gimmenotes.co.zagimmenotes.co.za/.../inf1505_study_notes_2012_final-1.docx · web viewthe osi is a...
TRANSCRIPT
INF1505MIS2UNISA BCOMSEMESTER 12012
ContentsFundamentals of Information Systems p2.............................................................5
CH1 Information Systems: An Overview p2........................................................51 Computers and IS in Daily Life p4................................................................52 Computer Literacy and Information Literacy p6...........................................53 The Beginning: Transaction Processing Systems (TPS) p6...........................64 Management Information Systems (MIS) p7.................................................65 Major Components of an IS p7......................................................................66 Using IS and IT p10.......................................................................................87 The IT Job Market p15.................................................................................11
CH2 Computers: The Machines Behind Computing p20...................................121 Defining a Computer p21...........................................................................122 The History of Computer Hardware p24.....................................................123 The Power of Computers p25.....................................................................134 Computer Operations p26..........................................................................145 Input, Output, and memory Devices p26....................................................146 Classes of Computers p31..........................................................................157 What is Software p32.................................................................................168 Computer Languages p35..........................................................................16
CH3 Database: Systems, Data Warehouses, and Data Marts p38....................181 Databases p39...........................................................................................182 Logical Database Design p42..................................................................193 Components of a DBMS p46....................................................................214 Recent Trends in Database Design and Use p47....................................225 Data warehouses p49.............................................................................246 Data Marts p53.......................................................................................27
CH4 Personal, Legal, Ethical, and Organisational Issues of ISs p58..................281 Risks Associated with Information Technologies p59.................................285 Privacy Issues p61...................................................................................295 Ethical Issues of Information Technologies p65......................................295 The Impact of IT in the Workplace p69....................................................315 Green Computing p71.............................................................................31
Data Communication, the Internet, E-Commerce, and Global Information Systems p94...................................................................................................................... 33
CH5 Protecting Information Resources p74......................................................331 Computer and Network Security: Basic Safeguards p75............................33
2 Security Threats: An Overview p77............................................................343 Security Measures and Enforcement: An Overview p81.............................364 Guidelines for a Comprehensive Security System p89...............................41
CH6 Data Communication: Delivering Information Anywhere and Anytime p94......................................................................................................................... 43
1 Defining Data Communication p95.............................................................432 Basic Components of a Data Communication System p97.........................433 Processing Configurations p99...................................................................444 Types of Networks p100.............................................................................455 Network Topologies p102...........................................................................456 Major Networking Concepts p104...............................................................477 Wireless and Mobile Networks p108...........................................................488 Wireless Security p112...............................................................................499 Convergence of Voice, Video, and Data p112............................................50
CH7 The Internet, Intranets, and Extranets p118.............................................511 The Internet and the World Wide Web p119..............................................512 Navigation Tools, Search Engines, and Directories p123...........................513 Internet Services p125...............................................................................524 Web Applications p126...............................................................................525 Intranets (or “corporate portals”) p130......................................................526 Extranets p132...........................................................................................537 New Trends: The Web 2.0 and 3.0 Eras p133.............................................53
CH8 E-Commerce p140....................................................................................551 Defining E-Commerce p140........................................................................552 Major Categories of E-Commerce p146......................................................563 A B2C E-Commerce Cycle p148..................................................................574 B2B E-Commerce: A Second Look p149.....................................................574.1 Major Models of B2B E-Commerce p149..................................................574.1.4 Trading Partner Agreements p151.......................................................585 Mobile and Voice-Based E-Commerce p151...............................................586 E-Commerce Supporting Technologies p152..............................................58
CH9 Global Information Systems p158.............................................................591 Why Go Global? P159.................................................................................592 Global Information Systems: An Overview p161........................................593 Organisational Structures and Global Information Systems p165..............603.5 Global Information Systems Supporting Offshore Outsourcing p168.......61
4 Obstacles to Using Global Information Systems p169................................61CH10 Building Successful Information Systems p174.......................................62
1 Systems Development Life Cycle (SDLC): An Overview p175....................622 Phase 1: Planning p176..............................................................................622.1 Formation of the task force p178............................................................622.2 Feasibility Study p178.............................................................................623 Phase 2: Requirements Gathering and Analysis p181................................634 Phase 3: Design p183.................................................................................644.1 Computer-Aided Systems Engineering (CASE) p183...............................644.2 Prototyping p184.....................................................................................645 Phase 4: Implementation p185...................................................................646 Phase 5: Maintenance p189.......................................................................657 New Trends in Systems Analysis and Design p189....................................65
Fundamentals of Information Systems p2CH1 Information Systems: An Overview p21 Computers and IS in Daily Life p4Glossary DescriptionInformation Systems Broader in scope than information
technologiesInformation TechnologiesMIS Management Information SystemPDA Personal Digital AssistantPOS Point of SaleUPC Universal Product Code
2 Computer Literacy and Information Literacy p6Knowledge workers need 2 types of knowledge to be competitive in the workplace p6:
Knowledge DescriptionComputer literacy - Skill in using productivity software
- Basic knowledge of hardware and software, the internet, and collaboration tools and technologies
Information literacy - Understanding the role of information in generating and using BI
- BI is more than just info, it provides:- Historical views- Current views- Predictive viewsOf business operations and environments
What I need to know about BI and transaction processing systems (TPS) p6:
Knowledge area DescriptionBI - BI is more than just info, it provides:
- Historical views- Current views- Predictive viewsof business operations and environments
Transaction processing systems (TPS) - Focus on data collection and processing
- Major reason for using them is cost reduction
Knowledge workers should know the following p6:
# Item1 Internal and external source of data2 How data is collected3 Why data is collected4 What type of data should be collected5 How data is converted to info and eventually to BI6 How data should be indexed and updated7 How data and info should be used to gain a competitive advantage
3 The Beginning: Transaction Processing Systems (TPS) p6Typical characteristics of TPS p6:
# Characteristic1 The operations are repetitive, or2 Involve enormous volumes of data
4 Management Information Systems (MIS) p7MIS is an organised integration of the following p7:
# Item Description (if any)1 Hardware Input, output, memory2 Software Commercial, in-house, or both3 Technologies4 Data5 Processes Method for performing a task in a MIS
app6 Human elements designed to
produce: timely, integrated, relevant, accurate, and useful info for decision-making purposes
Users, programmers, systems analysts, and other technical personnel
Tasks involved in designing a MIS p7:
# Task1 Define the system’s objectives clearly2 Data must be collected and analysed3 Information must be provided in a useful format for decision-making purposes
Organisations use info systems to gain a competitive advantage.
5 Major Components of an IS p7In addition to hardware, software, and human elements, a MIS includes 4 major components p7:
# Component1 Data2 Database3 Process4 Information
5.1 Data p8# Study note1 The data component consists of raw facts and is considered the input to the
system2 The info that users need affects the type of data that is collected3 A database is a collection of all relevant data organised in a series of
integrated files4 There are 2 sources of data:
- Internal: sales records, personnel records- External: customers, competitors, suppliers, government agencies,
financial institutions, labour and population statistics, economic conditions
5 Data has a time orientation, so:- Past data: collected for performance reports- Current data: collected for operational reports- Future data: predicted for budgets or cash flow reports
6 Data can be collected in different formats:- Aggregated: reporting totals for categories of info- Disaggregated: itemised lists
Pros and cons of the aggregated data format p8:
Format Pro ConAggregated
Useful for reporting overall performance
Limits the ability of the decision maker to focus on specific factors
5.2 Database p8# Study note1 A database is a collection of all relevant data organised in a series of
integrated files2 A database management system (DBMS) is used to create, organise and
manage databases3 Databases are also useful for reducing personel time needed to gather,
process and interpret data manually
5.3 Process p9# Study note1 The purpose of an IS’s process component is generating the most useful type
of info for making decisions2 The process component includes: transaction processing reports and models
for decision analysis that can be built into the system or accessed from external sources
5.4 Information p9# Study note1 Info consists of facts that have been analysed by the process component and
is an output of an IS2 Data and information are different:
- Data: consists of raw facts and by itself is difficult to use for making decisions
- Information: the output of an IS consists of facts that have been analysed by the process component, and are thus more useful to the MIS user
3 The quality of info is determined by its usefulness to users, and its usefulness determined the success of an IS
4 Info is useful if it enables decision makers to make the right decisions in a timely manner
5 To be useful info must have the following qualities:- Timeliness- Integration with other data and information- Consistency and accuracy- Relevance
6 If info lacks these qualities the results are:- Incorrect decisions- Misallocation of resources- Overlooked windows of opportunity
7 Informal info includes:- Rumours- Unconfirmed reports- Stories
8 The ultimate goal of an IS is to generate BI9 Information technologies support ISs and use the internet, computer
networks, database systems, POS systems and radio frequency identification (RFID) tags
6 Using IS and IT p10# Study note1 Information Systems are designed to:
- Collected data- Process the collected data- Deliver timely, relevant and useful info that can be used for making
decisions2 To achieve this goal, an IS might use many different information technologies
6.1 The Importance of IS p11# Study note1 Info is the second most important resource (after the human element) in any
organisation
2 Timely, relevant, and accurate info is a critical tool for enhancing a company’s competitive position and for managing the 4 M’s of resources
3 The 4 M’s of resources:- Manpower- Machinery- Materials- Money
Major types of information systems include p11:
# IS Description (if any)1 Personnel information system (PIS) or
human resource information system (HRIS)
- Designed to provide info that helps decision makers in personnel carry out their tasks more effectively
- A PIS/HRIS supports the following actions:o Choosing the best job
candidateo Schedule and assign
employeeso Predict future personnel needso Reports and stats on employee
demographicso Allocate human and fin
resources2 Intranet - A network within an organisation
that uses internet protocols and technologies for collecting, storing, and disseminating useful info that supports business activities such as sales, customer service, human resources, and marketing
- Intranets are private3 Logistics information system (LIS) - Designed to:
o Reduce the cost of transporting materials while
o Maintain safe and reliable delivery
- Decisions supported by a LIS:o Improve routing and delivery
scheduleso Select the best modes of
transportationo Improve transportation
budgetingo Improve shipment planning
4 Manufacturing information system (MFIS)
- Designed to manage manufacturing resources so that companies can:
# IS Description (if any)o Reduce manufacturing costso Increase product qualityo Make better inventory
decisions- Some decisions that a MFIS
supports:o Ordering decisionso Product cost calculationso Space utilisationo Bid evaluation process used
with vendors and supplierso Analysis of price changes and
discounts5 Financial information system (FIS) - Designed to provide info to
financial executives in a timely manner
- A FIS is used to support the following decisions:o Improve budget allocationo Minimise capital investment
riskso Monitor cost trendso Manage cash flowso Determine portfolio structures
6 Marketing information systems (MKIS)
- Designed to improve marketing decisions
- An effective MKIS should provide:o Timely, accurate, and
integrated info about the marketing mix (price, promotion, place, and product)
- Decisions that a MKIS supports:o Analyse market share, sales,
and sales personnelo Sales forecastingo Price and cost analysis of items
sold
6.2 Using IT for a Competitive Advantage p13# Study note1 Michael Porter identified 3 strategies for competing in the market place:
- Overall cost leadership- Differentiation- Focus
2 IT can help bottom-line and top-line strategies:- Bottom-line: focus on improving efficiency by reducing overall costs- Top-line: focus on generating new revenue by offering new products
and services to customers or increasing revenue by selling existing products and services to new customers
3 Systems such as supply chain management (SCM), customer relationship management (CRM), enterprise resource planning (ERP) can reduce costs and improve customer service.
