring or

defending against data breaches? Explain your answer. [5 marks]

d) Discuss the issue of data breach n relation to the Pacific Context [5 marks]

e) Discuss data life cycle and data principles as applied in data management system.

9
 [5 marks]

10
11
E) Why are cybercriminals so successful and why is cybercrime expanding rapidly?
Discuss some possible solutions. [5 marks]

THE END

12
13
Question 1 Multiple Choice - General [25 marks]
Circle the BEST answer for each of the following multiple-choice items.
(PLEASE ATTACH THIS WITH YOUR ANSWER BOOKLET)

1. A B C D
2. A B C D
3. A B C D
4. A B C D
5. A B C D
6. A B C D
7. A B C D
8. A B C D
9. A B C D
10. A B C D
11. A B C D
12. A B C D
13. A B C D
14. A B C D
15. A B C D
16. A B C D
17. A B C D
18. A B C D
19. A B C D
20. A B C D
21. A B C D
22. A B C D
23. A B C D
24. A B C D
25. A B C D

14