Dear students, get fully solved assignments by professionals
Do send your query at :
or call us at : 08263069601
(Plagiarism proofed assignments available with 100% surety and
refund)
Information Systems for Management
Jun 2026 Examination
Internal Assignment
Q1. ShopSwift is
a fast-growing Indian e-commerce startup based in Bengaluru, processing over
50,000 orders daily. One Monday morning, customers began receiving emails from ShopSwift
asking them to re-verify their payment details by clicking a link, emails that
ShopSwift never sent. A quick investigation revealed that a disgruntled
ex-employee still had active login credentials to ShopSwift's customer
database. Over the weekend, he had accessed 2 lakh customer records, including
names, addresses, and masked credit card details, and sold the data to a
phishing group. Further investigation revealed that ShopSwift had no
multi-factor authentication in place, no policy for revoking access when
employees left, and no intrusion detection system to flag unusual login
activity. The incident has now drawn the attention of CERT-In, which has
mandated a response within 6 hours under India's cybersecurity reporting
guidelines.
Identify three
key IS security vulnerabilities in the ShopSwift case and recommend one
practical solution for each to prevent such an incident from recurring. (10
Marks)
Ans 1.
Introduction
The ShopSwift breach is
not a case of sophisticated hacking or advanced cyberwarfare. It is a case of
fundamental information systems security failures that allowed an ordinary
insider threat to escalate into a major data compromise affecting two lakh
customers. When an ex-employee retains access to a live production database for
long enough to extract and sell sensitive customer data over a weekend, the
organization's security posture has failed at the most basic level of access
governance. The fact that CERT-In's mandatory reporting mechanism was triggered
indicates that this breach crossed the threshold of regulatory seriousness,
making it not just an operational crisis but a compliance failure with legal
consequences for ShopSwift's
Q2 (A). QuickKart
is a Pune-based e-commerce startup that has grown rapidly by selling a mix of
physical products and digital goods including e-books, online course
subscriptions, and software licenses to tier 1 and tier 2 cities in India. With
8 lakh registered users and a growing mobile-first customer base, QuickKart is
now facing a critical strategic decision. Customer data shows that 60% of new
users access QuickKart via regional language interfaces, yet the platform
currently operates only in English. Meanwhile, the digital goods segment is
growing at 3x the rate of physical product sales, with zero delivery cost and
significantly higher margins. Based on the information provided, should
QuickKart prioritise expanding its digital goods catalogue or building a
vernacular language interface? Justify your recommendation by evaluating the
business value, customer impact, and growth potential of each option. (5 Marks)
Ans 2(A).
Introduction
QuickKart faces a
strategic investment choice between deepening its high-margin product category
and expanding its addressable customer base. Both options have genuine merit,
but they operate on different timelines and serve different business
objectives. The decision requires evaluating which investment creates greater
compounding value given QuickKart's current growth trajectory and market
positioning.
Concept and
Q2 (B). MediTrack
is a fast-growing Hyderabad-based health-tech startup that digitises patient
records and appointment scheduling for 500+ clinics across India. Over the past
year, the company scaled rapidly, onboarding new clinics, hiring remotely, and
migrating all data to a cloud platform to manage growth. Three months ago, a
ransomware attack encrypted MediTrack's entire patient database. Operations
came to a standstill for 72 hours, clinics could not access patient histories,
appointments were cancelled, and the company received a ransom demand of Rs.50
lakhs. A post-incident audit revealed that MediTrack had no IS security policy
governing employee device usage, no data encryption on its cloud platform, and
no data backup or recovery plan in place. Explain how MediTrack's failure to
align its IS security practices with its growth strategy led to the ransomware
crisis. Recommend three strategic measures the CTO should present to the board
to ensure IS security becomes an organisational priority going forward. (5
Marks)
Ans 2(B).
Introduction
MediTrack's ransomware
crisis is a direct consequence of treating information systems as a growth
enabler while ignoring their security dimension. When a company migrates
sensitive patient data to the cloud and simultaneously onboards hundreds of new
clinics and remote employees, every unprotected access point becomes a
potential entry for attackers. MediTrack scaled its operations without scaling
its security posture, and the 72-hour shutdown was the predictable result.
Concept and Application
Growth-stage startups
routinely deprioritize IS security in favour of feature development, customer
acquisition, and operational expansion. MediTrack's leadership treated its
cloud migration as an operational upgrade rather than a security-critical
transition, which created three compounding vulnerabilities that the ransomware
attack exploited
Dear students, get fully solved assignments by professionals
Do send your query at :
or call us at : 08263069601
(Plagiarism proofed assignments available with 100% surety and
refund)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.