4 The goal of these systems is to use IT to create the most efficient, effective link between suppliers and consumers
Types of strategies include p13:
# Strategy Description (if any)1 Differentiation strategy - Organisation try to make their
products and services different from their competitors
- Examples: Apple, Amazon2 Focus strategy - Organisations focus on a
specific market segment to achieve a cost or differentiation advantage
- Example: Apple
6.3 Porter’s 5 Forces Model: Understanding the Business Environment p14# Study note1 Purpose of the 5 Forces framework:
- Analysing an organisation- Its position in the marketplace- How IS could be used to make it more competitive
2 The 5 forces are as follows:- Buyer power- Supplier power- Threat of substitute products or services- Threat of new entrants- Rivalry among existing competitors
Learn exhibit 1.4: The Five Forces Model p14
The 5 forces p14:
# Strategy Description (if any)1 Buyer power - High when customers have many
choices, low when customers have few choices
- Differentiation strategy2 Supplier power - High when customers have few
options, low when customers have more options
- Differentiation strategy3 Threat of substitute products or
services- High when many alternatives to
an organisation’s products or services are available
4 Threat of new entrants - Low when duplicating a company’s product or service is difficult
- Focus strategy5 Rivalry among existing competitors - High when many competitors
occupy the same marketplace, low when there are few competitors
7 The IT Job Market p15Categories of IT jobs p15:
# Category1 Operations and help desk2 Programming3 Systems design4 Web design and web hosting5 Network design and maintenance6 Database design and maintenance7 Robotics and artificial intelligence
Popular IT jobs include p15:
# Strategy Description (if any)1 CTO/CIO and sometimes Chief Privacy
Officer (CPO)- Long-range planning- Keeps an eye out on new
developments in the field- Manage risks and business
impacts of privacy laws and policies
2 Manager of IS Services - Hardware, software, personnel in the IS department
3 Systems Analyst - Design and implementation of IS- Requires thorough understanding
of business systems and functional areas within a business organisation
4 Network Administrator - Design and implement network systems
- Cyber security5 Database Administrator (DBA) - Database design and
implementation- Knowledge of data warehouses
and data mining tools6 Computer Programmer - Writes programs and/or software
that allow an IS to perform a specific task
7 Webmaster - Designs and maintains an organisation’s website
CH2 Computers: The Machines Behind Computing p201 Defining a Computer p21# Study note1 A computer is defined as a machine that:
- Accepts data as input- Processes data without human intervention by using stored
instructions (aka a ‘program’)- Outputs information
2 Garbage in, garbage out (GIGO): if data is erroneous, the info the computer provides is also erroneous
1.1 Components of a Computer System p22Learn exhibit 2.1: The building blocks of a computer p22
# Study note1 Main (primary) memory is where computers store data and instructions2 The central processing unit (CPU) is divided into 2 components:
- Arithmetic logic unit (ALU): performs arithmetic functions (+, -, *, /) and comparison or relational operations (<, >, =), which are used to compare numbers
- Control unit: tells the computer what to do e.g. which device to read or send output to
3 The bus is the link between devices connected to the computer. A bus can be:
- Parallel- Serial- Internal (local): used for internal components such as video card and
memory- External: used for external components such as USB
4 Types of processors:- 32-bit: can use 232 bytes (4GB) of RAM- 64-bit: can use 264 bytes (16EB) of RAM
5 A disk drive is a peripheral device for:- Recording info- Storing info- Retrieving info
6 A motherboard is the main circuit board containing connectors for attaching additional boards, it contains:
- CPU- Basic input/output system (BIOS)- Memory- Storage- Interfaces- Serial and parallel ports- Expansion slots- Controllers for standard peripheral devices such as monitor, disk drive,
and keyboard7 - A serial port is a communication interface through which info is
transferred one bit at a time
- A parallel port is an interface between a computer and a printer, the computer transfers multiple bits of info to the printer simultaneously
2 The History of Computer Hardware p24Learn table 2.1: Hardware generations p24
Hardware generation
Date Major technologies
Example
First 1946-1956 Vacuum tube ENIACSecond 1957-1963 Transistors IBM 7904, 1401Third 1964-1970 Integrated circuits,
remote data entry, telecommunications
IBM 360, 370
Fourth 1971-1992 Miniaturisation, very large scale integration (VLSI), personal computers, optical disks
Cray XMP, Cray II
Fifth 1993-present Parallel processing, gallium arsenide chips, optical technologies
IBM System z10
Learn table 2.2: Computer language trends p25
Computer language generation Major attributeFirst Machine languageSecond Assembly languageThird High-level languageFourth Fourth-generation languageFifth Natural language processing (NLP)
3 The Power of Computers p25# Study note1 Computers draw their power from 3 factors that far exceed human
capabilities:- Speed- Accuracy- Storage and retrieval: saving data in computer memory, and accessing
data from memory2 Computer speed is measured as the number of instructions performed during
the following fractions of a second:- Millisecond: 1/1,000 of a second- Microsecond: 1/1,000,000 of a second- Nanosecond: 1/1,000,000,000 of a second- Picosecond: 1/1,000,000,000,000 of a second
3 Data is stored in bits:- A bit is a single value of 0 or 1- 8 bits = 1 byte (a byte is the size of a character)
4 In a binary system: 1 = on and 0 = off5 American Standard Code for Information Interchange (ASCII): most common
data code for text files, PC applications, and the internet i.e. used to represent and transfer data between computers and network systems
6 ASCII:- Each alphabetic, numeric, or special character is represented with a 7-
bit binary number- Up to 128 characters can be defined (27)- Unicode and extended ASCII allows up to 256 characters can be
defined (28)
Learn table 2.3: Storage measurements p25
4 Computer Operations p26# Study note1 Computers can perform 3 basic tasks:
- Arithmetic operations- Logical operations- Storage and retrieval operations
5 Input, Output, and memory Devices p26
5.1 Input Devices p26
5.2 Output Devices p27# Study note1 Input devices send data and information to the computer:
- Keyboard and mouse- Touch screen- Light pen- Trackball- Data tablet- Barcode reader and optical character reader (OCR)- Magnetic ink character recognition (MICR)- Optical mark recognition (OMR)
2 Output devices can output information in visual, audio or digital format3 The 2 types of memory:
- Main memory: stores data and info and is usually volatile (contents lost when power is turned off)
- Secondary memory: good for archival storage, it is non-volatile4 - Random access memory (RAM): volatile memory aka read-write memory
- Read-only memory (ROM): is non-volatile; data can’t be written to ROM5 Cache RAM: resides on the processor
5.2 Output Devices p27
5.3 Memory Devices p28
5.3.1 Main Memory Devices p28# Study note1 Most common type of main memory is semiconductor memory chips made of
silicon – it can be:- Volatile or- Non-volatile
2 There are 2 types of ROM:- Programmable read-only ROM (PROM): contents can’t be erased once
written- Erasable programmable read-only ROM (EPROM): as above but
contents can be erased and reprogrammed
5.3.2 Secondary Memory Devices p28# Study note1 Non-volatile and used for storing large volumes of data for long periods2 There are 3 main types:
- Magnetic disks p29: data can be accessed in any order- Magnetic tape p29: stores data sequentially- Optical disks p29: CD-ROMs, WORM discs, and DVDs- SAN- NAS
Learn table 2.4: Capacity of secondary memory devices p30
# Study note1 Redundant array of independent disks (RAID):
- Collection of disk drives used for fault tolerance and improved performance
- Data can be stored in multiple places to improve the system’s reliability
5.3.3 Storage Area Networks and Network Attached Storage p30# Study note1 SAN:
- Dedicated high-speed network that consists of both hardware and software
- Used to connect and manage shared storage devices such as:o Disk arrayso Tape librarieso Optical storage devices
- Makes storage devices available to all servers on a LAN or WAN- A SAN is a dedicated network
2 NAS:
- Network-connected computer- Dedicated to providing file-based data storage services to other
network devices- Software on the NAS handles features such as: data storage, file
access, file storage, and file management
6 Classes of Computers p31# Study note1 Computers are classified based on:
- Cost- Amount of memory- Speed- Sophistication
2 Using the above criteria computers are classified as:- Sub-notebooks- Notebooks- Personal computers- Mini-computers- Mainframes- Supercomputers
6.1 Server Platforms: An Overview p32# Study note1 A server is a computer and all the software for managing network resources
and offering services to a network2 Some server platforms:
- Application servers- Database servers- Disk servers- Fax servers- File servers- Mail servers- Print servers- Remote access servers (RAS)- Web servers
7 What is Software p32# Study note1 Software is all the programs that run a computer system:
- System software: e.g. OS- Application software: e.g. applications such as Word and Excel
7.1 Operating System Software p32# Study note1 A set of programs for controlling and managing computer hardware and
software2 An OS provides an interface between the computer and the users and
performs repetitive tasks3 An OS consists of:
- Control programs- Supervisor programs
4 Control programs manage computer hardware and resources by performing the following functions:
- Job management: control and prioritise tasks performed by the CPU- Resource allocation: manage resources such as storage and memory
or assigning print jobs (in a network)- Data management: control data integrity by generating checksums to
verify against corruption- Communication: control the transfer of data among parts of a
computer system5 Supervisor program aka the kernel:
- Responsible for controlling all other programs in the OS- Such as: compilers, interpreters, assemblers, utilities for performing
special tasks
7.2 Application Software p33
8 Computer Languages p35# Study note1 Machine language2 Assembly language3 High-level languages4 Fourth-generation languages (4GLs)5 Fifth-generation languages (5GLs)
CH3 Database: Systems, Data Warehouses, and Data Marts p381 Databases p39# Study note1 A database is a collection of related data that can be stored in a central
location or in multiple locations2 Data hierarchy is the structure and organisation of data, which involves
fields, records, and files3 - A database management system (DBMS) is software for creating, storing,
maintaining, and accessing database files- A DBMS makes using databases more efficient
4 - “Flat files” were not arranged in hierarchy and had no relation to one another
- The problem was that the same data could be stored in more than 1 file, creating data redundancy
- Data might not be updated in all files consistently, resulting in conflicting reports generated from these files
- It can be time consuming to update a flat file system5 A database has the following advantages over a flat file system:
- More info can be generated from the same data- Complex requests can be handled more easily- Data redundancy is eliminated or minimised- Programs and data are independent, so more than 1 program can use
the same data- Data management is improved- A variety of relationships among data can be maintained easily- More sophisticated security measures can be used- Storage space is reduced
Learn Exhibit 3.2: Interaction between the user, DBMS, and database p41
1.1Types of Data in a Database p41# Study note1 The 2 types of data: internal and external2 Examples of internal data:
- Transaction records- Sales records- Personnel records
3 Examples of sources of external data:- Competitors, customers, and suppliers- Distribution networks- Economic indicators e.g. CPI- Government regulations- Labour and population statistics- Tax records
1.2Methods for Accessing Files p42# Access
MethodDescription Device Use
1 Sequential access file structure
- Records in files are organised and processed in numerical or sequential order, typically the order in which they were entered
- Records are organised based on “primary key”
Usually magnetic tape
- Effective when a large number of records are processed less frequently e.g. quarterly or annually
- Access speed is not critical
2 Random access file structure
Records can be accessed in any order, regardless of their physical location in storage media
Magnetic disk Fast and effective when a small number of records need to be processed daily or weekly
3 Indexed sequential access method (ISAM)
- Records can be accessed sequentially or randomly, depending on the number being accessed
- It uses an index structure and has 2 parts: an indexed value and a pointer to the disk location of the record matching the indexed value
- Retrieving a record requires at least 2 disk accesses
For a small number, random access is used, and for a large number, sequential access is used
2 Logical Database Design p42# Study note1 The physical view involves how data is stored on and retrieved from storage
media, such as hard disks, magnetic tapes, or CDs
# Study note2 The logical view involves how info appears to users and how it can be
organised and retrievedThe first step in database design is defining a data model
3 A data model determines how data is:- Created- Represented- Organised- Maintained
4 A data model usually contains:- Data structure: describes how data is organised and the relationship
among records- Operations: describes methods, calculations that can be performed on
data, such as updating and querying data- Integrity rules: defines the boundaries of a database, such as max and
min values for a field, and constraints e.g. what type of data can be stored in a field, and access methods
5 Some examples of the types of data models:- Relational model- Object-oriented model- Hierarchical model- Network model
