| (a) |
Security management is an important aspect
of information management.
(i) Briefly describe the purpose of
security management. [1 mark]
Security management
ensures the provision of adequate protection of data processing resources
and facilities.
(ii) Give an instance of security management,
and explain why this instance is an important issue. [2 marks]
security of backups:
to ensure backups are available and to keep them private;
physical security:
to prevent unauthorized physical access to a facility;
protection from
error, fraud and vandalism: to prevent accidental or deliberate corruption
of data.
(1 mark for any
example, and 1 mark for explanation of its importance.)
|
[3] |
| (b) |
Explain the difference between a job
description and a job specification. Give one feature that might be
mentioned in a job description, and one that might be mentioned in
a job specification.
A job description
concerns the tasks to be undertaken by an employee in that position,
whereas a job specification concerns the qualities of the employee
themselves (1 mark). Features of a job description might include:
duties to be performed, level of complexity, level of responsibility,
physical conditions, equipment used, supervision provided (1 mark
for any one). Features of a job specification might include: level
of education, types of specialized skills, personality characteristics,
work experience, level of intelligence (1 mark for any one).
|
[3] |
| (c) |
A certain off-the-shelf application package
does not quite address the needs of your organization. Identify two
alternative solutions to this software acquisition dilemma, and give
one disadvantage of each solution.
buy and customize:
but the vendor may not provide the information you need to customize
the package;
develop software
in-house (or outsource development): but then development has to start
from scratch.
(1 mark for each
solution, 1 mark for a disadvantage of it.)
|
[4] |
| (d) |
Separation of data processing functions
aims to limit the role of individuals in computerizing a system, in
order to reduce opportunities for breaches of security. Briefly discuss
three means of achieving such a separation.
� system developers
should not be allowed access to `live' programs or data;
� operations
personnel should not have access to information about how programs
are designed, or the format in which data is stored;
� operations
and development staff should not have access to production areas.
(1 mark for each method.)
|
[3] |
| (e) |
Suggest two methods for reducing corrective
maintenance of software.
� develop the
system using rigorous development methods;
� carry out regular
preventative maintenance;
� ensure that
each stage of the software development lifecycle is carried out effectively;
� review the
output of each stage of the sdlc to ensure quality;
� thoroughly
test the system.
(1 mark for
each method, to a maximum of 2 marks.)
|
[2] |
| (f) |
Outline the monopolistic and laissez-faire
strategies for managing end-user computing and development. For each
strategy, provide a brief description, and indicate its advantages
and disadvantages.
Monopolistic:
Fully centralized control (1 mark), heavily dependent on a data processing
department (1 mark); all activities require central approval (1 mark).
Advantage: good at enforcing standards (1 mark); disadvantage: stifles
growth (1 mark).
Laissez-faire:
No control (1 mark), users free to buy whatever hardware and software
they want (1 mark) and to design systems however they see fit (1 mark).
Advantage: encourages independence (1 mark); disadvantage: leads to
proliferation of incompatible systems (1 mark).
(For each strategy,
1 mark for the description, 1 mark for an advantage, 1 mark for a
disadvantage.)
|
[6] |
| (g) |
The estimated total cost of a data centre
for a month is $180,000, including estimated resource costs for paper
($20,000 for 20,000 pages), disk space ($80,000 for 40 gigabytes),
and cpu time ($60,000 for 500 hours).
(i) What are the estimated overhead costs
for the month? [1 mark]
The resources
total to $160K, so the overheads are $20K.
(ii) Calculate the unit rates for these
three resources. [4 marks]
Unit rates for
resources:
| Resource |
Usage |
Cost
|
%
cost |
Share |
Unit
rate |
| Paper |
20,000 |
$20K |
12.5% |
$22.5K |
$1.125/page |
| Disk
drive |
40,000 |
$80K
|
50% |
$90K |
$2.25/MB |
| CPU
time |
500 |
$60K |
37.5% |
$67.5K |
$135/hr |
For example,
paper cost $20,000, or 12.5% of the resource costs, so its share of
the total cost is 12.5% of $180,000 or $22,500; so the unit rate of
a page of paper is $22,500/20,000 or $1.125 per page. (1 mark each
for the correct methods for computing the percentage resource costs,
the share of the total costs, and the unit costs, plus 1 mark for
actually getting the correct results.)
|
[5] |
| (h) |
Facilities management (FM)
is one variety of outsourcing.
(i) Explain what is involved in FM.
[1mark]
FM
is the use of an external vendor to operate and manage an organization's
computer installation.
(ii) Discuss two benefits that FM
might provide to an organization.
[2 marks]
quality of computing
staff: computer professionals are attracted by the range of experience
to be gained when employed by an FM firm;
economies of
scale: an fm firm can purchase in larger quantities, obtaining better
discounts. (1 mark for discussion of each advantage; no discussion,
no mark.)
(iii) Why might privacy be an issue when
using FM? [1mark]
The FM
firm may also service a competitor, leading to a conflict of interests.
|
[4] |