Professional Documents
Culture Documents
Islamic Online University: Course: Computer 101
Islamic Online University: Course: Computer 101
Module 16:
Introduction to Database Management System.
Objectives
2. Data management.
• Information
• The processed data organized in a meaningful way which are useful to people
who receive them. Thus data are sometimes referred to raw materials from which
information is generated.
• General:
• A database is any collection of related data.
• Restrictive:
• A database is a persistent, logically coherent collection of inherently meaningful
data, relevant to some aspects of the real world.
Why do we need data.
• Data can do the following for us:
• Data capture: Which is the task associated with gathering the data as and when
they originate.
• Data classification: Captured data has to be classified based on the nature and
intended usage.
• Data retrieval: Data will be required frequently for further processing, Hence it
is very important to create some indexes so that data can be retrieved easily
Data Management.
• Data management consist of the following tasks:
• Data maintenance: Maintenance is the task concerned with keeping the data up
to-date.
• Data Verification: Before storing the data it must be verified for any error.
• Data Editing: Editing means re-arranging the data or modifying the data for
presentation.
• Data transcription: This is the activity where the data is converted from one
form into another.
• Data transmission: This is a function where data is forwarded to the place where
it would be used further.
Method of Data Management.
• Data management can be done using the concept of:
• File System.
• A file system: is used to control how data is stored and retrieved. Without a
file system, information placed in a storage area would be one large body of
data with no way to tell where one piece of information stops and the next
begins. By separating the data into individual pieces, and giving each piece a
name, the information is easily separated and identified.
• By data, we mean known facts that can be recorded and that have implicit meaning.
For example, consider the names, telephone numbers, and addresses of the people
you know.
• You may have recorded this data in an indexed address book, or you may have stored
it on a diskette, using a personal computer and software such as DBASE IV or V,
Microsoft ACCESS, or EXCEL.
Introduction to database management system.
• A datum – a unit of data – is a symbol or a set of symbols which is used to represent
something. This relationship between symbols and what they represent is the essence
of what we mean by information.
• In addition, the database system must ensure the safety of the information stored,
despite system crashes or attempts at unauthorized access. If data are to be shared
among several users, the system must avoid possible anomalous results.
Difference between File system and DBMS
File System DBMS
File system is a collection of data. Any DBMS is a collection of data and user is
management with the file system, user not required to write the procedures for
has to write the procedures managing the database.
File system gives the details of the data DBMS provides an abstract view of data
representation and Storage of data that hides the details.
In File system storing and retrieving of DBMS is efficient to use since there are
data cannot be done efficiently. wide varieties of sophisticated techniques
to store and retrieve the data
Concurrent access to the data in the file DBMS takes care of Concurrent access
system has many problems like a. using some form of locking.
Reading the file while other deleting
some information, updating some
information
Difference between File system and DBMS
File System DBMS
File system doesn‟t provide crash DBMS has crash recovery mechanism,
recovery mechanism. Eg. While we are DBMS protects user from the effects of
entering some data into the file if System system failures.
crashes then content of the file is lost.
Protecting a file under file system is very DBMS has a good protection mechanism.
difficult.
Advantages of database management system.
• Data integrity and security: Data is accessed through DBMS, it can enforce
integrity constraints. E.g.: Inserting salary information for an employee.
• Data Administration: When users share data, centralizing the data is an important
task, Experience professionals can minimize data redundancy and perform fine
tuning which reduces retrieval time.
Advantages of database management system.
• Concurrent access and Crash recovery: DBMS schedules concurrent access to the
data. DBMS protects user from the effects of system failure.
• Costs: Through the use of a database system new costs are generated for the system
itself but also for additional hardware and the more complex handling of the system.
Disadvantages of database management system.
• Data Manipulation: Once the data structure is defined, data needs to be inserted,
modified or deleted. These functions which perform these operations are part of
DBMS.
• Data Security & Integrity: The DBMS contains modules which handle the security
and integrity of data in the application.
Function of database management system.
• Data Recovery and Concurrency: Recovery of the data after system failure and
concurrent access of records by multiple users is also handled by DBMS.
• Data Dictionary Maintenance: Maintaining the data dictionary which contains the
data definition of the application is also one of the functions of DBMS.
• Data modeling is used for representing entities of interest and their relationship in the
database.
• Data model and different types of Data Model Data model is a collection of concepts
that can be used to describe the structure of a database which provides the necessary
means to achieve the abstraction.
• Data modeling is used for representing entities of interest and their relationship in the
database.
• Data model and different types of Data Model Data model is a collection of concepts
that can be used to describe the structure of a database which provides the necessary
means to achieve the abstraction.
• An entity is a “thing” or “object” in the real world that is distinguishable from other
objects.
• For example, each person is an entity, and bank accounts can be considered as
entities.
• Entities are described in a database by a set of attributes. For example, the attributes
Student Number and Grade may describe one particular student record in a school,
and they form attributes of the student entity set. Similarly, attributes student-name,
student-street address and student-city may describe a student entity.
The Entity-Relationship Model .
• An extra attribute student-id is used to uniquely identify student (since it may be
possible to have two student with the same name, street address, and city).
• The set of all entities of the same type and the set of all relationships of the same
type are termed an entity set and relationship set, respectively.
• The set of all entities of the same type and the set of all relationships of the same
type are termed an entity set and relationship set, respectively.
• Lines link attributes to entity sets and entity sets to relationship sets
• Disadvantages
• Limited constraint representation
• Limited relationship representation
• No data manipulation language
• Loss of information content
Relational Model .
• The relational model uses a collection of tables to represent both data and the
relationships among those data.
• Each table has multiple columns, and each column has a unique name.
• A tuple is formed by one or more than one attributes, which are used as basic
building blocks in the formation of various expressions that are used to derive a
meaningful information.
• There can be any number of tuples in the table, but all the tuple contain fixed and
same attributes with varying values.
Relational Model .
• The relational model is implemented in database where a relation is represented by a
table, a tuple is represented by a row, an attribute is represented by a column of the
table, attribute name is the name of the column such as „identifier‟, „name‟, „city‟
etc., attribute value contains the value for column in the row.
• Constraints are applied to the table and form the logical schema. In order to facilitate
the selection of a particular row/tuple from the table, the attributes i.e. column names
are used, and to expedite the selection of the rows some fields are defined uniquely
to use them as indexes, this helps in searching the required data as fast as possible.
• All the relational algebra operations, such as Select, Intersection, Product, Union,
Difference, Project, Join, Division, Merge etc. can also be performed on the
Relational Database Model. Operations on the Relational Database Model are
facilitated with the help of different conditional expressions, various key attributes,
pre-defined constraints etc.
Relational Model .
Relational Model .
• Advantages
• Structural independence
• Improved conceptual simplicity
• Easier database design, implementation, management, and use
• Ad hoc query capability
• Powerful database management system
• Disadvantages
• Data Model and type of data model - ER Model and Relational Model
Islamic Online University
Module 17:
Overview of System Analysis and Design.
Objectives
2. Characteristics of a system.
3. Elements of a system.
• Systems analysis, then, is the process of gathering and interpreting facts, diagnosing
problems and using the information to recommend improvement to the system. In
brief, we can say that analysis specified what the system should do. Design states
how to accomplish the objectives.
What is a system.
• A collection of components that work together to realize some objectives forms a
system.
• Basically there are three major components in every system, namely input,
processing and output. In a system the different components are connected with each
other and they are interdependent.
What is a system.
• For example, human body represents a complete natural system. We are also bound
by many national systems such as political system, economic system, educational
system and so forth.
• The objective of the system demands that some output is produced as a result of
processing the suitable inputs.
• Organisation
• When these units are linked together, they work as a whole system for generating
information
Characteristics of a system.
• Interaction.
• Interaction refers to the procedure in which each component functions with other
components of the system.
• In a computer system also, the central processing unit must interact with other
units to solve a problem. In turn, the main memory holds program, and the data
that the arithmetic unit uses for computation.
• Integration
• Integration is concerned with how a system is tied together. It is more than
sharing a physical part or locations.
• It means that parts of the system work together within the system even though
each part performs a unique function.
• Successful integration will typically produce a better result as a whole rather than
if each component works independently.
Characteristics of a system
• Central Objective
• Objectives may be real or stated. Although a stated objective may be the real
objective.
• It is quite common that organization may set one objective and operate to achieve
another. The important point is that users must be aware of the central objective
well in advance.
Elements of Systems analysis.
• There are four basic elements of systems analysis:
• Output
• First of all, we must determine what the objectives or goals are, what do we
intend to achieve, what is the purpose of our work; in other words, what is the
main aim behind the system.
• Defining aim is very vital in system work. If we do not know where we want to
go, we will not know when we have reached there. We shall be unnecessarily
wasting our time and energy in the process.
• Once we know our aim, we can try to achieve it in the best possible way. The
user department has to define these objectives in terms of their needs. These
become the outputs which the systems analyst keeps in mind.
Elements of Systems analysis.
• Inputs
• Once we know the output, we can easily determine what the inputs should be.
• If the information is vital to the system, we should make all possible efforts to
make it available. Sometimes, it might be too costly to get the desired
information.
• Most of the inputs necessary for the system may be historical data, or it may be
possible that these are generated from within the system.
• These are stored in files either in terms of isolated facts or in large volumes.
• Processes
• Here we come to the details of how the inputs and files are converted into
outputs.
• This involves the programs and the way in which data is processed through the
computer.
• The processing involves a set of logical steps. These steps are required to be
instructed to the computer and this is done by a series of instructions called
―programs‖.
Types of Systems
• Systems have been classified in different ways as detailed below:
• Physical systems are tangible entities that may be static or dynamic in operation.
Abstract systems are conceptual or non-physical entities which may be as straight
forward as formulas of relationships among sets of variables or models – the
abstract conceptualization of physical situations.
• First, the owner describes the vision for the house to the developer.
• Second, this idea is transformed into sketches and drawings that are shown to the
owner and refined (often, through several drawings, each improving on the other)
until the owner agrees that the pictures depict what he or she wants.
• Third, a set of detailed blueprints is developed that presents much more specific
information about the house (e.g., the layout of rooms, placement of plumbing
fixtures and electrical outlets, and so on). Finally, the house is built following the
blueprints—and often with some changes and decisions made by the owner as the
house is erected.
• The system proposal is prepared by the System Analyst and places it before the
user management. The management may accept or reject the proposal or request
some modifications in the proposal. In summary, we would say that system study
phase passes through the following steps: problem identification and project
initiation, background analysis and inference or findings (system proposal)
Phases of System Development Life cycle.
• Feasibility Study.
• The feasibility study is basically the test of the proposed system in the light of its
workability, meeting user‘s requirements, effective use of resources and of
course, the cost effectiveness.
• The main goal of feasibility study is not to solve the problem but to achieve the
scope. In the process of feasibility study, the cost and benefits are estimated with
greater accuracy to find the Return on Investment (ROI).
• This also defines the resources needed to complete the detailed investigation. The
result is a feasibility report submitted to the management. This may be accepted
or accepted with modifications or rejected. The system cycle proceeds only if the
management accepts it.
Phases of System Development Life cycle.
• Detailed System Study
• The detailed investigation of the system is carried out in accordance with the
objectives of the proposed system. This involves detailed study of various
operations performed by a system and their relationships within and outside the
system.
• During this process, data are collected on the available files, decision points and
transactions handled by the present system. Interviews, on-site observation and
questionnaire are the tools used for detailed system study.
• Using the following steps it becomes easy to draw the exact boundary of the new
system under consideration:
• Keeping in view the problems and new requirements.
• Workout the pros and cons including new areas of the system.
Phases of System Development Life cycle.
• Detailed System Study
• All the data and the findings must be documented in the form of detailed data
flow diagrams (DFDs), data dictionary, logical data structures and miniature
specification. The main points to be discussed in this stage are:
• The major objectives of systems analysis are to find answers for each business
process:
• What is being done, How is it being done, Who is doing it, When is he doing
it, Why is it being done and How can it be improved?
