ITM Lecture 4

INFORMATICS
Information Technology Management
Lecture 4
2rd January 2008
ITM Lecture 4
Advanced Diploma (Thames College) 1
Information
o at o Tec
Technology
o ogy Management
a age e t
U i 77: D
Unit Design
i and dDDevelopment
l and
d
Evaluation of Systems
ITM Lecture 4
Processing
P ocess g Techniques
Tec ques
z The Processing Methods for a system can
be divided into:
z Online Processing
z Real-time
Real time Processing
z Batch Processing
ITM Lecture 4
Onlinee Processing
O P ocess g
z Online processing refers to a situation where devices
called Terminals are connected directly to the
computer so that input may be made at any time and
the user is able to immediately and directly access data
stored in the computer.
z Online processing is done on a multi-user basis.
z I
Interactive
i processing i refers
f to a situation
i i in i which
hi h the
h
user interacts with the computer.
z The term Interactive Processing is sometimes used
to describe online and real-time processing collectively.
ITM Lecture 4
Real-time
ea t e Processing
P ocess g
z Any data that is received must be immediately
processed and updated into the database
z Actual
A l status off events or records,
d transactions
i
are dealt with as events occur
z Database mirrors reality
z Real-time
Real time system
s stem always
al a s online
z Online system not always real-time
z Many system today are both online-real-time
systems E.g.
systems. E g Banking ATM
ITM Lecture 4
Batch
atc Processing
P ocess g
z A method of collectingg and processing
p g data in
which transactions are accumulated and stored
until a specified time when it is convenient or
necessary
z Batch processing is an economical method d for
processing large volumes of data on a routine
basis.
z An example of batch processing is the processing
of overtime claims in a payroll system.
ITM Lecture 4
Interface
te ace of
o Online
O e Systems
Syste s
z Commands
z One method of interacting with the computer is for the
user to keyy in commands.
z This does not contribute to ease of use, since
commands must be remembered and mistakes are easilyy
made.
z Menus
z Menus may list different applications, such as sales
ledger purchase ledger or stock control routines,
ledger, routines from
which the user is guided to sub-menus according to the
option
p selected.
ITM Lecture 4
Configuration
g for Real-time System
y
z Support
pp immediate telecommunications and interactive
processing
z A powerful computer server,
server with terminals (e.g
(e g
microcomputers) at each user site, connected by
telecommunications equipment like modems and
leased lines
ITM Lecture 4
Procedure for Batch Data Processingg
z Prepare Batch Control Sheets
z Send batch data to Data Preparation
z Check Batch Control Sheets
z Enter Data
z Validate Data
z Process Data
ITM Lecture 4
Procedure for Batch Data Processing

-Prepare
Prepare Batch Control Sheets
z Before sending the batch to data
preparation, the number of cards is
countedd andd noted
d on a b
batch
h controll
sheet.
z The total number of hours worked for all
the cards is added and also noted on the
sheet.
ITM Lecture 4
-Send
Send Batch Data to Data Preparation
z The batch control sheet is sent with the
batched data and a copy is retained in the
i i i i ddepartment.
initiating
ITM Lecture 4

-Check
Check Batch Control Sheets
z When the cards arrive at data preparation, the
cards are counted and the total hours
checked
h k d againsti t the
th control
t l sheet.
h t
z Any y discrepancies
p are checked with the
initiating department.
z Based
B d on the h bbatchh controls
l sheet,
h iit will
ill b
be
possible to determine whether anyy cards have
p
been mislaid or altered in transit.
ITM Lecture 4
Procedure for Batch Data
Pr
Processing
in -Enter
Ent r DData
t
z The data is keyed using a keyboard and stored
on disk.
z This
Thi step is
i sometimes
i called
ll d key
k punchinghi
which is an old term from days when punch
cards were the main medium for input data.
z When punch cards are usedused, the data is
translated into a machine readable form by
punching
hi h holes
l iin th
the cards,
d which
hi h are llater
t read
d
by a reading machine.
ITM Lecture 4
Procedure for Batch Data

Pr
Processing
in -Validate
V lid t Data
D t
z Validation of data is done to minimize
inaccuracies.
ITM Lecture 4
-Process
Process Data
z The data is now complete,
complete validated and
therefore ready for processing.
ITM Lecture 4
OLTP
O TP vs. OLAP
O P
ITM Lecture 4
On Linee Transaction
O T a sact o Processing
P ocess g
z On Line Transaction Processing (OLTP)
z Maintains a database that is an accurate model
of some real-world
real world enterprise.
enterprise
z Supports day-to-day operations.
z Characteristics:
z Short simple transactions
z Relatively frequent updates
z Transactions access only a small fraction of