6 Hierarchical model (Exhibit 3.3 p43):- The relationship between records form a tree-like structure
(hierarchical)- Records are called nodes- Relationships between records are called branches- The node at the top is called the root, and every other node (called a
child) has a parent- Nodes with the same parents are called twins or siblings
7 Network model (Exhibit 3.4 p44):- Similar to hierarchical but records are organised differently- Unlike hierarchical, each record can have multiple parent and child
records
2.1The Relational Model p44# Study note1 Relational model:
- Uses two-dimensional tables or rows and columns of data- Rows are records (also called tuples)- Columns are fields (also referred to as attributes)
2 To begin designing a relational database, you must first design the logical structure by defining each table and the fields in it
3 The collection of the above definitions is stored in the data dictionary4 The data dictionary can also store other definitions such as:
- Data types for fields- Default values for fields- Validation rules for data in each field
5 - Every record must be identified by a primary key- Primary key: uniquely identifies every record in a relational database
# Study note- To establish relationships among tables so that data can be linked and
retrieved more efficiently, a primary key for one table can appear in other tables – it is then called a foreign key
- Foreign key:o Field in a relational table that matches the primary key column
of another tableo It can be used to cross-reference tables
6 Normalisation:- Improves database efficiency by eliminating redundant data- Ensures that only related data is stored in a table- Normalisation can go through several stages from first normal form (1NF)
to fifth normal form (5NF)- Tasks performed in a 1NF stage:
o Eliminate duplicated fields from the same tableo Create separate tables for each group of related datao Identify each record with a unique field (the primary key)
7 - Data is retrieved using operations that pick and combine data from 1 or more tables
- There are several operations:o Selecto Projecto Joino Intersecto Uniono Difference
8 The most commonly used operations (Exhibits on p45):- Select: searches data in a table and retrieves records based on certain
criteria (conditions)- Project: pares down a table by eliminating columns (fields) according
to certain criteria e.g. a list of student but without their ages- Join: combines 2 tables based on a common field e.g. primary key in
first table and foreign key in second table
3 Components of a DBMS p46DBMS includes these components:
# DBMS Component1 Database engine2 Data definition3 Data manipulation4 Application generation5 Data administration
3.1Database Engine p46# Study Note1 The database engine is the heart of a DBMS and is responsible for:
# Study Note- Data storage- Manipulation- Retrieval
2 It converts logical requests into their physical equivalents by interacting with components of the DBMS (usually the data manipulation component)
3.2Data Definition p46# Study Note1 Used to create and maintain the data dictionary and define the structure of
files in a database2 This component is used for changes to a database’s structure, such as:
- Adding or deleting fields- Changing a field’s size- Changing the data type stored in a field
3.3Data Manipulation p46# Study Note1 Used to add, modify, and retrieve records from a database2 Typically a query language is used for this component:
- Structured Query Language (SQL): consists of several keywords specifying actions
- Query By Example (QBE): request data by constructing a statement made up of query forms
3 Basic format of a SQL query: SELECT field FROM table or file WHERE conditions
3.4Application Generation p47# Study Note1 Used to design elements of an application using a database:
- Data entry screens- Interactive menus- Interfaces with other programming languages
3.5Data Administration p47# Study Note1 Used for tasks such as:
- Backup- Recovery- Security- Change management- Determine who has permission to perform certain functions,
summarised as:o Createo Reado Updateo Delete (CRUD)
# Study Note2 Database administrator (DBA) responsibilities:
- Designing and setting up a database- Establishing security measures to determine users’ access rights- Developing recovery procedures in case data is lost or corrupted- Evaluating database performance- Adding and fine-tuning database functions
4 Recent Trends in Database Design and Use p47Recent trends include:
# Trend1 Data-driven websites2 Natural language processing3 Distributed databases4 Client/server databases5 Object-oriented databases
4.1Data-Driven Web Sites p47# Study Note1 Data-driven website:
- Acts as an interface to a database, retrieving data for users and allowing users to enter data in the database
- Improves access to info so users’ experiences are more interactive- Reduces the support and overhead needed to maintain static web sites- Changes are made to the data source, not the web site – the web site
adjusts automatically2 Popular in:
- e-commerce websites- News sites- Forums and discussion groups- Subscription services such as newsletters
4.2Distributed Databases p48# Study Note1 A distributed database stores data on multiple servers throughout an
organisation2 Security issues are more challenging because of multiple access points from
both inside and outside the organisation, the following items should be clearly defined:
- Security policies- Scope of user access- User privelages- Authorised users must be identified
3 Organisations might choose a distributed database for the following reasons:- The design reflects the organisation’s structure better e.g. an
organisation with many branches- Local storage of data decreases response time but increases
# Study Notecommunication costs
- Distributing data among multiple sites minimises the effects of computer failures
- Increased capacity as opposed to only 1 computer (server)- Several small integrated systems might cost less than 1 large system- Storing data at remote sites can help reduce costs for remote users- It is not limited by data’s physical location
4 3 approaches to setting up a DDBMS (can be combined):- Fragmentation- Replication- Allocation
5 Fragmentation:- Addresses how tables are divided among multiple locations- Horizontal fragmentation breaks a table into rows, storing all fields
(columns) in different locations- Vertical fragmentation stores a subset of columns in different locations- Mixed fragmentation (combines vertical and horizontal) stores only
site-specific data in each location6 Replication:
- Each site stores a copy of data of the organisation’s database- Although it can increase costs, it also increases availability of data- Each site’s copy can be used as a backup for other sites
7 Allocation:- Combines fragmentation and replication- Each site stores the data it uses most often- Improves response time for local users (those in the same location as
the database storage facilities)
4.3Client/Server Databases p49Users’ workstations (clients) are linked in a LAN to share the services of a single server.
4.4Object-Oriented Databases p49# Study Note1 Recap: a relational database has a simple structure: relationships between
tables are based on a common value (the key)2 Object-oriented databases were developed to address the inherent problem
in relational databases i.e. representing more complex data relationships sometimes isn’t possible
3 - Like object-oriented programming, object-oriented databases represents real world entities with database objects
- An object consists of:o Attributes - characteristics describing an entityo Methods – operations or calculations that can be performed on
the object’s data4 Example:
# Study Note- Class: vehicle (think of a class as a category or type of object)- Object: car- Attributes: year, make, model, license number- Method: addVehicle
5 Encapsulation:- Grouping objects along with their attributes and methods into a class
(essentially means grouping related items into a single unit)- Helps handle more complex types of data, such as images and graphs
6 Inheritance:- New objects can be created faster and more easily by entering new
data in attributes7 - In contrast to query languages used to interact with a relational database,
interaction with an object-oriented database takes place via methods, which are called by sending a message to the object
- Messages are usually generated by an event of some kind e.g. pressing enter or click mouse button
- Examples of object-oriented DBMSs: Progress ObjectStore, Objectivity/DB
Learn Exhibit 3.5: Objects, classes, attributes, and methods p50
5 Data warehouses p49# Study Note1 Data warehouse:
- Collection of data from a variety of sources- Used to support decision-making applications and generate business
intelligence- Aka hypercubes because they store multidimensional data- The advantage of a hypercube is that it enables fast manipulations and
calculations (refer OLAP)Data mart:
- Smaller version of a data warehouse- Used by a single department or function
2 Characteristics of a data warehouse (as opposed to a database):- Subject oriented – focused on a specific area where as data in a
database is transaction/function oriented- Integrated – comes from a variety of sources, unlike data in a database- Time variant – categorised based on time (such as historical info),
whereas data in a database only keeps recent data in memory- Types of data – captures aggregated data, whereas data in a database
captures raw transaction data- Purpose – used for analytical purposes, whereas data in a database is
used for capturing and managing transactions3 The 4 major components of a data warehouse config:
- Input- Extraction- Transformation- Loading (ETL)
5.1Input p50# Study Note1 Can come from a variety of data sources:
- External data sources- Databases- Transaction files- Enterprise Resource Planning (ERP) systems: collect, integrate, process
data- Customer relationship management (CRM) systems: collect and
process data
5.2Extraction, Transformation, and Loading (ETL) p50# Study Note1 Refers to the processes used in a data warehouse2 Extraction:
- Collecting data from a variety of sources and;- Converting it into a format that can be used in transformation
processing- Parse (divide into pieces) data to make sure it meets the data
warehouse’s structural needs3 Transformation:
- Done to make sure the data meets the data warehouse’s needs- Tasks include:
o Selecting only certain columns or rows to loado Translating coded values, such as replacing yes with 1 and no
with 2o Performing select, project, and join operations on datao Sorting and filtering datao Aggregating and summarising data before loading it in the data
warehouse4 Loading: the process of transferring data to the data warehouse
5.3Storage p51# Study Note1 Collected info is organised in a data warehouse as:
- Raw data: info in its original form- Summary data: gives subtotals of various categories- Metadata: info about data such as content, quality, condition, origin
etc.
5.4Output p51Learn Exhibit 3.6: A data warehouse configuration p52
5.4.1 Online Analytical Processing p51# Study Note1 Online transaction processing (OLTP):
# Study Note- Systems are used to facilitate and manage transaction-oriented
applications: point of sale, data entry, retrieval transaction processing- Usually use internal data and respond in real time
2 Online analytical processing (OLAP):- Generates business intelligence: allows you to analyse info that has
been summarised in multidimensional ways- Used to perform trend analysis and sift through massive amounts of
stats to find specific info i.e. these tools usually have a drill-down and drill up feature for accessing multilayer info
- Sometime aka ‘slicing and dicing’- Uses multiple sources of info- Provides multidimensional analysis: view data based on time, product,
location
5.4.2 Data-Mining Analysis p52# Study Note1 Data-mining analysis is used to discover patterns and relationships2 Typical questions that can be answered using data-mining tools:
- Which customers are likely to respond to a new product?- Which customers are likely to respond to a new ad campaign?- What product should be recommended to this customer based on his
or her past buying patterns?3 Vendors of data mining software include:
- SAP Business Objects- SAS- Cognos- Informatica
5.4.3 Decision-Making Reports p53Examples of what a data warehouse can allow you to do:
# Study Note1 Cross-reference segments of an organisation’s operations for comparison
purposes2 Generate complex queries and reports faster and easier with data
warehouses than with databases3 Generate reports efficiently using data from a variety of sources in different
formats and stored in different locations throughout an organisation4 Find patterns and trends that can’t be found with databases5 Analyse large amounts of historical data quickly6 Assist management in making well-informed business decisions7 Manage a high demand for info from many users with different needs and
decision-making styles
6 Data Marts p53# Study Note1 Data mart:
# Study Note- Smaller version of a data warehouse- Used by a single department or function- Focus on business functions for a specific user group (see above)
2 Data marts have the following advantages over data warehouses:- Access to data is often faster because of their smaller size- Response time for users is improved- Easier to create because they’re smaller and often less complex- Less expensive- Users are targeted better, because a data mart is designed for a
specific department or division
CH4 Personal, Legal, Ethical, and Organisational Issues of ISs p581 Risks Associated with Information Technologies p59Many of the risks mentioned here can be minimised or prevented by:
# What You Can Do1 Installing OS updates regularly2 Using anti-virus and anti-spyware software3 Using e-mail security features
1 Cookies p59# Study Note1 Cookies are small text files with unique ID tags that are embedded in a web
browser and saved on the user’s hard drive
2 Spyware and Adware p60Spyware study notes:
# Study Note1 Spyware is software that secretly gathers info about users while they
browse the web2 Spyware can also interfere with users’ control of their computers by
installing additional software and redirecting web browsers3 Some spyware changes computer settings, resulting in slow internet
connections, changes to default home pages, and loss of functions in other programs etc.
