Professional Documents
Culture Documents
CODE AND COURSE NAME PHS 3233 HUMAN RESOURCES INFORMATION SYSTEM
LECTURER’S NAME MADAM AZNITA BT AHMAD
This final examination measures the student's ability for the following outcomes:
TOTAL
To validate the examination and to protect the integrity of the examination process,
UNISEL students are required to complete this Student Declaration Form and to submit
together with the answer script or assignment for online, take home, or project based
examination.
/ I hereby declare that I have read and understood the rules for undertaking the final
online examination/take-home examination/project. I certify that this declaration is true
and correct. I understand that if this declaration is found to be untrue or incorrect, I may
be subject to penalties in accordance with the University’s rules and regulations.
Section A Q1)a):
Company Profile
i. Basic information
Basic information is one of the part of company profile components. Basic information in
this company profile needs information is related to the staff company name, company
resgistration number, Phone, Fax, Email, Websites URL, Contact Person Name,
Addreses, and so on. As an example:
Name: Suka HQ
Gender: Female
Race: Malay
Religion: Islam
Financial information is one of the part on office central it is related to the staff financial
information conducting the EPF number, SOCSO, Income tax number, ZAKAT, Tabung
Haji, and so on.
Staff Profile
i. Basic information
Name: Suka HQ
Gender: Female
Race: Malay
Religion: Islam
ii. Education
Year: 2
iii. Experience
Items included in payroll group is Satff NO, Staff Name, Classifcation, Department,
Designation, Report To, and Date Joined Duration.
C (i)
Pay Dates
Employees who are paid monthly are paid on the last working day of the month, except
in December, when pay day is shifted to accommodate the Christmas holiday. Here, you'll
find a list of pay dates for December.
ii. Social Security Organization (SOCSO) - The Social Security Organization (SOCSO)
provides social security protection to employees through social insurance, which includes
medical and cash benefits, the provision of artificial aids, and rehabilitation to alleviate
suffering and provide financial guarantees and protection to the family.
iv. Malaysian Inland Revenue Board (LHDN) - The LHDN is one of the Ministry of
Finance's primary revenue collection agencies. The LHDN was established in accordance
with the Inland Revenue Board of Malaysia Act 1995 in order to grant it greater autonomy,
particularly in financial and personnel management, and to improve the quality and
effectiveness of tax administration.
B. SECTION (Q1)
a.
Analyze security breaches that occurred in relation to intentional threats against Cisco
cloud infrastructure perpetrated by a former Cisco employee.
The following are the security breaches that have occurred in relation to intentional threats
against Cisco cloud infrastructure perpetrated by a former Cisco employee:
• He distributed malicious code that deleted 456 virtual machines associated with Cisco's
WebEx Teams application.
• As a result, 16,000 WebEx users were unable to access their accounts for two weeks.
• Cisco had to spend approximately $1.4 million in employee time auditing and repairing
their infrastructure.
To avoid this, HR departments can take a proactive approach to data security by providing
ongoing training and education. HR professionals, for example, can pursue qualifications
that will help them become HR specialists. HR professionals with such credentials are
better prepared to deal with the complexities of cybersecurity and data protection. By
understanding how security breaches can disrupt business operations, HR personnel will
be able to intervene when necessary and resolve issues before they become more
serious issues. To stay current in the industry, these individuals should continue their
education by attending seminars or webinars on emerging trends. This way, you can keep
your finger on the pulse of cybersecurity best practises at all times. This entails being
aware of any new threats that must be addressed. Furthermore, by regularly updating
employees' knowledge of best practises for safeguarding sensitive information – such as
phishing scams, password security protocols, and more – HR professionals can help
prevent harmful incidents in the workplace.
Second, HR departments can be proactive by auditing the data collection and storage
process. For example, a company that has out-of-date security protocols in place to
protect sensitive information such as employee salaries or benefit plans is a prime target
for criminal hackers In that case, it is time to update these procedures in order to remain
compliant with new federal government regulations regarding how organisations must
store this PII (personally identifiable information). When hiring third-party vendors who
will have access to PII on the organization's employees and other sensitive business
intelligence, HR professionals should be especially cautious. This includes thoroughly
vetting potential service providers before bringing them into your network, ensuring they
have a solid track record of protecting information and adhering to federal regulations.
This is significant because there have been numerous instances where employees of
Maintain the integrity of your firewall rules as well. A firewall is a network security device
that monitors both incoming and outgoing network traffic and allows or denies data
packets based on a set of security rules. It is possible to optimise the firewall rule base to
ensure that it runs smoothly and without interruptions. Make sure you don't have any rules
that are duplicated, incorrect, or shadowed. Again, having a regular schedule for
upgrades and efficiency checks is recommended.