the database
ITM Lecture 4
On Linee Analytic
O a yt c Processing
P ocess g
z On Line Analytic Processing (OLAP)
z Uses information in database to guide
strategic decisions.
z Characteristics:
z Complex queries
z Infrequent
I f updates
d
z Transactions access a large fraction of the
database
z Data need not be up-to-date
p
ITM Lecture 4
Data
ata Warehouses
Wa e ouses
z OLAP and Data Mining databases are
frequently stored on special servers called
D
Data W
Warehouses:
h
z Can accommodate the huge amount of data
generated by OLTP systems
z Allow
All OLAP queries i andd ddata mining
i i to b
be
run off-line so as not to impact the
performance of OLTP
ITM Lecture 4
Data
ata Miningg
z Analysis of large pools of data to find patterns
and rules that can be used to guide decision-
making and predict future behavior.
behavior
ITM Lecture 4
OLAP
O P vs. Data
ata Miningg
z OLAP tools are front
front-end
end tools used by
users to analyze data that are stored usually
i a data
in d warehouse.
h
z Data Mining is an example of an OLAP
that enables detection of patterns and trends in
large databases.
ITM Lecture 4
Va dat o
Validation
z Before data can be updated into the database, it
must be checked for errors.
z This
Thi validation
lid i can b be ddone iin b
both
h online
li andd
batch processing.
z Presence Checks
z Format Checks
z Range Checks
z Reasonableness
R bl Ch
Checks
k
z Check Digits
ITM Lecture 4
Validation
Va dat o - P
Presence
ese ce Checks
C ec s
z In this instance, the input data is examined to
ensure that all the necessary data items, or fields,
are present
present.
z In the payroll example, a presence check would
ensure that fields such as the date of the period-
end,, the employee
p y number and the hours
worked, are present.
z Any
A sett off data
d t failing
f ili this
thi test
t t wouldld be
b
rejected.
ITM Lecture 4
Validation
Va dat o - Fo
Format
at Checks
C ec s
z This check ensures that the format of the
data in a field is correct, i.e. the correct
numberb off letters
l andd numbers,
b iin the
h
correct order.
z If a field is numeric, then any alphabetic
data would be rejected.
ITM Lecture 4
Validation
Va dat o - Range
a ge Checks
C ec s
z This is a check that numbers or codes are
within an accepted range.
z Employee payroll numbers, for example,
could be subjected to this sort of check.
check
z Any y employee
p y number which does not fall
into the accepted range could be assumed
to be either a mistake or a deliberate
falsehood.
ITM Lecture 4
Validation - Reasonableness
V b Checks
z These are a form of range check which
would reject items which are unreasonable.
z A claim that an employee has worked 25
hours in a day
day, for example
example, would fail this
test.
ITM Lecture 4
Validation
Va dat o - C
Check
ec Digits
g ts
z One of the most common type of mistakes is to transpose the
figures in a number.
z The check digits validation check is a method of minimizing the
occurrence of transposition.
z It is a mathematical technique in which the digits form the
numberb are used d iin a mathematical
h i l process, the
h resultl off which
hi h
is appended to the original number as the check digit.
z The number can then be tested using the same mathematical
process.
z If the result is the same check digit,
digit then the likelihood of
transposition is minimal.
z If it is different then the number has been transposed.
ITM Lecture 4
Information
o at o Tec
Technology
o ogy Management
a age e t
Unit 8: Securityy andd Control,, System

y
Development Life Cycle
ITM Lecture 4
Security and Control, System
Ethics and Social Issues
ITM Lecture 4
What
W at aaree Computer
Co pute Ethics?
t cs?
z Moral
guidelines that govern use of
computers and information systems
z Unauthorized use of computer systems
z Information privacy
z Intellectual property rights
z Software theft (piracy)
z Information accuracy
z Codes of conduct
ITM Lecture 4
What do yyou think about ethical issues?
ITM Lecture 4
Whyy is Information Accuracyy Important?

p
z Inaccurate input
p can result in erroneous
information and incorrect decisions based on that
information
z Evaluate Web page's value before relying on its
content
t t
ITM Lecture 4
What are the Ethics of Using
C mp t r tto Alt
Computers Alterr O
Output?
tp t?
z Alteration could lead to deliberately
misleading photographs
ITM Lecture 4
Intellectual
te ectua Property
P ope ty Rights
g ts
z Intellectual property (IP) refers to work created
by inventors, authors, and artists
z Intellectual
I ll l property rights
i h are rights
i h to which
hi h
creators are entitled for their inventions,
writings, and works of art
ITM Lecture 4
IT
T Code of
o Co
Conduct
duct
z Written guideline
that helps determine
whether
h h specificifi
p
computer action is
ethical or unethical
ITM Lecture 4

Security and Control
ITM Lecture 4
Security
Secu ty and
a d Controls
Co t o s
z Data, software
so twa e and
a d hardware
a dwa e are
a e valuable
va uab e resources
esou ces and
a d must
ust be kept
ept
secure from being wrongly changed or being destroyed accidentally or
deliberately.
z Data must also be secured against wrongful disclosure.
z A hardware fault or a telecommunications fault, can suffer financial
loss.
loss
z Confidential data which is being word processed might be vulnerable
to unauthorized access.
z The Data Protection Act 1994 incorporates a principle that
computerized personal data be kept secure against wrongful disclosure.
z If computerized data is not protected properly, there will also be scope
for computer fraud.
ITM Lecture 4
Problems Associated with Computers

