THE INTERNATIONAL UNIVERSITY (IU) – VIETNAM NATIONAL UNIVERSITY – HCMC

FINAL EXAMINATION
Date: __/__/2021
Duration: 90 minutes

Student ID: BABAWE19282 Name: Trịnh Ngọc Nhân

SUBJECT: MANAGEMENT INFORMATION SYSTEM

Dean of School of Business Lecturer
Signature: Signature:

Full name: Full name:

Dr. Nguyen Hong Anh
Mr. Lai Vinh Phuc

GENERAL INSTRUCTION(S)
1. This is an open book exam (handwriting notes are allowed – NUMBER OF PAGES ARE
NOT LIMITED – CLEAR HANDWRITING NOTES ARE REQUIRED)
2. Students must create a GOOGLE DOC file in the correct DRIVE SHARE FOLDER FROM
THEIR CLASS provided on Blackboard following this format: Full name – ID
3. All students should work on their own GOOGLE DOC files in the allowed period of time.
4. All handwriting notes should have student names and IDs on every page to be inserted into
GOOGLE DOC as evidence for the answers.
5. All handwriting notes should be put in the CORRECT ORDER. Wrong order or invalid
handwriting notes without student names and IDs will be eliminated.
6. Late submission will lead to a deduction in your final result (10 percent for each 10 minute
late).
30 minutes after the deadline, NO SUBMISSION IS ALLOWED.
7. Students take responsibility to protect their work from outside access until the submission is
completed. Any intervention from outside during examination time will be concerned with
examination failure.
8. Students are also required to submit their work on Blackboard with a screenshot on window
for proof.

GOOD LUCK!

(turn this page over to the following questions)

1
Part 1: Short Essay Questions (40 points)

Question 1: List and describe the components of IT infrastructure that firms need to manage (10
points)

IT infrastructure today is composed of seven major components

+ Internet Platforms- A server used by an Internet provider to support Internet access by their
customers. For example, Apache, Microsoft IIS, .NET, UNIX, Cisco, Java Computer
+ Hardware Platforms- a set of compatible hardware on which software applications can be run.
For example, Dell, IBM, Sun, HP, Apple, Linux machines
+ Operating Systems Platforms- An operating system often implies the CPU hardware. For
example, when an application "runs on the Windows platform," it means that the program has
been compiled into the x86 machine language and runs under Windows. For example, Microsoft
Windows, UNIX, Linux, Mac OS X
+ Enterprise Software Applications - (including middleware) is large-scale software that is aimed
to support or solve the problems of an entire organization. For example, SAP, Oracle,
PeopleSoft, Microsoft, BEA,…

+ Networking/Telecommunications is a telecommunications network is a group of nodes

interconnected by telecommunications links that are used to exchange messages, data,
documents,… between the nodes. For instance, Microsoft Windows Server, Linux, Novell,
Cisco, Lucent, Nortel, MCI, AT&T, Verizon,…
+ Consultants and System Integrators is a person or company that specializes in bringing
together component subsystems into a whole and ensuring that those subsystems function
together. For example, IBM/KPMG, EDS, Accenture,…
+ Data Management and Storage- involve collecting, storing, organizing, protecting, verifying,
and processing essential data and making it available to your organization. For example, IBM
DB2, Oracle, SQL Server, Sybase, MySQL, EMC Systems,…

Question 2: List and describe the three operations of a relational Database Management System
(DBMS) (10 points)

In a relational database, three basic operations are used to develop useful sets of data: select,
project, and join

Select operation: creates a subset consisting of all records in the file that meet stated criteria
Join operation: combines relational tables to provide the user with more information than is
available in individual tables
Project operation: creates a subset consisting of columns in a table, permitting the user to create
new tables that contain only the information required

Question 3: How has e-commerce transformed marketing. (20 points)

● Explain how social networking and the wisdom of crowds help companies improve
their marketing.

It refers to the fact that networking technology is leading to all kinds of new and interesting ways
for humans to interact. One of those is crowdsourcing — the notion that people in the aggregate

2
can provide more accurate information than individual experts. The reasoning is that crowds can
be self-correcting

- Creating sites where thousands of people can interact offers business firms new ways to market
and advertise products and services and to discover who likes or dislikes their products
- Wisdom of crowds: large number of people can make better decisions about a wide range of
topics or products than a single person
- Actively seeking customer comments, builds trust and sends a message to customers that the
company cares what they think and that their advice is valuable

● Define behavioral targeting and explain how it works at individual web sites and on
advertising networks.

