FACULTY OF BUSINESS AND ACCOUNTANCY

CODE AND COURSE NAME PHS 3233 HUMAN RESOURCES INFORMATION SYSTEM
LECTURER’S NAME MADAM AZNITA BT AHMAD

STUDENT’S NAME NUR IZZATUL NAJWA BINTI NORZI AZWA

STUDENT MATRIC NO.

4192009631
PROGRAMME BACHELOR OF HUMAN RESOURCES MANAGEMENT

EXAMINATION DATE 17/3/2022

This final examination measures the student's ability for the following outcomes:

QUESTION NO. 1ST EXAMINER 2ND EXAMINER EXAMINER’S ENDORSEMENT:

(MARKS) (MARKS)
Please tick (√) in the appropriate space.
I have checked the answers on each page.

I have calculated all marks correctly.

TOTAL

First Examiner Second Examiner

Name : Name :
Date : Date :
Signature : Signature :

FACULTY OF BUSINESS AND ACCOUNTANCY/ NOVEMBER 2021

 STUDENT DECLARATION FORM
FINAL EXAM
SEMESTER NOVEMBER 2021 (32134)

To validate the examination and to protect the integrity of the examination process,
UNISEL students are required to complete this Student Declaration Form and to submit
together with the answer script or assignment for online, take home, or project based
examination.

I hereby declare and verify that:

/ the work done is my own unaided work.
/ I follow the procedure of the final examination/assignment/project.
/ I appropriately acknowledge any part of a work that is not my own.
/ I do not falsify or misrepresent authorship, evidence, data, findings, or conclusions
/ I do not allow other students to copy or use my work unless required by my task.
/ I do not use or submit the work of other student unless a task requires this.
/ I do not use or submit the work of others such as family members and friends.
/ I do not submit the same piece of work for assessment in more than one subject.

/ I hereby declare that I have read and understood the rules for undertaking the final
online examination/take-home examination/project. I certify that this declaration is true
and correct. I understand that if this declaration is found to be untrue or incorrect, I may
be subject to penalties in accordance with the University’s rules and regulations.

Student Name : Nur Izzatul Najwa Binti Norzi Azwa

Student Matric : 4192009631

Program : Bachelor Of Human Resource

Management

Course Name : HUMAN RESOURCES INFORMATION

SYSTEM

Course Code : PHS 3233

FACULTY OF BUSINESS AND ACCOUNTANCY/ NOVEMBER 2021

ANSWERS:

Section A Q1)a):

Company Profile

i. Basic information

Basic information is one of the part of company profile components. Basic information in
this company profile needs information is related to the staff company name, company
resgistration number, Phone, Fax, Email, Websites URL, Contact Person Name,
Addreses, and so on. As an example:

Name: Suka HQ

Staff number: A56091

Identification NO: 920605-06-5246

Gender: Female

Race: Malay

Birth Date: 5 January 2000

Religion: Islam

Marital Status: Single

ii. Financial information

Financial information is one of the part on office central it is related to the staff financial
information conducting the EPF number, SOCSO, Income tax number, ZAKAT, Tabung
Haji, and so on.

Staff Profile

i. Basic information

Name: Suka HQ

Staff number: A56091

FACULTY OF BUSINESS AND ACCOUNTANCY/ NOVEMBER 2021

Identification NO: 920605-06-5246

Gender: Female

Race: Malay

Birth Date: 5 January 2000

Religion: Islam

Marital Status: Single

ii. Education

Education Name: Master in Bussiness Administration

Education Description: Oxford University

Year: 2

iii. Experience

Company name: XIXILI SDN BHD

Description:Assistant Sales Manager

Start Date:1 Dec 2016

End date: 1 June 2017

b)items in a payroll group:

Items included in payroll group is Satff NO, Staff Name, Classifcation, Department,
Designation, Report To, and Date Joined Duration.
C (i)
Pay Dates
Employees who are paid monthly are paid on the last working day of the month, except
in December, when pay day is shifted to accommodate the Christmas holiday. Here,
you'll find a list of pay dates for December.