Adware study notes:
# Study Note1 Adware is a form of spyware that collects info about the user without the
user’s consent2 It uses this info to display ads in the web browser based on info it collects
from the user’s browsing patterns3 In addition to antivirus software, installing an ad-blocking feature is
recommended
3 Phishing p60# Study Note1 Phishing is sending fraudulent e-mails that seem to come from legitimate
sources2 They usually direct e-mail recipients to false websites that look like the real
thing for purposes of capturing private info e.g. bank account numbers or passwords
4 Keyloggers p60# Study Note1 Keyloggers monitor and record keystrokes and can be software or hardware
devices
5 Sniffing and Spoofing p60# Study Note1 Sniffing is capturing and recording network traffic – can be used to monitor
network performance2 Spoofing is an attempt to gain access to a network by posing as an
authorised user to find sensitive info – it can be illegitimate programs posing as legitimate ones
6 Computer Crime and Fraud p60# Study Note1 Computer fraud is the unauthorised use of computer data for personal gain
e.g. transferring money2 Examples of computer crimes include:
- Denial-of-service atatcks- Identity theft- Software piracy- Distributing child pornography- E-mail spamming- Writing or spreading viruses- Stealing files for industrial espionage- Changing computer records illegally- Virus hoaxes
5 Privacy Issues p61# Study Note1 There are 3 NB concepts regarding internet and network privacy:
- Acceptable use policies: a set of rules specifying the legal and ethical use of a system and the consequences of noncompliance
- Accountability: refers to issues involving both the user’s and the organisation’s responsibility and liability
- Nonrepudiation: a method for binding all involved parties to a contract2 Guidelines to eliminate or minimise the invasion of privacy: study p63
1 E-mail p63# Study Note1 Spam (junk mail) is unsolicited e-mail sent for advertising purposes2 Ease of access is a concern – whether an e-mail is distributed through the
internet or through a company network
2 Data Collection on the Internet p64# Study Note1 There are 2 common technologies used for data collection:
- Cookies- Log files: generated by web server software and record a user’s
actions on a website
5 Ethical Issues of Information Technologies p65# Study Note1 Ethics means doing the right thing and its meaning can vary from culture to
culture and person to person2 An example of a code of ethics moral guidelines:
- Contribute to society and human well-being- Avoid harm to others- Be honest and trustworthy- Be fair and take actions not to discriminate- Honour property rights, including copyrights and patents- Give proper credit for intellectual property- Respect the privacy of others- Honour confidentiality
1 Censorship p66# Study Note1 There are 2 types of information available on the internet: public and
private2 Public information can be censored for the following reasons:
- Public policy reasons e.g. publishing sensitive military info- If the content is deemed offensive to a political, religious or cultural
group
2 Intellectual Property p67# Study Note1 Intellectual property is a legal umbrella covering protections that involve:
- Copyrights- Trademarks- Trade secrets- Patents for “creations of the mind” developed by people or businesses
2 Intellectual property can be divided into 2 categories:- Industrial property: inventions, trademarks, logos, industrial designs
etc.- Copyrighted material: literary and artistic works
3 Things to know about copyright laws:- Copyright laws protect tangible materials and online materials- These include: web pages, HTML code, computer graphics- As long as the content can be printed or saved on a storage device- Copyright laws give only the creator exclusive rights – meaning no one
# Study Noteelse can reproduce, distribute, or perform the work without permission
- Copyrights last for the author’s lifetime + 70 years and do not need to be renewed
4 Things to know about trademarks and patents:- A trademark protects product names and identifying marks e.g. logos- A patent protects new processes – patents last 20 years (14 years for
design patents)- An organisation can benefit from a patent in at least 3 ways:
o Generate revenue by licensing its patento Use the patent to attract funding for further R&Do Use the patent to keep competitors from entering certain
market segments5 Cybersquatting – registering, selling, or using a domain name to profit from
someone else’s trademark
3 Social Divisions and Digital Divide p68# Study Note1 Exists between the information rich and the information poor
5 The Impact of IT in the Workplace p69Read Table 4.1: The benefits and potential drawbacks of Telecommuting p69
# Study Note1 Information technologies have led to “job deskilling” – this occurs when:
- Skilled labour is eliminated by high technology- A job is downgraded from a skilled to a semiskilled or unskilled position- It usually takes place when a job is automated or when a complex job
is fragmented into a sequence of easily performed tasks2 Fast communication using e-mail instead of inter-office memos3 Virtual organisations:
- Networks of independent companies, suppliers, customers, and manufacturers connected via IT to share skills and costs and have access to each other’s markets
- Does not need central offices or a hierarchy- Advantages include:
o Each participating company can focus on what it does best, thus improving the ability to meet customer’s needs
o Cost of hiring additional employees is reduced because skills are shared
o Companies can respond to customers faster and more efficientlyo Time needed to develop new products is reducedo Products can be customised more to respond to customers’
needs
1 IT and Health Issues p71# Study Note1 Work habit and work environments can cause physical problems due to:
# Study Note- Static electricity- Inadequate ventilation- Poor lighting- Dry air- Unsuitable furniture- Too few rest breaks
2 Health problems related to computer equipment include:- Vision problems: fatigue, itching, blurred vision- Musculoskeletal problems: back sprain and wrist pain- Skin problems: rashes- Stress-related problems: headaches and depression
3 Ergonomic factors that can solve many of these problems:- Flexible or wireless keyboards- Correct lighting- Special monitors for workers with vision problems
5 Green Computing p71# Study Note1 Green computing is computing that promotes a sustainable environment
and consumes the least amount of energy2 Green computing involves:
- The design- Manufacture- Use- Disposal
of:- Computers- Servers- Computing devices
in such a way that there is minimal impact on the environment3 The benefits of green computing:
- Helps an organisation save on energy costs- Improves the quality of the environment that we live and work in
3 Read ways to pursue a green computing strategy on p72
Data Communication, the Internet, E-Commerce, and Global Information Systems p94CH5 Protecting Information Resources p741 Computer and Network Security: Basic Safeguards p75Hackers use a variety of tools to break into computers:
# Study Note1 Sniffers2 Password crackers3 Rootkits4 Journals: Phrack and 2600: The Hacker Quarterly
Types of hackers p76:
# Study Note1 Script kiddie2 Black hat3 White hat, aka “ethical hackers”
There are 3 important aspects of computer and network security, collectively referred to as the CIA triangle:
# Study Note1 Confidentiality – non-disclosure of info to anyone who isn’t authorised2 Integrity – refers to the accuracy of info resources with an organisation as
well as identifying authorised users and granting them acess privileges3 Availability
The McCumber Cube p76:
# Study Note1 It is represented as a 3 dimensional cube2 It defines 9 characteristics of information security:
- Transmission- Storage- Processing- Confidentiality- Integrity- Availability- Human factors- Policy and practices- Technology
3 This model includes the different states in which information can exist in a system:
# Study Note- Transaction- Storage- Processing
In addition, a comprehensive security system must provide 3 levels of security p77:
# Study Note1 Level 1: front-end servers e.g. e-mail and webservers must be protected
against unauthorised access2 Level 2: Back-end systems must be protected to ensure:
- Confidentiality- Accuracy- Integrity of data
3 Level 3: the corporate network must be protected against:- Intrusion- Denial-of-service attacks- Unauthorised access
The first step in planning a comprehensive security system: A fault-tolerant system uses a combination of hardware and software for improving reliability – it is a way of ensuring availability in case of a system failure.
