Islamic Online University: Course: Computer 101

Islamic Online University
Course: Computer 101
Module 16:
Introduction to Database Management System.
Objectives
• Obtain an understanding of general concepts database.
• Become familiar with the concept of database design
• To understand the characteristics of a database
• Learn more about various types of database.

Content.
1. What is data base.
2. Data management.
3. Introduction to Database Management System.
4. Data Model and types of data model.

What is database.
• Data
• This is a collection of facts represented in the form of numbers, letters or words
• Information
• The processed data organized in a meaningful way which are useful to people
who receive them. Thus data are sometimes referred to raw materials from which
information is generated.
• General:
• A database is any collection of related data.
• Restrictive:
• A database is a persistent, logically coherent collection of inherently meaningful
data, relevant to some aspects of the real world.
Why do we need data.
• Data can do the following for us:
• Confirm problems or issues

• Change how we deliver programs, allocate resources, and decide what programs
we offer
• Validate what we already know
• Encourage inquiry and further exploration of issues
• Question what we assume is working or not working
• Provide reliable information for accountability issues
• Guide continuous improvement
• Build a community of lifelong learners
Data Management.
• Data management consist of the following tasks:
• Data capture: Which is the task associated with gathering the data as and when
they originate.
• Data classification: Captured data has to be classified based on the nature and
intended usage.
• Data storage: The segregated data has to be stored properly.
• Data arranging: It is very important to arrange the data properly
• Data retrieval: Data will be required frequently for further processing, Hence it
is very important to create some indexes so that data can be retrieved easily
Data Management.
• Data management consist of the following tasks:
• Data maintenance: Maintenance is the task concerned with keeping the data up
to-date.
• Data Verification: Before storing the data it must be verified for any error.
• Data Coding: Data will be coded for easy reference.
• Data Editing: Editing means re-arranging the data or modifying the data for
presentation.
• Data transcription: This is the activity where the data is converted from one
form into another.
• Data transmission: This is a function where data is forwarded to the place where
it would be used further.
Method of Data Management.
• Data management can be done using the concept of:
• File System.
• A file system: is used to control how data is stored and retrieved. Without a
file system, information placed in a storage area would be one large body of
data with no way to tell where one piece of information stops and the next
begins. By separating the data into individual pieces, and giving each piece a
name, the information is easily separated and identified.
• Database Management System.

Introduction to database management system.
• A database-management system (DBMS) is a collection of interrelated data and a
set of programs to access those data.
• The collection of data, usually referred to as the database, contains information

relevant to an enterprise. The primary goal of a DBMS is to provide a way to store
and retrieve database information that is both convenient and efficient.
• By data, we mean known facts that can be recorded and that have implicit meaning.
For example, consider the names, telephone numbers, and addresses of the people
you know.
• You may have recorded this data in an indexed address book, or you may have stored
it on a diskette, using a personal computer and software such as DBASE IV or V,
Microsoft ACCESS, or EXCEL.
Introduction to database management system.
• A datum – a unit of data – is a symbol or a set of symbols which is used to represent
something. This relationship between symbols and what they represent is the essence
of what we mean by information.
• Database systems are designed to manage large bodies of information. Management

of data involves both defining structures for storage of information and providing
mechanisms for the manipulation of information.
• In addition, the database system must ensure the safety of the information stored,
despite system crashes or attempts at unauthorized access. If data are to be shared
among several users, the system must avoid possible anomalous results.
Difference between File system and DBMS
File System DBMS
File system is a collection of data. Any DBMS is a collection of data and user is
management with the file system, user not required to write the procedures for
has to write the procedures managing the database.
File system gives the details of the data DBMS provides an abstract view of data
representation and Storage of data that hides the details.
In File system storing and retrieving of DBMS is efficient to use since there are
data cannot be done efficiently. wide varieties of sophisticated techniques
to store and retrieve the data
Concurrent access to the data in the file DBMS takes care of Concurrent access
system has many problems like a. using some form of locking.
Reading the file while other deleting
some information, updating some
information
Difference between File system and DBMS
File System DBMS
File system doesn‟t provide crash DBMS has crash recovery mechanism,
recovery mechanism. Eg. While we are DBMS protects user from the effects of
entering some data into the file if System system failures.
crashes then content of the file is lost.
Protecting a file under file system is very DBMS has a good protection mechanism.
difficult.
Advantages of database management system.
• Data independency: Application program should not be exposed to details of data

representation and storage DBMS provides the abstract view that hides these details.
• Efficient data access: DBMS utilizes a variety of sophisticated techniques to store

and retrieve data efficiently.
• Data integrity and security: Data is accessed through DBMS, it can enforce
integrity constraints. E.g.: Inserting salary information for an employee.
• Data Administration: When users share data, centralizing the data is an important
task, Experience professionals can minimize data redundancy and perform fine
tuning which reduces retrieval time.
Advantages of database management system.
• Concurrent access and Crash recovery: DBMS schedules concurrent access to the
data. DBMS protects user from the effects of system failure.
• Reduced application development time: DBMS supports important functions that

are common to many applications.
Disadvantages of database management system.
• Danger of a Overkill: For small and simple applications for single users a database
system is often not advisable.
• Complexity: A database system creates additional complexity and requirements. The

supply and operation of a database management system with several users and
databases is quite costly and demanding.
• Qualified Personnel: The professional operation of a database system requires

appropriately trained staff. Without a qualified database administrator nothing will
work for long.
• Costs: Through the use of a database system new costs are generated for the system
itself but also for additional hardware and the more complex handling of the system.
Disadvantages of database management system.
• Lower Efficiency: A database system is a multi-use software which is often less

efficient than specialized software which is produced and optimized exactly for one
problem.
Function of database management system.
• Data Definition: The DBMS provides functions to define the structure of the data in
the application. These include defining and modifying the record structure, the type
and size of fields and the various constraints to be satisfied by the data in each field.
• Data Manipulation: Once the data structure is defined, data needs to be inserted,
modified or deleted. These functions which perform these operations are part of
DBMS.
• Data Security & Integrity: The DBMS contains modules which handle the security
and integrity of data in the application.
Function of database management system.
• Data Recovery and Concurrency: Recovery of the data after system failure and
concurrent access of records by multiple users is also handled by DBMS.
• Data Dictionary Maintenance: Maintaining the data dictionary which contains the
data definition of the application is also one of the functions of DBMS.
• Performance: Optimizing the performance of the queries is one of the important

functions of DBMS.
Data Model.
• A model is an abstraction process that hides superfluous details.
• Data modeling is used for representing entities of interest and their relationship in the
database.
• Data model and different types of Data Model Data model is a collection of concepts
that can be used to describe the structure of a database which provides the necessary
means to achieve the abstraction.
• Communications tool to facilitate interaction among the designer, the applications

programmer, and the end user
• Good database design uses an appropriate data model as its foundation