FACULTY OF BUSINESS AND ACCOUNTANCY/ NOVEMBER 2021

Dates of Payroll Deadlines
Information must be provided by the deadlines listed in the notices. Pay period
transactions will not be executed until the next pay period, and departments should
inform their personnel of this fact. Because of the early paydays in December and other
public or bank holidays, several deadlines are sooner than in the rest of the year. The
deadlines are subject to change, so please check the website often to see if anything
has been changed.
c)ii)

FACULTY OF BUSINESS AND ACCOUNTANCY/ NOVEMBER 2021

d) i. Employee Provident Fund (EPF) - contribute 11 percent of your monthly salary to
the EPF, and your employer will contribute an additional 12 percent or 13 percent. The
government has the authority to alter the statutory contribution rate for EPF savings.
However, either the employer or the company, or both, may contribute at a higher rate
than the statutory rate.

ii. Social Security Organization (SOCSO) - The Social Security Organization (SOCSO)
provides social security protection to employees through social insurance, which
includes medical and cash benefits, the provision of artificial aids, and rehabilitation to
alleviate suffering and provide financial guarantees and protection to the family.

iv. Malaysian Inland Revenue Board (LHDN) - The LHDN is one of the Ministry of
Finance's primary revenue collection agencies. The LHDN was established in
accordance with the Inland Revenue Board of Malaysia Act 1995 in order to grant it
greater autonomy, particularly in financial and personnel management, and to improve
the quality and effectiveness of tax administration.

B. SECTION (Q1)

a.

Analyze security breaches that occurred in relation to intentional threats against Cisco
cloud infrastructure perpetrated by a former Cisco employee.

The following are the security breaches that have occurred in relation to intentional
threats against Cisco cloud infrastructure perpetrated by a former Cisco employee:

• A former Cisco employee gained unauthorised access to the company's cloud

infrastructure by exploiting his knowledge of Cisco's security mechanisms and exploiting
their flaws in order to gain access to the cloud infrastructure and deploy his code.

• He distributed malicious code that deleted 456 virtual machines associated with
Cisco's WebEx Teams application.

• There was no use of two-factor authentication or other access management

techniques to protect sensitive resources, making it simple for the former Cisco
employee to gain access.

• As a result, 16,000 WebEx users were unable to access their accounts for two weeks.

• Cisco had to spend approximately $1.4 million in employee time auditing and repairing
their infrastructure.

FACULTY OF BUSINESS AND ACCOUNTANCY/ NOVEMBER 2021

SECTION B Q1(B)

To prevent unauthorised access, the HR department should be more proactive about

company data security. Human resources departments have always been associated
with people's success and development, but they are now more actively involved in
cybersecurity and data protection. With the rise in cyber-attacks and data breaches, HR
can no longer afford to ignore this responsibility. HR professionals are already familiar
with all of the sensitive information that organisations keep on their employees, such as
salary history, performance reviews, benefit plans, and so on. However, because of this
level of openness, HR professionals are a potential target for criminal hackers.

To avoid this, HR departments can take a proactive approach to data security by

providing ongoing training and education. HR professionals, for example, can pursue
qualifications that will help them become HR specialists. HR professionals with such
credentials are better prepared to deal with the complexities of cybersecurity and data
protection. By understanding how security breaches can disrupt business operations,
HR personnel will be able to intervene when necessary and resolve issues before they
become more serious issues. To stay current in the industry, these individuals should
continue their education by attending seminars or webinars on emerging trends. This
way, you can keep your finger on the pulse of cybersecurity best practises at all times.
This entails being aware of any new threats that must be addressed. Furthermore, by
regularly updating employees' knowledge of best practises for safeguarding sensitive
information – such as phishing scams, password security protocols, and more – HR
professionals can help prevent harmful incidents in the workplace.