Some commonly used methods include p77:
# Study Note1 Uninterruptable power supply (UPS) serves 2 crucial tasks:
- It serves as a power source to continue running the server (usually for a short period)
- Safely shuts down the server2 Redundant array of independent disks (RAID):
- Collection of disk drives used to store data in multiple places- Stores a value called a checksum that is used to verify that data has
been stored or transmitted without error3 Mirror disks:
- Uses 2 disks containing the same data- It is a level-1 RAID system
2 Security Threats: An Overview p77
2.1 Intentional Threats p77Intentional computer and network threats include:
# Threat1 Viruses2 Worms
# Threat3 Trojan programs4 Logic bombs5 Backdoors6 Blended threats e.g. worm launched by a Trojan7 Rootkits8 Denial-of-service attacks9 Social engineering
2.1.1 Viruses p78# Study Note1 Consists of a self-propagating program code that’s triggered by a specific
time or event, the virus attaches itself to other files when the program or OS containing the virus is used
2 Indications that a computer might be infected by a virus:- Some programs have suddenly increased in size- Files have been corrupted, or you can’t open some files- Hard disk free space is reduced drastically- The keyboard locks up, or the screen freezes- Available memory dips down more than usual- Disk access is slow- Computer tasks take longer than usual to start- Unexpected disk activity- Unfamiliar messages on the screen
2.1.2 Worms p79# Study Note1 Travels from computer to computer but doesn’t usually erase data2 Unlike a virus, it is an independent program that can spread itself without
having to be attached to a host program3 Eats up resources, eventually bringing a computer or a network to a halt
2.1.3 Trojan Programs p79# Study Note1 Contains code intended to disrupt a computer, network, or website and is
usually hidden inside a popular program2 They don’t replicate themselves as viruses and worms do
2.1.4 Logic Bombs p79# Study Note1 Type of Trojan program used to release a virus, worm, or other destructive
code2 Triggered at a certain time e.g. birthday of a famous person or by a specific
event e.g. pressing enter
2.1.5 Backdoors p79# Study Note1 Also called a “trapdoor”2 Programming routine built into a system by its designer or programmer that
enables the designer or programmer to bypass security and sneak back into the system later to access programs or files
2.1.6 Blended Threats p79# Study Note1 Security threat that combines the characteristics of computer viruses, worms,
and other malicious codes with vulnerabilities found on public and private networks
2 Blended threats search for vulnerabilities on computer networks and then take advantage by embedding malicious codes in the server’s HTML files or by sending unauthorised e-mails from compromised servers with a worm attachment
2.1.7 Denial-of-Service Attacks (DoS) p80# Study Note1 Floods a network or server with service requests to prevent legitimate users’
access to the system2 Usually target internet servers: web, FTP, or mail servers (although any
system connected to the internet running TCP services is subject to attack)
2.1.8 Social Engineering p80# Study Note1 Means using people skills – such as being a good listener and assuming a
friendly, unthreatening air – to trick others into revealing private info2 It takes advantage of the human element of security systems3 Common techniques include:
- Dumpster diving- Shoulder surfing
3 Security Measures and Enforcement: An Overview p81Organisations can take many steps to guard against threats:
# Study Note1 Biometric security measures2 Non-biometric security measures3 Physical security measures4 Access controls5 Virtual private networks (VPN)6 Data encryption7 E-commerce transaction security measures8 Computer Emergency Response Team (CERT)
3.1 Biometric Security Measures p81# Study Note1 Use a physiological element to enhance security measures2 It is unique to a person and can’t be stolen, lost, copied, or passed on to
others3 Biometric security includes:
- Facial recognition – shape, pattern, and positioning- Fingerprints- Hand geometry – compare length of each finger, translucence of
finger tips, webbing between fingers against stored data4 Iris analysis5 Palm prints – palm reader uses near infrared light to capture a user’s vein
pattern6 Retinal scanning7 Signature analysis – pen pressure, speed, length of time to sign8 Vein analysis – in wrist and back of the hand but no direct contact is made9 Voice recognition – translate words into digital patterns, recorded and
examined for tone and pitch and can work over long distances e.g. ordinary telephone
10
Drawbacks include:- High costs- Users’ reluctance- Complex installation
3.2 Non-biometric Security Measures p81The 3 main non-biometric security measures are:
# Study Note1 Callback modems2 Firewalls3 Intrusion detection systems
3.2.1 Callback Modems p82# Study Note1 Verifies whether a user’s access is valid by logging the user off and the
calling the user back2 Useful in organisations with many employees who work off-site and who need
to connect to the network from remote locations
3.2.2 Firewalls p82# Study Note1 Combination of hardware and software that acts as a filter or barrier between
a private network and external computers or networks, including the internet2 A firewall can examine data passing into or out of a private network and
decide whether to allow the transmission based on:- Users’ ID
# Study Note- The transmission’s origin and destination- The transmission’s contents
3 Info being transmitted is stored in a packet, after examining the packet, a firewall can take one of the following actions:
- Reject the incoming packet- Send a warning to the network administrator- Send a message to the packet’s sender that the attempt failed- Allow the packet to enter (or leave) the private network
4 The main types of firewalls are:- Packet-filtering firewalls- Application-filtering firewalls- Proxy servers
Packet-filtering firewalls work like this p83:# Study Note1 Packet-filtering firewalls control data traffic by configuring a router to
examine packets passing into and out of the network2 The router examines the following info in a packet:
- Source IP address and port- Destination IP address and port- Protocol used
3 Based on this info, rules called “packet filters” determine whether a packet is accepted, rejected, or dropped
4 For example:- A packet filter can be set up to deny packets from specific IP addresses- A packet-filtering firewall informs senders if packets are rejected but
does nothing if packets are dropped- Senders have to wait until their requests time out to learn that the
packets they sent weren’t received5 These firewalls record all incoming connections, and packets that are
rejected might be a warning sign of unauthorised attempts6 Packet-filtering firewalls are inefficient because:
- They have to examine packets one-by-one- They might be difficult to install- They can’t usually record every action taking place at the firewall
Application-filtering firewalls work like this p83:# Study Note1 Application-filtering firewalls are generally more secure and flexible than
packet-filtering firewalls – but they are more expensive2 Typically, they are software that is installed on a host computer (a dedicated
workstation or server) to control use of network applications, such as:- E-mail- Telnet- FTP
3 These firewalls monitor the following:- Which applications were requested- The time at which application requests take place
# Study Note4 Application-filtering firewalls filter viruses and log actions more effectively
than packet-filtering firewalls – this helps network admins spot potential security breaches
5 These firewalls are often slower than other firewalls which can affect network performance – this is due to all the application filtering that they do
Proxy servers work like this p83:# Study Note1 A proxy server is software that acts as an intermediary between two systems
– between network users and the internet2 It’s often used to protect the network against unauthorised access from the
outside by hiding the network addresses of internal systems3 It can also be used as a firewall that scans for malware and viruses, speeds
up network traffic, or takes some load off internal servers (which firewalls can’t do) – it can also block requests from certain servers
4 Learn Exhibit 5.4: A proxy server p84
Guidelines for improving a firewall’s capabilities p84:
# Study Note1 Identify what data must be secured, and conduct a risk analysis to assess the
costs and benefits of a firewall2 Compare a firewall’s features with the organisation’s security needs3 Compare features of packet-filtering firewalls, and proxy servers4 Examine the costs of firewalls5 Compare the firewall’s security with its ease-of-use6 Check the vendor’s reputation, technical support, and update policies
3.2.4 Intrusion Detection Systems (IDS) p84# Study Note1 An IDS can protect against both external and internal access (unlike firewalls)2 They’re usually placed in front of a firewall and can identify:
- Attack signatures- Trace patterns- Generate alarms for the network administrator- Cause routers to terminate connections with suspicious sources- Prevent DoS attacks
3 An IDS monitors network traffic and uses the “prevent, detect, and react” approach to security
4 It requires a lot of processing power and can affect network performance – and it might need additional config to prevent it from generating false positive alarms
3.3 Physical Security Measures p84# Study Note1 Physical security measures primarily control access to computers and
# Study Notenetworks and include devices for securing computers and peripherals from theft
2 Common physical security measures:- Cable shielding – protection from electromagnetic interference (EMI)- Corner bolts- Electronic trackers – secured to the computer at the power outlet- Identification (ID) badges – checked against a list of authorised
personnel- Proximity-release door openers – radio transmitters- Room shielding – non-conductive material- Steel encasements – fit over entire computer and can be locked
3.4 Access Controls p86# Study Note1 Access controls are designed to protect systems from unauthorised access in
order to preserve data integrity2 Two widely used access controls are:
- Terminal Resource Security- Passwords
3 Guidelines to increase the effectiveness of passwords:- Change passwords frequently- Passwords should be 8 characters or longer- Passwords should be a combination of uppercase and lowercase
letters, numbers, and special symbols, such as @ or $- Passwords should not be written down- Passwords shouldn’t be common names e.g. the user’s first or last
name or dictionary words- Passwords shouldn’t be increased or decrease sequentially, or follow a
pattern
3.5 Virtual Private Networks (VPN) p87# Study Note1 A VPN provides a secure “tunnel” through the internet for transmitting
messages and data via a private network2 Data is encrypted before it’s sent through the tunnel with a protocol, such as
Layer 2 Tunnelling Protocol (L2TP) or Internet Protocol Security (IPSec)3 Downside of VPNs:
- Transmission speeds can be slow- Standardisation can be a problem
4 VPNs are an alternative to:- Private leased lines- Dedicated Integrated Services Digital Network (ISDN) lines- T1 lines
Learn Exhibit 5.6: A VPN configuration p87
3.6 Data Encryption p87# Study Note1 Data encryption transforms data, called “plaintext” or “cleartext,” into a
scrambled form called “ciphertext” that can’t be read by others2 The rules for encryption, known as the “encryption algorithm,” determine
how simple or complex the transformation process should be – the receive then unscrambles the data by using a decryption key
3 A commonly used encryption protocol is secure sockets layer (SSL) – it manages transmission security on the internet
4 A more recent cryptographic protocol is transport layer security (TLS) – ensures data security and integrity over public networks, such as the internet – similar to SSL, TLS encrypts the network segment used for performing transactions
5 Encryption algorithms use a key to encrypt and decrypt data – the key’s size varies from 32 bits to 168 bits
6 There are 2 main types of encryption:- Asymmetric (“public key” encryption)- Symmetric (“secret key” encryption)
7 Asymmetric encryption:- Uses 2 keys: a public key and a private key- Slow and requires a lot of processing power
8 Symmetric encryption:- The same key is used to encrypt and decrypt the message- The sender and receiver must agree on the key and keep it secret- Advanced Encryption Standard (AES)
9 Digital signatures:- You encrypt a message with your private key and use an algorithm
that hashes the message and creates a message digest- The message digest can’t be converted back to the original message- The you use the private key to encrypt the message digest- This encrypted piece is called the message signature- You then send the encrypted message and digital signature- The recipient has your public key and uses it to decrypt the message
and then uses the same algorithm that you did to hash the message and create another version of the message digest
- The recipient uses your public key to decrypt your digital signature and get the message digest you sent
- The recipient then compares the two message digests
3.7 E-Commerce Transaction Security Measures p89In e-commerce 3 factors are critical for security:
# Study Note1 Authentication2 Confirmation3 Non-repudiation (of origin and receipt)4 Other factors:
- Integrity
3.8 Computer Emergency Response Team (CERT) p89# Study Note1 Currently CERT focuses on:
- Security breaches- DoS attacks
CERT offers guidelines on handling and preventing these incidents
4 Guidelines for a Comprehensive Security System p89The following steps should be considered when developing a comprehensive security plan:
# Step1 Set up a security committee with representatives from all departments as
well as upper management – the committees responsibilities include:- Developing clear, detailed security policy and procedures- Providing security training and security awareness for key decision
makers and computer users- Periodically assessing the security policy’s effectiveness- Developing and audit procedure for logins and system use- Overseeing enforcement of the security policy- Designing an audit trail procedure for incoming and outgoing data
2 Post the security policy in a visible place3 Raise employees’ awareness of security problems4 Revoke terminated employees’ passwords and ID badges5 Keep sensitive data, software, and printouts locked up in secure locations
Exit programs and systems promptly, and never leave logged-on workstations unattended
6 Limit computer access to authorised personnel only7 Install anti-virus programs and make sure they’re updated automatically8 Install only licenses software bought from a reputable dealer9 Install firewalls and intruder detection systems – and consider biometric
security measures
4.1 Business Continuity Planning (BCP) p91# Study Notes1 Outlines procedures for keeping an organisation operational in the case of
natural disaster or network attack or intrusion2 A disaster recovery plan lists the tasks that must be performed to restore
data and equipment as well as the steps to prepare for disaster, such as:- Back up all files- Review security and fire standards for computer facilities periodically- Review info from CERT and other security agencies periodically- Make sure staff members have been trained and are aware of the
consequences of possible disasters and steps to reduce the effects of disasters
- Test the DR plan with trial data- Identify vendors of all software and hardware used in the organisation
and make sure their contact details are up-to-date- Document all changes made to hardware and software
# Study Notes- Get a comprehensive insurance policy for computers and network
facilities – review it periodically to make sure it is adequate- Set up alternative sites to use in case of a disaster – cold vs. hot sites- Investigate using a colocation facility – rented from a third party- Check sprinkler systems, fire extinguishers, and halon gas systems- Keep backups in off-site storage, test data recovery procedures
periodically, and keep detailed record of machine-specific information- Keep a copy of the disaster recovery plan off site- Go through a mock disaster to assess response time and recovery
procedures3 If disaster strikes, organisations should follow these steps to resume normal
operations as soon as possible:- Put together a management crisis team to oversee the recovery plan- Contact the insurance company- Restore phone lines and other communication systems- Notify all affected people, including customers, suppliers, and
employees- Set up a help desk to assist affected people- Notify the affected people that recovery is underway- Document all actions taken to regain normality; revise the DR plan if
needed
CH6 Data Communication: Delivering Information Anywhere and Anytime p941 Defining Data Communication p95# Study Note1 Definition: The electronic transfer of data from one location to another: a
data communication system enables an information system to deliver information
2 A data communication system can also improve the flexibility of data collection and transmission: it is the basis of virtual organisations and e-collaboration
3 Why managers need to know about data communication:- Enhance decision makers’ efficiency and effectiveness: collaboration
and coordination- Improve productivity: email, networks
2 Basic Components of a Data Communication System p97# Study Note1 A data communication system includes the following components:
- Sender and receiver devices- Modems and routers- Communication medium (channel)
2 Basic concepts p97:- Bandwidth: the amount of data that can be transferred from one
point to another in a certain time period, usually one second. Express as bps, Kbps, Mbps, Gbps
- Attenuation: the loss of power in a signal as it travels from the sending device to the receiving device
- Data transmission channels – broadband (multiple pieces of data are sent simultaneously) or narrowband (voice-grade transmission channel transmitting a max of 56,000 bps)
- Synchronisation – both devices must start and stop communicating at the same point, handled with protocols
- Protocols – rules that govern data communication incl. error detection, message length, transmission speed. Protocols also help ensure compatibility between different manufacturer’s devices
- Modem - A modem is a device that connects a user to the internet. Wireless users and satellite users don’t need a modem
- DSL – digital subscriber line
2.1 Sender and receiver devices p97A sender and receiver device can take various forms p97:
# Device1 Input/output device, or “thin client”2 Smart terminal3 Intelligent terminal, workstation, or personal computer4 Netbook computer
# Device5 Mini computers, mainframes, or supercomputers6 Smartphones, mobile phones, MP3 players, PDAs, and game consoles
2.2 Modems (short for “modulator-demodulator”) p97Not any
2.3 Communication Media ( or “channels”) p98Communication media connect sender and receiver devices – they can be conducted (wired) or radiated (wireless).