Behavioral targeting is a marketing method that uses web user information to strengthen
advertising campaigns

- Refers to tracking the click-streams of individuals for the purpose of understanding their
interest and intentions
- Expose them to advertisements uniquely suited to their behavior
- Websites collect data on visitor browser activity and store it in a database
- Firms analyze this information about customer interests and behavior to develop precise
profiles of existing and potential customers

● Define the social graph and explain how it is used in e-commerce marketing.

- A social graph is a diagram that illustrates interconnections among people, groups and
organizations in a social network.

- A mapping of all significant social relationships

- The products and services you buy will influence the decisions of friends, and their decisions
will also influence you
- Word of mouth theory in digital format

Part 2: Case Study: Is the Equifax Hack the Worst Ever - and Why? (60 points)

Question 1: Identify and describe the security and control weaknesses discussed in this case. (15
points)

Equifax experienced a harmful data breach due to various security and control weaknesses.
The organization concentrated on its data storage capabilities and failed to improve its technical
space. Equifax had ignored the opportunity to eliminate the risks associated with Apache Struts
vulnerability. Hackers focused on Equifax security systems’ weaknesses to access important
information from the company. For instance, an attacker was capable to access credit-report data
between April 2013 and January 2014 from the enterprise. Additionally, Equifax demonstrated
poor performance in website and security services. Equifax operated expired websites or those
with errors and security issues. For example, in February 2017, the company revealed that a
technical issue undermined the vital credit data of many consumers who employed LifeLock’s
identity-theft protection services. The Equifax data breach caused significant damage to
consumers’ sensitive personal and financial information. The hackers gained access to vital
pieces of information that could help them commit fraud.

3
Question 2: What management, organization, and technology factors contributed to these
problems? (15 points)

Different management, organization, and technology factors contributed to the Equifax

data breach. The company’s management had sufficient information to eliminate Apache Struts'
weakness but failed to respond immediately. Moreover, the firm’s executives continued to run
the business after the certificates expired, which caused a lack of secure and legitimate validation
control of users’ connection with its websites. The organization refused to disclose important
information about the breach, which led to the adverse impact of the attack. Equifax’s
competitors discovered that the company used expired website systems that lacked technological
abilities to satisfy the demands of its development and growth. Due to the management,
organization, and technology factors, hackers were able to access the Equifax system and steal
consumers’ vital information, such as home addresses, social security, and DOB.

Question 3:  Discuss the impact of the Equifax hack? (15 points)

The Equifax hack made a damaging financial and legal impact. The fact that attackers
gained access to more than a hundred million US consumers’ personal information contributed to
a significant issue in society. The company experienced a third stock market value drop of its
original one, and it was forced to offer its consumers a free year of credit protection services.
Equifax announced that the attack harmed more than 2 million consumer's driving license
numbers and names. Besides the consumers suffering from long-term identity theft, they
experienced a permanent effect on losing critical information, such as DOB, social security
number, debt, and address history. The Equifax attack led banks to replace many credit cards,
which contributed to not only high expenses but also lawsuits. Despite the available financial and
legal challenges, the regulatory environment became humane for Equifax with the help of the
current administration. In the end, the consumers will be impacted most.

Question 4:  How can future data breaches like this one be prevented? Explain your answer. (15
points)

To prevent future data breaches, companies need to adopt high-security IT controls systems.
Organizations, such as Equifax, should hire skilled and experienced IT and cybersecurity
personnel to overcome risks associated with cybercrime. Firms should always keep upgrading
their security control systems. Your network is vulnerable when programs aren’t patched and
updated regularly. Microsoft now has a product called Baseline Security Analyzer that can
regularly check to ensure all programs are patched and up to date. This is a fairly easy and cost-
effective way to strengthen your network and stop attacks before they happen. Although cyber-
attacks keep happening, firms should focus on eliminating the consequences connected to the
hacks and update their websites and security structures to prevent and eliminate attacks such as
regularly changing their passwords, hide the company’s sensitive information such as customer’s

4
information, financial operating cash flows,… Businesses should investigate and take action
whenever a sign of identity theft or fraud is recognized.

On the other hand, companies should identify the hard way, to limit access to their more critical
data. As corporations move into the future, expect to see all records partitioned off so that only
those who specifically need access will have it. This is one of those common-sense solutions that
companies probably should have been doing all along. For those companies that are allowed to
view your important data, demand transparency, Make sure they are complying with privacy
laws. CEO’s need to get tougher on security if they really want to instigate change.

5
6
7
THE END