Types of Data Model.
• A model is an abstraction process that hides superfluous details.
• Data modeling is used for representing entities of interest and their relationship in the
database.
• Data model and different types of Data Model Data model is a collection of concepts
that can be used to describe the structure of a database which provides the necessary
means to achieve the abstraction.
• The types of data model are:

• Hierarchical
• Network
• Relational
• Entity relationship
• Object oriented
The Entity-Relationship Model .
• The entity-relationship (E-R) data model is based on a perception of a real world that
consists of a collection of basic objects, called entities, and of relationships among
these objects.
• An entity is a “thing” or “object” in the real world that is distinguishable from other
objects.
• For example, each person is an entity, and bank accounts can be considered as
entities.
• Entities are described in a database by a set of attributes. For example, the attributes
Student Number and Grade may describe one particular student record in a school,
and they form attributes of the student entity set. Similarly, attributes student-name,
student-street address and student-city may describe a student entity.
• An extra attribute student-id is used to uniquely identify student (since it may be
possible to have two student with the same name, street address, and city).
• A unique student identifier must be assigned to each student.
• A relationship is an association among several entities. For example, a course

registration relationship associates a student with each subject that she has registered
for.
• The set of all entities of the same type and the set of all relationships of the same
type are termed an entity set and relationship set, respectively.
• The overall logical structure (schema) of a database can be expressed graphically by

an E-R diagram.
• An extra attribute student-id is used to uniquely identify student (since it may be
possible to have two student with the same name, street address, and city).
• A unique student identifier must be assigned to each student.
• A relationship is an association among several entities. For example, a course

registration relationship associates a student with each subject that she has registered
for.
• The set of all entities of the same type and the set of all relationships of the same
type are termed an entity set and relationship set, respectively.
• The overall logical structure (schema) of a database can be expressed graphically by

an E-R diagram.
• Key things to know in an ER Diagram:
• Rectangles represent entity sets.
• Diamonds represent relationship sets
• Lines link attributes to entity sets and entity sets to relationship sets
• Ellipses represent attributes – Double ellipses represent multivalued attributes –

Dashed ellipses denote derived attributes
• Underline indicates primary key attributes

Entity-Relationship Model .
• Advantages.
• Exceptional conceptual simplicity
• Visual representation
• Effective communication tool
• Integrated with the relational data model
• Disadvantages
• Limited constraint representation
• Limited relationship representation
• No data manipulation language
• Loss of information content
Relational Model .
• The relational model uses a collection of tables to represent both data and the
relationships among those data.
• Each table has multiple columns, and each column has a unique name.
• The data is arranged in a relation which is visually represented in a two dimensional

table. The data is inserted into the table in the form of tuples (which are nothing but
rows).
• A tuple is formed by one or more than one attributes, which are used as basic
building blocks in the formation of various expressions that are used to derive a
meaningful information.
• There can be any number of tuples in the table, but all the tuple contain fixed and
same attributes with varying values.
Relational Model .
• The relational model is implemented in database where a relation is represented by a
table, a tuple is represented by a row, an attribute is represented by a column of the
table, attribute name is the name of the column such as „identifier‟, „name‟, „city‟
etc., attribute value contains the value for column in the row.
• Constraints are applied to the table and form the logical schema. In order to facilitate
the selection of a particular row/tuple from the table, the attributes i.e. column names
are used, and to expedite the selection of the rows some fields are defined uniquely
to use them as indexes, this helps in searching the required data as fast as possible.
• All the relational algebra operations, such as Select, Intersection, Product, Union,
Difference, Project, Join, Division, Merge etc. can also be performed on the
Relational Database Model. Operations on the Relational Database Model are
facilitated with the help of different conditional expressions, various key attributes,
pre-defined constraints etc.
Relational Model .
Relational Model .
• Advantages
• Structural independence
• Improved conceptual simplicity
• Easier database design, implementation, management, and use
• Ad hoc query capability
• Powerful database management system
• Disadvantages
• Substantial hardware and system software overhead

• Can facilitate poor design and implementation
• May promote “islands of information” problems
Summary.
• Understood the concept of database and data management
• The need for data
• The methods of data management
• Discussed data base management system.
• Difference between file system and DBMS
• Advantages and disadvantages of DBMS
• Data Model and type of data model - ER Model and Relational Model
Module 17:
Overview of System Analysis and Design.
Objectives
• Obtain an understanding of what is regarded as a system.
• Become familiar with the concept of Software development life cycle
• To understand the characteristics of system analysis.
• Learn more about the role of system analyst.

Content.
1. Definition of system.
2. Characteristics of a system.
3. Elements of a system.
4. Types of system analysis
5. Software development life cycle.

Introduction.
• Systems analysis and design refers to the process of examining a business situation
with the intent of improving it through better procedures and methods.
• Systems development can generally be thought of as having two major components:

Systems Analysts and Systems Design.
• Systems design is the process of planning a new system or replace or complement an

existing system. But before this planning can be done, we must thoroughly
understand the existing system and determine how computers can best be used to
make its operation more effective.
• Systems analysis, then, is the process of gathering and interpreting facts, diagnosing
problems and using the information to recommend improvement to the system. In
brief, we can say that analysis specified what the system should do. Design states
how to accomplish the objectives.
What is a system.
• A collection of components that work together to realize some objectives forms a
system.
• A system is an orderly grouping of interdependent components linked together

according to a plan to achieve a specific objective.
• Basically there are three major components in every system, namely input,
processing and output. In a system the different components are connected with each
other and they are interdependent.
What is a system.
• For example, human body represents a complete natural system. We are also bound
by many national systems such as political system, economic system, educational
system and so forth.
• The objective of the system demands that some output is produced as a result of
processing the suitable inputs.
• A well-designed system also includes an additional element referred to as ‗control‘

that provides a feedback to achieve desired objectives of the system.
Characteristics of a system .
• Below are the various characteristics of a system.
• Organisation
• Organization implies structure and order. It is the arrangement of components

that helps to achieve objectives.
• In the design of a business system, for example, a computer system is designed

around an input device, a central processing unit, an output device and one or
more storage units.
• When these units are linked together, they work as a whole system for generating
information
Characteristics of a system.
• Interaction.
• Interaction refers to the procedure in which each component functions with other
components of the system.
• In an organization, for example, purchasing must interact with production,

advertising with the sales and payroll with personnel.
• In a computer system also, the central processing unit must interact with other
units to solve a problem. In turn, the main memory holds program, and the data
that the arithmetic unit uses for computation.
• The inter-relationship between these components enables the computer to

perform.
Characteristics of a system
• Interdependence.
• Interdependence means that component of the organization or computer system
depends on one another.
• They are coordinated and linked together in a planned way to achieve an