• It is more of a thinking process and involves the creative skills of the System
Analyst. It attempts to give birth to a new efficient system that satisfies the
current needs of the user and has scope for future growth within the
organizational constraints.
• The result of this process is a logical system design. Systems analysis is an
iterative process that continues until a preferred and acceptable solution
emerges.
Phases of System Development Life cycle.
• System Design
• Based on the user requirements and the detailed analysis of the existing system,
the new system must be designed. This is the phase of system designing. It is the
most crucial phase in the developments of a system.
• In the detailed design stage, computer oriented work begins in earnest. At this
stage, the design of the system becomes more structured.
• In the design stage, the programming language and the hardware and software
platform in which the new system will run are also decided.
Phases of System Development Life cycle.
• Structured or Detailed Design:
• There are several tools and techniques used for describing the system design of
the system. These tools and techniques are:
• Flowchart
• Data flow diagram (DFD)
• Data dictionary
• Structured English
• Decision table
• Decision tree
Phases of System Development Life cycle.
• The system design involves:
• Before actually implementing the new system into operation, a test run of the
system is done for removing the bugs, if any. It is an important phase of a
successful system.
• After codifying the whole programs of the system, a test plan should be
developed and run on a given set of test data. The output of the test run should
match the expected results.
• Using the test data following test run are carried out:
• Program test
• System test
Phases of System Development Life cycle.
• Testing
• Before actually implementing the new system into operation, a test run of the
system is done for removing the bugs, if any. It is an important phase of a
successful system.
• After codifying the whole programs of the system, a test plan should be
developed and run on a given set of test data. The output of the test run should
match the expected results.
• Using the test data following test run are carried out:
• Program test
• System test
Phases of System Development Life cycle.
• Program test:
• When the programs have been coded, compiled and brought to working
conditions, they must be individually tested with the prepared test data. Any
undesirable happening must be noted and debugged (error corrections).
• System Test:
• After carrying out the program test for each of the programs of the system and
errors removed, then system test is done. At this stage the test is done on actual
data. The complete system is executed on the actual data.
• At each stage of the execution, the results or output of the system is analysed.
During the result analysis, it may be found that the outputs are not matching the
expected output of the system.
• In such case, the errors in the particular programs are identified and are fixed and
further tested for the expected output.
Phases of System Development Life cycle.
• Implementation.
• After having the user acceptance of the new system developed, the
implementation phase begins. Implementation is the stage of a project during
which theory is turned into practice.
• Direct Changeover:
• This is the complete replacement of the old system by the new system. It is a
risky approach and requires comprehensive system testing and training.
• Parallel run:
• In parallel run both the systems, i.e., computerized and manual, are executed
simultaneously for certain defined period.
• Pilot run:
• In this type of run, the new system is run with the data from one or more of
the previous periods for the whole or part of the system. The results are
compared with the old system results.
Phases of System Development Life cycle.
• Maintenance
• Maintenance is necessary to eliminate errors in the system during its working life
and to tune the system to any variations in its working environments. It has been
seen that there are always some errors found in the systems that must be noted
and corrected.
• It also means the review of the system from time to time. The review of the
system is done for:
• knowing the full capabilities of the system.
• knowing the required changes or the additional requirements
• studying the performance.
Module 18:
Introduction to Information Management System.
Objectives
• Therefore the quality of decision depends upon the quality of information. This
phenomenon is also called GIGO (Garbage In Garbage Out).
• Types of Information.
• In the context of business organization, information can be divided into two
categories :
• Internal
• External.
Concept of Information System.
• Internal Information
• The information which is collected from the sources, internal to the organization
are called Internal Information.
• These information are used in the planning process of management to give shape
to its future.
• Types of System.
• Depending upon the majority of elements we also classify system into two
categories : Abstract System and Physical system.
• Abstract System
• Physical system
Open Closed
The system which interacts with its The system which does not interacts
environment. with its environment.
It takes input from environment and It neither take input nor provides output
gives output back to environment. to environment Self contained, self
sufficient systems.
It gets influenced by the changes taking It remains uninfluenced by the
place in the environment environmental changes.
The life time OS such system is It’s life time is much shorter compared
relatively longer. to open system.
E.g. Business organization. E.g. Use and throw digital watch.
Concept of Information System.
• Degree of Automation
Manual Automated
Here data collection, manipulation and Here computer or microprocessor perform
final reporting is done absolutely by human all the tasks.
efforts.
It can handle less volume of data. It can handle relatively huge volume of
data which is not possible by human
efforts.
Their processing speed is relatively slow It offers quick and accurate processing of
and change of human error is always there data.
Data are difficult to transmit from one Data can be transported easily through
place to another. computer network.
Data analysis can be done only on sample Full population can be analysed.
and conclusion is drawn about population.
Concept of Information System.
• Working Behavior.
Deterministic Probabilistic
It behave in a predictable manner. It behaves in a unpredictable manner.
If the current state of the system is known The future state can’t be determined even
to us then its future state can be if the current state is known for sure.
determined.
It has strong relationship among elements. It has weak relationship among the
elements.
An error free computer program is an Business organization is an example of
example of such type of system. such type of system.
Concept of Information System.
• Definition of Information System.
• Hardware
• Software
• Telecommunications.
• Databases
• Human resources
• Procedures
• Hardware.
• These are the physical components of the computer – what you can see, feel and
touch
• Hardware is a key components of any information system – without the hardware
information cannot be processed.
Information System Components.
• Software.
• There are two types of computer programs: system software and application
software.
• System software programs are used to manage the computer system’s resources
and simplify programming.
• The customer database is extremely valuable to the company since it can be used
to inform clients of new products or to develop new products that meet their
needs.
• End users are the people who use the information system or the output they
generate, in other words, the large majority of an organisation’s members.
Information System Components.
• Procedures.
• Procedures are the policies and methods that must be followed when using,
operating and maintaining an information system.
• Procedures must be used, for example, to establish when to run the company’s
payroll program, to determine how many times it should be run, who is
authorised to do so and who has access to the reports it produces.
Functions of Information System.
• Companies or organizations develop information systems to help to perform the
tasks they are specifically designed to do.
• For example, a school will have a student records system, hospital will have medical
records, the police departments will hold criminal records, all companies will have a
payroll system, supermarkets will use inventory systems, offices will have office
automation systems, etc.
• All information systems carry out a series of functions that may be classified as
follows:
• Data capture and collection.
• Storage.
• Information processing.
• Distribution or dissemination of information.
Functions of Information System.
• Data capture and collection.
• This function consists of capturing both external (related to the environment) and
internal (generated within the company) information and sending it through the
communication system to the entities within the information system responsible
for organizing it to avoid duplication and useless information (noise).
• The person or people who capture the information will depend on what type of
company they work for. Sales staff, purchasers, managers at different levels in
the hierarchy or members of the company in direct contact with organisations in
the environment can all act as information gatherers.
• The data capture and collection process should be more intense in the areas or
sectors of the environment and the company that are subject to the greatest
changes. Once the information has been collected and filtered, and redundant
information removed, it is stored.
Functions of Information System.
• Storage.
• Storage is the ability of the IS to keep information/ data safe and retrievable as at
when required.
• The method used in the storing also impacts on how the data will be retrieved
and the number of persons within or outside the organization that can have access
to the data.
• Access to or retrieval of the information can take many forms; for example
passwords may be used to access a database, enabling only authorised personnel
to access the information when required.
Functions of Information System.
• Storage.
• Storage is the ability of the IS to keep information/ data safe and retrievable as at
when required.
• The method used in the storing also impacts on how the data will be retrieved
and the number of persons within or outside the organization that can have access
to the data.
• Access to or retrieval of the information can take many forms; for example
passwords may be used to access a database, enabling only authorised personnel
to access the information when required.
Functions of Information System.
• Information Processing.
• The spectacular development of computers has meant that on the one hand, the
volume of stored and processed data is constantly increasing, and on the other
hand, the falling cost of hardware has led to a generalized use of computers.
Functions of Information System.
• Distribution and Dissemination of information.
• Not only must the information system provide the information each user requires,
but it must also disseminate information to other people within and even outside
the company.
• The lowest level is managed by operational level mangers. The routine office work
are mostly done at this level. No decision making process is carried out here but
proper organization and processing of data is important task. So, data processing
systems like TPS (Transaction Processing System) are developed for them.
• The middle levels management is responsible for routine decision making. In order
to help them information system like MIS (Management Information System) is
designed for them. It collects data from internal and external sources and provides
information to management.
Types of Information System.
• The top level management is responsible for non-routine, strategic decision making.
In order to help them information system like DSS (Decision Support System) is
designed for them. It helps them by providing information and decision model.
Primarily, information system can be classified into three broad categories
Types of Information System.
Information
System
Office
Operation Management
Automation
Support Support System
System
Word
Transaction Decision
processing
Support System support system
System
Enterprise Message
Resource Expert System Communication
Planner System
Tele-
Conferencing
System
Summary.
• Discussed the concept of information system - definition of information, system and
information system
• Discussed the various types of system - based on Type of Element, Interaction with
environment, Degree of automation, Working behavior
Module 19:
Management Information System.
Objectives
3. Characteristics of MIS
• MIS is an :
• Integrated man- machine system,
• for providing timely information to managers,
• to support managerial function and decision making.
• It utilizes :
• Computer Hardware and Software,
• Manual procedures,
• Decision Models and
• Data Bases
What is Management Information System.
• MIS is:
• Right Information
• But today due to volatile and complex business environment and intense
competition, Information is regarded as an important resource by managers to
manage business.
• MIS deals with the critical information that effects the success of any business
organization. MIS is a tool for better management and scientific decision making.
Historical Development of MIS.
• The concept of MIS has changed substantially over the years.
• In the 50‟s and 60‟s, the management saw the potential of computers to process large
amounts of data speedily and accurately.
• The departments that were involved with such activities were known as Electronic
Data Processing (EDP) departments.
• The focus of EDP was Record Keeping e.g. accounting data – Payroll data.
• In the 70‟s, there was a discernible shift from data to information. The focus was not
on data but on the analysis of Organization data.
• There was a shift in the philosophy. Such a concept came to be widely known as
„Management Information System‟.
Historical Development of MIS.
• In the 70‟s the top management relied on the staff of EDP (Electronic Data
Processing) & MIS (Management Information System) to supply the necessary
information.
• The 80‟s saw the Personal Computer (PC) revolution. The Personal Computer & the
desk-top metaphor changed the picture completely.
• The biggest pay-off for such direct use was the “what-if” analysis capability. This led
to the emerge of Decision Support Systems (DSS).
• The information and decision hungry managers of 80‟s saw a huge potential in the
expert systems as a result of spectacular growth in the Artificial Intelligence area.
• Combined with DSS philosophy the expert systems could supply a superior class of
managerial information support, known as Knowledge Based Systems (KBS).
Historical Development of MIS.
• The EDP targeted the operational level of management.
• Information is data that has been processed into a form that is meaningful to the
recipient and is of some value in current or progressive decision.
• System
• Emphasizing a fair degree of integration and a holistic view.
• A set of elements which are interdependent, interacting and operating together to
achieve a common goal.
Characteristics of an effective MIS.
• Below are the characteristics of an effective MIS
• Management Oriented:
• It means that effort for the development of the information system should start
from an appraisal of management needs and overall business objectives.
• Management Directed:
• Because of management orientation of MIS, it is necessary that management
should actively direct the system‟s development efforts.
• Integrated:
• Development of information should be an integrated one which means that all the
functional and operational information subsystem should be tied together into
one entity.
Characteristics of an effective MIS.
• Common Data Flows:
• It means the use of common input, processing and output procedures and media
whenever required.
• Computerized:
• Though MIS can be implemented without using a computer, the use of computers
increases the effectiveness of the system.
Integrated view of MIS.
Misconception about MIS
• The use of MIS is about the use of computer.
• Data Base
• A rich data base is required for an effective MIS. This database should be –
• User oriented
• Common to all Sub-system
• Accessable to authorised person only
• Controlled by separate authority
• Evaluation of MIS
• Evaluation of MIS means testing
• Whether it is capable of meeting current and future information requirement of
managers or not.