# Study Note1 Conducted media- provide a physical path along which signals are
transmitted:- Twisted pair cable: twisted copper lines used in the telephone network
and communication within buildings- Coaxial cable: both data and voice transmissions used for long
distance telephone transmissions and LANs- Fibre optic cable: glass tubes surrounded by concentric layers of glass
called “cladding” to form a light path through wire cables2 Radiated media – use an antenna for transmitting data through air or water
(broadcast radio, microwave and satellite use line-of-sight)
3 Processing Configurations p99Centralised, decentralised, and distributed:
# Study Note1 Centralised processing - all processing is done at one central computer – not
in use much anymore2 Decentralised processing – each department has its own computer called an
“organisational unit”3 Distributed processing – maintains centralised control and decentralises
operations (processing power is distributed among several locations). The advantages include:
- Accessing unused processing power is possible- Modular design means computer power can be added based on need- Distance and location aren’t limiting- Compatible with organisational growth because workstations can be
added- Fault tolerance improved because of availability of redundant
resources- Reliability is improved because system failures can be limited to one
site- The system is more responsive to user needs
The disadvantages include:- Dependence on communication technology- Incompatibility between equipment
# Study Note- More challenging network management
3.4 Open Systems Interconnection Model (OSI) p100The OSI is a seven-layer architecture for defining how data is transmitted from computer to computer in a network, from the physical connection to the network to the applications that users run. OSI also standardises interactions between network computers exchanging information. Each layer in the architecture performs a specific task:
# Study Note1 Application layer – the window through which applications access network
services e.g. file transfers, database access, and email2 Presentation layer – responsible for formatting message packets3 Session layer – establishes a communication session between computers4 Transport layer – Generates the receiver’s address and ensures the
integrity of messages, provides methods for controlling data flow, ordering received data, and acknowledging received data
5 Network layer – Responsible for routing messages6 Data link layer – Oversees the establishment and control of the
communication link7 Physical layer – Specifies the electrical connections between computers and
the transmission medium, and defines the physical medium for communication
4 Types of Networks p100LAN, WAN and MAN in which computers are connected using a network interface card (NIC). A NIC, or “adapter card”, is a hardware components that enables computers to communicate over a network.
4.1 LANs p100A LAN connects workstations and peripheral devices that are in close proximity (covers a limited geographical area) and one company owns it. Data transfer speed varies from 100Mbps to 10Gbps.
LANs are used to:
# Study Note1 Share resources: peripherals, files, software2 Integrate services – email, file sharing
In a LAN environment, there are two key terms to remember:
# Study Note1 Ethernet – standard communication protocol embedded in software and
hardware devices2 Ethernet cable – used to connect computers, hubs, switches, routers to a
network
4.2 WANs p101A WAN can span several cities or countries and is usually owned by several different parties. The data transfer speed depends on the speed of its interconnections, or “links” and can vary from 28.8Kbps to 155Mbps
4.3Metropolitan Area Networks (MANs) p101A MAN is designed to handle data communication for multiple organisations in a city and/or nearby cities. The data transfer speed varies from 35Mbps to 155Mbps.
5 Network Topologies p102A network topology represents a network’s physical layout, incl. the arrangement of computers and cables.
5.1 Star topology p102# Star Topology Study Note1 Consists of a central computer (server) and a series of nodes (workstations or
peripheral devices)2 The host computer supplies the main processing power3 Advantages include:
- Cable layouts are easy to modify- Centralised control makes detecting problems easier- Nodes can be added to the network easily- More effective at handling heavy but short bursts of traffic
4 Disadvantages include:- Central host means a single point of failure- Many cables required which increases cost
5.2 Ring Topology p103# Ring Topology Study Note1 No host computer is required, each computer manages its own connectivity2 Computers and devices are arranged in a circle so that each node is
connected to two other nodes: upstream and downstream neighbour with transmission in one direction
3 Advantages include:- Less cable that a star topology
4 Disadvantages include:- If any link between nodes is severed, the entire network is affected- Diagnosing problems and modifying the network are more difficult
than with a star topology
5.3 Bus Topology (or “linear bus”) p103# Bus Topology Study Note1 Connects nodes along a network segment, but the ends of the cable aren’t
connected, as they are in a ring topology – a hardware device called a terminator is used at each end of the cable to absorb the signal
2 Common speeds in a bus topology are: 1, 2.5, 5, 10, 100Mbps, 1Gbps and 10Gbps
3 A node failure has no effect on any other node
# Bus Topology Study Note4 Advantages include:
- Easy to extend- Very reliable- Wiring layout is simple and uses the least amount of cable of any
topology- Ability to handle steady (even) traffic
5 Disadvantages include:- Fault diagnosis is difficult- Bus cable can be a bottleneck when network traffic is heavy
5.4 Hierarchical Topology (or “tree topology”) p103# Hierarchical Topology Study Note1 Combines computers with different processing strengths in different
organisational levels e.g. mainframe2 Uses controllers and multiplexers (hardware device that allows several nodes
to share one communication channel)3 Advantages include:
- Good network control and lower cost compared with star topology4 Disadvantages include:
- Network expansion might pose a problem- Traffic congestion at root and higher-level nodes
5.5 Mesh Topology (“plex” or “interconnected”) p104# Mesh Topology Study Note1 Every node is connected to every other node2 Very reliable but costly and difficult to maintain and expand
6 Major Networking Concepts p104
6.1 Protocols p104# Protocols Study Notes1 Methods and rules that electronic devices use to exchange information2 Some protocols deal with hardware connections, others control data
transmission and file transfers3 Protocols specify the format of message packets sent between computers
6.2 Transmission Control Protocol/Internet Protocol (TCP/IP) p104# TCP/IP Study Notes1 TCP/IP is an industry-standard suite of communication protocols – it enables
interoperability i.e. allows linking of devices running on many different platforms
2 TCP:- Operates at OSI’s transport layer- Primary function: establish link between hosts, ensure message
integrity, sequencing, and acknowledging packet delivery, and regulating data flow between source and destination nodes
# TCP/IP Study Notes3 IP :
- Operates at OSI’s network layer- Responsible for packet forwarding- Divided into 2 parts: network address and node address
6.3 Routing p105# Routing Study Notes1 Packet switching – a network communication method that divides data into
small packets and transmits them to an address, where they are reassembled2 A packet – collection of binary digits incl. message data and control
characters for formatting and transmitting, sent from computer to computer over a network
3 The path or route that data takes on a network is determined by the type of network and the software used to transmit data – the process of deciding which path that data takes is called routing
4 The decision about which route to follow is done in one of two ways:- At a central location (centralised routing) using a routing table
(lists nodes on a network and the path to each node, along with alternate routes and the speed of existing routes). One node (network routing manager) is in charge of selecting the path for all packets
- Distributed routing relies on each node to calculate the best possible route. Each node contains its own routing table with current information on the status of adjacent nodes so that the best possible route can be followed
6.4 Routers p106# Routers Study Notes1 A router is a network connection device containing software that connects
network systems and controls traffic flow between them2 Routers:
- Operate at the OSI network layer and handle routing packets on a network
- Can select the best possible path for packets based on distance or cost- Can prevent network jams that delay packet delivery and handle
packets of different sizes- Can be used for segmenting(isolate a portion of the LAN from the rest
of the network)3 There are 2 types of routers - static and dynamic:
- Static router: requires the network routing manager to give it information about which addresses are on which network
- Dynamic router: can build tables that identify addresses on each network
6.5 Client/Server Model p106Study exhibits on p107-108
# Client/Server Study Notes1 In the most basic client/server config, the following events usually take place:
1. The user runs client software to create a query
# Client/Server Study Notes2. The client accepts the request and formats it so that the server can
understand it3. The client sends the request to the server over the network4. The server receives and processes the query5. The results are sent to the client6. The results are formatted and displayed to the user in an
understandable format2 The three levels of logic:
- Presentation logic – how data is returned to the client e.g. GUI- Application logic – software processing requests for users- Data management logic – data management and storing operations
The following sections describe typical architectures for dividing the three logics between client and server p106:
# Client/Server Study Notes1 Two-tier architecture, or “traditional client/server model” p106-107
- Advantages of application development speed, simplicity, power- Disadvantages of changes in application logic result in major
modification on clients2 N-tier architecture p108:
- Attempts to balance the workload between client and server by removing application processing from both the client and server and placing it on a middle-tier server
- Advantages: improving network performance- Disadvantages: network management is more challenging because
there’s more network traffic
7 Wireless and Mobile Networks p108# Wireless and Mobile Networks Study Notes1 Advantages p108:
- Mobility- Flexibility- Ease of installation- Low cost
2 Disadvantages p109:- Limited throughput (similar to bandwidth)- Limited range- In-building penetration problems- Vulnerability to frequency noise e.g. thunderstorms and lightning- Security e.g. sniffers
7.1 Wireless Technologies p109WLANs and WWANs: study table 6.2 WLANs versus WWANs on p110
7.2 Mobile Networks p110Study Exhibit 6.10 Mobile Network Architecture p110
Mobile networks have a three-part architecture:
1. Base stations send and receive transmissions to and from subscribers2. Mobile telephone switching offices (MTSO) transfer calls between national
or global phone networks and base stations3. Subscribers (users) connect to base stations by using mobile
communication devices
# Mobile Networks Study Notes1 To improve the efficiency and quality of digital communications, two
technologies have been developed:- Time Division Multiple Access (TDMA)- Code Division Multiple Access (CDMA)
2 TDMA:- Divides each channel into 6 slots- Each user is allocated 2 slots: one for transmission, one for reception- Increases efficiency by 300%, allows carrying three calls on one
channel3 CCMA:
- Transmits multiple encoded messages over a wide frequency- Decodes them at the receiving end
4 Advanced Mobile Phone System (AMPS):- Analogue mobile phone standard developed by Bell Labs in 1983- Stopped support in 2008
Study Table 6.3: Generations of Cellular Networks p111
8 Wireless Security p112An AP is the part of a WLAN that connects it to other networks. Techniques for improving the security of WLANs:
# Wireless Security Study Notes1 SSID (Service Set Identifiers)2 WEP (Wires Equivalent Privacy) – key manually entered into AP and client
computer3 EAP (Extensible Authentication Protocol) – dynamically generated based on
user’s ID and password4 WPA (Wi-Fi Protected Access) – combines strongest features of WEP and EAP:
keys are fixed as in WEP, or dynamically changed as in EAP5 WPA2 – uses EAP to obtain a master key p112
9 Convergence of Voice, Video, and Data p112In data communication, convergence refers to integrating voice, video, and data so that multimedia information can be used for decision making. Common applications of convergence include:
# Convergence Study Notes1 E-commerce2 Entertainment e.g. videos on demand
# Convergence Study Notes3 Increased availability and affordability of video and computing conferencing4 Consumer products and services, such as virtual classrooms, telecommuting,
and virtual reality5 Read more on telepresence..