objective.
• Integration
• Integration is concerned with how a system is tied together. It is more than
sharing a physical part or locations.
• It means that parts of the system work together within the system even though
each part performs a unique function.
• Successful integration will typically produce a better result as a whole rather than
if each component works independently.
Characteristics of a system
• Central Objective
• Central objective is the last characteristics of a system.
• Objectives may be real or stated. Although a stated objective may be the real
objective.
• It is quite common that organization may set one objective and operate to achieve
another. The important point is that users must be aware of the central objective
well in advance.
Elements of Systems analysis.
• There are four basic elements of systems analysis:
• Output
• First of all, we must determine what the objectives or goals are, what do we
intend to achieve, what is the purpose of our work; in other words, what is the
main aim behind the system.
• Defining aim is very vital in system work. If we do not know where we want to
go, we will not know when we have reached there. We shall be unnecessarily
wasting our time and energy in the process.
• Once we know our aim, we can try to achieve it in the best possible way. The
user department has to define these objectives in terms of their needs. These
become the outputs which the systems analyst keeps in mind.
• Inputs
• Once we know the output, we can easily determine what the inputs should be.
• If the information is vital to the system, we should make all possible efforts to
make it available. Sometimes, it might be too costly to get the desired
information.
• It would be better in such cases to prepare a cost-benefit analysis to convince the

management of the necessity for acquiring the information.
• The essential elements of inputs are:

• Accuracy: If the data is not accurate, the outputs will be wrong.
• Timeliness: If data is not obtained in time, the entire system falls into arrears.
• Proper format: The inputs must be available in proper format.
• Economy: the data must be produced at the least cost.
• Files
• As the word implies files are used to store data.
• Most of the inputs necessary for the system may be historical data, or it may be
possible that these are generated from within the system.
• These are stored in files either in terms of isolated facts or in large volumes.
• Processes
• Here we come to the details of how the inputs and files are converted into
outputs.
• This involves the programs and the way in which data is processed through the
computer.
• The processing involves a set of logical steps. These steps are required to be
instructed to the computer and this is done by a series of instructions called
―programs‖.
Types of Systems
• Systems have been classified in different ways as detailed below:
• Physical or Abstract Systems
• Physical systems are tangible entities that may be static or dynamic in operation.
Abstract systems are conceptual or non-physical entities which may be as straight
forward as formulas of relationships among sets of variables or models – the
abstract conceptualization of physical situations.
• Open or Closed System.
• An open system continually interacts with its environments. It receives inputs

from and delivers outputs to outside. An information system belongs to this
category, since it must adapt to the changing demands of the user. In contrast, a
closed system is isolated from environmental influences. In reality completely
closed systems are rare.
Types of Systems
• Deterministic or Probabilistic Systems.
• A deterministic system is one in which the occurrence of all events is perfectly
predictable. If we get the description of the system state at a particular time, the
next state can be easily predicted. An example of such a system is a numerically
controlled machine tool. Probabilistic system is one in which the occurrence of
events cannot be perfectly predicted. An example of such a system is a
warehouse and its contents.
• Man-made Information Systems

• It is generally believed that information reduces uncertainty about a state or
event. For example, information that the wind is calm reduces the uncertainty
that a trip by boat will be enjoyable. An information system is the basis for
interaction between the user and the analyst. An information system designed
may be defined as a set of devices, procedures and operating systems designed
around user-based criteria to produce information and communicate it to the user
for planning, control and performance.
Types of Systems
• Man-made Information Systems can be sub divided into the following:
• A Formal Information System is based on the organization represented by the

organization chart. The chart is a map of positions and their authority
relationships, indicated by boxes and connected by straight lines. It is concerned
with the pattern of authority, communication and work flow.
• An Informal Information System is an employee-based system designed to

meet personnel and vocational needs and to help in the solution of work-related
problems. It also funnels information upwards through indirect channels. In this
way, it is considered to be a useful system because it works within the framework
of the business and its stated policies.
Types of Systems
• Computer-based Information Systems. As we have different types of
transportation systems such as highways systems, railways systems and airline
systems, computer-based information systems are of too many types. They are
classified as:
• Transaction Processing Systems (TPS)

• Management Information Systems (MIS)
• Decision Support System (DSS)
• Office Automation Systems (OAS).
Phases of System Development Life cycle.
• In many ways, building an information system is similar to building a house.
• First, the owner describes the vision for the house to the developer.
• Second, this idea is transformed into sketches and drawings that are shown to the
owner and refined (often, through several drawings, each improving on the other)
until the owner agrees that the pictures depict what he or she wants.
• Third, a set of detailed blueprints is developed that presents much more specific
information about the house (e.g., the layout of rooms, placement of plumbing
fixtures and electrical outlets, and so on). Finally, the house is built following the
blueprints—and often with some changes and decisions made by the owner as the
house is erected.
• Below are the various phases involved in SDLC.

• Preliminary System Study
• Preliminary system study is the first stage of system development life cycle. This
is a brief investigation of the system under consideration and gives a clear picture
of what actually the physical system is?
• In practice, the initial system study involves the preparation of a ‗System

Proposal‘ which lists the Problem Definition, Objectives of the Study, Terms of
reference for Study, Constraints, Expected benefits of the new system, etc. in the
light of the user requirements.
• The system proposal is prepared by the System Analyst and places it before the
user management. The management may accept or reject the proposal or request
some modifications in the proposal. In summary, we would say that system study
phase passes through the following steps: problem identification and project
initiation, background analysis and inference or findings (system proposal)
• Feasibility Study.
• The feasibility study is basically the test of the proposed system in the light of its
workability, meeting user‘s requirements, effective use of resources and of
course, the cost effectiveness.
• The main goal of feasibility study is not to solve the problem but to achieve the
scope. In the process of feasibility study, the cost and benefits are estimated with
greater accuracy to find the Return on Investment (ROI).
• This also defines the resources needed to complete the detailed investigation. The
result is a feasibility report submitted to the management. This may be accepted
or accepted with modifications or rejected. The system cycle proceeds only if the
management accepts it.
• Detailed System Study
• The detailed investigation of the system is carried out in accordance with the
objectives of the proposed system. This involves detailed study of various
operations performed by a system and their relationships within and outside the
system.
• During this process, data are collected on the available files, decision points and
transactions handled by the present system. Interviews, on-site observation and
questionnaire are the tools used for detailed system study.
• Using the following steps it becomes easy to draw the exact boundary of the new
system under consideration:
• Keeping in view the problems and new requirements.
• Workout the pros and cons including new areas of the system.
• Detailed System Study
• All the data and the findings must be documented in the form of detailed data
flow diagrams (DFDs), data dictionary, logical data structures and miniature
specification. The main points to be discussed in this stage are:
• Specification of what the new system is to accomplish based on the user