• Whether it is enough flexible to meet changing information requirement in
future or not.
• Following factors must be considered in evaluation –
• Examining the existence of flexibility in the system
• Ascertaing the views of user & developers
• Guide the steps to be taken to improve the effectiveness of MIS.
Constraints in operating MIS.
Constraints Remedy
Non - availability of experts Grooming internal staff
High turnover of experts Grooming internal staff
Mobility of experts Grooming internal staff
• MIS is just a tool in hands of management & does not replace managerial judgment.
• MIS is not very flexible to update itself quickly with the changing need.
• MIS takes into account only quantitative factors and not qualitative factors.
• MIS is less effective in the organization where culture of not sharing information
with other holds.
• DSS
• EIS
• ES.
Management Support Systems.
• Decision Support System (DSS)
• DSS is a system that provides tools to managers to assist them in solving semi-
structured and unstructured problem in their own way.
• DSS is not intended to make decisions for managers, but rather to provide
managers with a set of capabilities that enable them to generate the information
required by them.
• Such systems are particularly useful to higher level managers whose requirement
for information are some what unpredictable.
• Characteristics of EIS
• Benefits of ES
• ES preserve the knowledge of an expert who is leaving the organization.
• ES put information into an active-form(readily accessible).
• ES assist novice in solving the problem they professionals do.
• ES does not get stressed out.
• ES can be effectively used as strategic tool.
Management Support Systems.
• Application of ES
• Some of the business applications of expert system are:
Module 20:
Introduction to Information Technology Service Management.
Objectives
• Obtain an understanding of ITSM – Information Technology Service
Management.
2. Introduction to ITIL.
3. Service Lifecycle.
Overview of ITSM.
• In order to understand what Service Management is, and why it is so important to
enterprises, we need to understand what services are, and how Service Management
can help service providers to deliver and manage these services.
• The outcomes that customers want to achieve are the reason why they purchase or
use a service.
• The value of the service to the customer is directly dependent on how well a service
facilitates these outcomes.
• In the past, service providers often focused on the technical (supply side) view of
what constituted a service, rather than on the consumption side.
Overview of ITSM.
• Service Management is what enables a service provider to:
• Understand the services that they are providing from both a consumer and
provider perspective.
• Ensure that the services really do facilitate the outcomes that their customers
want to achieve.
• Understand the value of those services to their customers and hence their relative
importance.
• Understand and manage all of the costs and risks associated with providing those
services.
• The term ‘best practice’ generally refers to the ‘best possible way of doing
something’. As a concept, it was first raised as long ago as 1919, but it was
popularised in the 1980s through Tom Peters’ books on business management.
• The idea behind best practice is that one creates a specification for what is
accepted by a wide community as being the best approach for any given
situation. Then, one can compare actual job performance against these best
practices and determine whether the job performance was lacking in quality
somehow.
• Alternatively, the specification for best practices may need updating to include
lessons learned from the job performance being graded.
Overview of ITIL.
• ITIL – Information Technology Infrastructure Library s a collection of books which
contain recommendations & suggestions to improve provision of IT Services
• Not a standard but a Best Practices Framework which is a source of good practice in
Service Management. The standard for IT Service Management (ITSM) is ISO/IEC
20000, which is aligned with, but not dependent on, ITIL.
• Service Strategy
• Strategy generation
• Financial management
• Service portfolio management
• Demand management
• Service Design
• Capacity, Availability, Info Security Management
• Service level & Supplier Management
The Service Life Cycle.
• The service life cycle is divided into Five stages:
• Service Transition
• Planning & Support
• Release & Deployment
• Asset & Config management
• Change management
• Knowledge Management
• Service Operation
• Problem & Incident management
• Request fulfilment
• Event & Access management
• Demand Management.
• To understand, anticipate and influence customer demand for services.
Demand Management works with Capacity Management to ensure that the
service provider has sufficient capacity to meet the required demand.
The Service Life Cycle – Service Design.
• How are we going to provide it?
• Availability Management.
• To define, analyze, plan, measure and improve all aspects of the availability
of IT services. Availability Management is responsible for ensuring that all IT
infrastructure, processes, tools, roles etc. are appropriate for the agreed
availability targets.
• Capacity Management.
• To ensure that the capacity of IT services and the IT infrastructure is able to
deliver the agreed service level targets in a cost effective and timely manner.
Capacity Management considers all resources required to deliver the IT
service, and plans for short, medium and long term business requirements.
The Service Life Cycle – Service Design.
• Processes in Service Design.
• Risk Management.
• To identify, assess and control risks. This includes analyzing the value of
assets to the business, identifying threats to those assets, and evaluating how
vulnerable each asset is to those threats.
The Service Life Cycle – Service Design.
• Processes in Service Design.
• Supplier Management.
• To ensure that all contracts with suppliers support the needs of the business,
and that all suppliers meet their contractual commitments.
• Compliance Management.
• To ensure IT services, processes and systems comply with enterprise policies
and legal requirements.
• Change Management
• To control the lifecycle of all Changes. The primary objective of Change
Management is to enable beneficial Changes to be made, with minimum
disruption to IT services.
• Change Evaluation
• To assess major Changes, like the introduction of a new service or a
substantial change to an existing service, before those Changes are allowed to
proceed to the next phase in their lifecycle.
The Service Life Cycle – Service Transitions.
• Application Development
• To make available applications and systems which provide the required
functionality for IT services. This process includes the development and
maintenance of custom applications as well as the customization of products from
software vendors.
• Knowledge Management
• Process Objective: To gather, analyze, store and share knowledge and information
within an organization. The primary purpose of Knowledge Management is to
improve efficiency by reducing the need to rediscover knowledge.
The Service Life Cycle – Service Operations.
• The objective of ITIL Service Operation is to make sure that IT services are delivered
effectively and efficiently. This includes fulfilling user requests, resolving service
failures, fixing problems, as well as carrying out routine operational tasks.
• Incident Management
• To manage the lifecycle of all Incidents. The primary objective of Incident
Management is to return the IT service to users as quickly as possible.
• Request Fulfilment
• To fulfill Service Requests, which in most cases are minor (standard) Changes
(e.g. requests to change a password) or requests for information.
The Service Life Cycle – Service Operations.
• Access Management
• To grant authorized users the right to use a service, while preventing access to
non-authorized users. The Access Management processes essentially execute
policies defined in Information Security Management. Access Management is
sometimes also referred to as Rights Management or Identity Management.
• Problem Management
• To manage the lifecycle of all Problems. The primary objectives of Problem
Management are to prevent Incidents from happening, and to minimize the
impact of incidents that cannot be prevented. Proactive Problem Management
analyzes Incident Records, and uses data collected by other IT Service
Management processes to identify trends or significant Problems.
The Service Life Cycle – Service Operations.
• IT Operations Control
• To monitor and control the IT services and their underlying infrastructure. The
process IT Operations Control executes day-to-day routine tasks related to the
operation of infrastructure components and applications. This includes job
scheduling, backup and restore activities, print and output management, and
routine maintenance.
• Application Management
• Application Management is responsible for managing applications throughout
their lifecycle.
• Technical Management
• Technical Management provides technical expertise and support for the
management of the IT infrastructure.
The Service Life Cycle – Continual Service Improvement.
• The ITIL Continual Service Improvement (CSI) process uses methods from quality
management in order to learn from past successes and failures. The CSI process aims
to continually improve the effectiveness and efficiency of IT processes and services,
in line with the concept of continual improvement adopted in ISO 20000.
Present and
Gather data
use info
• Service Review
• To review business services and infrastructure services on a regular basis.
The aim of this process is to improve service quality where necessary, and to
identify more economical ways of providing a service where possible.
• Process Evaluation
• To evaluate processes on a regular basis. This includes identifying areas
where the targeted process metrics are not reached, and holding regular
benchmarkings, audits, maturity assessments and reviews.
The Service Life Cycle – Continual Service Improvement.
• Key Processes in CSI.
Module 21:
An Overview of E-Commerce
Objectives
• Obtain an understanding of the basics of E-Commerce.
2. E-commerce terminologies.
3. Types of E-commerce
4. Benefits of E-commerce
5. Limitations of E-commerce.
Introduction to E-Commerce.
• E-commerce is one of the most important facets of the Internet to have emerged in
recent times. E-commerce or electronic commerce involves carrying out business
over the Internet with the assistance of computers, which are linked to each other
forming a network.
• To be specific, e- commerce is buying and selling of goods and services and transfer
of funds through digital communications (i.e the internet especially the world wide
web).
• E-commerce is usually associated with buying and selling over the Internet, or
conducting any transaction involving the transfer of ownership or rights to use goods
or services through a computer- mediated network.
Introduction to E-Commerce.
E-Commerce E-Business
Digitally enabled commercial Digital enablement of transactions
transactions between organizations and processes within a firm, involving
and individuals. information systems under the control
Digitally enabled transactions include of the firm
all transactions mediated by digital E-business does not involve
technology commercial transactions across
Commercial transactions involve the organizational boundaries where
exchange of value across value is exchanged
organizational or individual
boundaries in return for products or
services
Common E-Commerce Terminologies.
• Ad Clicks Number of times that a viewer clicks on an ad banner.
• Address Verification Process used by a credit card processor or other party to verify
that a customer's ordering address matches their records.
• Bandwidth The amount of information (web pages, text, graphics, video, sound, etc)
that is downloaded through a connection.
• Commerce Server This is the server that manages and maintains all transactional
and backend data for a commerce website.
• Cookies Cookies collect information as a user surfs the web and feed the information
back to a web server. An online vendor's site will send a cookie (which is most
simply an identification number) to a user's computer, where it is stored in a file on
the user's hard drive and serves as a digital identifier tag that notifies the vendor
whenever that user re- enters the vendor's website.
Common E-Commerce Terminologies.
• Digital Certificate A Digital Certificate issued by a Certificate Authority certifies
that a merchant and a particular website are connected, just as a photo on your
driver's license connects your identity with your personal details. A digital certificate
verifies to the shopper that the virtual store is actually associated with a physical
address and phone number which can increase the shopper’s confidence in the
authenticity of the merchant.
• Hit Each time a Web server sends a file to a browser, a "hit" is recorded in the server
file logs.
• Merchant Account A "bank account" established with a payment processor for the
settlement of credit card transactions. Any merchant who wants to take credit card
orders must establish a merchant account. Internet merchants need a "Card Not
Present Merchant Account.
Common E-Commerce Terminologies.
• “Off-Line Transaction Processing” Capture of order and credit card information
for later authorisation and transaction processing through a traditional card swipe
terminal or through a computer.
• SSL Secure Socket Layer is an encryption technology on the server that scrambles
important data such as credit card numbers and order information when it is being
stored or passed from one computer to another.
Unique features of E-Commerce technology.
Dimension of E-commerce Technology Significance in Business
Ubiquity The marketplace is extended beyond
Internet/Web technology is available every traditional boundaries and is removed from
where: at work, at home, and elsewhere via a temporal and geographic location.
mobile devices, anytime. “Marketspace” is created; shopping can
take place anywhere. Customer
convenience is enhanced, and shopping
costs are reduced.
Global Reach Commerce is enabled across cultural and
The technology reaches across national national boundaries seamlessly and
boundaries, around the earth. without modification. “Marketspace”
includes potentially billions of consumers
and millions of businesses worldwide.
Unique features of E-Commerce technology.
Dimension of E-commerce Technology Significance in Business
Universal Standards There is one set of technical media
There is one set of technology standards, standards across the globe.
namely internet standards.
Richness Video, audio, and text marketing messages
Video, audio, and text messages are are integrated into a single marketing
possible. message and consuming experience.
Business law Legal and ethical issues are extremely important in E-Commerce,
and ethics. especially in a global market. A large number of legislative bills are
pending, and many ethical issues are interrelated with legal ones,
such as privacy and intellectual property.
Types of E-Commerce.