p
z Data processing by computer created extra
problems for control because of its special
characteristics:
h i i
z Inaccuracy of Programs and Data
z Lose Data on File
z Unauthorized Access
z No Logging and Tracing
z Dishonest Programmers
z Accidental Error Cause Problems
ITM Lecture 4
Inaccuracy
accu acy of
o Programs
P og a s and
a d Data
ata
z Large volumes of data are concentrated
into files that are physically very small.
z Large quantities of data are processed
without
ith t human
h intervention,
i t ti andd so
without humans knowingg what is goingg g on.
z This places great reliance on the accuracy
off programs andd off data
d on file.
fil
ITM Lecture 4
Lose
ose Data
ata on
o FFilee
z Equipment can malfunction,
malfunction data files can
become corrupt and store meaningless
data, data can get lost when files are copied,
and data files are susceptible to loss
through theft, flood or fire.
ITM Lecture 4
Unauthorized
U aut o ed Access
ccess
z Unauthorized people can gain access to data on
files, and read confidential data or tamper with
the
h ddata.
z This is a p
particular p
problem with on-line systems
y
because access to a computer program and
master file can be from any remote terminal.
terminal
z It is even possible for Hacker to use their
computers to gain access to files and programs
y
of other systems.
ITM Lecture 4
No Logging
ogg g and
a dT
Tracing
ac g
z Information on a computer file can be
changed without leaving any physical trace
of the change.
z It does
d nott help
h l matters
tt that
th t computers
t
lack jjudgment
g and errors in data
processing by computer can go undetected
when this would not be the case with
manual data processing.
ITM Lecture 4
Dishonest
s o est Programmers
P og a es
z Programmers are experts
experts, and with careful planning
planning,
dishonest programmers can tamper with programs
to their o
own
n benefit
benefit.
z A case has been recorded, for example, of a
programmer who arranged for all fractions of a
penny in salaries to be paid into a bank account
which the programmer opened and from which he
took the money.y
z Several thousand payments mounted up over time
into substantial sums of money.
money
ITM Lecture 4
Accidental
cc de ta Error
o Cause Problems
P ob e s
z What is to stop a computer operator from using
a disk containing master file data to take output
f
from a different
diff program??
z If this were done,, the data on the master file
could be wiped out.
z This
Thi isi such h an important
i p t t source off potential
p t ti l
error that controls to prevent this from
happening should be built into nay computer
y
system.
ITM Lecture 4
The N
Need for Securityy and Controls
z Computer systems controls must be
maintained regardless of the size of
application or method of processing (batch
or real time)
time).
z If certain controls are difficult to establish
in a microcomputer system (for example,
division of responsibilities),
responsibilities) more emphasis
must be placed on other controls.
ITM Lecture 4
Thee Risks
T s s to Data
ata
z The dangers associated with information
storage magnetic medium include the
following:
z PhysicalSecurity
z Environmental Security
z Loss of Confidentiality
z Processing
P i the
th Wrong
W File
Fil
z Hardware or Program
g Corruption
p
ITM Lecture 4
The Risks to Data - Physical
y Securityy
z Tapes or disks can be stolen
stolen, mislaid or
damaged or destroyed by fire, flood or
vandalism.
ITM Lecture 4
The Risks to Data - Environmental Securityy
z Tapes and disks are susceptible to

magnetic fields, dust and extremes of
temperature and humidity.
z Although
Alth h in i modern
d PCs
PC the
th problems
bl off
environmental control have been reduced,
they are still quite important.
ITM Lecture 4
The Risks to Data - Loss of Confidentialityy
z Information stored in magnetic fields may

be accessed by unauthorized persons.
z This is a particular problem in larger
systems
t with
ith remote
t terminals,
t i l or ini time
ti
sharingg or computer
p bureau applications.
pp
ITM Lecture 4
The Risks to Data

- Processing
Pr in th
the Wr
Wrong
n Fil
File
z Since data is in magnetic form,
form and not
visible, the wrong file could be read, or a
file could be overwritten when its data is
still needed.
needed
ITM Lecture 4
The Risks to Data –
H rd r orr Pr
Hardware Program
r mCCorruption
rr pti n
z Hardware or software faults may damage
or destroy the data on files.
ITM Lecture 4
Co t o s
Controls
z Controls which can be implemented
p to counter
the risks fall into two categories.
z General Controls ensure that the computer
environment is secure. They fall into two groups.
z Administrativee Controls are
Administrati r ddesigned
si n d tto support
s pp rt th
the
smooth continuing operation of systems.
z System Development Controls are designed to ensure
that any new system does not present new risks to the
environment.
z Application Controls are built into operations, and
ensure that processed data is accurate and complete.
ITM Lecture 4
Administrative
d st at ve Controls
Co t o s
z Some controls can be applied at relatively small cost,
simply by introducing sensible administrative and
organizational measure.
z Administrative controls are controls over data and data
securityy that are achieved byy administrative measures.
z They should be applied in the data processing
department or computer centre,
department, centre where an organization
is large enough to have one, and in other offices.
z With PC systems,
systems administrative controls willill include
incl de
controls over handling the computer hardware,
software and files.
files
ITM Lecture 4
Administrative
d st at ve Controls
Co t o s
z Administrative controls should include:
z Controls over Personnel
z The Segregation of Duties
z Physical
Ph i l Security
S i
z Access Controls
z Protection Against Hacking and Viruses
z Good
G d Office
Offi Practice
P i
z Back-upp and Standbyy Facilities
ITM Lecture 4
Controls
Co t o s over
ove Personnel
Pe so e
z Controls related to personnel,
personnel which were developed
before the advent of computers:
z Job rotation
z Enforced vacations
z Access to information granted not on the basis of rank in the
management hierarchy or precedent, but on a need-to-know
basis
z Some employees, such as the systems analyst and the
computer security officer, are always in a position of trust.
z A well-designed security system puts a few people as
possible in this p
p powerful p
position.
ITM Lecture 4
Thee Segregation
T Seg egat o of
o Duties
ut es
z Work should be divided between systems analysts, programmers
and operating staff, and operations jobs themselves should be
divided between data control, data preparation and computer
r
room operations.
p r ti
z The functions of an organization structure are:
z To assign responsibility
responsibilit for certain tasks to specific jobs and
individuals.
z To pprevent fraud.
z Duties may be segregated by ensuring that no member of staff
works more than of:
z Data capture and entry
z Computer operations
z Systems analysis and programming
ITM Lecture 4
Physical
P ys ca Security
Secu ty
z Physical security comprises two sorts of
controls:
z Protection against disasters such as fire and
flood
z Protection against intruders gaining physical
access to the
h system
ITM Lecture 4
Physical Security –
Pr t ti n Against
Protection A in t Disasters
Di t r
z The pphysical
y environment has a majorj effect on
information system security and so planning it properly
is an important
p p
part of an adequate
q securityy plan.
p
z Fire is the most serious hazard to computer systems.
z A proper fire safety plan is an essential feature of
security procedures. Fire safety includes:
z Site preparation
Si i ((appropriate
i Building
B ildi Materials
M i l andd Fire
Fi
Doors)
z Detection (Smoke Detectors)
z Extinguishers (such as Sprinklers)
z Tr i i for
Training f r St
Staff
ff in
i Observing
Ob r i Fir
Fire SSafety
f t Procedures
Pr d r
ITM Lecture 4
Pr t ti n Against
Protection A in t Intruders
Intr d r
z Methods of controlling human access include:
z Personnel (security guards)
z Mechanical devices (such as keys,
keys whose issue is recorded)
z Electronic identification devices (such as card-swipe systems,
where cards are p
passed trough
g readers))
z It may not be cost effective or convenient to have the same
type
yp of access controls in the whole buildingg all of the time.
z The various security requirements of different departments
should be estimated,, and appropriate
pp p boundaries drawn.
z Some areas will be very restricted, whereas others will be
relativelyy open.
p
ITM Lecture 4
Ph i l Installation
Physical In t ll ti n Security
S rit
z Measures
Meas res to ensure
ens re physical
ph sical security
sec rit in the
computer room are as follows:
z Computer rooms should be kept locked when not in use
and only authorized personnel should have keys.
z Computers files should be kept locked in a safe place,
such as a fireproof safe.
z The physical conditions in which the hardware and files
are kept should be suitable, that is not too hot, damp or
rusty.
z Measures should be taken to minimize the risks of fire.
ITM Lecture 4
Access
ccess Controls
Co t o s
z Access
A controls
t l are controls
t l designed
d i d to t
prevent unauthorized access to data files
p
or programs.
z Access
A controls
l which
hi h can b
be b
built
il iinto
y
system's software are:
z Passwords
z Encryption and Authentication (Data