Second, HR departments can be proactive by auditing the data collection and storage
process. For example, a company that has out-of-date security protocols in place to
protect sensitive information such as employee salaries or benefit plans is a prime
target for criminal hackers In that case, it is time to update these procedures in order to
remain compliant with new federal government regulations regarding how organisations
must store this PII (personally identifiable information). When hiring third-party vendors
who will have access to PII on the organization's employees and other sensitive
business intelligence, HR professionals should be especially cautious. This includes
thoroughly vetting potential service providers before bringing them into your network,
ensuring they have a solid track record of protecting information and adhering to federal
regulations. This is significant because there have been numerous instances where

FACULTY OF BUSINESS AND ACCOUNTANCY/ NOVEMBER 2021

employees of third-party vendors have violated privacy policies, putting the organisation
at risk of fines or worse if their system is hacked and sensitive data is stolenHR
professionals should also collaborate closely with their IT department to ensure that
data security measures are implemented consistently. For example, ensuring that
software upgrades are completed on time so that cyber criminals are unable to exploit
existing vulnerabilities or weaknesses in a system.

Maintain the integrity of your firewall rules as well. A firewall is a network security device
that monitors both incoming and outgoing network traffic and allows or denies data
packets based on a set of security rules. It is possible to optimise the firewall rule base
to ensure that it runs smoothly and without interruptions. Make sure you don't have any
rules that are duplicated, incorrect, or shadowed. Again, having a regular schedule for
upgrades and efficiency checks is recommended.

Control user access and firewall changes as well. HR should be strict about user
permissions and only allow authorised users you trust to change the firewall rules. Also,
have a procedure in place for firewall changes. It should include a list of the desired
adjustments, an estimation of the risk of policy changes, and basic information about
who implemented the changes, when they were implemented, and why, as well as a
record of the results.

Employees are the most effective line of defence against data breaches. HR
professionals should be proactive in educating employees about the importance of
protecting sensitive information and adhering to legislation. This entails collaborating
closely with IT, auditing security measures within an organisation, and thoroughly
screening third-party vendors before allowing them access to your network.

SECTION B Q1(C)

In terms of technical controls, the best practises of prevention techniques that Cisco
should implement in order to secure customer data are, first and foremost, auditing the
network and checking security controls. Maintaining a secure environment necessitates
knowledge. The IT organisation must conduct a network audit to gain an accurate
picture of a given enterprise's security posture. IT professionals can use auditing to
identify potential vulnerabilities that need to be fixed, find unused or unnecessary
applications running in the background that can be removed, determine the strength of
the firewall and the currency of its settings, measure the state of networked servers,
gear, software, and applications, confirm the overall efficacy of the security
infrastructure, and judge.

Second, put in place and communicate a security governance structure. Compliance

does not always imply security, but it can provide important guidance on how to mitigate

FACULTY OF BUSINESS AND ACCOUNTANCY/ NOVEMBER 2021

risks. Regulatory bodies such as the International Organization for Standardization and
the Payment Card Industry Security Standards Council emphasise the importance of
establishing a structure that specifies who is responsible for managing security and
responding to cybersecurity incidents. IT organisations must define the roles and
responsibilities of individuals in managing risks and responding to incidents. Periodic
risk assessments can assist organisations in prioritising vulnerability remediation and
minimising downtime.

Furthermore, review and communicate security policies. To ensure a strong security

posture, a pragmatic and valid security policy is required. Organizations frequently fail to
review policies to ensure that they address current business operational requirements
and security conditions. Unfortunately, enterprises frequently fail to communicate these
policies to both IT staff and, where applicable, end users. Organizations such as the
SANS Institute publish reference documents that IT professionals can use to reexamine
and update policies, such as having a formal directive on implementing and executing
changes.

After that, educate end users. Raising end-user awareness is critical in an era when
phishing attacks are a preferred method of many cyberattacks. In a 2017 Dell survey of
corporate employees, more than 75% said they would willingly share confidential data
under certain conditions. End users are vulnerable to certain types of attacks that look
like normal communications. And, as cybercriminals become more adept at using email
and other forms of communication to closely mimic professional interactions, the
likelihood of a staff member succumbing to the threat grows. End-user education should
be an ongoing process that is an intrinsic part of a company's culture to keep
employees informed about the evolving threat environment and associated corporate
security policies.