• The major types of e-commerce are:
• Business-to-Business (B2B)
• Business-to-Consumer (B2C)
• Customer-to-Business (C2B)
• Consumer-to-Consumer (C2C)
Types of E-Commerce – B2B
• B2B e-commerce is simply defined as e-commerce between companies. This is the
type of e-commerce that deals with relationships between and among businesses.
• About 80% of e-commerce is of this type, and most experts predict that B2B e-
commerce will continue to grow faster than the B2C segment.
Types of E-Commerce – B2B
• The advantages of the B2B model are:
• It can efficiently maintain the movement of the supply chain and the
manufacturing and procuring processes.
• It can automate corporate processes to deliver the right products and services
quickly and cost-effectively.
• The B2B model is predicted to become the largest value sector of the industry within
a few years. This is said to be the fastest growing sector of e-commerce.
Types of E-Commerce – B2C
• The B2C model involves transactions between business organizations and
consumers.
• It applies to any business organization that sells its products or services to consumers
over the Internet. These sites display product information in an online catalog and
store it in a database. The B2C model also includes services online banking, travel
services, and health information.
Types of E-Commerce – C2C
• The C2C model involves transaction between consumers. Here, a consumer sells
directly to another consumer.
• However, it is essential that both the seller and the buyer must register with the
auction site. While the seller needs to pay a fixed fee to the online auction house to
sell their products, the buyer can bid without paying any fee. The site brings the
buyer and seller together to conduct deals.
Types of E-Commerce – C2B
• The C2B model involves a transaction that is conducted between a consumer and a
business organization.
• It is similar to the B2C model, however, the difference is that in this case the
consumer is the seller and the business organization is the buyer.
• In this kind of a transaction, the consumers decide the price of a particular product
rather than the supplier. This category includes individuals who sell products and
services to organizations.
• For example, www.monster.com is a Web site on which a consumer can post his bio-
data for the services he can offer. Any business organization that is interested in
deploying the services of the consumer can contact him and then employ him, if
suitable.
Types of E-Commerce – C2B
Types of E-Commerce – Other model
• In addition to the models discussed so far, five new models are being worked on that
involves transactions between the government and other entities, such as consumer,
business organizations, and other governments.
• All these transactions that involve government as one entity are called e-governance.
The various models in the e-governance scenario are:
• The global nature of the technology, low cost, opportunity to reach hundreds of
millions of people, interactive nature, variety of possibilities, and resourcefulness and
growth of the supporting infrastructure (especially the web) result in many potential
benefits to organisations, individuals, and society.
• These benefits are just starting to materialize, but they will increase significantly as
E-Commerce expands. It is not surprising that some maintain that the E-Commerce
revolution is just 'as pro- found as the change that came with the industrial revolution.
Benefits of E-Commerce – to the organization
• Electronic commerce expands the market lace to national and international market
with minimal capital outlay, a company can easily and quickly locate more
customers, the best suppliers, and the most suitable business partners worldwide.
• Other benefits include improved image, improved customer service, new found
business partners, simplified processes, compressed cycle and delivery time,
increased productivity, eliminating paper, expediting access to information, reduced
transportation costs, and increased flexibility.
Benefits of E-Commerce – to the customer
• Electronic commerce enables customers to shop or do other transactions 24 hours a
day, all year round, from almost any location.
• Electronic commerce provides customer with more choices; they can select from
many vendors and from many more products.
• Customers can receive relevant and detailed information in seconds, rather than days
or weeks.
• Electronic commerce makes it possible to participate ate in virtual auctions.
Benefits of E-Commerce – to the society
• Electronic commerce enables more individuals to work at home and to do less
traveling for shopping, resulting in less traffic on the roads and lower air pollution.
• Electronic commerce enables people in third world countries and rural areas to enjoy
products and services that otherwise are not available to them.
• The software e development tools are still evolving and changing rapidly.
• It is difficult to integrate the Internet and E-Commerce software with some existing
applications and databases.
• Vendors may need special Web servers and other infrastructures in addition to the
network servers.
• Some E-Commerce software might not fit with some hardware or may be
incompatible with some operating systems or other components.
Limitations of E-Commerce – Non-Technical
• Lack of awareness
• Lack of infrastructure
• Skeptic attitude
• List the common E-Commerce terminologies – web server, card authentication and
others
• Enumerate the various types of E-Commerce model – B2B, B2C, C2C and C2B
Module 22:
Introduction to Computer Security.
Objectives
• Obtain an understanding and overview of computer security.
• Unfortunately, there is also a dark side to computers: They are used to design and
build weapons of mass destruction as well as military aircraft and nuclear submarines
which are very destructive.
• Computer systems are vulnerable to many threats that can inflict various types of
damage resulting in significant losses. This damage can range from errors harming
database integrity to fires destroying entire computer centers.
• Losses can stem, for example, from the actions of supposedly trusted employees
defrauding a system, from outside hackers, or from careless data entry clerks.
Introduction to computer security.
• Precision in estimating computer security-related losses is not possible because many
losses are never discovered, and others are "swept under the carpet" to avoid
unfavorable publicity.
• The effects of various threats varies considerably: some affect the confidentiality or
integrity of data while others affect the availability of a system.
• The security of any computer system is linked to 3 key factors which are: if any of
this is violated then there is a security issue.
• Confidentiality
• Availability
• Integrity.
Introduction to computer security.
• Confidentiality
• Confidentiality is the concealment of information or resources. The need for
keeping information secret arises from the use of computers in sensitive fields
such as government and industry.
• Integrity
• Integrity refers to the trustworthiness of data or resources, and it is usually
phrased in terms of preventing improper or unauthorized change. Integrity
includes data integrity (the content of the information) and origin integrity (the
source of the data, often called authentication).
• Availability
• Availability refers to the ability to use the information or resource desired.
Availability is an important aspect of reliability as well as of system design
because an unavailable system is at least as bad as no system at all. The aspect of
availability that is relevant to security is that someone may deliberately arrange
to deny access to data or to a service by making it unavailable.
Introduction to computer security.
• The objective/ definition of an computer system security programme is to protect an
organisation's information by reducing the risk of loss of confidentiality, integrity
and availability of that information to an acceptable level.
• A good computer security programme involves two major elements, risk analysis and
risk management.
• In the risk analysis phase, an inventory of all information systems is taken. For each
system, its value to the organisation is established and the degree to which the
organisation is exposed to risk is determined.
• Risk management, on the other hand, involves selecting the controls and security
measures that reduce the organisation's exposure to risk to an acceptable level.
Computer Security Threats
• A threat is a potential violation of security. The violation need not actually occur for
there to be a threat.
• The fact that the violation might occur means that those actions that could cause it to
occur must be guarded against (or prepared for). Those actions are called attacks.
• Those who execute such actions, or cause them to be executed, are called attackers.
• Modification or alteration,
• An unauthorized change of information, covers three classes of threats. The goal
may be deception, in which some entity relies on the modified data to determine
which action to take, or in which incorrect information is accepted as correct and is
released.
Computer Security Threats
• Modification or alteration,
• If the modified data controls the operation of the system, the threats of disruption
and usurpation arise. Unlike snooping, modification is active; it results from an
entity changing information.
• Active wiretapping is a form of modification in which data moving across a
network is altered; the term “active” distinguishes it from snooping (“passive”
wiretapping).
• Masquerading or spoofing
• An impersonation of one entity by another, is a form of both deception and
usurpation. It lures a victim into believing that the entity with which it is
communicating is a different entity.
• For example, if a user tries to log into a computer across the Internet but instead
reaches another computer that claims to be the desired one, the user has been
spoofed. Similarly, if a user tries to read a file, but an attacker has arranged for the
user to be given a different file, another spoof has taken place.
Computer Security Threats
• Repudiation of origin.
• A false denial that an entity sent (or created) something, is a form of deception. For
example, suppose a customer sends a letter to a vendor agreeing to pay a large
amount of money for a product.
• The vendor ships the product and then demands payment. The customer denies
having ordered the product and by law is therefore entitled to keep the unsolicited
shipment without payment.
• The customer has repudiated the origin of the letter. If the vendor cannot prove that
the letter came from the customer, the attack succeeds.
• Delay.
• A temporary inhibition of a service, is a form of usurpation, although it can play a
supporting role in deception. Typically, delivery of a message or service requires
some time t; if an attacker can force the delivery to take more than time t, the
attacker has successfully delayed delivery.
Computer Security Threats
• Denial of service.
• The attacker prevents a server from providing a service. The denial may occur at
the source (by preventing the server from obtaining the resources needed to
perform its function), at the destination (by blocking the communications from the
server), or along the intermediate path (by discarding messages from either the
client or the server, or both).
• The ability of security to support the mission of the organization(s) may be limited
by various factors, such as social issues. For example, security and workplace
privacy can conflict.
• Commonly, security is implemented on a computer system by identifying users and
tracking their actions. However, expectations of privacy vary and can be violated
by some security measures. (In some cases, privacy may be mandated by law.)
Roles and Responsibilities for security issues.
• One fundamental issue that arises in discussions of computer security is: "Whose
responsibility is it?"
• Of course, on a basic level the answer is simple: computer security is the responsibility
of everyone who can affect the security of a computer system. However, the specific
duties and responsibilities of various individuals and organizational entities vary
considerably.
• Detailed below are the roles and responsibilities of the various officials and
organizational offices typically involved with computer security.
• Senior Management
• Ultimately, responsibility for the success of an organization lies with its senior
managers. They establish the organization's computer security program and its
overall program goals, objectives, and priorities in order to support the mission of
the organization.
Roles and Responsibilities for security issues.
• Computer Security Management
• The Computer Security Program Manager (and support staff) directs the
organization's day-today management of its computer security program. This
individual is also responsible for coordinating all security-related interactions
among organizational elements involved in the computer security program as well
as those external to the organization.
• Users
• Users also have responsibilities for computer security. Two kinds of users, and
their associated responsibilities, are described below.
• Users of Information. Individuals who use information provided by the computer
can be considered the "consumers" of the applications.
• Users of Systems. Individuals who directly use computer systems (typically via a
keyboard) are responsible for following security procedures, for reporting security
problems, and for attending required computer security and functional training.
Computer Security Policy
• A security policy is a statement of what is, and what is not, allowed.
• Policies
• High level statements that provide guidance to workers who must make present
and future decision
• Standards
• Requirement statements that provide specific technical specifications
• Guidelines
• Optional but recommended specifications
Computer Security Policy
Access to
network resource
will be granted
Passwords
through a unique
will be 8
user ID and
characters
password
long
Passwords
should include
one non-alpha
and not found
in dictionary
Computer Security Policy
• Elements of a Policy are:
• Set the tone of Management
• Establish roles and responsibility
• Define asset classifications
• Provide direction for decisions
• Establish the scope of authority
• Provide a basis for guidelines and procedures
• Establish accountability
• Describe appropriate use of assets
• Establish relationships to legal requirements
Computer Security Policy
• The 10 step approach to security policy
Computer Security Policy
• Policy Hierarchy
Governance
Policy
Access Control
User ID Policy
Policy
Password
Access Control User ID naming
Construction
Authentication convention
standard
Password
Construction
guidelines
Summary.
• Discussed computer security definition in terms of Confidentiality, Availability and
Integrity.
• Discussed what management should put in place to counter the threats - that is
policy, standards and procedures.
Islamic Online University
Module 23:
Computer Security – Technologies and Tools
Objectives
• Obtain an understanding of the various tools and technologies used to
protect information system.
• Become familiar with Firewall and how its used for security.
2. Firewalls
4. Cryptography
5. Digital Certificate.
Introduction and overview
• Many techniques exist for ensuring computer and network security
• Firewalls
• Cryptography
Firewall.
• A firewall is an integrated collection of security measures designed to prevent
unauthorized electronic access to a networked computer system.
• A firewall is simply a program or hardware device that filters the information coming
through the Internet connection into your private network or computer system. If an
incoming packet of information is flagged by the filters, it is not allowed through.
Firewall.
• To protect private networks and individual machines from the dangers of the greater
Internet, a firewall can be employed to filter incoming or outgoing traffic based on a
predefined set of rules called firewall policies.
