AP/ADMS 2511 -- Management Information Systems -- Practice Midterm Exam
Covering Sessions 1 to 5 (Units 1 to 4 in the Internet Section)
Note that this is an answer guide. It does not include all possible answers to all questions. If
you are uncertain about your potential answer, please consult your course director.
Question 1 (Memory Stick)
A) Discuss two ethical issues raised in the article related to the missing data. (2 marks)
[Note: One mark for each valid point raised, maximum one mark per issue.]
1. Privacy Issues
What information about individuals should be kept in databases (or other storage devices), and
how secure is the information there?
This issue is relevant as it was not addressed by UWO. Storing data on a memory stick was not
a secure method to store personal and medical data.
Were portable devices subject to security, such as password protection, back up and
2. Accuracy Issues
• Who is responsible for the authenticity,
integrity, and accuracy of the information
There are a number of entities involved that
are responsible – UWO,
Hearing Program and Middlesex London
Health Unit. This makes allocation of
responsibility more complex.
• Who is to be held accountable for errors in information, and how should the injured parties
Due to the different entities involved, holding one entity accountable for ensuring that the
data was adequately protected and secured will be difficult.
There is no information as to whether the data was misused or used to perpetrate identity
theft. If there is some loss to the patients, there is the issue of who will be accountable for
3. Accessibility Issues
• Who is allowed to access information?
As the data was on a memory stick when it
went missing, accessibility is an issue as a
1 portable device makes access to data much
easier. If many people were permitted to
access, use and store the data, the risk of loss
Text ref: Section 3.1 Ethical Issues
Note: property issues were not relevant to the missing data
B) Describe three types of controls that could have been used to prevent this security breach.
For each type of control, provide a specific example of how it could have been used in
this case. (6 marks)
[Note: One mark for each valid point raised, maximum one mark each box.]
Describe the type of IS control Specific example of how the control could
have been used to prevent the security breach
1. Encryption This control prevents the data from being
accessed if the memory stick is lost or stolen.
The process of converting an original
message into a form that cannot be read by Without the encryption key, the data cannot be
anyone except the intended receiver. read.
2. Policies and procedures over use of portable If employees are made aware of their
devices responsibilities to protect data and are trained,
Apolicy that bans storing confidential data they will be more likely to use secure media to
on a memory stick store and transport confidential data.
Confidentiality policies that require staff to
protect data UWO could outright ban the use of memory
sticks for storing data.
3. Strong passwords or passphrases to require Without the password, the data is inaccessible
access to information on the memory stick. and thus cannot be read, copied or used.
Text ref: Section 3.3 Protecting Information Resources
C) Identify four behavioral actions that one could take if identity theft has occurred.
1. Contact agencies, such as Service Canada, local passport office, Canada Post, and banks to
cancel all affected credit cards and obtain new credit card numbers.
2. File a detailed police report. Send copies of the report to creditors and other agencies or
organizations that may require proof of the crime.
3. Report that you are the victim of identity theft to the fraud divisions of both credit reporting
agencies: Equifax and TransUnion. File a long-term fraud alert. Request your free annual credit
report from credit agencies and review for any organisations you are not aware of.
4. Get organized. Keep a file with all your paperwork, including the names, addresses, and phone
numbers of everyone you contact about this crime.
4. If debt collectors demand payment of fraudulent accounts, write down the name of the
company as well as the collector's name, address, and phone number. Tell the collector that
you are the victim of identity theft. Send the collection agency a registered letter with a
completed police report.
2 Text ref: Section TG3.1 BehaviouralActions
3 D) Health clinics collect a wide variety of data. Define the following terms and provide one
example related to a health clinic. (6 marks)
Description of the term Example that pertains to a health clinic
Entity - Patient – including patient number, name,
address, OHIP #, email, and personal
details such as age, weight, height and
Aperson, place, thing or event about which medical details.
information is maintained, also known as - Insurance companies - including company
record code, name, address, contract details
- Specialists - including specialist name,
address, phone number, fax, email, last
- Labs - including lab code, name, address,
phone number, fax, email, last test date
Attribute The patient entity might include attributes such
as patients’number, name, address, age,
Each characteristic or quality of a particular insurance, OHIP #, and other personal
entity, in the context of data modeling information.
(previously called a field)
Data model The health clinic database data model would
show relationships between patients and other
Adiagram that represents entities in the related entities such as their physicians/
database and their relationships specialist, labs, medication and insurance.
(See: Chapter 4, p. 117)
End of Question 1
Question 2 (Canada Bread Company)
A) Define each of the following business pressures and discuss how each could be affecting
the Canada Bread Company. (4 marks)
Definition of the term Specific example of how each could be
affecting the Canada Bread Company
Technological innovation and obsolescence
These changes require businesses to keep up
New and improved technologies rapidly create with IT products changes such as new
or support substitutes for products, alternative operation system applications, updated
service options, and superb quality.As a result, versions and equipment. The users should
today's state‐of‐the‐art products may be make sure they have the updated systems to
obsolete tomorrow. support their activities and support their
4 employees such as incorporating mobile
devices and new technologies to the production
process and control and TQM process.
Canada Bread can shift to green IT addressing
Efforts by organizations to solve various social environmental concerns in their manufacturing
problems. process, and raise the awareness that they
support the environment as advertising tool.
(See Chapter 1.5)
B) For the following competitive forces, define the competitive force, and provide an
example of how that force could affect Canada Bread Company. (6 marks)
Definition of competitive force Example that affects Canada Bread Company
Bargaining power of customers – page 49 • Introduction of new product like
Customers have the final say in the purchase of Organic baked goods can retain
the product, they can be price sensitive; the customers.
product can be unique by its features and • Introduction of a product loyalty
benefits. The seller can lower the price as the program could create incentives to stay
increase in volume of sales can bring down the as a customer
cost price of the product. • Lower the selling price of the current
product line to beat or match the
Threat of new competitors – page 46 • Creating a new product line like “Pop
High sales and / profit by selling of products in the Oven – made fresh in 5 mins”
will attract new entrants which will decrease
product to attract and retain custo