Communications Controls))
ITM Lecture 4
Passwo ds
Passwords
z Passwords
P d can be
b appliedli d to
t data
d t files,
fil
program files an parts of a program.
z The computer does not allow a user access to
the relevant facilities until he has typed in the
appropriate password.
z One password may be required to read a file and
another to write new data.
z The terminal user can be restricted to the use of
certain files and programs.
programs
ITM Lecture 4
Limitation
tat o of
o Passwords
Passwo ds
z Passwords ought to be effective in keeping out
unauthorized users, but they are by no means
foolproof.
foolproof
z Experience has shown that unauthorized access can be
obtained.
b i d
z By experimenting with possible passwords, an unauthorized
person can gain
i access to a program or fil
file by
b guessing
i the
h
correct password.
z Someone who is authorized to access a data or program file
may tell an unauthorized person what the password is,
perhaps
p p throughg carelessness.
ITM Lecture 4
Encryption
c ypt o and
a d Authentication
ut e t cat o
z When data is transmitted oover
er a comm
communication
nication
link or within a network, there are three security
dangers:
z A hardware fault
z Unauthorized access by an eavesdropper
z Direct intervention byy someone who sends false
messages down a line, claiming to be someone else, so
that the recipient of the message will think that it has
come from an authorized source.
ITM Lecture 4
What
W at iss Encryption?
c ypt o ?
z Encryption
E r pti iis th
the onlyl secure
r way tto pr
preventt
eavesdropping.
z Encryption involves
b g the data at one
scrambling
end of the line,
transmitting the scrambled
data and unscrambling it at
the
h receiver's
i ' end d off the
h
line.
ITM Lecture 4
What
W at iss Authentication?
ut e t cat o ?
z Authentication is a technique to make sure that a
message has come form an authorized sender.
z Authentication involves adding
an extra field to a record, with
the contents of this field
derived from the remainder of
the record
d by
b applying a
formula that has previously
b
been agreeddbbetween senders
d
and the recipients of data.
ITM Lecture 4
Protection against
g Hackingg and Viruses
z As
A it becomes
b common ffor computers t to t
communicate over longg distances, the risk
of corruption or theft of data or even
whole programs becomes much greater.
greater
z Two interconnected security y issues are
Hacking and Viruses.
ITM Lecture 4
Hac g
Hacking
z A Hacker is a person who attempts to invade the privacy
of a computer system.
z Hackers are normally skilled programmers and have been
known to find out passwords with ease.
z The fact that billions of bits of information can be
transmitted in bulk over the public telephone network has
made it hard to trace individual hackers
hackers, who can therefore
make repeated attempts to invade systems.
z Hackers have in the past mainly been concerned to copy
information, but a recent trend has been their desire to
corrupt it.
ITM Lecture 4
V uses
Viruses
z A computer virus is a piece of software which infects
programs and data and which replicates itself.
z Viruses can spread via data disks,
disks but have been known to
copy themselves over whole networks.
z The most serio
seriouss type
t pe of virus
ir s is one which
hich infects an
operating system as this governs the whole running of a
computer system
system.
z There are a number of types of virus.
z A Trojan
z A time bomb
z A trap door
ITM Lecture 4
Viruses
V uses - T
Trojan
oja
z A Trojan is a program is a piece of code triggered
by certain events.
z A program willill b
behave
h normally
ll untilil a certain
i
event occurs, for example disk utilization reaches
a certain
i percentage.
z A logic bomb, by responding to such conditions,
maximizes damage.
z For example, it will be triggered when a disk is nearly full, or
when a large number of users are using the system.
ITM Lecture 4
Viruses
V uses - T
Timee Bomb
o b
zA time
ti bomb
b b iis similar
i il tto a logic
l i bomb
b b
except
p that it is triggered
gg at a certain date.
z Companies have experienced virus attacks
on April
A il FFool's
l' DDay and d on F
Friday
id 13th
13 h .
z These were released by time bombs.
bombs
ITM Lecture 4
Viruses
V uses - T
Trap
ap Door
oo
z A trap
tr p door
d r is i not
n t it
itself
lf a virus,
ir b butt it is
i ann
undocumented entry point into a computer
system.
z It is not to be found in design g specifications
p but
may be put in by software developers to enable
them to bypass access controls while working on
a new piece of software.
z Because
B it
i is
i not documented,
d d it
i may be b forgotten
f
and used at a later date to insert a virus.
ITM Lecture 4
Protection
P otect o Against
ga st Viruses
V uses
z How can organizations protect themselves against viruses?
z Vaccine programs exist which can deal with some viruses, but if
the virus lives in the bootstrap program, the virus can work before the vaccine is
loaded.
loaded
z Organizations must guard against the introduction of unauthorized software to
their systems.
z O
Organizations
i i should
h ld as a matter off routine
i ensure that
h any risk
ik
received from outside with data on it is virus-free before the disk is used.
z Any flaws in a widely used program should be rectified as soon as they come to
light
z There should be a clear demarcation between the storage of data
files and program files on disk.
z Organizations need to establish procedures and reviews to
minimize the chances of infection. Virus protection controls should become part
of the internal control system of an organization.
ITM Lecture 4
Good O
Office
ce P
Practice
act ce
z There are several points of good practice which can together
make a major contribution to the integrity of a system.
z Data is often shared between users. There should be a designated data
owner for each file, responsible for:
z Keeping data accurate and up to date
z Deciding who should have access to the data
z Developing security procedures in conjunction with the data security
manager
z If a computer
p t printout
p i t t is
i likely
lik l to
t include
i l d confidential
fid ti l data,
d t it should
h ld be
b
shredded before being thrown away.
z Disks should not be left lying around an office.
z The computer's environment (humidity, temperature and dust) should be
properly controlled.
z Files should
sho ld be backed upp regularly.
reg larl
ITM Lecture 4
Maintenance
a te a ce and
a d Support
Suppo t
z All computers are covered by some kind of warranty from
the manufacturer when they are bought new. What should
the computer
p user do after the warrantyy period
p has expired?
p
z Ask a third party computer repair company to come in
and do the repair work. The drawbacks to this are that:
z Repair companies give priority treatment to contract
customers.
z One-off
One off repair charges will be very high.
high
z The user can arrange a maintenance contract with the
manufacturer or a third party repair company.
z A third option is breakdown insurance, which provides
cover for breakdowns and certain consequential losses.
ITM Lecture 4
Back-up
ac up aand
d Sta
Standby
dby Facilities
Fac t es
z A major aspect of system security is to ensure provision of the required
services continuously without deterioration in performance.
z For many applications this will require that some duplication in the system be
tolerated or even discouraged.
z Administrative controls should be introduced:
z To enable file data to be recreated when a file is lost or corrupted;
z To provide stand-by hardware facilities whenever a hardware item breaks down.
ITM Lecture 4
Recreating File Data when a File is
L t orr Corrupted
Lost C rr pt d
z One of the worst things that could happen in
data processing by computer is the loss of all
the data on a master file or the loss of a
program.
z Files might be physically lost, physically
damaged and become unreadable.
z Controls are therefore needed to enable a data
or program file
fil to be
b createdd if the
h original
i i l iis
lost or corrupted.
ITM Lecture 4
Business
us ess Continuity
Co t u ty Planning
Pa g
z A disaster is anyy securityy event which can cause a
significant disruption to the IT capabilities for
long enough to affect the operations of an
organization.
z Organizations
O i i must prepare ffor disasters
di so that
h
they are able to recover form one should it
happen.
z A Disaster Recovery Plan (DRP) is also known as
a Contingency Plan or a Business Continuity Plan
(BCP)
(BCP).
ITM Lecture 4
Resumption
esu pt o after
a te a Crisis
C ss
z The key to successful recovery is adequate
preparation.
z Seldom does a crisis destroy irreplaceable
equipment;
q p most computing
p g equipment
q p systems -
personal computers to mainframes - are standard,
"off the shelf systems
y that can easilyy be replaced.
p
z Data and locally developed programs are more
vulnerable,
l bl since
i th
these cannott be
b quickly
i kl
substituted from another source.
ITM Lecture 4
Backup
ac up
z A Backup is a copy of all or part of a file to assist in
reestablishing a lost file.
z A Complete
p Backup
p is copying
py g everything
y g on the system
y
(including system files, user files, scratch files, and directories)
and done at regular times, so that the system can be regenerated
after a crisis.
z In critical transaction systems this problem is solved by keeping
a complete
l recordd off changes
h since
i the
h llast b
backup.
k
z If a system handles bank teller operations, the individual tellers
duplicate their processing on paper records; if the system fails,
fails
people can start with the backup version and reapply all changes
from the collected p paper
p copies.
p
ITM Lecture 4
Off-site
O s te Backup
ac up
z A backup copy is useless if it is destroyed in the crisis.
crisis
z Major computing installations rent warehouse space
some distance
di t fr
from th
the computing
p ti system,
t in
i some
cases 15 or 20 miles away.
z A ab
As backup
k is completed,
l d it is transported d to the
h
backup site.
z Keeping a backup version separate from the system
reduces the risk of its loss.
z Similarly, the paper trail is also stored somewhere other
than at the main computing
p g facility.
y
ITM Lecture 4
Auditing
ud t g
z Implementing controls in an organization can be very
complicated and difficult to enforce. Are controls
installed as intended? Are they effective? Did any
breach of security occur? These and other questions
need to be answered by independent and unbiased
observers. Such observers perform an auditing task.
z There are ttwoo types
t pes of audits.
a dits
z The Operational Audit determines whether the IT
department is working properly
properly.
z The Compliance Audit determines whether controls
have been implemented properly and are adequate.
adequate
ITM Lecture 4
Risk
s Management
a age e t
z It is usually not
economical to prepare
protection against every
possible threat.
z An IT security
rit pr
program
r m
must provide a process
for assessing threats
and deciding which
ones to prepare for and
which ones to ignore.
ITM Lecture 4