requirements.
• Functional hierarchy showing the functions to be performed by the new
system and their relationship with each other.
• Functional network, which are similar to function hierarchy but they
highlight the functions which are common to more than one procedure.
• List of attributes of the entities – these are the data items which need to be
held about each entity (record)
• System Analysis
• Systems analysis is a process of collecting factual data, understand the processes

involved, identifying problems and recommending feasible suggestions for
improving the system functioning.
• This involves studying the business processes, gathering operational data,

understand the information flow, finding out bottlenecks and evolving solutions
for overcoming the weaknesses of the system so as to achieve the organizational
goals.
• System Analysis also includes subdividing of complex process involving the

entire system, identification of data store and manual processes.
• System Analysis.
• The major objectives of systems analysis are to find answers for each business
process:
• What is being done, How is it being done, Who is doing it, When is he doing
it, Why is it being done and How can it be improved?
• It is more of a thinking process and involves the creative skills of the System
Analyst. It attempts to give birth to a new efficient system that satisfies the
current needs of the user and has scope for future growth within the
organizational constraints.
• The result of this process is a logical system design. Systems analysis is an
iterative process that continues until a preferred and acceptable solution
emerges.
• System Design
• Based on the user requirements and the detailed analysis of the existing system,
the new system must be designed. This is the phase of system designing. It is the
most crucial phase in the developments of a system.
• The logical system design arrived at as a result of systems analysis is converted

into physical system design. Normally, the design proceeds in two stages:
• Preliminary or General Design
• Structured or Detailed Design
• Preliminary or General Design:

• In the preliminary or general design, the features of the new system are
specified. The costs of implementing these features and the benefits to be
derived are estimated. If the project is still considered to be feasible, we move
to the detailed design stage.
• Structured or Detailed Design:
• In the detailed design stage, computer oriented work begins in earnest. At this
stage, the design of the system becomes more structured.
• Structure design is a blue print of a computer system solution to a given problem

having the same components and inter-relationships among the same components
as the original problem. Input, output, databases, forms, codification schemes and
processing specifications are drawn up in detail.
• In the design stage, the programming language and the hardware and software
platform in which the new system will run are also decided.
• Structured or Detailed Design:
• There are several tools and techniques used for describing the system design of
the system. These tools and techniques are:
• Flowchart
• Data flow diagram (DFD)
• Data dictionary
• Structured English
• Decision table
• Decision tree
• The system design involves:
• Defining precisely the required system output.

• Determining the data requirement for producing the output.
• Determining the medium and format of files and databases
• Devising processing methods and use of software to produce output
• Determine the methods of data capture and data input
• Designing Input forms
• Designing Codification Schemes
• Detailed manual procedures
• Documenting the Design
• Coding
• The system design needs to be implemented to make it a workable system. This

demands the coding of design into computer understandable language, i.e.,
programming language.
• This is also called the programming phase in which the programmer converts the
program specifications into computer instructions, which we refer to as
programs.
• It is an important stage where the defined procedures are transformed into control
specifications by the help of a computer language. The programs coordinate the
data movements and control the entire process in a system.
• It is generally felt that the programs must be modular in nature. This helps in fast
development, maintenance and future changes, if required.
• Testing
• Before actually implementing the new system into operation, a test run of the
system is done for removing the bugs, if any. It is an important phase of a
successful system.
• After codifying the whole programs of the system, a test plan should be
developed and run on a given set of test data. The output of the test run should
match the expected results.
• Sometimes, system testing is considered a part of implementation process.
• Using the test data following test run are carried out:
• Program test
• System test
• Testing
• Before actually implementing the new system into operation, a test run of the
system is done for removing the bugs, if any. It is an important phase of a
successful system.
• After codifying the whole programs of the system, a test plan should be
developed and run on a given set of test data. The output of the test run should
match the expected results.
• Sometimes, system testing is considered a part of implementation process.
• Using the test data following test run are carried out:
• Program test
• System test
• Program test:
• When the programs have been coded, compiled and brought to working
conditions, they must be individually tested with the prepared test data. Any
undesirable happening must be noted and debugged (error corrections).
• System Test:
• After carrying out the program test for each of the programs of the system and
errors removed, then system test is done. At this stage the test is done on actual
data. The complete system is executed on the actual data.
• At each stage of the execution, the results or output of the system is analysed.
During the result analysis, it may be found that the outputs are not matching the
expected output of the system.
• In such case, the errors in the particular programs are identified and are fixed and
further tested for the expected output.
• Implementation.
• After having the user acceptance of the new system developed, the
implementation phase begins. Implementation is the stage of a project during
which theory is turned into practice.
• The major steps involved in this phase are:
• Acquisition and Installation of Hardware and Software

• Conversion
• User Training
• Documentation
• Implementation.
• After the users are trained about the computerized system, working has to shift
from manual to computerized working. The process is called ‗Changeover‘. The
following strategies are followed for changeover of the system.
• Direct Changeover:
• This is the complete replacement of the old system by the new system. It is a
risky approach and requires comprehensive system testing and training.
• Parallel run:
• In parallel run both the systems, i.e., computerized and manual, are executed
simultaneously for certain defined period.
• Pilot run:
• In this type of run, the new system is run with the data from one or more of
the previous periods for the whole or part of the system. The results are
compared with the old system results.
• Maintenance
• Maintenance is necessary to eliminate errors in the system during its working life
and to tune the system to any variations in its working environments. It has been
seen that there are always some errors found in the systems that must be noted
and corrected.
• It also means the review of the system from time to time. The review of the
system is done for:
• knowing the full capabilities of the system.
• knowing the required changes or the additional requirements
• studying the performance.
• If a major change to a system is needed, a new project may have to be set up to

carry out the change. The new project will then proceed through all the above life
cycle phases
Summary.
• The definition of a system.
• The characteristics of a system

• Organization, Interaction, Interdependence and Integration
• The elements of system analysis

• Output, input, files and processes
• The various types of systems

• Physical/ abstract system, open/ closed system, deterministic or probabilistic
system and man-made information system.
• Phases of system development life cycle

• Preliminary study, feasibility study, detailed system study, system analysis,
system design, coding, testing, implementation and maintenance.
Module 18:
Introduction to Information Management System.
Objectives
• Obtain an understanding of the concept of information system.
• Become familiar with the component and functions of information

system.
• To understand the categories of information system.
• Learn more about the evolution of information system.

Content.
1. Concept of Information system
2. Information system components
3. Functions of Information system
4. Information System and its role in management.
5. Types of Information System.