Control user access and firewall changes as well. HR should be strict about user
permissions and only allow authorised users you trust to change the firewall rules. Also,
have a procedure in place for firewall changes. It should include a list of the desired
adjustments, an estimation of the risk of policy changes, and basic information about who
implemented the changes, when they were implemented, and why, as well as a record of
the results.
Employees are the most effective line of defence against data breaches. HR
professionals should be proactive in educating employees about the importance of
protecting sensitive information and adhering to legislation. This entails collaborating
closely with IT, auditing security measures within an organisation, and thoroughly
screening third-party vendors before allowing them access to your network.
SECTION B Q1(C)
In terms of technical controls, the best practises of prevention techniques that Cisco
should implement in order to secure customer data are, first and foremost, auditing the
network and checking security controls. Maintaining a secure environment necessitates
knowledge. The IT organisation must conduct a network audit to gain an accurate picture
of a given enterprise's security posture. IT professionals can use auditing to identify
potential vulnerabilities that need to be fixed, find unused or unnecessary applications
running in the background that can be removed, determine the strength of the firewall and
the currency of its settings, measure the state of networked servers, gear, software, and
applications, confirm the overall efficacy of the security infrastructure, and judge.
Second, put in place and communicate a security governance structure. Compliance does
not always imply security, but it can provide important guidance on how to mitigate risks.
Regulatory bodies such as the International Organization for Standardization and the
After that, educate end users. Raising end-user awareness is critical in an era when
phishing attacks are a preferred method of many cyberattacks. In a 2017 Dell survey of
corporate employees, more than 75% said they would willingly share confidential data
under certain conditions. End users are vulnerable to certain types of attacks that look
like normal communications. And, as cybercriminals become more adept at using email
and other forms of communication to closely mimic professional interactions, the
likelihood of a staff member succumbing to the threat grows. End-user education should
be an ongoing process that is an intrinsic part of a company's culture to keep employees
informed about the evolving threat environment and associated corporate security
policies.
Finally, stay informed. One overarching requirement for establishing best practises in
network security is to treat the discipline as an ongoing effort. This includes staying up to
date on changes in the threat environment. As a result, security personnel and IT
professionals must understand how cyberattackers are changing their tactics. They must
also stay current on advances in threat detection and mitigation. The goal should be to
apply lessons learned from previous incidents to limit the negative consequences of future
events.
Q2)a) ANSWERS
-The recruiting procedure is extremely slow, takes three months from the date of
lengthy time, placing a load on the HR personnel and resulting high rate of
Solutions that can be implemented to the issues that faced by Cempakasari Sdn Bhd
is,they can used:
1. Recruiting Modules
This is because the Cempakasari Sdn Bhd have an issue is The recruiting procedure is
extremely slow, takes three months from the date of the advertisement for new staff to
begin working. When the HRMS module have a recruiting modules it can make it easy to
the HR department. This is because the recruiting system can help in the providence of
requisition and vacancy, create a vacancy, assign recruitement vacancy, applicant quick
entry and final step is Mass update of the applicant. With this modules, Cepakasari can
reduce the time of recruitementofeach applicant.
2. Payroll module
The challenges that Cempakasari faces on centralised at the corporate headquarters take
a long time, putting a strain on HR personnel and resulting in a high rate of human error
in salary computations. The payroll module has the potential to solve the organization's
problem. The HR clerk only needs to enter the on-payroll profile in the payroll system,
The issue that Cempakasari SDN BHD is facing is that maintaining daily attendance
records for personnel from various offices and locations throughout Malaysia is time-
consuming, and late submissions are common. Additionally, leave administration is time-
consuming, and employees who seek information frequently become frustrated, which
can reduce errors. This is due to the fact that the system is automatically updated once
the clerk has indicated the employee's attendance and leave. They simply enter the data
into the module, and the result is calculated automatically; the clerk does not need to
calculate manually because the system is built automatically
Q2)b) Precise factors that should be considered while selecting the most suitable vendor
for the Cempakasari SDN BHD is this organization need to use the need analysis metrics
factors. This analysis willhelp the organization to becomemore systematics which it is
using the need analysis stages included process of Need analysis planning,Observation,
Exploration, Evaluation and Reporting. Cempakasari need to used this factor because it
is important to giving benefits in aspect of :
• Automate Process
• Ensure 100 percent accuracy
• Save time, increase effiecient and accelerate growth of the organization