Finally, stay informed. One overarching requirement for establishing best practises in
network security is to treat the discipline as an ongoing effort. This includes staying up
to date on changes in the threat environment. As a result, security personnel and IT
professionals must understand how cyberattackers are changing their tactics. They
must also stay current on advances in threat detection and mitigation. The goal should
be to apply lessons learned from previous incidents to limit the negative consequences
of future events.

Q2)a) ANSWERS

Problems that Cempakasari Sdn Bhd are experiencing is:

-Head count reports are frequently late and inaccurate

FACULTY OF BUSINESS AND ACCOUNTANCY/ NOVEMBER 2021

- Daily attendance records for personnel from various offices and locations

throughout Malaysia is time-consuming and late submissions. Reports received

from 10 separate offices, and not user-friendly for upper administration.

-The recruiting procedure is extremely slow, takes three months from the date of

the advertisement for new staff to begin working.

-Leave administration is time-consuming, and the employees who seek information

often become frustrated. Managers were found to be tardy in making

decisions or granting leave requests.

-The payroll procedure, centralized at the corporate headquarters, takes

lengthy time, placing a load on the HR personnel and resulting high rate of

human error computations of salaries. Salary information, which is intended

to be private, discreet, and managed, was occasionally discovered on the table of

human resources personnel.

Solutions that can be implemented to the issues that faced by Cempakasari Sdn Bhd
is,they can used:

1. Recruiting Modules

This is because the Cempakasari Sdn Bhd have an issue is The recruiting procedure is
extremely slow, takes three months from the date of the advertisement for new staff to
begin working. When the HRMS module have a recruiting modules it can make it easy
to the HR department. This is because the recruiting system can help in the providence
of requisition and vacancy, create a vacancy, assign recruitement vacancy, applicant
quick entry and final step is Mass update of the applicant. With this modules,
Cepakasari can reduce the time of recruitementofeach applicant.

2. Payroll module

The challenges that Cempakasari faces on centralised at the corporate headquarters

take a long time, putting a strain on HR personnel and resulting in a high rate of human
error in salary computations. The payroll module has the potential to solve the
organization's problem. The HR clerk only needs to enter the on-payroll profile in the

FACULTY OF BUSINESS AND ACCOUNTANCY/ NOVEMBER 2021

payroll system, which includes the basic salary, overtime, payroll group, bank
information, EPF information, SOCSO information, LHDN information, and Zakat
information. When the salary date arrives, the HR clerk simply clicks on process payroll
and indicates which month and when the date should be cut off. For example, if the
salary is paid on January 27, 2022, the cut-off date must be January 26, 2022. It is very
simple when the payroll module is used in the part of HRMS

3. Attendance management and leave management module

The issue that Cempakasari SDN BHD is facing is that maintaining daily attendance
records for personnel from various offices and locations throughout Malaysia is time-
consuming, and late submissions are common. Additionally, leave administration is
time-consuming, and employees who seek information frequently become frustrated,
which can reduce errors. This is due to the fact that the system is automatically updated
once the clerk has indicated the employee's attendance and leave. They simply enter
the data into the module, and the result is calculated automatically; the clerk does not
need to calculate manually because the system is built automatically

Q2)b) Precise factors that should be considered while selecting the most suitable
vendor for the Cempakasari SDN BHD is this organization need to use the need
analysis metrics factors. This analysis willhelp the organization to becomemore
systematics which it is using the need analysis stages included process of Need
analysis planning,Observation, Exploration, Evaluation and Reporting. Cempakasari
need to used this factor because it is important to giving benefits in aspect of :

 Automate Process
 Ensure 100 percent accuracy
 Save time, increase effiecient and accelerate growth of the organization

FACULTY OF BUSINESS AND ACCOUNTANCY/ NOVEMBER 2021