This Paper has 15 answerable questions with 0 answered.
| Roll No……… | |
| Total No. of Questions — 5] | [Total No. of Printed Pages — 2 |
| Time Allowed : 3 Hours | Maximum Marks : 100 |
| Answer all questions. |
| Marks |
| 1. | ASK International proposes to launch a new subsidiary to provide e-consultancy services for organizations throughout the world, to assist them in system development, strategic planning and e-governance areas. The fundamental guidelines, programmes modules and draft agreements are all preserved and administered in the e-form only. ASK International proposes to launch a new subsidiary to provide e-consultancy services for organizations throughout the world, to assist them in system development, strategic planning and e-governance areas. The fundamental guidelines, programmes modules and draft agreements are all preserved and administered in the e-form only. | (a) | What are the two primary methods through which the analyst would have collected the data ? |
| (b) | To achieve their objectives, what are the points BS 7799 has to ensure ? |
| (c) | Suppose an audit policy is required, how will you lay down the responsibility of audit? |
| (d) | To retain their e-documents for specified period, what are the conditions laid down by Section 7, Chapter III of Information Technology Act, 2000? |
| 5+5+5+5 | (0) |
| 2. | (a) | What are common threats to the computerized environment other than natural disasters, fire and power failure? | 5 | (0) |
| | (b) | How would you use Data Dictionary as a tool for file security and audit trails? | 5 | (0) |
| | (c) | The management of ABC Ltd. wants to design a detective control mechanism for achieving security policy objective in a computerized environment. As an auditor explain, how audit trails can be used to support security objectives. | 10 | (0) |
| 3. | (a) | How will you get over the impediments for the successful implementation of ERP? Mention any five. | 10 | (0) |
| | (b) | A company has decided to outsource a third party site for its alternate back-up and recovery process. What are the issues to be considered by the security administrator while drafting the contract? | 5 | (0) |
| | (c) | Explain the role of IS auditor in evaluating logical access controls. | 5 | (0) |
| 4. | (a) | Describe some of the advantages of continuous audit techniques. | 5 | (0) |
| | (b) | Define the following terms related to Information Technology Act, 2000: | (i) | Computer contaminant | | (ii) | Cyber cafe | | (iii) | Electronic form | | (iv) | Traffic data | | (v) | Asymmetric crypto system. |
| 5 | (0) |
| | (c) | Give some important advantages of Information System in business | 5 | (0) |
| | (d) | What is COBIT? Give three vantage points from which the issue of control can be addressed by this framework. | 5 | (0) |
|
| 5. | (a) | What are the two primary questions to consider when evaluating the risk inherent in a business function in the context of the risk assessment methodologies? Give the purposes of risk evaluation. | 5 | (0) |
| | (b) | If you are the CEO of a company, what factors would be considered before undertaking implementation of an ERP system? | 5 | (0) |
| | (c) | Briefly describe any three of the characteristics of the types of information used in Executive Decision making. | 5 | (0) |
| | (d) | Discuss the benefits and limitations of unit testing. | 5 | (0) |