System Development Life Cycle
ITM Lecture 4
What is System
y Development
p Life Cycle?
y
z The System Development Life Cycle (SDLC)
is the set of
z activities
i i i that
h analysts,
l ddesigners
i and
d users carry
out to develop an implement an information
system.
ITM Lecture 4
System Development
Syste eve op e t Lifee Cycle
Cyc e
z The System Development Life Cycle (SDLC)
method is classically thought of as the set of activities
that analysts,
analysts designers and users carry out to develop
and implement an information system.
z In most business situations,
situations the activities are all
closely related, usually inseparable, and even the
order of the steps in these activities may be difficult
to determine.
z Different parts of a project can be in various phases
at the same time, with some components undergoing
analysis
y while others are at advanced design g stages.
g
ITM Lecture 4
System Development
Syste eve op e t Lifee Cycle
Cyc e
zT
Thee systems
sys e s development
deve op e lifee cycle
cyc e method
e od
consists of the following phases:
z Preliminary Investigation (include Feasibility
Study)
z Determination
D t i ti off System
S t Requirements
R i t
z Design of System
z Development of Software (include Programming)
z Systems
y Testingg
z Implementation
z Post-implementation
Post implementation
ITM Lecture 4
Preliminary
P e a y Investigation
vest gat o
z A request to receive assistance from information
systems can be made for many reasons, but in each
case someone ((a manager, g , an employee,
p y , or a systems
y
specialist) initiates the request.
z The major task in this phase is the Feasibility Study.
z The key issue is to determine the likelihood of
success in the project such as examining which
technology to be used.
z The Costs and Benefits of the project would also be
evaluated to ensure that the project has positive
returns.
e s.
ITM Lecture 4
Determination of Systems
y Requirements
q
z The analysts would study the existing system
and examine the problems.
z As
A ththe ddetails
t il are gathered,
th d theth analysts
l t identify
id tif
features the new system should have, including
b h the
both h iinformation
f i and d the
h system should
h ld
produce and operational features such as
processing
i controls,l response times,
i and d iinput
and output methods.
z The user plays a major role in defining their
q
requirements.
ITM Lecture 4
Design
es g of
o System
Syste
z The design of an information system
produces the details that state how a system
will meet the requirements
req irements identified during
d ring
systems analysis.
z There are various aspects to systems design.
z Design the Input
z Design the Processing
z Design
D si n the
th Output
O tp t
z Design the Storage
ITM Lecture 4
Design
g of System
y - Design
g the Input
p
z The systems design also describes how
data is to input.
z This includes the design of input screens,
etc.
ITM Lecture 4
Design
g of System
y - Design
g the Processingg
z The systems design also describes how the

