Date AssignedWednesday, April 24, 2019Date DueTuesday, April 29, at 1159 pm.  Due to the due date being so close to the end of the semester, there is NO late/end date.  Assignments are due on the date specified.Material coveredLectures for Conversion methods (cutover) and training system maintenance risk assessment and disaster recoveryValue of the Assignment12% of the course grade, or 120 points out of 1000 (the value of TWO individual assignments)Value of Each QuestionThe assignment is graded on a scale of 0-120 points, not percentages. Each question is worth a different number of points, all of which add up to 120.  There is one 8 point extra credit question.  So the max for this assignment is 128 points.  See each question for its value.Method of SubmissionDownload this assignment, enter your answers into the document, save it, and then upload the document to the Folio drop box.  No other method will be accepted.

Administrative Information

Date Assigned Wednesday, April 24, 2019
Date Due Tuesday, April 29, at 11:59 pm.  Due to the due date being so close to the end of the semester, there is NO late/end date.  Assignments are due on the date specified.
Material covered Lectures for: Conversion methods (cutover) and training; system maintenance; risk assessment; and disaster recovery
Value of the Assignment 12% of the course grade, or 120 points out of 1000 (the value of TWO individual assignments)
Value of Each Question The assignment is graded on a scale of 0-120 points, not percentages. Each question is worth a different number of points, all of which add up to 120.  There is one 8 point extra credit question.  So the max for this assignment is 128 points.  See each question for its value.
Method of Submission Download this assignment, enter your answers into the document, save it, and then upload the document to the Folio drop box.  No other method will be accepted.

 
From GO LIVE; Conversion Methods and Training
P1.1     We’ve been following Gus’ Eagle Pizzeria for some time now.  It’s time for their system to be implemented.  Given that you know their business, describe the method you would use to implement the system.  Give any risks that your method might encounter.  Give any benefits for using the method you chose.  Your answer must be no less than 60 words long, and no greater than 200 words long, or you will forfeit 1%.  Do NOT waste words by restating the question in your answer.  This question is worth 10 points.
 
 
 
 
 
 
 
 
 
 
 
P1.2     One of Gus’ competitors is a regional chain of pizza restaurants, Gambino’s Pizza.  They have over fifty locations throughout Georgia, South Carolina, and Florida (north of Orlando).  Unlike Gus’, they are about ready to install the final component of their Oracle ERP system – a human resources system (not just payroll), in each of their stores, all connecting to their corporate headquarters in Atlanta.  You really don’t need to know much more about their overall system.  Recommend a conversion/implementation method for Gambino’s.  Give your rationale.  Identify any risks that the installation team may encounter.  Give any benefits for using the method you recommend.  Your method may or may not be the same as the one you recommended for Gus’.   Your answer must be no less than 60 words long, and no greater than 200 words long, or you will forfeit 1%.  Do NOT waste words by restating the question in your answer.  This question is worth 10 points.
 
 
 
 
 
 
 
P1.3     Gambino’s HR system has been installed, and it was a success.  Each store has one assistant manager who is in charge of performing all HR functions: hiring (interviewing), payroll, verifying time entry, initial employee evaluations (each employee is first evaluated by this assistant manager, with final approval performed by the store manager), HR reporting, etc.  It’s time to train each store’s assistant manager on the system.  Given what you have been taught about training, and anything else you can find on the topic, describe how you would ensure the assistant managers are all trained on the system.  Your answer should thoroughly describe how, where, and when you would train the assistant managers and any related employees at corporate HQ in Atlanta.   Your answer must be no less than 60 words long, and no greater than 200 words long, or you will forfeit 1%.  Do NOT waste words by restating the question in your answer.  This question is worth 15 points.
 
 
 
 
 
 
 
 
 
 
 
From Maintenance
P2.1     In this lecture, we have discussed the four different types of information systems maintenance.  These four types of maintenance can be applied to other industries.  Key West Express is a REAL company.  They run passenger ferries from Fort Myers, FL, to Key West FL, and from Marco Island, FL, to Key West, FL.  They used to run their ferry from the Miami Seaquarium to Key West, but they don’t anymore (I know, back in 2007, I took the trip from Miami with my wife and her brother and his wife – it was a lot of fun).  If you want, you can see their website at: https://www.keywestexpress.net/.
You need to apply your knowledge of the four types of maintenance to maintaining KWE’s ferries.  This question is not discussing their information system, it’s discussing the maintenance of their ferry ships.  In fact, if you discuss their information system (booking, purchasing, etc.), you will receive a ZERO for your answer.  Your answer must be no less than 60 words long, and no greater than 150 words long, or you will forfeit 1%.  Do NOT waste words by restating the question in your answer.  This question is worth 12 points, each answer is worth 3 points.
 
 
 
 
 
 
 
 
P2.2     You are the IT Manager at South Georgia Bank, which has multiple locations in an area stretching from Statesboro to Savannah to Brunswick, and southwest to Waycross.  You have organized your IT staff into two groups: new system development, and maintenance projects.  This arrangement worked well when you worked at a much larger bank in Atlanta.  However, SGB has always made systems assignments with no particular pattern.
At first, the systems analysts in your group didn’t comment about the team approach that you have installed.  Now, several of your best analysts have indicated that they enjoyed the mix of work and would not want to be assigned to a maintenance team.  Should you go back to the way maintenance and development were handled at SGB, why or why not?  Are there any other options, and if so, what would they be?   Your answer must be no less than 60 words long, and no greater than 200 words long, or you will forfeit 1%.  Do NOT waste words by restating the question in your answer.  This question is worth 10 points.
 