• Blacklist approach
• All packets are allowed through except those that fit the rules defined
specifically in a blacklist.
Firewall - Policies.
• This type of configuration is more flexible in ensuring that service to the internal
network is not disrupted by the firewall, but is naïve from a security perspective
in that it assumes the network administrator can enumerate all of the properties of
malicious traffic.
• Whitelist approach
• If a packet matches the packet filter's set of rules, the packet filter will drop or
accept it.
• A stateless firewall doesn’t maintain any remembered context (or “state”) with
respect to the packets it is processing. Instead, it treats each packet attempting to
travel through it in isolation without considering packets that it has processed
previously.
• Application layer
• It works like a proxy it can “understand” certain applications and protocols.
• It may inspect the contents of the traffic, blocking what it views as inappropriate
content (i.e. websites, viruses, vulnerabilities, ...)
Firewall - Configuration.
• Firewalls are customizable. This means that you can add or remove filters based on
several conditions. Some of these are:
• IP addresses
• Each machine on the Internet is assigned a unique address called an IP address.
IP addresses are 32-bit numbers, normally expressed as four "octets" in a "dotted
decimal number."
• A typical IP address looks like this: 216.27.61.137. For example, if a certain IP
address outside the company is reading too many files from a server, the firewall
can block all traffic to or from that IP address.
Firewall - Configuration.
• Domain names
• Because it is hard to remember the string of numbers that make up an IP address,
and because IP addresses sometimes need to change, all servers on the Internet
also have human-readable names, called domain names.
• For example, it is easier for most of us to remember
www.islamiconlineuniversity.com than it is to remember 67.205.85.72. A
company might block all access to certain domain names, or allow access only to
specific domain names.
• Protocols
• The protocol is the pre-defined way that someone who wants to use a service
talks with that service. The "someone" could be a person, but more often it is a
computer program like a Web browser.
• Protocols are often text, and simply describe how the client and server will have
their conversation. The http in the Web's protocol. Some common protocols that
you can set firewall filters for include: HTTP, FTP, SMTP or TELNET and others
Firewall - Configuration.
• Ports
• Any server machine makes its services available to the Internet using numbered
ports, one for each service that is available on the server.
• For example, if a server machine is running a Web (HTTP) server and an FTP
server, the Web server would typically be available on port 80, and the FTP
server would be available on port 21. A company might block port 21 access on
all machines but one inside the company.
• Intrusion detection
• The identification through intrusion signatures and report of intrusion activities
• Intrusion prevention
• The process of both detecting intrusion activities and managing automatic
responsive actions throughout the network
• The IDS manager compiles data from the IDS sensors to determine if an intrusion
has occurred.
Intrusion Detection System - IDS.
• This determination is based on a set of site policies, which are rules and conditions
that define probable intrusions.
• In addition, an IDS is designed to detect automated attacks and threats, including the
following:
• Port scans: information gathering intended to determine which ports on a host
are open for TCP connections
• Denial-of-service attacks: network attacks meant to overwhelm a host and shut
out legitimate accesses.
Intrusion Detection System - IDS.
• Malware attacks: replicating malicious software attacks, such as Trojan horses,
computer worms, viruses, etc.
• DNS cache poisoning: a pharming attack directed at changing a host’s DNS cache to
create a falsified domain-name/IP-address association
Intrusion Detection System - Types.
• Rule-Based Intrusion Detection
• Rules identify the types of actions that match certain known profiles for an
intrusion attack, in which case the rule would encode a signature for such an
attack. Thus, if the IDS manager sees an event that matches the signature for such
a rule, it would immediately sound an alarm, possibly even indicating the
particular type of attack that is suspected.
• conceal the context of some message from all except the sender and recipient
(privacy or secrecy), and/or
• verify the correctness of a message to the recipient (authentication) form the
basis of many technological solutions to computer and communications security
problems
• Cryptography
• The art or science encompassing the principles and methods of transforming an
intelligible message into one that is unintelligible, and then retransforming that
message back to its original form
• Plaintext
• The original intelligible message
Cryptography.
• Ciphertext
• The transformed message
• Cipher
• An algorithm for transforming an intelligible message into one that is
unintelligible by transposition and/or substitution methods
• Key
• Some critical information used by the cipher, known only to the sender &
receiver
• Encipher (encode)
• The process of converting plaintext to ciphertext using a cipher and a key
Cryptography.
• Decipher (decode)
• The process of converting ciphertext back into plaintext using a cipher and a key
• Cryptanalysis
• The study of principles and methods of transforming an unintelligible message
back into an intelligible message without knowledge of the key. Also called
codebreaking
• Code
• An algorithm for transforming an intelligible message into an unintelligible one
using a code-book
Cryptography.
• Decipher (decode)
• The process of converting ciphertext back into plaintext using a cipher and a key
• Cryptanalysis
• The study of principles and methods of transforming an unintelligible message
back into an intelligible message without knowledge of the key. Also called
codebreaking
• Code
• An algorithm for transforming an intelligible message into an unintelligible one
using a code-book
Cryptography – Encryption.
• Encryption and Decryption.
• Encryption: a process of encoding a message so that its meaning is not obvious
• Authentication and
• Non-repudiation.
• Digital certificates are electronic files that are used to identify people and resources
over networks such as the Internet.
• Once a CA has signed a certificate, the holder can present their certificate to people,
Web sites and network resources to prove their identity and establish encrypted,
confidential communications.
• The name of the Certification Authority that issued the certificate x A serial number.
• The validity period (or lifetime) of the certificate (a start and an end date)
Digital Certificate
Summary.
• Discussed computer security definition in terms of Confidentiality, Availability and
Integrity.
• Discussed what management should put in place to counter the threats - that is
policy, standards and procedures.
Islamic Online University
Module 24:
Introduction to Computer Viruses
Objectives
• Obtain an understanding and overview of computer viruses.
• Learn about the ideas on how to protect computer system from virus
attack.
Content.
1. Introduction to computer virus
• An estimated 50,000 computer viruses provided a variety of effects ranging from the
nearly unpleasant to the catastrophic situation.
• They attack all platforms and are written in all popular computer languages.
• As internet connectivity grows, the ease with which computer viruses can spread also
grows.
• In 1984, the first computer viruses were contained at a few sites. In 2000, the
ILOVEYOU program spread worldwide within hours.
• A security mechanism enforces some aspect of a security policy. The threat that
viruses pose is the ability to evade the restriction that the security mechanism
impose.
• The computer virus thereby violates the security policy, threatening data and the
operation of the system.
• Another class of files called overlay files can also be infected. These files often have
the extension .OVL, although other extensions such as .OV1 are sometimes used.
• A virus can be introduced to a computer system along with any software program.
For internet users, this threat can come from downloading files through FTP (File
transfer protocol) or refreshing e-mail attachments.
What is computer virus.
• When a virus introduced to a computer system, it can attach itself to, or sometimes
even replace, an existing program.
• Thus, when the user runs the program in question, the virus is also executed. This
usually happens without the user being aware of it.
• A virus program contains instruction to initiate some sort of “event” that affects the
infected computer. Each virus has an unique event associated with it. These events
and their effects can range from harmless to devastating.
• By definition, a virus infects other programs with copies of itself. It has the ability to
clone itself, so that it can multiply, constantly seeking new host environments.
• The most harmless viruses do only that, simply replicating and spreading to new
systems. Or the virus program may damage other programs and/or alter data, perhaps
self destructing when done. The only evidence viruses like this leave is the
destruction they have inflicted on the infected system. This makes it very difficult to
develop defenses against the virus.
Destructive non-virus programs.
• Aside from viruses, there are other threats to user systems, including:
• Worms
• Trojan Horses
• Logic Bombs
• Often what people believe is a virus infection is, in fact, a worm program. This is not
as serious because worms do not replicate themselves. But the damage caused by a
worm attack can be just as serious as a virus, especially if not discovered in time.
• For example, suppose a worm program instructs a bank’s computer to transfer funds
to an illicit account. The fund transfers may continue even after the worm is
destroyed.
• However, once the worm invasion is discovered, recovery is much easier because
there is only a single copy of the worm program to destroy since the replicating ability
of the virus is absent. This capability may enable it to re-infect a system several times.
A worm is similar to a benign tumor while a virus is like a malignant one.
Destructive non-virus programs – Trojan Horse.
• A Trojan Horse is a destructive program that has been disguised (or concealed in) an
innocuous piece of software.
• Indeed, worm and virus programs may be concealed within a Trojan Horse. Trojan
Horses are not viruses because they do not reproduce themselves and spread as
viruses do.
• The mythical story of the original Trojan Horse is well known. When Greek warriors
concealed themselves in an attractive wooden horse and left it outside the gates of
the besieged city of Troy, the Trojans assumed it was a friendly peace offering and
took it in.
• The Greek warriors then leaped out and wreaked havoc. Trojan Horse software
works on the same principle. A program may seem both attractive and innocent,
inviting the computer user to copy (or download) the software and run it. Trojan
Horses may be games or some other software that the victim will be tempted to try.
Destructive non-virus programs – Logic Bomb.
• Writing a logic bomb program is similar to creating a Trojan Horse. Both also have
about the same ability to damage data, too.
• Logic bombs include a timing device so it will go off at a particular date and time.
• For example, other virus programs often include coding similar to that used in logic
bombs, but the bombs can be very destructive on their own, even if they lack the
ability of the virus to reproduce.
• Logic bombs are usually timed to do maximum damage. That means the logic bomb
is a favored device for revenge by disgruntled former employees who can set it to
activate after they have left the company.
Types of viruses.
• There are several different types of viruses that can infect PC systems, including:
• Polymorphic viruses
• Stealth viruses
• Multi-partite viruses
Types of viruses - Boot sector.
• Boot sector viruses are those that infect the boot sector (or master boot record) on a
computer system.
• They first move or overwrite the original boot code, replacing it with infected boot
code. They will then move the original boot sector information to another sector on
the disk, marking that sector as a bad spot on the disk so it will not be used in the
future.
• Boot sector viruses can be very difficult to detect since the boot sector is the first
thing loaded when a computer is starts. In effect, the virus takes full control of the
infected computer.
Types of viruses - Boot sector.
• About three out of every four virus infections reported are boot sector viruses. The
only way that a system can become infected with a boot sector virus is to boot using
an infected floppy disk.
• This is most commonly done when a user leaves a floppy disk in a drive and reboots
the system (with the drive door closed). Good anti-virus software will look for an
infected floppy disk when a user boots from the floppy drive and before the boot
strap is loaded.
Types of viruses – File infecting.
• File infecting viruses are, unsurprisingly, viruses that infect files. Sometimes these
viruses are memory resident.
• However, they will commonly infect most, if not all of the executable files (those
with the extensions .COM, .EXE, .OVL and other overlay files) on a system. Some
file infecting viruses will only attack operating system files (such as
COMMAND.COM), while others will attack any file that is executable.
• Some of these viruses act like boot sector infectors. They replace the “program load”
instructions in an executable file with their own instructions, and move the original
program load instructions to a different part of the file.
• Happily, this usually increases the file’s size, making detection a little easier. Other
file infecting viruses work by using companion files. They rename all files with
.COM extensions to .EXE, then write a file with the same name and a .COM
extension.
Types of viruses – File infecting.
• This new file will usually have the “hidden” attribute, making it difficult to detect
with ordinary file handling commands. By default, MS-DOS executes the .COM file
before the .EXE file so that the .COM file is executed first, loading the virus.
Types of viruses – Polymorphic.
• Polymorphic viruses change their appearance with each infection. Such encrypted
viruses are usually difficult to detect because they are better at hiding themselves
from anti-virus software. That is the purpose of the encryption.
• To do this, they must stay in memory so they can intercept all attempts to use the
operating system (system calls). The virus can hide changes it makes to file sizes,
directory structures, and/or other operating system aspects.
• Since part of the virus is memory resident, there will be less memory available to
users. The virus must hide this fact as well as from both users and anti-virus
software.
• Stealth viruses must be detected while they are in memory. Once found, they must be
disabled in memory before the disk-based components can be corrected.