-
CH7 The Internet, Intranets, and Extranets p1181 The Internet and the World Wide Web p119# The Internet and WWW Study Notes1 - The internet is a network of networks. It started in 1969 as a US
Department of Defence project called Advanced Research Projects Agency Network (ARPANET)
- ARPANET evolved into the National Science Foundation Network (NSFNET) in 1987 which is considered the first internet backbone
- The internet backbone is a foundation network linked with fibre-optic cables and made up of many interconnected high-capacity data routers
2 - The WWW or “the Web” changed the internet in 1989 by introducing a GUI to the internet
- The Web was proposed by Tim Berners-Lee at CERN (The European Organisation for Nuclear Research)
- The Web organises information by using hypermedia (documents that include embedded references to audio, text, images, video, and other documents)
1.1 Domain Name System p120# DNS Study Notes1 - Domain name - unique identifier of computer or network address on the
internet. Every domain name has a suffix indicating the TLD (top-level domain) it belongs to
- IP addresses are assigned by ICANN (the Internet Corporation for Assigned Names and Numbers)
- URL – address of a document or site on the internet2 Study table 7.1: Generic Top-Level Domains p1223 HTML p122
1.2 Types of Internet Connections p123Types of DSL services:
# DNS Study Notes1 Symmetric DSL (SDSL) – same data transmission rate up and downstream
1.5Mbps2 Asymmetric DSL (ADSL) – lower upstream 3.5Mbps; higher downstream
24Mbps3 Very high-speed DSL (VDSL) – up/downstream up to 100Mbps4 T1 and T3 lines – 24 simultaneous channels at 1.544Mbps or 2.048Mbps p123
2 Navigation Tools, Search Engines, and Directories p123The 3 categories of tool used to get around the internet:
# Internet Category Study Notes1 Navigation tools2 Search engines3 Directories – indexes of info based on keywords in documents
2.1 Navigation Tools p123n/a
2.2 Search Engines and Directories p124Search engines follow this three-step process:
# Search Engine Study Notes1 Crawling the web – crawlers, spiders, bots2 Indexing – server farms index data coming in from crawlers by using
keywords for retrieval purposes3 The search process – the index is used to look up the term
Directories:
# Directory Study Notes1 Directories organise info into categories – there are 2 types of categories:
automated (or crawler-based) and human-powered directory2 Automated – creates indexes of search terms and collects these terms
automatically by using crawlers3 Human-powered – manual submission of keywords i.e. relies on users to
supply the data
3 Internet Services p125
3.1 Email p125n/a
3.2 Newsgroups and Discussion Groups p125# Newsgroup and Discussion Group Study Notes1 Discussion group – exchanging opinions and ideas on a specific topic, usually
technical2 Newsgroup – more general in nature
3.3 Instant Messaging p125IRC and IM.
3.4 Internet Telephony p126Advantages of VOIP p126:
# Advantages of VOIP1 Cost savings2 Users don’t experience busy lines3 Voicemails can be received on the computer4 Users can screen callers even if caller has caller ID blocked5 Users can have calls forwarded from anywhere in the world6 Users can direct calls to the correct departments and take automated orders
4 Web Applications p126Refer p126 for list of industries.
5 Intranets (or “corporate portals”) p130# Intranet Study Notes1 An intranet is a network within an organisation that uses internet protocols
and technologies such as TCP/IP, FTP, SMTP and others for collecting, storing and disseminating useful info that supports business activities such as sales, customer service, HR, marketing etc.
5.1 The Internet vs Intranets p131Study Table 7.2: The Internet vs intranets p131
5.2 Applications of an Intranet p131A well-designed intranet can make the following types of info available p131:
# Information1 HR management2 Sales and marketing3 Production and operations4 Accounting and finance
6 Extranets p132# Extranet Study Notes1 An extranet is a secure network that uses the Internet and Web technologies
to connect intranets of business partners so that communication between organisations or consumers is possible
2 Considered to be IOS – inter-organisational system
An extranet has the same benefits as an intranet as well as other advantages, as follows p133:
# Extranet Advantages1 Coordination – between business partners, suppliers, distributors, customers2 Feedback - instant3 Customer satisfaction – instant info, ordering, e-commerce4 Cost reduction – reduces inventory costs5 Expedited communication – improves communication by linking intranets
7 New Trends: The Web 2.0 and 3.0 Eras p133Study Table 7.4: Web 1.0 vs Web 2.0 p134
7.1 Blogs p134n/a
7.2 Wikis p134n/a
7.3 Social networking sites p135n/a
7.4 RSS Feeds p135Uses XML format (a subset of SGML). Read p135 for more on XML, HTML and CSS.
7.5 Podcasting p136n/a
7.6 The Internet 2 p137A collaborative effort to develop advanced Internet technologies and applications for higher education and academic research.
# I2 Study Notes1 Gigapop – connect a variety of high performance networks, and the exchange
of I2 traffic with a specified bandwidth2 Relies on NSFNET and MCI backbone network service (vBNS)
Applications of I2 include p137:
# I2 Application1 Learningware – IMS (Instructional Management System) e.g. WebEx and
Elluminate Live2 Digital Library – electronic repository of educational resources3 Teleimmersion – share a virtual environment created on the Web e.g. virtual
reality4 Virtual laboratories
CH8 E-Commerce p1401 Defining E-Commerce p140E-commerce is part of e-business; they are not the same thing. E-commerce is buying and selling goods and services over the internet.
1.1 The Value Chain and E-Commerce p142# Value Chain and E-Commerce Study Notes1 Michael Porter introduced the value chain concept in 19852 The value chain concept consists of a series of activities designed to meet
business needs by adding value (or cost) in each phase of the process3 The value chain is about understanding what aspects of an organisation’s
business add value for customers and then maximising those aspects4 Study Exhibit 8.1 Michael Porter’s Value Chain p1425 Primary activities in the value chain:
- Inbound logistics- Operations- Outbound logistics- Marketing and sales- Service
6 A company is a part of a value chain if it:- Buys goods or services from suppliers- Adds features to increase value- Sells goods or services to customers
1.2 E-Commerce vs. Traditional Commerce p143# Value Chain and E-Commerce Study Notes1 Click-and-brick e-commerce – companies that operate as a mix of traditional
commerce and e-commerce2 Read Table 8.1: E-commerce vs. Traditional Commerce p144
1.3 Advantages and Disadvantages of E-Commerce p144Advantages of e-commerce:
# Advantages of E-Commerce1 Creating better relationships with suppliers, customers and business
partners2 Creating price transparency i.e. all market participants can trade at the
same price3 Operate around the clock and around the globe4 Gathering more info about potential customers5 Increasing customer involvement e.g. feedback forms6 Improving customer service7 Increasing flexibility and ease of shopping8 Increasing opportunities for collaboration9 Increasing return on investment i.e. lower inventory costs10
Personalised services and product customisation
# Advantages of E-Commerce11
Reducing admin and transaction costs
Disadvantages of e-commerce:
# Disadvantages of E-Commerce1 Bandwidth capacity problems2 Security issues3 Accessibility4 Acceptance
1.4 E-Commerce Business Models p144# E-Commerce Business Model1 Merchant – transfers the old retail model to the e-commerce world e.g.
Amazon.com2 Brokerage – brings sellers and buyers together on the web and collects
commission on transactions e.g. ebay.com3 Advertising e.g. Google’s AdWords4 Mixed – generating revenue from more than one source5 Infomediary – e-commerce sites that collect info on consumers and
businesses and then sell this info to other companies for marketing purposes e.g. bizrate.com
6 Subscription – sell digital products or services using online subscriptions e.g. Wall Street Journal
2 Major Categories of E-Commerce p146
2.1 Business-to-Consumer E-Commerce p146# B2C Study Notes1 Pure play – no physical store2 Brick-and-mortar – do have a physical store
2.2 Business-to-Business E-Commerce p147n/a
2.3 Consumer-to-Consumer E-Commerce p147# C2C Study Notes1 Online classified ads, auction sites, intranets
2.4 Consumer-to-Business E-Commerce p147# C2B Study Notes1 Consumers selling online surveys to companies
2.5 Government and Non-Business E-Commerce p147# Government and Non-Business (e-gov) Study Notes1 Government-to-citizen (G2C) – tax filing and payments, forms, voter
registration2 Government-to-business (G2B) – Sales of government assets, license apps
and renewals3 Government-to-government (G2G) – Disaster assistance and crisis response4 Government-to-employee (G2E) – e-training
2.6 Organisational or Intra-business E-Commerce p147# Organisational or Intra-Business Study Notes1 Inside an organisation
3 A B2C E-Commerce Cycle p148# B2C E-Commerce Cycle Study Notes1 Information sharing2 Ordering3 Payment4 Fulfilment5 Service and support
4 B2B E-Commerce: A Second Look p149# B2B E-Commerce Study Notes1 Same as B2C but uses additional technologies: intranets, extranets, VPNs,
EDI, EFT2 Results in improved supply chain management among business partners
4.1 Major Models of B2B E-Commerce p149The 3 main models: Seller, buyer or intermediary (third party). This has resulted in the following marketplace models: seller-side, buyer-side, third-party exchange marketplace. There is also trading partner agreements which is gaining popularity.
4.1.1 Seller-Side Marketplace p149# Seller-Side Marketplace Study Notes1 Sellers who cater to specialised markets come together to create a common
marketplace for buyers2 e-procurement – order and receive supplies directly from suppliers3 Main objectives – prevent purchase from suppliers not on approved list of
sellers and to eliminate processing costs
4.1.2 Buyer-Side Marketplace p150# Buyer-Side Marketplace Study Notes1 A buyer, or group of buyers, opens an electronic marketplace and invites
sellers to bid on announced products or RFQs
# Buyer-Side Marketplace Study Notes2 Advantages for sellers include:
- Conduct sales transactions- Automate the order management process- Conduct post-sales analysis- Automate the fulfilment function- Improve understanding of buying behaviours- Provide an alternative sales channel- Reduce order placement and delivery time
4.1.3 Third-Party Exchange Marketplace p150# Third-Party Exchange Marketplace Study Notes1 Controlled by a third party, the marketplace generates revenue from the fees
charged for matching buyers and sellers2 Vertical market – concentrates on a specific industry or market e.g. beef and
dairy3 Horizontal market – concentrates on a specific function or business process
and automates it for different industries e.g. employee benefits admin
4.1.4 Trading Partner Agreements p151# Trading Partner Agreements Study Notes1 Main objective – automate negotiating processes and enforce contracts
between participating businesses2 EbXML (electronic business Extensible Markup Language) – standardising the
exchange of e-commerce data via XML
5 Mobile and Voice-Based E-Commerce p151# Mobile and Voice-Based E-Commerce Study Notes1 Based on wireless application protocol (WAP)
6 E-Commerce Supporting Technologies p152Electronic payment systems, web marketing, and search engine optimisation.
6.1 Electronic Payment Systems p152# Electronic Payment Systems Study Notes1 Smartcards – loaded with information and updated periodically2 E-cash – usually works with a smartcard and recharged electronically3 E-check – electronic version of paper cheque4 E-wallets – store personal and financial information5 Micropayments
6.2 Web Marketing p153# Web Marketing Study Notes1 Cost per thousand (CPM)2 Cost per click (CPC)3 Click-through rate (CTR)
# Web Marketing Study Notes4 Spot leasing
6.3 Search Engine Optimisation (SEO) p154Keywords, page title, inbound links.
CH9 Global Information Systems p1581 Why Go Global? P159n/a
2 Global Information Systems: An Overview p161# GIS Study Notes1 An information system that works across national borders, facilitates
communication between HQ and subsidiaries in other countries and incorporates all the technologies and applications found in a typical IS to store, manipulate and transmit data across cultural and geographical boundaries.