Concept of Information System.
• Information is data that has been processed into a form that is meaningful to the
recipient and is of real or perceived value in current and progressive decision
• Therefore the quality of decision depends upon the quality of information. This
phenomenon is also called GIGO (Garbage In Garbage Out).
• Some of the attributes of information are

• Availability – available on time
• Purpose – recipient must have some purpose
• Mode and Format – audio, video, printed; paragraphical, tubular, graphical
• Decay – refreshed time to time
• Rate – speed of transmission
• Frequency – repetition
• Completeness – relevancy
• Reliability – degree of significance must be marked
• Some of the attributes of information are :
• Cost Benefit analysis – must be cost effective
• Validity – period of use
• Quality – unbiased
• Transparency – must reveal the facts to take the decision
• Value – value must be positive
• Types of Information.
• In the context of business organization, information can be divided into two
categories :
• Internal
• External.
• Internal Information
• The information which is collected from the sources, internal to the organization
are called Internal Information.
• These information are generated from the operations of the organization at

various functional level.
• These information always pertains to the various operational units of the

organization.
• These information are generally required by middle or supervisory level of

management.
• Production figures, sales forecast, budgets, stock level, employee’s data,

accounting reports are the examples of internal information.
• External Information
• The information which is collected from the sources external to the organization
are called External Information.
• These information are generated in the external environment of the organization.
• These information are considered to affect the organizational performance in the

external environment.
• These information are generally required by top level management.
• These information are used in the planning process of management to give shape
to its future.
• Govt. policies, Economic trends, Market information, Competitive information

etc. are the examples of external information.
• Definition of System.
• A system is an orderly grouping of interdependent components linked together

according to a plan to achieve a specific objective.
• Types of System.
• Systems can be distinguished based on the following basis.

• Type of Element
• Interaction with environment
• Degree of automation
• Working behaviour
• Types of Elements.
• Depending upon the majority of elements we also classify system into two
categories : Abstract System and Physical system.
• Abstract System
• Also known as Conceptual system, Abstract system is an orderly arrangement

of concepts, ideas, of theories. For example – Theology, is a system of
orderly arrangement of ideas about God and its relationship with Human.
• Physical system
• A physical system is a set of tangible elements operates together to

accomplish objectives. For example – Computer system, Circulatory system,
Transportation system etc.
• Interaction with Environment
Open Closed
The system which interacts with its The system which does not interacts
environment. with its environment.
It takes input from environment and It neither take input nor provides output
gives output back to environment. to environment Self contained, self
sufficient systems.
It gets influenced by the changes taking It remains uninfluenced by the
place in the environment environmental changes.
The life time OS such system is It’s life time is much shorter compared
relatively longer. to open system.
E.g. Business organization. E.g. Use and throw digital watch.
• Degree of Automation
Manual Automated
Here data collection, manipulation and Here computer or microprocessor perform
final reporting is done absolutely by human all the tasks.
efforts.
It can handle less volume of data. It can handle relatively huge volume of
data which is not possible by human
efforts.
Their processing speed is relatively slow It offers quick and accurate processing of
and change of human error is always there data.
Data are difficult to transmit from one Data can be transported easily through
place to another. computer network.
Data analysis can be done only on sample Full population can be analysed.
and conclusion is drawn about population.
• Working Behavior.
Deterministic Probabilistic
It behave in a predictable manner. It behaves in a unpredictable manner.
If the current state of the system is known The future state can’t be determined even
to us then its future state can be if the current state is known for sure.
determined.
It has strong relationship among elements. It has weak relationship among the
elements.
An error free computer program is an Business organization is an example of
example of such type of system. such type of system.
• Definition of Information System.
• Information system is a formal set of processes that, working from a collection of

data structured depending to the company’s needs, gathers, processes and
distributes the information necessary for the company’s operations and for its
corresponding management and control activities, thereby supporting, at least in
part, the decision-making processes necessary for the company to perform its
business functions in line with its strategy.
• Information System and computer system.
• The computer system consists of a complex interconnection of numerous

hardware and software components, which are essentially determinist, formal
systems in that specific input always gives the same output.
• Information systems are social systems whose behaviour is largely influenced by

the objectives, values and beliefs of individuals and groups and by the
performance of technology. The way an information system behaves is not
determinist and does not follow the representation of any formal algorithmic
model.
Information System Components.
• Information systems comprise
• Hardware
• Software
• Telecommunications.
• Databases
• Human resources
• Procedures
• Hardware.
• These are the physical components of the computer – what you can see, feel and
touch
• Hardware is a key components of any information system – without the hardware
information cannot be processed.
• Software.
• These are the programs that runs on the computer.
• There are two types of computer programs: system software and application
software.
• System software programs are used to manage the computer system’s resources
and simplify programming.
• Applications, like spreadsheets or word processors, directly help the user to do

his or her work.
• Without software an Information system is not complete.

• Databases.
• A database is a collection of interrelated data, such as an organisation’s human

resource or product databases.
• The customer database is extremely valuable to the company since it can be used
to inform clients of new products or to develop new products that meet their
needs.
• A database must be organised so it can be accessed according to its content; for

example an order may be given to retrieve the names and addresses of customers
that were invoiced for totals in excess of one million in the previous year.
• Databases are managed by software systems known as database management

systems (dbms).
• Telecommunication.
• Telecommunications are the means by which information is transmitted

electronically over long distances.
• Nowadays, computer systems are generally connected by telecommunications
networks. Various network connections are available to suit the needs of different
companies.
• In a small company, computers are connected by local area networks (LAN),
enabling their users to communicate and share data, tasks and equipment. Wide
area networks (WAN) are used to connect computers at greater distances, either
within the company or in a different location.
• Internet, the ‘network of networks’, links up an immense variety of networks
from diverse fields worldwide.
• These connections enable computer users to access the company’s databases and
other computerised resources
• Human Resources.
• Two types of human resources can be distinguished:
• Information systems specialists and end users.
• Information systems specialists include systems analysts, programmers and

operators.
• End users are the people who use the information system or the output they
generate, in other words, the large majority of an organisation’s members.
• Procedures.
• Procedures are the policies and methods that must be followed when using,
operating and maintaining an information system.
• Procedures must be used, for example, to establish when to run the company’s
payroll program, to determine how many times it should be run, who is
authorised to do so and who has access to the reports it produces.
Functions of Information System.
• Companies or organizations develop information systems to help to perform the
tasks they are specifically designed to do.
• For example, a school will have a student records system, hospital will have medical
records, the police departments will hold criminal records, all companies will have a
payroll system, supermarkets will use inventory systems, offices will have office
automation systems, etc.
• All information systems carry out a series of functions that may be classified as
follows:
• Data capture and collection.
• Storage.
• Information processing.
• Distribution or dissemination of information.
• Data capture and collection.
• This function consists of capturing both external (related to the environment) and
internal (generated within the company) information and sending it through the
communication system to the entities within the information system responsible
for organizing it to avoid duplication and useless information (noise).
• The person or people who capture the information will depend on what type of
company they work for. Sales staff, purchasers, managers at different levels in
the hierarchy or members of the company in direct contact with organisations in
the environment can all act as information gatherers.
• The data capture and collection process should be more intense in the areas or
sectors of the environment and the company that are subject to the greatest
changes. Once the information has been collected and filtered, and redundant
information removed, it is stored.
• Storage.
• Storage is the ability of the IS to keep information/ data safe and retrievable as at
when required.
• The information can be stored in a file or database depending on the volume of

