FINAL

OUTPUT IN
AUDCISE
(8:00-9:00AM MWF)

Bianca P. Ballon

Kyla Joy N. Casiño

Joeylyn Delima

Katherine P. Orejola

Suzette E. Villalino
Chapter 4

System Development and Program Change

VI. Situational Problem:

Required:

a.) Do you think that management is taking the best course of action for
the announcement of the new system? Why?

Answer: Yes, I do think that management is taking the best course of action for the
announcement of the new system. Simply because when management develops a new system,
it will help SINAG Designs to have a more reliable information system since they would be able
to monitor the development and verify its process that may hinder any implications on the
system. And we have learned also that “software should never be implemented before it is
tested.”

b.) Do you approve of the development process? Why?

Answer: Yes, I approve of the development process. Because as part of the

management, it would be best if we just develop a new system instead of hiring consulting
firms to redesign the information system used by the architects. Also, I just would like to
emphasize that in developing a new system they can do all the necessary procedures and
controls that will keep the system away from potential risks and complications that will give
burden to users (managers and architects) in the near future. Management and architects could
run some test procedures and controls if the system is good enough to use in their transactions.
And if ever there are problems they can still modify it to be more effective and efficient tool for
their company (SINAG Designs). I think it would be beneficial though it will cost them in the
present.
Chapter 5

ITGC – Computer Operations and Access to Programs Data

Exercise II

1. The systems operator opened up a recently burned bag of microwave popcorn directly under
a smoke detector in the computing room where two mainframes, three high-speed printers,
and approximately 40 tapes are housed. The extremely sensitive smoke triggered the sprinkler
system. Three minutes passed before the sprinklers could be turned off.

2. A system programmer intentionally placed an error into a program that causes the operating
system to fail and to dump certain confidential information to disks and printers.

3. Jane, a secretary, was laid off. Her employer gave her three weeks’ notice. After weeks, Jane
realized that finding another job was going to be very tough, and she began to get bitter. Her
son told her about the virus that had infected the computers at school. He had a disk infected
with a virus. Jane took the disk to work and copied the disk onto the network server, which is
also connected to the company’s mainframe.

One month later, the company realized that some date and application programs had been
destroyed.

4. Robert discovered a new sensitivity analysis public-domain program on the Internet. He

downloaded the software to his microcomputer at home, then took the application to work and
placed it into his networked personal computer.

The program had virus on it which eventually spread to the company’s mainframe.

5. Murray, a trusted employee and a systems engineer, had access to both the computer access
control list and to user passwords. He was recently hired away by the firm’s competitor for
twice his old salary.

After leaving, Murray continued to browse through his old employer’s data, such as price lists,
customer lists, bids on jobs, and so on. He passed this information on to his new employer.

RISKS PREVENTIVE CONTROL

1.  Probable loss of data files  Have a strict food policy inside the
 Mainframes and high speed computer room
printers might be damaged  System operators must exercise a
because of the sprinklers that were proper preventions to avoid accident
 triggered by the burned bag in their operations
microwave popcorn
 Sabotage will occur

2.  Denial of Service will occur if the  Programmers must no longer have

operating system will continue to an access to the program and system
fail  Must strengthen their access control
 The fundamental objectives of management
information might be destroyed (
such as Confidentiality, Availability
and Integrity)
 Data theft
3.  Spread of virus that results to  Must strengthen their access control
disruption of normal processing of management
the company’s network server and  Must impose an effective and
mainframe efficient Operating System Security
 Probable loss of data files
 Employee betrayal will exist
 Sabotage occurs
 Destruction of data and application
programs
4.  Potential virus will corrupt Robert’s  Install an Anti-Virus to secure
microcomputer and company’s microcomputers and mainframes
mainframe  Strict restrictions when installing
 Denial of Service programs or applications
 Probable loss of data files
 Sabotage
5.  Data theft  Must strengthen their access control
 Murray might alter or manipulate management
data files
 File alteration

Exercise III

Each character that you add to your

password increases the protection that it
provides many times over. Establishing long
passwords like paraphrases to protect from
A. LENGTH OF PASSWORD
security risk. Longer easy to remember and
type but much harder to crack due to its
length. This will help your system become
more safe and secure.
 Using numbers or symbols will result to a
stronger password. This will help the
USE OF NUMBERS OR SYMBOLS IN company protect against any unauthorized
B.
PASSWORDS access. The greater variety of characters that
you have in your password, the harder it is
to guess.
This is the marginally secure password in
USING COMMON WORDS OR NAMES
C. case of security but it is not complicated in
AS PASSWORDS
terms of memorizing and typing.
It refers to the changing or resetting of
password. Limiting the lifespan of a
password reduces the risk from and
D. ROTATION OF PASSWORDS effectiveness of password-based attacks.
Frequent password changes are a great
added level of security when it is done
automatically.
It is the easiest way to remember your
password but they must be protected in
order for it to be remaining secured and
WRITING PASSWORDS ON PAPER OR effective. Thus, passwords written on paper
E.
STICKY NOTES or sticky note are more difficult to
compromise across the Internet than a
password manager, website or other
software based storage tool.
 APPLICATION CONTROLS REVIEW

A. Wish

Wish is a leading mobile-shopping app that sells a huge variety of

affordable products to shoppers around the world. Items ship directly
from merchants, so prices are 60-90% cheaper than they are in stores.

Founded in 2010, Wish has quickly grown to become one of the largest e-
commerce companies globally. Hundreds of millions of people from 100+
countries rely on Wish every day to buy affordable goods. Their mission
is to bring affordable prices and a high selection of quality goods to
everyone across the globe.

B. Input/Edit Validation Controls Identified

INPUT/EDIT TESTING REMARKS/EVIDENCES (WITH
TECHNIQUES PROCEDURES SCREENSHOTS)

Adding the same kind

of item in the wish list
Duplicate Check section was
permitted.
 When signing up, you
Completeness cannot proceed by
Check leaving any field
blank.

Data should be
entered correctly
through its
predetermined
criteria which is the
Existence Check password created
first, thus entering a
mismatch password
makes it invalid to log
in.

The postal code allows

containing only
Numeric- alphabetic numbers, letters, space
Check and hyphens and
inputting slash make it
invalid.
 Allows you to select a
category for the
information needed
Table lookups for you to proceed to
the purchasing of the
products.

The system has a

programmed
checking of the data
Validity Check of telephone number
whether it is valid or
not.