 
 
 
 
 
 
 
 
From Risk Assessment
P3.1     Explain the concept of risk management, including risk identification, assessment, and control.  Your answer must be no less than 60 words long, and no greater than 200 words long, or you will forfeit 1%.  Do NOT waste words by restating the question in your answer.  This question is worth 10 points, each answer being worth 3.3 points.
 
 
 
 
P3.2     Using the methodology described in class, perform the following risk assessment calculations on various elements of Gus’ new system.  Determine the Single Loss Expectancy (SLE) for the following elements.  This question is worth 28 points.  Answers in Table 1 are worth 1 point each.  Answers in Table 2 are worth 2 points each.  Which are cost-effective are worth 4 points.
Remember the following definitions and calculations described in class:
Single loss expectancy (SLE): Total loss expected from a single incident
Annual rate of occurrence (ARO): Number of times an incident is expected to occur in a year
Annual loss expectancy (ALE): Expected loss for a year
ALE = SLE x ARO
Safeguard value: Cost of a safeguard or control
CBA = Previous ALE (in chart below) – Post ALE (in 2nd chart below) – Safeguard Value
TABLE 1

Gus’ Pizza Information System Risks SLE in $ Frequency of Occurrence ARO ALE in $
Electrical outage on main data server $10,000 1 every other month    
Network down between stores, can’t transmit sales $5,000 1 per quarter    
Employee enters incorrect sales $200 1 every other week    
Store manager approves wrong payroll $1,000 1 per quarter    

 
 
 
 
TABLE 2

  SLE Frequency (control may have changed this) ARO ALE in $ Safeguard value in $ CBA (cost-benefit analysis) Control
Electrical outage on main data server $10,000 1 every four months     $10,000   UPS
Network down between stores, can’t transmit sales $5,000 1 every four months     $12,000   Redundant routers
Employee enters incorrect sales $200 1 every other month     $2,000   Employee Training
Store manager approves wrong payroll $1,000 1 every six months     $1,500   Programmatic change to approval procedure

 
 
NOW indicate which of the four controls are cost-effective: 
 
 
From Disaster Recovery
P4.1     Gambino’s corporate headquarters in Atlanta has experienced multiple incidents of theft of Intellectual Property (IP), presumably via improper access to secure areas of the company, and especially computer equipment that should be secure.  One thing you must consider is that Gambino’s does employ biometric security devices.  Provide five solid recommendations for correcting any physical security issues that may be leading to these thefts of IP.  Your answer must be no less than 50 words long, and no greater than 150 words long, or you will forfeit 1%.  It may help to bullet point your five recommendations.  Do NOT waste words by restating the question in your answer.  This question is worth 10 points, each answer being worth 2 points.
 
 
 
 
 
 
 
 
 
 
P4.2     Gambino’s has also been having problems with their current backup methodology.  They have had to restore some files several times in the last month, and have discovered that some of the data was not restored properly, so it could not have been backed up properly.  Part of the confusion has to do with each store backing up its own data, and sometimes these backups get out of sync with corporate HQ.  Give a recommendation for a workable iron-clad backup methodology for Gambino’s to employ.  Include frequency, method, and location of backup.  You can even consider whether they should be backing up data in the stores at all.  Your answer must be no less than 60 words long, and no greater than 150 words long, or you will forfeit 1%.  Do NOT waste words by restating the question in your answer.  This question is worth 10 points.
 
 
 
 
 
 
 
 
 
 
 
 
 
EXTRA CREDIT QUESTION – WORTH 8 POINTS
Above you performed what is known as Quantitative Risk Analysis.  Now you will perform what is known as Qualitative Risk Analysis, on the same issues.  While quantitative measures a dollar value related to risk based on mathematical formulas, qualitative measures a probability of that risk being realized, in comparison to other probable risks.  Before we go forward with the problem, we have to define two concepts:

  • Probability: The likelihood that a threat will exploit a vulnerability. Probability can use a scale of low, medium, and high, assigning percentage values to each.
  • Impact: The negative result if a risk occurs. You can use low, medium, or high to describe the impact.

 
You can calculate the risk level using the following formula: Risk Level = Probability x Impact
The four issues are the same as above for Gus’: electrical outage on the main server; network down between stores, cannot transmit payroll; employee enters incorrect sales; and store manager approves the wrong payroll.
Given the following data, calculate the mathematical Risk Level for each.  Remember that you have been given probabilities as whole numbers, but they should be calculated as percentages:

Category Probability Impact Risk Level
Electrical outage  
Network down  
Employee enters incorrect sales  
Manager approves wrong payroll      

 
Now rank them, from highest risk level to lowest:

Priority 1  
Priority 2  
Priority 3  
Priority 4  

 
 
 
 
 

Posted in Uncategorized