ADMS 2511 Study Guide - Midterm Guide: Metasearch Engine, Internet Protocol Suite, Intranet
112 views8 pages
AP/ADMS 2511 -- Management Information Systems -- Practice Midterm Exam
Covering Sessions 1 to 5 (Units 1 to 4 in the Internet Section)
Note that this is an answer guide. It does not include all possible answers to all questions. If
you are uncertain about your potential answer, please consult your course director.
Question 1 (Memory Stick)
A) Discuss two ethical issues raised in the article related to the missing data. (2 marks)
[Note: One mark for each valid point raised, maximum one mark per issue.]
1. Privacy Issues
What information about individuals should be kept in databases (or other storage devices), and
how secure is the information there?
This issue is relevant as it was not addressed by UWO. Storing data on a memory stick was not
a secure method to store personal and medical data.
Were portable devices subject to security, such as password protection, back up and
2. Accuracy Issues
Who is responsible for the authenticity, integrity, and accuracy of the information
There are a number of entities involved that are responsible – UWO, Ontario Infant
Hearing Program and Middlesex London Health Unit. This makes allocation of
responsibility more complex.
Who is to be held accountable for errors in information, and how should the injured parties
Due to the different entities involved, holding one entity accountable for ensuring that the
data was adequately protected and secured will be difficult.
There is no information as to whether the data was misused or used to perpetrate identity
theft. If there is some loss to the patients, there is the issue of who will be accountable for
3. Accessibility Issues
Who is allowed to access information?
As the data was on a memory stick when it went missing, accessibility is an issue as a
portable device makes access to data much easier. If many people were permitted to
access, use and store the data, the risk of loss was higher.
Text ref: Section 3.1 Ethical Issues
Note: property issues were not relevant to the missing data
B) Describe three types of controls that could have been used to prevent this security breach.
For each type of control, provide a specific example of how it could have been used in
this case. (6 marks)
[Note: One mark for each valid point raised, maximum one mark each box.]
Describe the type of IS control
Specific example of how the control could
have been used to prevent the security breach
The process of converting an original
message into a form that cannot be read by
anyone except the intended receiver.
This control prevents the data from being
accessed if the memory stick is lost or stolen.
Without the encryption key, the data cannot be
2. Policies and procedures over use of portable
A policy that bans storing confidential data
on a memory stick
Confidentiality policies that require staff to
If employees are made aware of their
responsibilities to protect data and are trained,
they will be more likely to use secure media to
store and transport confidential data.
UWO could outright ban the use of memory
sticks for storing data.
3. Strong passwords or passphrases to require
access to information on the memory stick.
Without the password, the data is inaccessible
and thus cannot be read, copied or used.
Text ref: Section 3.3 Protecting Information Resources
C) Identify four behavioral actions that one could take if identity theft has occurred.
1. Contact agencies, such as Service Canada, local passport office, Canada Post, and banks to
cancel all affected credit cards and obtain new credit card numbers.
2. File a detailed police report. Send copies of the report to creditors and other agencies or
organizations that may require proof of the crime.
3. Report that you are the victim of identity theft to the fraud divisions of both credit reporting
agencies: Equifax and TransUnion. File a long-term fraud alert. Request your free annual credit
report from credit agencies and review for any organisations you are not aware of.
4. Get organized. Keep a file with all your paperwork, including the names, addresses, and phone
numbers of everyone you contact about this crime.
4. If debt collectors demand payment of fraudulent accounts, write down the name of the
company as well as the collector's name, address, and phone number. Tell the collector that
you are the victim of identity theft. Send the collection agency a registered letter with a
completed police report.
Text ref: Section TG3.1 Behavioural Actions
D) Health clinics collect a wide variety of data. Define the following terms and provide one
example related to a health clinic. (6 marks)
Description of the term
Example that pertains to a health clinic
A person, place, thing or event about which
information is maintained, also known as
- Patient – including patient number, name,
address, OHIP #, email, and personal
details such as age, weight, height and
- Insurance companies - including company
code, name, address, contract details
- Specialists - including specialist name,
address, phone number, fax, email, last
- Labs - including lab code, name, address,
phone number, fax, email, last test date
Each characteristic or quality of a particular
entity, in the context of data modeling
(previously called a field)
The patient entity might include attributes such
as patients’ number, name, address, age,
insurance, OHIP #, and other personal
A diagram that represents entities in the
database and their relationships
The health clinic database data model would
show relationships between patients and other
related entities such as their physicians/
specialist, labs, medication and insurance.
(See: Chapter 4, p.117)
End of Question 1
Question 2 (Canada Bread Company)
A) Define each of the following business pressures and discuss how each could be affecting
the Canada Bread Company. (4 marks)
Definition of the term
Specific example of how each could be affecting
the Canada Bread Company
Technological innovation and obsolescence
New and improved technologies rapidly
create or support substitutes for products,
alternative service options, and superb
quality. As a result, today's state‐of‐the‐art
products may be obsolete tomorrow.
These changes require businesses to keep up with
IT products changes such as new operation
system applications, updated versions and
equipment. The users should make sure they have
the updated systems to support their activities and
support their employees such as incorporating