Professional Documents
Culture Documents
STUDIES
GRM740 – GOVERNANCE AND
MANAGEMENT OF IT RISK
FINAL EXAMINATION
INSTRUCTIONS TO CANDIDATES:
2. Check that you have the correct examination paper in front of you.
3. There are FOUR (4) questions in this examination paper. Answer ALL
questions.
5. Write down the number of questions that you have answered on the cover of
the examination answer booklet.
6. Begin answering each question on a new page in the answer booklet provided
only.
Page 1 of 4
QUESTION ONE (1)
Workflow management systems aid the systematic control of work-processes for users
within and across departments. Further, the systems provide Management with an
eagle’s eye on process-status scrutiny and document approvals. In all these information
exchanges, safeguarding the digital rights of corporate users is at the core of IT risk.
REQUIRED:
a) Demonstrate, where possible through use of diagrams (if, any) the relationship or
variable dependences between IT Governance and Information Security.
[25
Marks]
b) Explain any FIVE techniques that may be adopted in safeguarding the digital rights
of corporate information system users. [15
Marks]
[TOTAL: 40 MARKS]
Arguments, at times, ensue from certain quarters within the information security
community concerning the negligibility or intangible effects of cyberattacks.
Contra-thoughts, however, hold that the effects of cyberattacks are real, and that contra
arguments may only be valid depending on the exact nature of the digital system under
attack. They further argue that there is an increasing number of critical control systems
that are more or less vulnerable to cyberattacks, and the effect of successful hacking
can run the gamut from being a nuisance only, to being deadly.
REQUIRED
Page 2 of 4
b) Exemplify the extreme effects of cyberattacks of people’s lives. [8 Marks]
[TOTAL: 20 MARKS]
You are the risk officer at Wet Port, a firm whose core business is to export and import
the various forms of cargo and shipments. The institution operates devoid of meaningful
integrated IT systems to aid evidence-based decision making. Previously, a proposal to
implement corporate-wide enterprise resource planning system had been submitted but
did not yield any results, and has thus, been shelved and ignored.
REQUIRED:
b) Highlight any FOUR (4) key issues and risks across departments that the
implementation of your resubmitted proposal should easily identify and address.
[10 Marks]
[TOTAL: 20 MARKS]
REQUIRED:
Page 3 of 4
a) Demonstrate using FOUR example cases across departments, how IT services
Management may be a source of IT risk. [10
Marks]
Page 4 of 4