AP/ADMS 2511 -- Management Information Systems -- Practice Midterm Exam
Covering Sessions 1 to 5 (Units 1 to 4 in the Internet Section)
Note that this is an answer guide. It does not include all possible answers to all questions. If
you are uncertain about your potential answer, please consult your course director.
Question 1 (Memory Stick)
A) Discuss two ethical issues raised in the article related to the missing data. (2 marks)
[Note: One mark for each valid point raised, maximum one mark per issue.]
1. Privacy Issues
What information about individuals should be kept in databases (or other storage devices), and
how secure is the information there?
This issue is relevant as it was not addressed by UWO. Storing data on a memory stick was not
a secure method to store personal and medical data.
Were portable devices subject to security, such as password protection, back up and
2. Accuracy Issues
• Who is responsible for the authenticity, integrity, and accuracy of the information
There are a number of entities involved that are responsible – UWO, Ontario Infant
Hearing Program and Middlesex London Health Unit. This makes allocation of
responsibility more complex.
• Who is to be held accountable for errors in information, and how should the injured parties
Due to the different entities involved, holding one entity accountable for ensuring that the
data was adequately protected and secured will be difficult.
There is no information as to whether the data was misused or used to perpetrate identity
theft. If there is some loss to the patients, there is the issue of who will be accountable for
3. Accessibility Issues
• Who is allowed to access information?
As the data was on a memory stick when it went missing, accessibility is an issue as a
portable device makes access to data much easier. If many people were permitted to
access, use and store the data, the risk of loss was higher.
Text ref: Section 3.1 Ethical Issues
Note: property issues were not relevant to the missing data
1 B) Describe three types of controls that could have been used to prevent this security breach.
For each type of control, provide a specific example of how it could have been used in
this case. (6 marks)
[Note: One mark for each valid point raised, maximum one mark each box.]
Describe the type of IS control Specific example of how the control could
have been used to prevent the security breach
1. Encryption This control prevents the data from being
accessed if the memory stick is lost or stolen.
The process of converting an original
message into a form that cannot be read by Without the encryption key, the data cannot be
anyone except the intended receiver. read.
2. Policies and procedures over use of portable If employees are made aware of their
devices responsibilities to protect data and are trained,
A policy that bans storing confidential data they will be more likely to use secure media to
on a memory stick store and transport confidential data.
Confidentiality policies that require staff to
protect data UWO could outright ban the use of memory
sticks for storing data.
3. Strong passwords or passphrases to require Without the password, the data is inaccessible
access to information on the memory stick. and thus cannot be read, copied or used.
Text ref: Section 3.3 Protecting Information Resources
C) Identify four behavioral actions that one could take if identity theft has occurred.
1. Contact agencies, such as Service Canada, local passport office, Canada Post, and banks to
cancel all affected credit cards and obtain new credit card numbers.
2. File a detailed police report. Send copies of the report to creditors and other agencies or
organizations that may require proof of the crime.
3. Report that you are the victim of identity theft to the fraud divisions of both credit reporting
agencies: Equifax and TransUnion. File a long-term fraud alert. Request your free annual credit
report from credit agencies and review for any organisations you are not aware of.
4. Get organized. Keep a file with all your paperwork, including the names, addresses, and phone
numbers of everyone you contact about this crime.
4. If debt collectors demand payment of fraudulent accounts, write down the name of the
company as well as the collector's name, address, and phone number. Tell the collector that
you are the victim of identity theft. Send the collection agency a registered letter with a
completed police report.
Text ref: Section TG3.1 Behavioural Actions
2 D) Health clinics collect a wide variety of data. Define the following terms and provide one
example related to a health clinic. (6 marks)
Description of the term Example that pertains to a health clinic
Entity - Patient – including patient number, name,
address, OHIP #, email, and personal
details such as age, weight, height and
A person, place, thing or event about which medical details.
information is maintained, also known as - Insurance companies - including company
code, name, address, contract details
- Specialists - including specialist name,
address, phone number, fax, email, last
- Labs - including lab code, name, address,
phone number, fax, email, last test date
Attribute The patient entity might include attributes such
as patients’ number, name, address, age,
Each characteristic or quality of a particular insurance, OHIP #, and other personal
entity, in the context of data modeling information.
(previously called a field)
Data model The health clinic database data model would
show relationships between patients and other
A diagram that represents entities in the related entities such as their physicians/
database and their relationships specialist, labs, medication and insurance.
(See: Chapter 4, p.117)
End of Question 1
Question 2 (Canada Bread Company)
A) Define each of the following business pressures and discuss how each could be affecting
the Canada Bread Company. (4 marks)
Definition of the term Specific example of how each could be affecting
the Canada Bread Company
Technological innovation and obsolescence
These changes require businesses to keep up with
New and improved technologies rapidly IT products changes such as new operation
create or support substitutes for products, system applications, updated versions and
alternative service options, and superb equipment. The users should make sure they have
quality. As a result, today's state‐of‐the‐art the updated systems to support their activities and
products may be obsolete tomorrow. support their employees such as incorporating
3 mobile devices and new technologies to the
production process and control and TQM process.
Canada Bread can shift to green IT addressing
Efforts by organizations to solve various environmental concerns in their manufacturing
social problems. process, and raise the awareness that they support
the environment as advertising tool.
(See Chapter 1.5)
B) For the following competitive forces, define the competitive force, and provide an
example of how that force could affect Canada Bread Company. (6 marks)
Definition of competitive force Example that affects Canada Bread Company
Bargaining power of customers – page 49 Introduction of new product like
Organic baked goods can retain
Customers have the final say in the purchase of customers.
the product, they can be price sensitive; the Introduction of a product loyalty
product can be unique by its features and program could create incentives to stay
benefits. The seller can lower the price as the as a customer
increase in volume of sales can bring down the Lower the selling price of the current
cost price of the product. product line to beat or match the
Threat of entry of new competitors – page 46 Creating a new product line like “Pop
in the Oven – made fresh in 5 mins”
High sales and / profit by selling of products product to attract and retain customers
will attract new entrants which will decrease With the new product the cost of new
the profitability for all entrants. entrants will be high due to research
and development costs
Create New and Improved recipes for
healthy tasting products; regular
innovations could discourage
Threat of substitute products or services – page Bring down the selling prices of high
47 quality products just above the price of
A substitute product can be made available that substandard new products from
is either a substandard or superior product competitors to discourage substitution
(quality also) than the one that it substitutes. Introduce a new type of bake - snack