Types of viruses – Multi-partite.
• Multi-partite viruses are those that infect both boot sectors and executable files.
• They are the worst viruses of all because they can combine some or all of the stealth
techniques, along with polymorphism to prevent detection.
How viruses affect/ infect systems.
• Before you can safeguard your system against viruses, it’s important to understand
how they spread and what they do to infected systems.
• The best virus protection program is consistent, ongoing education of computer users
about the virus threat. Even with the proliferation of on-line services and
communications, most viruses are still spread via infected floppy disks/ flash drives.
• The front line in the war against viruses must be fought by the user who is about to
put a disk into the drive. Without an effective, ongoing education campaign, virus
fighting efforts will be doomed to lighting backfires against infections already in
place.
How viruses affect/ infect systems.
• Here are four common scenarios that spread viruses:
• A user brings a game to work that his child downloaded from a local computer
BBS. Without thinking, the user runs the game on the company network to show
fellow workers how cool it is. Unbeknownst to this user, the game program was
infected with a virus. Now the entire company network is infected, too.
• Software purchased from a retailer in shrink wrap is infected because the store
re-wrapped some returned software without checking the disks for viruses.
Unfortunately, the original buyer had tried the software out on an infected
machine.
• Use rich text files instead of word documents. RTF files prevent the spread of micro
viruses, because they do not contain virus.
• All downloaded files from email should be saved to disk first and then virus scanned
to determine if they are virus free before executing them.
• The various type of destructive programs that are non-virus - worms, Trojan horses
and logic bomb.
• Enumerated the various types of viruses - boot sector, file infecting, polymorphic and
others.
Module 25:
Introduction to Information System Audit
Objectives
• Obtain an understanding and overview of IT audit objectives.
3. Audit Methodology
4. Audit Trail.
IS Audit Objectives
• Auditing is a systematic and independent examination of information systems
environment to ascertain whether the objectives, set out to be achieved, have been
met or not.
• IS audit evaluates the adequacy of the security controls and informs the management
with suitable conclusions and recommendations. IS audit is an independent subset of
the normal audit exercise.
IS Audit Objectives
• Information systems audit is an ongoing process of evaluating controls; suggest
security measures for the purpose of safeguarding assets/resources, maintaining data
integrity, improve system effectiveness and system efficiency for the purpose of
attaining organization goals.
• Well-planned and structured audit is essential for risk management and monitoring
and control of information systems in any organization.
• Safeguarding IS assets:
• The Information systems assets of the organization must be protected by a system
of internal controls. It includes protection of hardware, software, facilities,
people, data, technology, system documentation and supplies.
IS Audit Objectives
• This is because hardware can be damaged maliciously, software and data files may
be stolen, deleted or altered and supplies of negotiable forms can be used for
unauthorized purposes.
• The IS auditor will be require to review the physical security over the facilities, the
security over the systems software and the adequacy of the internal controls. The IT
facilities must be protected against all hazards. The hazards can be accidental hazards
or intentional hazards.
• Reliability: Data should be reliable because all business decision are taken on the
basis of the current database.
• Efficiency: The ratio of the output to the input is known as efficiency. If output is
more with the same or less actual input, system efficiency is achieved, or else system
is inefficient. If computerization results in the degradation of efficiency, the effort for
making the process automated stands defeated. IS auditors are responsible to
examine how efficient the application in relation to the users and workload.
Control in Computer Systems.
• Computer systems are efficient and achieve results accurately and at great speed if
they work the way they are designed to.
• They have controls provided to ensure this but the controls have to be effective. The
controls are of great value in any computerised system and it is an important task for
auditing and for an auditor to see that not only adequate controls exist, but that they
also work effectively to ensure results and achieve objectives.
• The objectives of controls do not change with the introduction of computers. It is the
control techniques that change with many of the manual controls being computerised
and new technical computer controls added to achieve the same objectives.
• Data loss due to file damage, data corruption (manipulation), fire, burglary,
power failure (or fluctuations), viruses etc.
• Absence of audit trails make it difficult for an auditor to ensure efficient and
effective functioning of a computerised system.
Control in Computer Systems.
• Information system controls are broadly classified into two broad categories:
• General Controls
• General controls include controls over data centre operations, system software
acquisition and maintenance, access security, and application system
development and maintenance.
• They create the environment in which the application systems and application
controls operate.
• Examples include system edit checks of the format of entered data to help
prevent possible invalid input, system enforced transaction controls that prevent
users from performing transactions that are not part of their normal duties, and
the creation of detailed reports and transaction control totals that can be balanced
by various units to the source data to ensure all transactions have been posted
completely and accurately.
Audit Methodology.
• Preliminary evaluation.
• The first step in audit should be preliminary evaluation of the computer systems
covering:
• How the computer function is organised.
• The preliminary evaluation should inter alia identify potential key controls and any
serious key control weaknesses. For each control objective the auditor should state
whether or not the objective has been achieved; if not, he should assess the
significance and risks involved with due to control deficiencies.
• Audit methodology.
• After completing the preliminary evaluation of the computer systems, the auditor
has to decide about the appropriate audit approach, system based or direct
substantive testing. In doing so, the aspects to be borne in mind are:
Audit Methodology.
• Results of the preliminary evaluation.
• Extent to which reliance can be placed on any work carried out by Internal Audit.
• Nature of any constraints like lack of any audit trail and the practicability of
testing.
• Given sufficient familiarity with the system to be able to decide the point
from which to select the transactions for testing and how to substantiate them
efficiently.
• For System Based Audit approach, aspects of regularity, economy, efficiency and
effectiveness of the system have to be looked into besides evaluating data
integrity, and data security as explained below:
• System effectiveness is measured by determining whether the system
performs the intended functions and whether users get the needed
information, in the right form when required.
• A system is economical and efficient if it uses the minimum number of
information resources to achieve the output required by the users. The use of
system resources - hardware, software, personnel and money - should be
optimized.
• System activities would be regular if they comply with applicable laws, rules,
policies, guidelines.
• Achieving data integrity implies that the internal controls must be adequate to
ensure that
Audit Methodology.
• Audit Techniques.
• IT audit techniques refer to the use of computers, including software, as a tool to
independently test computer data of audit interest. Some well-established
techniques are:
• Collecting and processing a set of test data that reflects all the variants of data
and errors which can arise in an application system at different times.
• Using integrated test facilities, built into the system by the auditee to help the
auditor in his requirements, as one of the users of the system.
• Collecting and processing a set of test data that reflects all the variants of data
and errors which can arise in an application system at different times.
• Using integrated test facilities, built into the system by the auditee to help the
auditor in his requirements, as one of the users of the system.
• To achieve this, the audit trail should contain enough information to allow
management, the auditor and the user:
• System information including start up time, stop time, restarts, recovery etc.
• Transaction information including input items which change the database, control
totals and rejected items (relevant to database applications).
Audit Trail.
• Communication information including terminal log-on/off, password use, security
violation, network changes and transmission statistics (relevant to transaction
processing i.e. TP applications).
• In a computer system, the audit trail may not always be apparent as in a manual
system since data are often retained in magnetic media and output is limited to a
small number of total items processed, with reports produced only on exception
basis.
• The general procedure is to first investigate control totals and run to run totals within
the whole system and then to check and substantiate the audit trail by limited
checking through records and files or by taking intermediate printouts of audit
interest.
Audit Trail.
• If the design of the computer system does not provide for adequate audit trail this
should be brought out in audit review, highlighting control weaknesses or lack of
controls in the system.
• Apart from errors that might creep into the system, there is a possibility of frauds,
which might occur due to undetected control weaknesses.
Summary.
• Discussed the IS audit objectives - Safeguarding IS assets and Maintenance of data
integrity.
• The various types of control - Application level and General level control.
• Audit methodology using the direct substantive testing or system based audit
Module 26:
E-Payment System.
Objectives
• Obtain an understanding of the E-Payment System.
2. Types of E-Payment
• Recognizing this, virtually all interested parties are exploring various types of
electronic payment system and issues surrounding electronic payment system and
digital currency.
• Each payment system has its advantages and disadvantages for the customers and
merchants.
Introduction to E-Payment.
• These payment systems have numbers of requirements: e.g. security, acceptability,
convenience, cost, anonymity, control, and traceability.
• It was first electronic based payment system, which does not depend on a central
processing intermediary. An electronic fund transfer is a financial application of EDI
(Electronic Data Interchange), which sends credit card numbers or electronic
cheques via secured private networks between banks and major corporations.
• To use EFT to clear payments and settle accounts, an online payment service will
need to add capabilities to process orders, accounts and receipts. But a landmark
came in this direction with the development of digital currency.
Process of E-Payment.
• The nature of digital currency or electronic money mirrors that of paper money as a
means of payment. As such, digital currency payment systems have the same
advantages as paper currency payment, namely anonymity and convenience.
Types of E-Payment.
• With the growing complexities in the e-commerce transactions, different electronic
payment systems have appeared in the last few years.
• The grouping can be made on the basis of what information is being transferred
online on this bases there are four types of electronic payment systems:
• E-Cash.
• Credit Cards
• Electronic cash is a secure and convenient alternative to bills and coins. This
payment system complements credit, debit, and charge cards and adds additional
convenience and control to everyday customer cash transactions.
• E-cash is transferred directly from the customer's desktop to the merchant's site.
Therefore, e-cash transactions usually require no remote authorization or personal
identification number (PIN) codes at the point of sale.
• E-cash can be transferred over a telephone line or over the Web. The microprocessor
chip embedded onto the card keeps track of the e-cash transactions. Using e-cash the
customer has two options: a stand-alone card containing e-cash or a combination
card that incorporates both e-cash and debit.
E-Payment - Ecash
1. Consumer buys e-cash from Bank.
Merchant
• Disadvantages
• The e-cheque method was deliberately created to work in much the same way as
conventional paper cheque. An account holder will issue an electronic document
that contains the name of the financial institution, the payer‟s account number, the
name of payee and amount of cheque.
• Most of the information is in uncoded form. Like a paper cheques echeques also
bear the digital equivalent of signature: a computed number that authenticates the
cheque from the owner of the account.
• Disadvantages.
• The disadvantage of electronic cheque system includes their relatively high fixed
costs.
E-Payment – Payments Card.
• The term payment card describes all types of plastic cards used to make purchases.
• Credit card: Has a spending limit based on a user’s credit history.
• Debit card: Removes an amount from a cardholder’s bank account Transfers it to
the seller’s bank account.
• Charge card: Carries no spending limit. Amount charged is due at the end of the
billing period
• Advantages:
• Widespread acceptance
• Usually have built-in security for merchants
• Disadvantage:
• Payment card service companies charge merchants per-transaction fees and
monthly processing fees.
E-Payment – Payments Card.
E-Payment – Smart Card.
• A smart card is about the size of a credit card, made of a plastic with an embedded
microprocessor chip that holds important financial and personal information.
• The microprocessor chip is loaded with the relevant information and periodically
recharged. In addition to these pieces of information, systems have been developed to
store cash onto the chip.
• The money on the card is saved in an encrypted form and is protected by a password to
ensure the security of the smart card solution. In order to pay via smart card it is
necessary to introduce the card into a hardware terminal.
• The device requires a special key from the issuing bank to start a money transfer in
either direction. Smart cards can be disposable or rechargeable.
• Smart cards have been extensively used in the telecommunications industry for years.
Smart-card technology can be used to hold information on health care, transportation,
E-Payment – Smart Card.
• A smart card is about the size of a credit card, made of a plastic with an embedded
microprocessor chip that holds important financial and personal information.
• The microprocessor chip is loaded with the relevant information and periodically
recharged. In addition to these pieces of information, systems have been developed to
store cash onto the chip.
• The money on the card is saved in an encrypted form and is protected by a password to
ensure the security of the smart card solution. In order to pay via smart card it is
necessary to introduce the card into a hardware terminal.
• The device requires a special key from the issuing bank to start a money transfer in
either direction. Smart cards can be disposable or rechargeable.
• Smart cards have been extensively used in the telecommunications industry for years.