data will be processed.
z Individual data items and calculation
procedures are written in detail.
p
ITM Lecture 4
Design
g of System
y - Design
g the Output
p
z Systems analysts begin the design process by
identifying reports and other output the system
will produce.
produce
z Then the specific data on each are pinpointed.
z Designers sketch the form or display as they
expect it to appear when the system is complete.
z This may be done on paper or on a computer
display, using one of the automated system
design tools available.
ITM Lecture 4
Design
g of System
y - Design
g the Storage
g
z Designers define the database and select
storage devices, such as magnetic disk,
magnetic
i tape, or even paper files.
fil
ITM Lecture 4
Development
eve op e t of
o Software
So twa e
z When the system design is approved,
approved the
detailed development work begins.
z This involves the actual programming
work together
g with database setup
p etc. that
are all bases on the systems design.
ITM Lecture 4
Systemss Testing
Syste Test g
z Du g syste
During systemss testing,
test g, the
t e testing
test g iss used experimentally
e pe e ta y to
ensure that the software does not fail.
z Special test data are input for processing, and the results
examined.
z A limited number of users may be allowed to use the system
so analysts
l t can see whether
h th theyth try t to
t use it in
i unforeseen
f
ways.
z It is preferable to discover any surprises before the
organization implements the system and depends on it.
z In manyy organizations,
g , testingg is performed
p byy persons
p other
than those who wrote the original programs to ensure more
complete and unbiased testing and more reliable software.
ITM Lecture 4
Implementation
p e e tat o
z Many activities take place during the
implementation phase.
z Each of these is done to prepare the user
p
or the environment for the operational
usage of the system that has been
developed.
developed
z SitePreparation
z Training
ITM Lecture 4
Implementation
p e e tat o - SSite
te Preparation
P epa at o
z The worksite must be prepared before the
system can be used operationally.
z Workstations must be set up with adequate
p for the p
space personal computer,
p ,pprinter,,
modem, etc.
z Power
P supply
l andd lights
li h must be
b installed
i ll d
or enhanced. Then the actual equipment
must be installed and tested.
ITM Lecture 4
Implementation
p e e tat o - T
Training
a g
z Training must be conducted for the users
of the system and this usually takes the
f
form off classroom
l training.
i i
ITM Lecture 4
Post p e e tat o
Post-Implementation
z The activities which take place immediately
after cutover are onsite support and the
P I l
Post-Implementation i Review.
R i
z Onsite Support
pp
z Post-Implementation Review (PIR)
ITM Lecture 4
Post-Implementation
p - Onsite Support
pp
z Initialteething problems are expected and
the IT professionals should provide onsite
assistance
i to users.
ITM Lecture 4
Post-Implementation
Post Implementation - PIR
z The post
post-implementation
implementation review is an
evaluation or both the process and product
q lit
quality.
z The strengths
g and weaknesses of the
system are discussed with a view to
improving itit.
z Similarly, the process of its development,
the SLDC, is reviewed with the intention
of learningg from mistakes.
ITM Lecture 4
Advantages
dva tages of
o Traditional
T ad t o a SDLC
S C
z Formal review at the end of each phase allows
maximum management control
z This approach creates considerable system
documentation
z Formal
F l documentation
d i ensures that
h systems
requirement can be traced back to stated
business needs
z It p
produces manyy intermediate products
p that
can be reviewed to see whether they meet the
user's needs & conform to standards
ITM Lecture 4
Disadvantages
g of Traditional SDLC
z Users gett a system
U t that
th t meets
t the
th needs
d as
understood by the developers; this may not be what
was really needed
z Documentation is expensive and time-consuming
to create. It
I is
i also
l difficult
diffi l to kkeep current
z User needs are unstated or are misunderstood
z Users cannot easily review intermediate products &
evaluate whether a particular product (e.g. DFD)
meets their business requirements
ITM Lecture 4
Information
o at o Tec
Technology
o ogy Management
a age e t
Unit
U i 99: E
End
dUUsers D
Development
l
and Evaluation of Systems
ITM Lecture 4
Thee Rise
T se of
o End-User
d Use Co
Computing
put g
z The
Th number
b off people l andd offices
ffi using
i
p
End-User Computing g ((EUC)) products
p has
increased tremendously over the past
d d
decade.
z The costs of computers have dropped and
the cost of skilled labor has increased.
ITM Lecture 4
End-User
d Use Development
eve op e t
z Use
U powerful
f l software
f tools.
l
z For certain applications
applications, end-user
end user
development is both a productive and
successful strategy.
z Does not eliminate the need for systems
analysts or programmers, nor can it replace
the information systems group.
ITM Lecture 4
End-User
d Use Development
eve op e t
z The Software
Th S f Development
D l Life
Lif Cycle
C l (SDLC) isi
not the only approach for systems development
work, End-user Development is an alternative.
z It places responsibility for developing applications
in the hands of the end-user.
z The
Th nature off the
h application
li i will ill often
f ddecide
id
whether conventional IT-department
development or end-user development is carried
out.
ITM Lecture 4
Institutional VS End-User Application
pp
z Deciding
D idi ffactor is
i the
h nature off the
h application
li i
z Application
pp are classified into the two categories:
g
z Institutional systems (developed by IT department)
z End-user
End ser ssystems
stems (developed by
b end-users)
end sers)
z Project Selection Committees must have a
policy that determines which applications are
p
suitable for end-user development
ITM Lecture 4
Types
yp of End-User Development
p Projects
j
z End-user
E d development
d l projects
j can range
p qqueries and reports
from simple p to
building complete application systems.
z Enquiries
ii and
d Reports
z Presentation of Data in Alternate Forms
z Development of Worksheets
z Applications
ITM Lecture 4
Types of End-User Development
Pr j t -Enquiries
Projects Enq iri and
nd R
Reports
p rt
z The
Th application
li i systems already
l d existi andd
p
the users learn to use special enquiry
q y
software tools to make online enquiries, or
t create
to t or modify
dif reports.
t
z Example:
p
z How many depositors have more than one type
of savings account with our bank?
ITM Lecture 4
Types of End-User Development Projects -