the data to be stored – this will be decided by the company base on their need.
• The method used in the storing also impacts on how the data will be retrieved
and the number of persons within or outside the organization that can have access
to the data.
• Access to or retrieval of the information can take many forms; for example
passwords may be used to access a database, enabling only authorised personnel
to access the information when required.
• Storage.
• Storage is the ability of the IS to keep information/ data safe and retrievable as at
when required.
• The information can be stored in a file or database depending on the volume of

the data to be stored – this will be decided by the company base on their need.
• The method used in the storing also impacts on how the data will be retrieved
and the number of persons within or outside the organization that can have access
to the data.
• Access to or retrieval of the information can take many forms; for example
passwords may be used to access a database, enabling only authorised personnel
to access the information when required.
• Information Processing.
• The purpose of information processing is to transform the stored information into

useful information that will be meaningful to the person who requires it.
• This is a key function of all information systems. Information processing is

essentially carried out by the computer subsystem.
• The spectacular development of computers has meant that on the one hand, the
volume of stored and processed data is constantly increasing, and on the other
hand, the falling cost of hardware has led to a generalized use of computers.
• Distribution and Dissemination of information.
• Not only must the information system provide the information each user requires,
but it must also disseminate information to other people within and even outside
the company.
• Different members of the company need to be aware of certain information about

the company and the environment in order to respond more quickly and
efficiently to everyday situations that require problems to be solved or decisions
to be taken.
Information System and its role in management.
• Below are the roles of information system as it relates to management.
• IS will help managers in effective decision-making.
• Based on IS, organization will gain edge in the competitive environment.
• IS helps taking right decision at the right time.
• Knowledge gathered through IS is useful in unusual situation.
• IS can be integrated to formulate a strategy of action.
• IS ensures pervasiveness of decision making.
• IS makes the organization transparent.
• IS helps managerial learning about organization.

Types of Information System.
• Management at different level take decisions matching to their hierarchy position in

the organization and different types of information system are designed and
developed for them.
• The lowest level is managed by operational level mangers. The routine office work
are mostly done at this level. No decision making process is carried out here but
proper organization and processing of data is important task. So, data processing
systems like TPS (Transaction Processing System) are developed for them.
• The middle levels management is responsible for routine decision making. In order
to help them information system like MIS (Management Information System) is
designed for them. It collects data from internal and external sources and provides
information to management.
• The top level management is responsible for non-routine, strategic decision making.
In order to help them information system like DSS (Decision Support System) is
designed for them. It helps them by providing information and decision model.
Primarily, information system can be classified into three broad categories
Information
System
Office
Operation Management
Automation
Support Support System
System
Word
Transaction Decision
processing
Support System support system
System
Management Executive Document

Information Information management
System system System
Enterprise Message
Resource Expert System Communication
Planner System
Tele-
Conferencing
System
Summary.
• Discussed the concept of information system - definition of information, system and
information system
• Discussed the various types of system - based on Type of Element, Interaction with
environment, Degree of automation, Working behavior
• Elaborated on the components of Information system - software, hardware,

telecommunication, human resources and procedure
• Functions of information system and its role in management.
• The various types of information system.

Module 19:
Management Information System.
Objectives
• Obtain an understanding of the concept of Management information

system.
• Become familiar with the historical development of Management

information system.
• To understand the various elements and categories of MIS
• Learn more about the effects and limitations of MIS.
• Discuss the various systems that supports Management Support Systems

Content.
1. What is Management Information System.
2. Historical development of MIS
3. Characteristics of MIS
4. Effects and Limitations of MIS
5. Management Support Systems.

What is Management Information System.
• The short for Management Information System – MIS refers broadly to a computer-
based system that provides managers with the tools for organizing, evaluating and
efficiently running their departments.
• MIS is an :
• Integrated man- machine system,
• for providing timely information to managers,
• to support managerial function and decision making.
• It utilizes :
• Computer Hardware and Software,
• Manual procedures,
• Decision Models and
• Data Bases
• MIS is:
• Right Information
• To the right person
• At the right place
• At the right time
• In the right form
• At the right cost

• Traditionally Only 5 resources were needed by managers to run a business
organization and they are 5M's : Men, Money, Machine, Material, Method.
• But today due to volatile and complex business environment and intense
competition, Information is regarded as an important resource by managers to
manage business.
• MIS is an organization's functional area that provides this information to managers.

It is obligatory for any organization to provide right information, in right quantity, to
right person, at right time.
• MIS deals with the critical information that effects the success of any business
organization. MIS is a tool for better management and scientific decision making.
Historical Development of MIS.
• The concept of MIS has changed substantially over the years.
• In the 50‟s and 60‟s, the management saw the potential of computers to process large
amounts of data speedily and accurately.
• The departments that were involved with such activities were known as Electronic
Data Processing (EDP) departments.
• The focus of EDP was Record Keeping e.g. accounting data – Payroll data.
• In the 70‟s, there was a discernible shift from data to information. The focus was not
on data but on the analysis of Organization data.
• There was a shift in the philosophy. Such a concept came to be widely known as
„Management Information System‟.
• In the 70‟s the top management relied on the staff of EDP (Electronic Data
Processing) & MIS (Management Information System) to supply the necessary
information.
• The 80‟s saw the Personal Computer (PC) revolution. The Personal Computer & the
desk-top metaphor changed the picture completely.
• The biggest pay-off for such direct use was the “what-if” analysis capability. This led
to the emerge of Decision Support Systems (DSS).
• The information and decision hungry managers of 80‟s saw a huge potential in the
expert systems as a result of spectacular growth in the Artificial Intelligence area.
• Combined with DSS philosophy the expert systems could supply a superior class of
managerial information support, known as Knowledge Based Systems (KBS).
• The EDP targeted the operational level of management.
• The MIS /DSS / KBS target the middle management.
• Attempts were made to provide information to top management as well, known as

Executive Information System (EIS).
• EDP - Focus on Data
• OAS- Focus on
Communication
TPS MIS ESS AI • MIS - Focus on
Information
• DSS - Focus on
Decision Support
• EIS - Focus on
OAS DSS KS/ES Decision Support for
Top Management
• ES - Focus on
1950’s 21st Century Consultation
• AI - Focus on self-
learning / thinking
systems
Elements of Management Information System.
• The three sub-components Management, Information and System - together bring
out the focus clearly & effectively.
• Management focusing on the ultimate use of such information systems for

managerial decision making.
Management
As a group of people As a set of activities
• Determining goals and objectives • Planning