Smart-card technology can be used to hold information on health care, transportation,
identification, retail, loyalty programs and banking, to name a few.
E-Payment – Smart Card.
• Smart cards are broadly classified into two groups:
• Contact:
• This type of smart card must be inserted into a special card reader to be read and
updated. A contact smart card contains a microprocessor chip that makes contact
with electrical connectors to transfer the data.
• Contact-less:
• This type of smart card can be read from a short distance using radio frequency. A
contact-less smart card also contains a microprocessor chip and an antenna that
allows data to be transmitted to a special card reader without any physical contact.
• This type of smart card is useful for people who are moving in vehicles or on foot.
They are used extensively in European countries for collecting payment for
highway tolls, train fares, parking, bus fares, and admission fees to movies,
theaters, plays, and so forth.
E-Payment – Smart Card.
• Advantages of smart cards include the following:
• The disadvantages of smart cards are the lack of universal standards for their design
and utilization. On the other hand, smart card applications are expected to increase as a
result of the resolution of these disadvantages in the near future.
Comparison of E-Payment Systems.
Features Online Credit Electronic Cash Electronic Smart Cards
Card Cheque
Actual Payment Paid later Prepaid Paid later Prepaid
Time
Transaction The store and Free transfer. No Electronic The smart card
information bank checks the need to leave the checks or of both parties
transfer status of the name of parties payment make the
credit card involved indication must transfer
be endorsed
Online and Online Online Offline transfers Offline transfers
offline transactions transactions are allowed are allowed
transactions
Bank account Credit card No Involvement The bank The smart card
involvement account makes account makes account makes
the payment the payment the payment
Comparison of E-Payment Systems.
Features Online Credit Electronic Cash Electronic Smart Cards
Card Cheque
Users Any legitimate Anyone Anyone with a Anyone with a
credit card users bank account bank or credit
card account
Party to which Distributing Store Store Store
payment is Bank
made out
Consumer’s Most of the risk Consumer is at Consumer bears Consumer is at
transaction risk is borne by the risk of the most of the risk, risk of the smart
distributing bank, electronic cash but the card getting
consumers only getting stolen, consumer can stolen, lost or
have to bear part lost, or misused stop check misused
of the risk payments at any
time
Comparison of E-Payment Systems.
Features Online Credit Electronic Cash Electronic Smart Cards
Card Cheque
Current degree Credit card Unable to meet Can not meet Credit card
of popularity organizations financial internet international organizations
check for standards in the standards, check for
certification then areas of therefore its not certification then
total the expansion very popular total the
purchases. potential and purchases.
Therefore, it can internationalism Therefore it can
be used be used
internationally, internationally,
and is the most and is becoming
popular payment more widely
type used.
Mobility Yes No No Yes
Comparison of E-Payment Systems.
Features Online Credit Electronic Cash Electronic Smart Cards
Card Cheque
Limit on Depends on the Depends on how No Limit Depends on how
transfer limit of the credit much is prepaid much money is
card saved.
Database Safeguards Needs to Safeguards Safeguards
safeguarding regular credit safeguard a regular account regular account
card account large database, information information
information and maintain
records of the
serial numbers
of used
electronic cash.
Secure Electronic Transaction (SET) Protocol.
• Jointly designed by MasterCard and Visa with backing of Microsoft, Netscape, IBM,
GTE, SAIC, and others.
• Designed to provide security for card payments as they travel on the Internet.
• Contrasted with Secure Socket Layers (SSL) protocol, SET validates consumers
and merchants in addition to providing secure transmission
• SET specification
• Uses public key cryptography and digital certificates for validating both
consumers and merchants
• Provides privacy, data integrity, user and merchant authentication, and consumer
nonrepudiation
Secure Electronic Transaction (SET) Protocol.
The SET protocol coordinates the activities of the customer, merchant, merchant’s bank,
and card issuer.
Secure Electronic Transaction (SET) Protocol.
• SET-protected payments work like this:
• Merchant ships merchandise and adds transaction amount for deposit into
merchant’s account.
Secure Electronic Transaction (SET) Protocol.
• Information security: Neither anyone listening in nor a merchant can use the
information passed during a transaction for fraud.
• Credit card security: There is no chance for anybody to steal a credit card.
• Flexibility in shopping: If a person has a phone he/she can shop.
• Disadvantages of SET
Module 27:
Introduction to Data Warehouse.
Objectives
• Obtain an understanding and definition of data warehouse.
• However, the availability of too much data makes the extraction of the most
important information difficult, if not impossible.
• Data warehousing is a phenomenon that grew from the huge amount of electronic
data stored in recent years and from the urgent need to use that data to accomplish
goals that go beyond the routine tasks linked to daily processing.
• Generally speaking, we can state that creating a data warehouse system does not
require that new information be added; rather, existing information needs
rearranging. This implicitly means that an information system should be previously
available.
Introduction.
• Operational data usually covers a short period of time, because most transactions
involve the latest data.
• A data warehouse should enable analyses that instead cover a few years. For this
reason, data warehouses are regularly updated from operational data and keep on
growing.
• Fundamentally, data is never deleted from data warehouses and updates are normally
carried out when data warehouses are offline. This means that data warehouses can
be essentially viewed as read-only databases.
Introduction – Why data warehouse.
• Data explosion in data base management systems (DBMS).
• Inefficient retrieval of required information.
• Extracting, cleaning, transforming, and filtering data from DBMS and provide
efficient access to required information.
• Subject-oriented.
• The warehouse is organized around the major subjects of the enterprise (e.g.
customers, products, and sales) rather than the major application areas (e.g.
customer invoicing, stock control, and product sales).
• This is reflected in the need to store decision-support data rather than application-
oriented data.
Definition of Data Warehouse.
• Integrated.
• Time-variant data
• Data in the warehouse is only accurate and valid at some point in time or over
some time interval.
• Time-variance is also shown in the extended time that the data is held, the
implicit or explicit association of time with all data, and the fact that the data
represents a series of snapshots.
Definition of Data Warehouse.
• Non-volatile
Entity – Relational modeling techniques are used Data – Modeling techniques are used for the
for RDMS database design. Data Warehouse design.
Performance is low for analysis queries. High performance for analytical queries.
Difference between Database and Data Warehouse.
Database Data Warehouse
Holds current data Holds historical data
Stores detailed data Stores details, lightly and highly
summarized data
Data is dynamic Data is static
Transaction driven Analytic driven
Supports day-to-day decisions Support strategic decisions
Serves large number of clerical / operational Serves relatively low number of
users managerial users
Steps in building a Data Warehouse.
• Below are the basic steps in building data warehouse.
• The weakness of this architecture lies in its failure to meet the requirement for
separation between analytical and transactional processing.
• Analysis queries are submitted to operational data after the middleware interprets
them. It this way, the queries affect regular transactional workloads.
• In addition, although this architecture can meet the requirement for integration and
correctness of data, it cannot log more data than sources do.
Data Warehouse Architectures – Single Layer.
• For these reasons, a virtual approach to data warehouses can be successful only if
analysis needs are particularly restricted and the data volume to analyze is huge.
Data Warehouse Architectures – Two Layer.
• The requirement for separation plays a fundamental role in defining the typical
architecture for a data warehouse system. Although it is typically called a two-layer
architecture to highlight a separation between physically available sources and data
warehouses, it actually consists of four subsequent data flow stages
• Source layer
• A data warehouse system uses heterogeneous sources of data. That data is
originally stored to corporate relational databases or legacy databases, or it
may come from information systems outside the corporate walls.
• Data staging
• The data stored to sources should be extracted, cleansed to remove
inconsistencies and fill gaps, and integrated to merge heterogeneous sources
into one common schema.
Data Warehouse Architectures – Two Layer.
• Data staging
• The so-called Extraction, Transformation, and Loading tools (ETL) can merge
heterogeneous schemata, extract, transform, cleanse, validate, filter, and load
source data into a data warehouse.
• Technologically speaking, this stage deals with problems that are typical for
distributed information systems, such as inconsistent data management and
incompatible data structures.
• As a result, those data are integrated, consistent, correct, current, and detailed. The
data warehouse that is not populated from its sources directly, but from reconciled
data.
• The main advantage of the reconciled data layer is that it creates a common reference
data model for a whole enterprise. At the same time, it sharply separates the
problems of source data extraction and integration from those of data warehouse
population.
Data Warehouse Architectures – Three Layer.
• Remarkably, in some cases, the reconciled layer is also directly used to better
accomplish some operational tasks, such as producing daily reports that cannot be
satisfactorily prepared using the corporate applications, or generating data flows to
feed external processes periodically so as to benefit from cleaning and integration.
• However, reconciled data leads to more redundancy of operational source data. Note
that we may assume that even two-layer architectures can have a reconciled layer
that is not specifically materialized, but only virtual, because it is defined as a
consistent integrated view of operational source data.
Data Warehouse Architectures – Three Layer.
Conceptual Modelling of data warehouse.
• A conceptual data model is a summary-level data model that is most often used on
strategic data projects. It typically describes an entire enterprise. Due to its highly
abstract nature, it may be referred to as a conceptual model.
• Star Schema
• In the star schema design, a single object (the fact table) sits in the middle and is
radically connected to other surrounding objects (dimension lookup tables) like a
star. Each dimension is represented as a single table. The primary key in each
dimension table is related to a foreign key in the fact table.
Conceptual Modelling of data warehouse.
• All measures in the fact table are related to all the dimensions that fact table is
related to. In other words, they all have the same level of granularity.
• A star schema can be simple or complex. A simple star consists of one fact table;
a complex star can have more than one fact table.
Conceptual Modelling of data warehouse.
• The snowflake
• schema is an extension of the star schema, where each point of the star explodes
into more points.
• Enumerated the various data base architecture – single, two and three layers.
• Discussed the various types of Conceptual Modelling of data warehouse data - Star
schema, Snowflake schema and Fact constellations.
Islamic Online University
Module 28:
Computer Building Blocks.
Objectives
• Obtain an understanding of the binary numbering system and its need in
building computer system
• Become familiar with the different numbering systems and how numbers
can be converted from one another.
• To understand the concepts behind Boolean logic, truth table, logic gates
and circuits
Content.
1. Binary Numbers.
2. Boolean logic
3. Truth table.
4. Logic gates
5. Circuits.
Binary Numbers.
• A computer’s internal storage techniques are different from the way people represent
information in daily lives.
1 2 3 5
103 102 101 100
• Representing positive integers: Almost all digital computers use a base 2 (or binary)
representation.
• Most computers today can use 32, 64, or 128 bit word (e.g. 64 bit or 32 bit O/S)
Binary Numbers.
ON/YES/TRUE/NON-ZERO
=1 =0
• Examples:
• light bulb
• toggle switch
• a voltage threshold where all voltages above that threshold represent 1 and all
below represent 0
• Why do we need a device that has only 2 stable energy states, not 10?
• There is no reason theoretically why a decimal computer couldn't be built.
11 = 1 × 21 + 1 × 20 = 310
101 = 1 × 22 + 0 × 21 + 1 × 20 = 4 + 1 = 510
1001 = 1 × 23 + 1 × 20 = 8 + 1 = 910
1100 = 1 × 23 + 1 × 22 = 8 + 4 = 1210
11101 = 1 × 24 + 1 × 23 + 1 × 22 + 1 × 20 = 2910
1001001 = 1 × 26 + 1 × 23 + 1 × 20 = 64 + 8 + 1 = 7310
1100110 = 1 × 26 + 1 × 25 + 1 × 22 + 1 × 21 = 10110
0.1 = 1 × 2−1 = 0.510
0.11 = 1 × 2−1 + 1 × 2−2 = 0.5 + 0.25 = 0.7510
10.0011 = 1 × 21 + 1 × 2−3 + 1 × 2−4 = 2.187510
Decimal Numbers.
• Decimal numbering system.
Base 10 Remainder
• Base-10. 2 255
• Each position is a power of 10 127 1
3052 = 3 x 103 + 0 x 102 + 5 x 101 + 2 x 100 63 1
31 1
• Converting decimal to Binary
15 1
• For example 255 base 10 to Binary is 11111111
7 1
3 1
• What is 245 base 10 when converted to Binary?
