Probable Question Paper
PAPER – 6: INFORMATION SYSTEMS CONTROL & AUDIT
Question No. 1 is compulsory.
Attempt any five questions from the remaining six Questions.
1. XYZ Ltd. is a leading company in FMCG sector and has a large number of coffee chains across India. The company uses ERP system for all its business operations and for recording sales at each outlet. The company has customized ERP, which is connected to a central server. The company’s new business models and new methods presume that the information required by the business managers is available all the time; it is accurate, it is reliable and no unauthorized disclosure of the same is made. Further, it is also presumed that the virtual business organization is up and running all the time on 24×7 basis. However, in reality, the technology-enabled and technology-dependent organizations are more vulnerable to security threats in this highly connected world.
Read the above carefully and answer the following:
a) ‘What are the tasks that are required to be performed by XYZ ltd after implementation of ERP Package?
b) ‘Access Control plays a key role in the implementation of information security policies’. What are the points to be taken into consideration while implementing such controls?
c) What are the duties of certifying authorities as per Section 30 of Information Technology (Amendment) Act, 2008.
d) What are the fundamental factors that must be considered while deciding type of storage backup media. (5 × 4 = 20 Marks)
Question 2 :
a) A Company is offering a wide range of products and services to its customers. It relies heavily on its existing information system to provide up-to-date information. The company wishes to enhance its existing system. You being an information system auditor, suggest how the investigation of the present information system should be conducted so that it can be further improved upon. (8 Marks)
b) State different categories of IS Audits? (4 Marks )
c) What is Digital Signature? How does the Information Technology (Amendment) Act 2008 enable the authentication of records using digital signatures? (4 Marks)
a) What are the major issues that should be addressed by an Information Security Policy. (4 Marks)
b) Discuss the major strengths of agile methodologies. (4 Marks)
c) What is Scarf ? What types of information is collected by using Scarf by the auditors ? (8 Marks)
a) Explain the term Systrust & Web trust along with the criteria’s specified by AICPA for practitioners engaged in such certifications ? ( 6 Marks)
b) State the charters tics of Computer based information systems? ( 5 Marks )
c) Discuss the categories under which various strategies are made to manage the risk ( 5 Marks)
(a) What is hacking? How does Hackers hack ? (6 Marks )
(b) Discuss Final acceptance testing? (6 Marks)
(c) What does Single point failure mean? State the significance of Single point failure analysis? (4 Marks )
(a) State the fundamental concepts related to CMM Model? (5 Marks)
(b) What are the components of Expert System? (5 Marks)
(c) What is meant by Asynchronous attacks? State different forms of Asynchronous attacks? (6 Marks)
Write short notes on any four of the following: ( 4 x 4 = 16 M)
(a) Objectives of BCP (4 Marks)
(b) Powers of CAT (4 Marks)
(c) Compensatory control (4 Marks)
(d) Delphi Technique ( 4 Marks)
(e) HIPPA (4 Marks)