• Develop plans to achieve them • Organizing
• Identification and acquisition of • Staffing
resources exercising Control • Directing
• Performance Evaluation • Controlling
• ·Co-ordinating group efforts • Decision Making
Elements of Management Information System.
• Information
• Stressing on processed data in the context in which it is used by end users.
• Information is data that has been processed into a form that is meaningful to the
recipient and is of some value in current or progressive decision.
• System
• Emphasizing a fair degree of integration and a holistic view.
• A set of elements which are interdependent, interacting and operating together to
achieve a common goal.
Characteristics of an effective MIS.
• Below are the characteristics of an effective MIS
• Management Oriented:
• It means that effort for the development of the information system should start
from an appraisal of management needs and overall business objectives.
• Management Directed:
• Because of management orientation of MIS, it is necessary that management
should actively direct the system‟s development efforts.
• Integrated:
• Development of information should be an integrated one which means that all the
functional and operational information subsystem should be tied together into
one entity.
• Common Data Flows:
• It means the use of common input, processing and output procedures and media
whenever required.
• Heavy Planning Element:

• An MIS usually takes 3 to 5 years and sometimes even longer period to get
established firmly within a company.
• Sub System Concept:

• Even though the information system is viewed as a single entity, it must be
broken down into digestible sub-systems which can be implemented one at a time
by developing a phasing plan.
• Common Database:
• Database is the mortar that holds the functional systems together. It is defined as
a “super-file” which consolidates and integrates data records formerly stored in
many separate data files.
• Computerized:
• Though MIS can be implemented without using a computer, the use of computers
increases the effectiveness of the system.
Integrated view of MIS.
Misconception about MIS
• The use of MIS is about the use of computer.
• More data in reports means more information for managers.
• Accuracy in reporting is important.

Pre-requisites of MIS
• An effective MIS should have the following ingredient ready before it is
operationalized.
• Data Base
• A rich data base is required for an effective MIS. This database should be –
• User oriented
• Common to all Sub-system
• Accessable to authorised person only
• Controlled by separate authority
• Qualified system and Management Staff

• Success of any system depends upon the people who operate it, their knowledge
and experience.
• MIS need 2 type of experts:
• System expert
• Management expert
• System expert in addition to their expertise should also understand management
concepts and processes of decision making.
• Management expert should understand the concept and operations of computer.
• This pre-requisite is confronted with many problems such as non-availability or

experts, their high turnover, high mobility. These can be offset by recruiting fresh
candidate and developing them accordingly.
• Support of Top Management

• For the 2 main reasons support of top management is required –
• To obtain data from sources
• To get funds in order to acquire the resource involved in computer based
system.
• To gain support of top management MIS should place, before top management
all the facts and the benefits to the organization from MIS.
• Control & Maintenance of MIS
• Users sometimes creates shortcut to use the system, which reduce effectiveness of
MIS. A control plan should be developed to check such practices.
• Similarly there are times when improvements in the system is required. Formal
plan & methods should be devised to provide periodic maintenance to the system.
• Evaluation of MIS
• Evaluation of MIS means testing
• Whether it is capable of meeting current and future information requirement of
managers or not.
• Whether it is enough flexible to meet changing information requirement in
future or not.
• Following factors must be considered in evaluation –
• Examining the existence of flexibility in the system
• Ascertaing the views of user & developers
• Guide the steps to be taken to improve the effectiveness of MIS.
Constraints in operating MIS.
Constraints Remedy
Non - availability of experts Grooming internal staff
High turnover of experts Grooming internal staff
Mobility of experts Grooming internal staff
Problem in selecting the subsystem Considering need and importance

of the function
Non-standardize approaches of Adopt the industry specific

Development and implementation approach(trend
Non-availability of co-operation Strong management control

from staff.
Difficulty in measuring benefits of Consider how many times
MIS managers asks for information.
Effect of using Computer for MIS.
• Speed of processing & accessing of data increases -timeliness of information can be
met
• Scope of use of MIS has expanded -due to the use of network & communication
system
• Scope of analysis widened -more data can be considered in analysis
• Complexity of system design and operation increased – because technicality in its
use and operations is increased.
• Integration of Sub-system in possible - common database is possible even in high
volume due to computer disks.
• Effectiveness of information system increases - because timeliness and accuracy of
information is increased.
• More comprehensive information is made available to executives - covering all
aspect of the problem.
Limitations of MIS.
• Quality of output depends upon quality of input - i.e. GIGO
• MIS is just a tool in hands of management & does not replace managerial judgment.
• MIS is not very flexible to update itself quickly with the changing need.
• MIS cannot provided tailor-made information.
• MIS takes into account only quantitative factors and not qualitative factors.
• MIS is less useful in non programmed decisions.
• MIS is less effective in the organization where culture of not sharing information
with other holds.
• Effectiveness of MIS decreases due to frequent changes in top mgmt.

Management Support Systems.
• MSS focus on the managerial uses of information resources and provide information
to managers for planning and decision making.
• It is further classified into three categories:
• DSS
• EIS
• ES.
• Decision Support System (DSS)
• DSS is a system that provides tools to managers to assist them in solving semi-
structured and unstructured problem in their own way.
• DSS is not intended to make decisions for managers, but rather to provide
managers with a set of capabilities that enable them to generate the information
required by them.
• Such systems are particularly useful to higher level managers whose requirement
for information are some what unpredictable.
• Unlike MIS, which provide fixed, pre-formatted information in a standardized

way, DSS is more flexible and adaptable to changing decision making
requirement.
• In other words - A DSS supports the human decision making process, rather than
providing a means to replace it.
• Executive Information System (EIS)
• EIS, sometimes referred to as an Executive support system (ESS) is designed to
meet the special need of top-level executives.
• Executive is a managers at or near the top of the organization hierarchy who has
a strong influence on the plans and operations taken by the organization.
Executives are the good link between top and other level of management.
• Characteristics of EIS
• An EIS is a tool that provides direct on-line access to relevant information in a

useful & navigable Format. It has the following characteristics –
• Specifically designed to meet executive's information need.
• Able to access data about specific issues and problems.
• Provide on -line analysis tool
• Can access both internal and external data
• Characteristics of EIS
• Easy to use i.e. GUI based software, user friendly hardware like mouse, touch
screen etc.
• Used directly by executive with out technical assistance
• Present information by graphical means
• Present summary information instead of details
• Able to manipulate data to perform “what –if” analysis
• Require large amount of storage & processing capacity in both terminal &
server
• Expert System (ES)
• Expert systems are the software that imitate the reasoning processes of human
experts and provide decision makers with the type advice they would normally
receive from such experts.
• Benefits of ES
• ES preserve the knowledge of an expert who is leaving the organization.
• ES put information into an active-form(readily accessible).
• ES assist novice in solving the problem they professionals do.
• ES does not get stressed out.
• ES can be effectively used as strategic tool.
• Application of ES
• Some of the business applications of expert system are:
• Accounting and Finance: Tax advice and assistance, Forecasting, Providing

investment advice etc.
• Marketing: Sales quotas, Handling customers inquiries, Discount policies,