Presentation of Data in Alternate Forms
z The
Th existing
i i reports may present data
d iin a
tabular form.
z The end-user may use software tools to
present the same data in the form of a
graph instead.
ITM Lecture 4
Projects -Development
Development of Worksheets
z The
Th end-user
d may use a spreadsheet
dh
software to develop p a business model for
analysis and computation (such as market
share,
h ttrendd analysis
l i etc).
t )
ITM Lecture 4

Pr j t -Applications
Projects Appli ti n
z The
Th end-user
d may use a database
d b software
f
to define the database and developp the
input screens and output reports.
ITM Lecture 4
Advantages
g of End-User Development
p
z As spreads,
spreads and more End-User
End User Computing
(EUC) and more office workers are trained,
the
h bbenefits
fi off EUC software
f will
ill b
be
realized.
z The benefits of EUC are described below:
z Increased
I dIIndividual
di id l PPerformance
f
z Easier Implementation
z Technological Literacy
ITM Lecture 4
Advantages of End-User Development

-Increased
Increased Individual Performance
z Perhaps
P h the
h single
i l most iimportant benefit
b fi
to be derived from EUC is increased
individual performance from the viewpoint
off both
b th effectiveness
ff ti andd efficiency.
ffi i
ITM Lecture 4
-Easier
Easier Implementation
z One off the
O h problems
bl with
i h traditional
di i l
development approaches is that the end-user is
not closely involved.
z The system might not be what the end-user
expected, and worse yet, it might be
unsatisfactory.
ti f t
z With end-user development
p usingg EUC tools, it
is more likely that the final system will be
exactly what the end
end-user
user wants and expects.
expects
ITM Lecture 4

-Technological
Technological Literacy
z If workers
k are already
l d knowledgeable
k l d bl
gy, theyy will be able to
about technology,
assimilate new technologies into the
organization
i ti quicklyi kl andd thus
th enablebl the
th
g
organization to take earlyy advantage
g of anyy
benefits that may accrue.
ITM Lecture 4
Disadvantages
g of End-User Development
p
z Cost
C C
Controll
z Product Control
ITM Lecture 4
Disadvantages of End-User Development