1 1
1
• Given k bits, the largest unsigned integer is
2k – 1 Read from bottom
• Given 4 bits, the largest is 24-1 = (2*2*2*2) -1 = 16-1
= 15.
Character Representation.
• Various encoding schemes have been used. All use numbers to represent the
characters.
• One common encoding scheme is the ASCII (American Standard Code for
Information Interchange) scheme.
• Another scheme is the Unicode symbol set which provides a major expansion of the
ASCII encodings.
• UNICODE code set.
• 16 bits per character; 65,536 character codes.
Hexadecimal Numbers.
• The word hexadecimal is derived from the Greek root hex (six) and the Latin root
decem (ten). In this system the base b = 16 and we use sixteen symbols to represent
a number.
• The set of symbols is
• S = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F}
• Note that the symbols A, B, C, D, E, F are equivalent to 10, 11, 12, 13, 14, and 15
respectively. The symbols in this system are often referred to as hexadecimal digits.
• Its an easier way to express binary number is using hexadecimal (base 16)
• The word Boolean is usually capitalized because the area is named after George
Boole (1815-1864) an English mathematician and logician who developed the logic
rules that have proved useful in computing and in designing circuits.
• Boolean logic operations on electronic signals can be built out of transistors and
other electronic devices.
Boolean Logic.
• Below are the basic Boolean operations
• a AND b
• True only when a is true and b is true
• a OR b
• True when a is true, b is true, or both are true
• NOT a
• True when a is false and vice versa
• Boolean expressions
• Constructed by combining together Boolean operations
• Example: (a AND b) OR ((NOT b) AND (NOT a))
The Truth Table.
• The truth value of a statement is the classification as true or false which denoted by T
or F.
A NOT Gate
Gates.
• AND gate
• Two input lines, one output line
• Outputs a 1 when both inputs are 1
• OR gate
• Two input lines, one output line
• Outputs a 1 when either input is 1
• NOT gate
• One input line, one output line
• Outputs a 1 when input is 0 and vice versa
• NAND gate
• Two input lines, one output line
• Outputs a 0 when both inputs are 1
Gates.
• NOR gate
• Two input
lines, one
output line
• Outputs a 0
when either
input is 1
Circuit.
• Logic gates can be combined together to produce more complex logic circuits
(networks)
• The output from a logic circuit (network) is checked by producing a truth table.
a
b
c
d
• Understood the need for the binary numbering system and the other types of
numbering system Decimal and Hexadecimal
• Discussed the Boolean logic, truth table, logic gates and circuits.
Islamic Online University
Module 29:
Compiler Construction.
Objectives
• Obtain an understanding of translators and the relationship with High-
level language.
3. Translators
4. Compiler
5. Compiler Processes
Introduction.
• Users of modern computing systems can be divided into two broad categories.
• There are those who never develop their own programs, but simply use ones
developed by others.
• Then there are those who are concerned as much with the development of programs
as with their subsequent use.
• That is not to claim that the use of such tools removes all burdens, or all possibilities
for error, as the reader will be well aware.
• In order for high-level languages to be usable, one must be able to convert programs
written in them into the binary or hexadecimal digits and bitstrings that a machine
will understand.
• At an early stage it was realized that if constraints were put on the syntax of a high-
level language the translation process became one that could be automated.
Introduction.
• This led to the development of translators or compilers - programs which accept (as
data) a textual representation of an algorithm expressed in a source language, and
which produce (as primary output) a representation of the same algorithm expressed
in another language, the object or target language.
The relationship between high-level language and translator.
• Computer languages are generally classed as being "high-level" (like Pascal, Fortran,
Ada, Modula-2, Oberon, C or C++) or "low-level" (like ASSEMBLER).
• High-level languages are claimed to possess several advantages over low-level ones:
• Readability:
• A good high-level language will allow programs to be written that in some ways
resemble a quasi-English description of the underlying algorithms.
• If care is taken, the coding may be done in a way that is essentially self-
documenting, a highly desirable property when one considers that many
programs are written once, but possibly studied by humans many times
thereafter.
The relationship between high-level language and translator.
• Portability
• High-level languages, being essentially machine independent, hold out the
promise of being used to develop portable software. This is software that can, in
principle (and even occasionally in practice), run unchanged on a variety of
different machines - provided only that the source code is recompiled as it moves
from machine to machine.
• Brevity:
• Programs expressed in high-level languages are often considerably shorter (in
terms of their number of source lines) than their low-level equivalents.
• Error checking:
• Being human, a programmer is likely to make many mistakes in the development
of a computer program. Many high-level languages - or at least their
implementations - can, and often do, enforce a great deal of error checking both
at compile-time and at run-time. For this they are, of course, often criticized by
programmers who have to develop time-critical code, or who want their
programs to abort as quickly as possible.
Translators
• Translator is defined as a computer program that converts instructions written in one
language to another without changing the initial logic in terms of computer language
• Assembler
• The term Assembler is usually associated with those translators that map low-
level language instructions into machine code which can then be executed
directly.
• Individual source language statements usually map one-for-one to machine-level
instructions.
Translators
• Macro-assembler
• Is also associated with those translators that map low-level language instructions
into machine code.
• Most source language statements map one- for-one into their target language
equivalents, but some macro statements map into a sequence of machine- level
instructions - effectively providing a text replacement facility, and thereby
extending the assembly language to suit the user.
• Compiler
• The term compiler is usually associated with those translators that map high-level
language instructions into machine code which can then be executed directly.
• Individual source language statements usually map into many machine-level
instructions.
Translators
• Pre-processor
• The term pre-processor is usually associated with those translators that map a
superset of a high-level language into the original high-level language, or that
perform simple text substitutions before translation takes place.
• The best-known pre-processor is probably that which forms an integral part of
implementations of the language C, and which provides many of the features that
contribute to the widely- held perception that C is the only really portable
language.
• High-level translator
• High-level translator is often associated with those translators that map one high-
level language into another high-level language - usually one for which
sophisticated compilers already exist on a range of machines.
• Such translators are particularly useful as components of a two-stage compiling
system, or in assisting with the bootstrapping techniques to be discussed shortly.
Compiler - Introduction.
• A compiler is a computer program (or set of programs) that transforms source code
written in a programming language (the source language) into another computer
language (the target language, often having a binary form known as object code).
Source Target
program compiler program
Error
message
• A source program/code is a program/code written in the source language, which is
usually a high-level language.
• A target program/code is a program/code written in the target language, which often
is a machine language or an intermediate code.
Compiler - Introduction.
• The most common reason for wanting to transform source code is to create an
executable program. The name "compiler" is primarily used for programs that
translate source code from a high-level programming language to a lower level
language (e.g., assembly language or machine code).
• If the compiled program can run on a computer whose CPU or operating system is
different from the one on which the compiler runs, the compiler is known as a cross-
compiler. A program that translates from a low level language to a higher level one is
a decompiler.
• The first compiler of the high-level language FORTRAN was developed between
1954 and 1957 at IBM by a group led by John Backus. Proved the viability of high-
level and thus less machine dependent languages. The study of the scanning and
parsing problems were pursued in the 1960s and 1970s and led fairly to a complete
solution.
• This became standard part of compiler theory. Resulted in scanner and parser
generators that automate part of compiler development. The development of methods
for generating efficient target code, known as optimization techniques, is still an
ongoing research Compiler technology was also applied in rather unexpected areas:
• Text-formatting languages and
• Hardware description languages for the automatic creation of VLSI circuits.
Compiler – Translation Process.
• A compiler performs two major tasks:
• Phases of a compiler:
• Scanning
• Parsing
• Semantic Analysis
• Intermediate Code Generation
• Intermediate Code Optimizer
• Target Code Generator
• Target Code Optimizer
Compiler – Translation Process.
Compiler – Translation Process.
• Three auxiliary components interact with some or all phases:
• Literal Table
• Store constants and strings used in program reduce the memory size by
reusing constants and strings Can be combined with symbol table
• Error Handler
• Tokens represent basic program entities such as: Identifiers, Literals, Reserved
Words, Operators, Delimiters, etc.
• Then, it produces a data structure, called a parse tree or an abstract syntax tree,
which describes the syntactic structure of the program.
• A syntax tree is a more condensed version of the parse tree. A syntax tree is usually
generated as output by the parser
Compiler – Semantics Analyzer stage.
• It gets the parse tree from the parser together with information about some syntactic
elements.
• It modifies the parse tree in order to get that (static) semantically correct code.
• Works by analyzing and executing the source program commands one at a time.
• Enumerated the various stages in the complier process – Scanning, Parsing, Semantic
Analysis, Intermediate Code Generation, Intermediate Code Optimizer, Target Code
Generator and Target Code Optimizer
Islamic Online University
Module 30:
Computer Technology and the society.
Objectives
• Describe some of the major impacts of information technology on individuals,
organizations, and society.
• Understand the changes that take place in the workplace and the lives of individuals
when information technology eliminates geographical and spatial barriers.
Content.
1. Computer and community.
2. Impact of IT to society
Computer and community.
• The Problems
• There is a worry that computers have a negative impact on us, our children, and
our society
• Face-to-face gathering
• Furthermore, the outsourcing trends are naturally expanding into such activities
as processing of insurance claims, transcription of medical records, engineering
and design work, financial analysis, market research, and many others.
• Centralization of authority
• Centralization may become more popular because of the trend toward smaller
and flatter organizations and the use of expert systems.
• On the other hand, the Web permits greater empowerment, allowing for more
decentralization. Whether use of IT results in more centralization or in
decentralization may depend on top management’s philosophy.
Impact of IT to Society.
• Impacts of IT on Structure, Authority, Power, and Job Content.
• Changes in supervision.
• IT introduces the possibility for greater electronic supervision. In general, the
supervisory process may become more formalized, with greater reliance on
procedures and measurable (i.e., quantitative) outputs and less on interpersonal
processes. This is especially true for knowledge workers and telecommuters.
Impact of IT to Society.
• Impacts of IT on personnel issues.
• Job mobility.
• The Web has the potential to increase job mobility. Sites such as techjourney.com
can tell you how jobs pay in any place in the United States. Sites like
monster.com offer places to post job offerings and résumés. Using
videoconferencing for interviews and intelligent agents to find jobs is likely to
increase employee turnover.
Impact of IT to Society.
• Impacts on Health and Safety.
• Computers and information systems are a part of the environment that may
adversely affect individuals’ health and safety. To illustrate, we will discuss the
effects of job stress and long-term use of the keyboard.
• Job Stress.
• An increase in workload and/or responsibilities can trigger job stress.
Although computerization has benefited organizations by increasing
productivity, it has also created an ever-increasing workload for some
employees.
• Some workers, especially those who are not proficient with computers, but
who must work with them, feel overwhelmed and start feeling anxious about
their jobs and their job performance. These feelings of anxiety can adversely
affect workers’ productivity.
• Management’s responsibility is to help alleviate these feelings by providing
training, redistributing the workload among workers, or by hiring more
individuals.
Impact of IT to Society.
• Impacts on Health and Safety.
• This situation has made some people particularly in the third world to be at the
disadvantage.
Impact of IT to Society.
• Machines Are Performing Functions Previously Performed by Humans
• One of the distinguishing traits of humankind is the continuous quest to find tools
and techniques to replace human work and manual labor. Information technology
greatly accelerates this process and allows machines to perform a variety of
complex functions, which, in the past, could be performed only by humans.
• Robotics offers a clear example of information technology eliminating the need for
human labor. Computerized transaction processing systems, automated teller
machines, intelligent scheduling software, and voice recognition systems illustrate
information technology’s capability to replace administrative and clerical work.
• Moreover, artificial intelligence and expert systems are now able to perform the
work of white-collar professionals. As functionality of machines and computer
systems continues to evolve, it will transform societies by influencing such critical
factors as the quality of life, the dynamics of labor markets, and the nature of
human interactions.
Impact of IT to Society.
• Quality of life
• Individual
• Community
• Organization.