2 A GIS is an IS for managing global operations, supporting an international company’s decision-making processes, and dealing with complex variables in global operations and decision-making
3 Strategic planning is a core function of a GIS4 A GIS can be defined along 2 dimensions:
- Control (centralised): using managerial power to ensure adherence to the organisation’s goals
- Coordination (decentralised): the process of managing the interactions between activities in different, specialised parts of an organisation
2.1 Components of a Global Information System p162Most GISs have 3 basic components:
# GIS Study Notes1 A network capable of global communication2 A global database3 Information-sharing technologies4 Value-added networks – private multipoint networks managed by a third
party and used by organisations on a subscription basis5 A GIS must have: bridges, routers, gateways, switching nodes6 Noise – How immune a medium is to outside electronic interference7 Transmission technologies:
- Synchronous: both parties must be connected- Asynchronous: both parties don’t need to be connected- Multiplexing- Digital (baseband)- Analogue (broadband)
8 Transborder data flow (TDF) – includes national and international agreements on privacy protection and data security
2.2 Requirements of Global Information Systems p163# GIS Study Notes1 MNC – multinational corporation2 TDF – transborder data flow3 A GIS, like any IS, is classified according to different managerial support it
provides:
# GIS Study Notes- Operational- Tactical- Strategic
4 Operational requirements of a GIS p164:- Global data access: online access to info from locations around the world- Consolidated global reporting- Communication between HQ and subsidiaries- Management of short-term foreign exchange risks
5 Strategic requirements of a GIS op164:- Strategic planning support- Management of conflicts and political risks- Management of long-term foreign exchange risks- Management of global tax risks
2.3 Goals of Global Information Systems p165Several issues must be addressed before adding a GIS to a MNC:
# GIS Issue to be Addressed1 The organisation’s business opportunities in the global marketplace2 Substantial resource commitments must be made, usually years in advance3 Screening of organisational personnel for technical and business expertise4 Coordination of migration from old system to new system
Some other names for GISs p165:
# GIS Alternate Name1 Global marketing information systems2 Strategic intelligent systems3 Transnational management support systems4 Global Competitive Intelligent Systems
3 Organisational Structures and Global Information Systems p165The 4 common types of global organisations:
# Global Organisation1 Multinational2 Global3 International4 Transnational
3.1 Multinational Structure p165# Multinational Study Notes1 Decentralised: Production, sales, and marketing are decentralised, and
financial management remains the parent’s responsibility study Exhibit 9.1: A Multinational Structure p165
2 Subsidiaries operate autonomously but report to the parent company
# Multinational Study Notesregularly
3.2 Global Structure (or “franchiser”) p166# Global Structure Study Notes1 Highly centralised information systems study Exhibit 9.2: A Global
Structure p1672 Subsidiaries have little autonomy and rely on HQ for all process and control
decisions3 E.g.: McDonald’s, KFC
3.3 International Structure p167# International Structure Study Notes1 Operated much like a multinational corporation, but subsidiaries depend on
HQ more for process and production decisions e.g. domestic exporters, also Caterpillar
2 IS personnel are regularly exchanged among locations3 Study Exhibit 9.3: An International Structure p167
3.4 Transnational Structure p167# Transnational Structure Study Notes1 The parent and all subsidiaries work together in designing policies,
procedures, and logistics2 Might have several regional divisions that share authority and responsibility3 It does not have its HQ in a particular country e.g. City Group, Sony, Ford4 Usually focuses on optimising supply sources and using advantages available
in subsidiary locations5 Study Exhibit 9.4: An Transnational Structure p168
3.5 Global Information Systems Supporting Offshore Outsourcing p168# GIS Systems Supporting Offshore Outsourcing Study Notes1 Offshore outsourcing is an alternative for developing ISs
4 Obstacles to Using Global Information Systems p169The following factors can hinder the success of a GIS:
# GIS Study Notes1 Lack of standardisation2 Cultural differences3 Diverse regulatory practices4 Poor telecommunication infrastructures5 Lack of skilled analysts and programmers
4.1 Lack of Standardisation p169n/a
4.2 Cultural Differences p170n/a
4.3 Diverse Regulatory Practices p170n/a
CH10 Building Successful Information Systems p1741 Systems Development Life Cycle (SDLC): An Overview p175Study Exhibit 10.1: Phases of the SDLC p176
2 Phase 1: Planning p176# SDLC Study Notes1 The 4 whys: why, who, when, what
2.1 Formation of the task force p178n/a
2.2 Feasibility Study p178A feasibility study has 5 major dimensions p179:
# Feasibility Dimensions1 Economic2 Technical - Concerned with the technology that will be used in the system3 Operational - A measure of how well the proposed solution will work in the
organisation and how internal and external customers will react to it “is the IS worth implementing?”
4 Schedule - Concerned with whether the new system can be completed on time
5 Legal
Phase 5 - Maintenance
Phase 4 - Implementation
Phase 3 - Design
Phase 2 - Requirements gathering and analysis
Phase 1 - Planning
Identify potential systems
Conduct preliminary analysis of
requirements and define the
problem
Conduct feasibility studies
Make go and no-go decisions
2.2.1 Economic Feasibility p179# Economic Feasibility Study Notes1 Assesses a system’s costs and benefits2 The most common analysis methods are:
- Payback- NPV- ROI- IRR (internal rate of return)- CBA (cost-benefit analysis)
3 The CBA should include the following sections:- Executive summary- Introduction- Scope and purpose- Analysis method- Recommendations- Justifications- Implementation plans- Summary- Appendix
4 Examples of useful supporting documentation:- Organisational charts- Workflow plans- Floor plans- Statistical information- Project sequence diagrams- Timelines- Milestone charts
3 Phase 2: Requirements Gathering and Analysis p181During this phase, the team attempts to understand the requirements to determine the main problem with the current system or processes, and looks for ways to solve problems by designing the new system. Note that any system has 3 parts:
- Process- Data- UI
# Phase 2: Requirements Gathering and Analysis Study Notes1 Step 1 is gathering requirements; step 2 is process analysis2 The creation of the system specifications document indicates the end of the
analysis phase and the start of the design phase
There are 2 main approaches for analysis and design of information systems p181:
# The 2 Main Approaches for Analysis and Design of ISs1 The structured systems analysis and design approach (SSAD):
- Treats process and data independently
# The 2 Main Approaches for Analysis and Design of ISs- Sequential approach that requires completing analysis before design
can begin2 Object oriented approach:
- Combines process and data analysis- Thin line between analysis and design
Study Table 10.1: Examples of Tools Used in SSAD Analysis Models p182
4 Phase 3: Design p183During the design phase, analysts choose the solution that’s the most realistic and offers the highest payoff for the organisation. The design phase consists of 3 parts:
# The 3 Parts of the Design Phase1 Conceptual design – overview of system, does not include hardware or
software2 Logical design – makes conceptual design more specific, indicates hardware
and software3 Physical design – created for a specific platform
4.1 Computer-Aided Systems Engineering (CASE) p183CASE tools support the design phase by helping analysts to do the following:
# How CASE Tools Support the Analyst1 Keep models consistent with each other2 Document models with explanations and annotations3 Ensure that models are created according to specific rules4 Create a single repository of all models related to a single system5 Track and manage changes to the design; create multiple versions of the
design
4.2 Prototyping p184Prototypes are used for the following purposes:
# Prototype purpose1 Gathering system requirements – in the planning phase2 Helping to determine system requirements3 Technical feasibility – POC (proof-of-concept)4 Selling the proposed system to users and management – selling prototype
Prototyping is done in 4 steps p184:
# Step1 Define the initial requirements2 Develop the prototype3 Review and evaluate the prototype
# Step4 Revise the prototype
Study advantages and disadvantages of prototyping on p185
5 Phase 4: Implementation p185Takes that take place in the implementation phase:
# Task1 Acquiring new equipment2 Hiring new employees3 Training employees4 Planning and designing the system’s physical layout5 Coding6 Testing7 Designing security measures and safeguards8 Creating a disaster recovery plan
Options for converting an IS p186:
# Option1 Parallel conversion – old and new systems run simultaneously for a short time2 Phased-in-phased-out conversion – as each module of the new system is
converted, the corresponding part of the old system is retired e.g. accounting and finance
3 Plunge (direct cutover) conversion4 Pilot conversion – introduce system in only a limited area e.g. a department
5.1 Request for Proposal (RFP) p186Study Exhibit 10.4: Main Components of a RFP p186
5.2 Implementation Alternatives p187SDLC is sometimes called insourcing i.e. a system is developed internally. There is also self-sourcing and outsourcing (also crowdsourcing).
An outsourcing company can employ the SDLC approach to develop the requested system by using the following options p188:
# Option1 Onshore outsourcing – same country2 Nearshore outsourcing – neighbouring country3 Offshore outsourcing – any part of the world
6 Phase 5: Maintenance p189n/a
7 New Trends in Systems Analysis and Design p189The SDLC model might not be appropriate in the following situations:
# Situation1 Lack of specifications – the problem is not well-defined2 The input-output process can’t be identified completely3 One time problem (ad hoc)4 Users’ needs change constantly
7.1 Service-Oriented Architecture (SOA) p189# SOA Study Notes1 SOA is a philosophy and a software and system development methodology
that focuses on the development, use, and reuse of small, self-contained blocks of code (called services) to meet the software needs of an organisation
2 The fundamental principle behind SOA is that the “blocks of code” can be reused in a variety of different applications, allowing new business processes to be created from a pool of existing services
3 SOA advocates that core functions and dynamic function be decoupled
7.2 Rapid Application Development (RAD) p190# RAD Study Notes1 Concentrates on user involvement and continuous interaction between users
and designers2 Combines planning and analysis phase into one phase and develops a
prototype of the system3 RAD uses an iterative process, also called incremental development that
repeats the design, development, and testing steps as needed, based on feedback from users
4 Disadvantage: narrow focus and low quality
7.3 Extreme Programming (XP) p190# XP Study Notes1 XP divides a project into smaller functions, and runs in small phases2 XP delivers the system to users as early as possible and then makes changes
that the user suggests3 Developers usually work on the same code in teams of 2 “sharing a
keyboard” – this is called pair programming
7.4 Agile Methodology p191# Agile Study Notes1 Emphasis on limiting a project’s scope – focuses on setting a minimum
number of requirements and turning them into a working product2 Agile is about responding to changing needs instead of sticking to a set plan