-Cost
Cost Control
z Because EUC iis usually
B ll iinitiated
i i d through
h h ddepartments
and supported by departmental budgets (not the MIS
d
department),) many organizations
i i really
ll do
d not know
k
the total amount that they are spending on computer
technology.
h l
z The total organizational effort in end-user computing
may not be optimized.
z The same software p package
g may be p purchased over and
over again, each time by a different group within the
firm.
ITM Lecture 4
Disadvantages of End-User Development
-Product
Product Control
z Since end-users often make their own final choices
on products, it is not unusual to find many
different products in a firm performing the same
function.
z The fact that many of these products are
incompatible makes it worse.
z Product proliferation is particularly problematic
because data often cannot be transferred among
applications, and an unusual burden is placed on
training users
users.
ITM Lecture 4
Types of
o Users
Use s
z End-user
End user development strategy places the
responsibility for developing applications
in the hands of the end-user
z Executives,
Executives managers,
managers supervisors,
supervisors and other
employees who are not IT professionals.
z Users actually develop programs or
procedures to retrieve data or perform
calculations and computer processing.
ITM Lecture 4
Types of
o Users
Use s
z Within the group of users,
users there are different
subgroups with different responsibilities and
i l
involvement with
i h EUC and d computing
i iin
general.
z Some users are directly involved in using
computer hardware and software
software.
z Others are more removed form the computer
and for example, may make decisions on
p
computer usage
g and policies.
p
ITM Lecture 4
Changes
C a ges in Roles
o es
z As both technologygy and business increase in complexity,
p y, it is
necessary for both IT personnel and users to learn something
about the other's work.
z IT personnell can no longer
l be
b onlyl technical
h i l specialists.
i li
z They must understand the business and be training in business
functions before they can effectively assist in improving the
business through the user of information technology.
z Users have become more knowledgeable in computers and
systems development.
z With the increased availability of personal computers and
access to training courses,
courses users now have greater
understanding of the choices available to them.
ITM Lecture 4
Evaluation
va uat o oof Syste
Systemss
z The evaluation process is extremely important as the
organization will have to live with the eventual choice.
z Evaluation should highlight the degree to which the
proposed product satisfies the needs as specified.
z The vendor who is supplying the product should also be
evaluated as vendor competence and support matter too.
z Evaluation is usually a joint effort and should not be solely
the responsibility of the technical staff.
z An Evaluation Committee is formed comprising
representatives from the various user groups, as well as
technical staff.
ITM Lecture 4
Evaluation
va uat o Criteria
C te a
z General Evaluation Criteria
z Hardware-Specific
p Evaluation Criteria
z Software-Specific Evaluation Criteria
z Vendor-Specific Evaluation Criteria
ITM Lecture 4
General
Ge e a Evaluation
va uat o Criteria
C te a
z Functionality
z Ease of learningg / Ease to Use
z Costs
z Warranty
ITM Lecture 4
General Evaluation Criteria -

F n ti n lit
Functionality
z The EUC product must meet the basic
functional needs of the user.
z Example
zA spreadsheet must be able to perform
computations and modeling.
z A printer
i must bbe able
bl to print
i with
i h various
i ffonts
and sizes, and on different types of paper.
ITM Lecture 4
General Evaluation Criteria –
E off L
Ease Learning
rnin / EEase tto U
Use
z The product must be relatively easy to
learn and to use.
z Software must contain simple instructions
and
nd pr
preferably
f r bl a mmouse-driven
s dri n graphical
r phi l
user interface.
z The help feature must contain concise and
clear
l instructions
i i on handling
h dli or errors, etc.
ITM Lecture 4

C t
Costs
z This is obviously an important
consideration.
z If two similar products are comparable in
f t r s and
features nd performance,
p rf rm n pri price would
ld
definitely be the deciding factor.
z Even if a particular product is obviously
superior,
i a user may choose
h a cheaper
h
product simply
p p y because it is within budget.
g
ITM Lecture 4
W rr nt
Warranty
z The period and coverage of the warranty is
also of importance.
z A three year parts and service warranty can
b tr
be translated
nsl t d to
t concrete
n r t cost
st savings.
s in s
ITM Lecture 4
Hardware-Specific Evaluation
Crit ri
Criteria
z Ergonomic Design (人類工程學設計)
z Capacity
p y
ITM Lecture 4
Hardware-Specific Evaluation Criteria
- Ergonomic Design
z Ergonomics covers a wide variety of design features
which ensures that the product suits the user and not
the other way around.
z Ergonomics is also related to health and safety
concerns Some ergonomics design features in a PC
concerns.
setup are:
z Monitors should have minimal glare to prevent eye-strain.
eye strain
z Monitor should be able to swivel for the comfort of the user.
z P i t should
Printers h ld nott be
b too
t noisy
i as it irritates
i it t the
th users
nearby
z PC should emit minimal or no radiation.
radiation
ITM Lecture 4
Hardware-Specific Evaluation Criteria

- Capacity
z When comparing hardware products from
different vendors, one important consideration
b id it
besides its performance
p f is
i its
it capacity.
p it
z This translate into two specific
p areas:
z Storage - the larger the disk storage, the more data
aand
dpprograms
og a s cacan be stored
sto ed online.
o i e.
z Memory - the larger the RAM, the faster the
processing will be
be.
ITM Lecture 4
Software-Specific
z Software Reliability
z This is a difficult criteria to evaluate as there
is always a possibility of software detects or
bugs.
g
z The only way to evaluate reliability yourself is
th
through h extensive
t i testing.
t ti
ITM Lecture 4
Vendor-Specific
z Experience & Track Record
z The vendor should have sufficient experience in the
particular hardware and software in order to be able to
anticipate problems and perform a smooth
implementation.
p e e tat o .
z Financial Stability
z The financial
Th fi i l stability
bili off a vendor
d isi important
i as
companies from medium, and long-term alliances with
their vendors.
vendors
z If a company suffers from financial mismanagement, it
is less likely to be able to provide good service.
service
ITM Lecture 4
Questions & Discussion
ITM Lecture 4

ITM Lecture 4

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ITM Lecture 4

Uploaded by

Copyright:

Available Formats

INFORMATICS

Information Technology Management

2rd January 2008

Procedure for Batch Data Processing

Procedure for Batch Data Processing

Procedure for Batch Data

z Transactions access only a small fraction of

Unit 8: Securityy andd Control,, System

Ethics and Social Issues

z Intellectual property rights

z Software theft (piracy)

Whyy is Information Accuracyy Important?

Security and Control, System

Security and Control

Problems Associated with Computers

z No Logging and Tracing

z Accidental Error Cause Problems

The Risks to Data - Environmental Securityy

z Tapes and disks are susceptible to

z Information stored in magnetic fields may

The Risks to Data

z Protection Against Hacking and Viruses

z Encryption and Authentication (Data

Security and Control, System

System Development Life Cycle

z The systems design also describes how the

Types of End-User Development Projects -

Types of End-User Development

Advantages of End-User Development

Advantages of End-User Development

Disadvantages of End-User Development

General Evaluation Criteria -

General Evaluation Criteria -

Hardware-Specific Evaluation Criteria

You might also like