Telemarketing etc.
• Manufacturing: Process controlling, Quality controlling, Production

scheduling, Selecting transporting route, Fault monitoring etc.
• Personnel: Recruitment, Training, Task assignment, Performance appraisal
• General business: Evaluating project proposal, Strategy selection, Reporting

etc.
Summary.
• Discussed what is management information system.
• Elaborated on the historical development of MIS
• Elements of MIS - information, management, system
• Characteristics, limitations, pre-requisites and constraints of MIS
• Management Support Systems – DSS, ES and EIS

Module 20:
Introduction to Information Technology Service Management.
Objectives
• Obtain an understanding of ITSM – Information Technology Service
Management.
• Become familiar with ITIL – Information Technology Infrastructure

Library.
• To understand IT Service Life Cycle - Service strategy, Service design,

Service Operations, Service transition and Continual service
improvement.
Content.
1. Overview of ITSM.
2. Introduction to ITIL.
3. Service Lifecycle.
Overview of ITSM.
• In order to understand what Service Management is, and why it is so important to
enterprises, we need to understand what services are, and how Service Management
can help service providers to deliver and manage these services.
• A service is a means of delivering value to customers by facilitating outcomes

that customers want to achieve without the ownership of specific costs and risks.
• The outcomes that customers want to achieve are the reason why they purchase or
use a service.
• The value of the service to the customer is directly dependent on how well a service
facilitates these outcomes.
• In the past, service providers often focused on the technical (supply side) view of
what constituted a service, rather than on the consumption side.
Overview of ITSM.
• Service Management is what enables a service provider to:
• Understand the services that they are providing from both a consumer and
provider perspective.
• Ensure that the services really do facilitate the outcomes that their customers
want to achieve.
• Understand the value of those services to their customers and hence their relative
importance.
• Understand and manage all of the costs and risks associated with providing those
services.
• Service Management is a set of specialised organisational capabilities for providing

value to customers in the form of services.
• These ‘specialised organisational capabilities’ include the processes, activities,
functions and roles that a service provider uses to let them to deliver services to
their customers, as well as the ability to establish suitable organisation structures,
manage knowledge, and understand how to facilitate outcomes that create value.
Overview of ITSM.
• ITSM – Information Technology Service Management concept is based on an IT
management approach focused on business user needs makes it possible to:
• Improve IT cost transparency and effectiveness.

• Ensure the availability of business-critical IT services.
• Establish generally accepted IT governance standards.
• Implementing ITSM best practices opens up a wide range of possibilities. Changes in

processes typically affect the relationship between IT and the business, the culture of
the organization and corporate automation.
• The success of IT services is driven by effective interaction between people,

processes and technologies. The importance of ITSM today is due to the growing
dependence of organizations on IT, demands for greater IT transparency, increased
customer expectations and the complexity of information infrastructures, the greater
dependence of competitive advantage on IT, and many other factors.
Overview of ITSM.
• Below are some of the positive effects of ITSM
• IT services meet current and future businesses and customer needs.
• Improved IT service quality and IT support efficiency.
• Improved IT department governance and transparency.
• Lower long-term IT service costs.
• A more proactive IT department Compliance with legal and other regulatory

requirements
Overview of ITSM.
• Best practices Vs Good practices.
• Enterprises operating in dynamic environments need to improve their
performance and maintain competitive advantage. Adopting practices in industry-
wide use can help to improve capability.
• The term ‘best practice’ generally refers to the ‘best possible way of doing
something’. As a concept, it was first raised as long ago as 1919, but it was
popularised in the 1980s through Tom Peters’ books on business management.
• The idea behind best practice is that one creates a specification for what is
accepted by a wide community as being the best approach for any given
situation. Then, one can compare actual job performance against these best
practices and determine whether the job performance was lacking in quality
somehow.
• Alternatively, the specification for best practices may need updating to include
lessons learned from the job performance being graded.
Overview of ITIL.
• ITIL – Information Technology Infrastructure Library s a collection of books which
contain recommendations & suggestions to improve provision of IT Services
• Not a standard but a Best Practices Framework which is a source of good practice in
Service Management. The standard for IT Service Management (ITSM) is ISO/IEC
20000, which is aligned with, but not dependent on, ITIL.
• The objective of the ITIL Service Management framework is to provide guidance

applicable to all types of organisations that provide IT services to businesses,
irrespective of their size, complexity, or whether they are commercial service
providers or internal divisions of a business.
Overview of ITIL.
• Benefits of ITIL Framework.
• Increased user and customer satisfaction with IT services.
• Improved service availability, directly leading to increased business profits and

revenue.
• Financial savings from reduced rework, lost time, improved resource

management and usage.
• Improved time to market for new products and services.
• Improved decision making and optimized risk.

Overview of ITIL.
• Benefits of ITIL Framework.
• Increased user and customer satisfaction with IT services.
• Improved service availability, directly leading to increased business profits and

revenue.
• Financial savings from reduced rework, lost time, improved resource

management and usage.
• Improved time to market for new products and services.
• Improved decision making and optimized risk.

Overview of ITIL.
• The implementation of ITIL as a practice is about preparing and planning the
effective use of The Four Ps:
• People - skills, training, communication
• Processes - actions, activities, changes, goals
• Products - tools, monitor, measure, improve
• Partners - specialist suppliers

The Service Life Cycle.
• The service life cycle is divided into Five stages:
• Service Strategy
• Strategy generation
• Financial management
• Service portfolio management
• Demand management
• Service Design
• Capacity, Availability, Info Security Management
• Service level & Supplier Management
The Service Life Cycle.
• The service life cycle is divided into Five stages:
• Service Transition
• Planning & Support
• Release & Deployment
• Asset & Config management
• Change management
• Knowledge Management
• Service Operation
• Problem & Incident management
• Request fulfilment
• Event & Access management
• Continual Service Improvement

• Service measurement & reporting
The Service Life Cycle – Service Strategy.
• Service Strategy.
• What are we going to provide?

• Can we afford it?
• Can we provide enough of it?
• How do we gain competitive advantage?
• Perspective
• Vision, mission and strategic goals
• Position
• Plan
• Pattern
• Must fit organisational culture
• Service Strategy Activities.
• There are four activities under this stage
Define the market
Develop the offering
Develop strategic assets
Plan for Execution

• Service Strategy Processes.
• Strategy Management for IT Service
• To assess the service provider's offerings, capabilities, competitors as well as
current and potential market spaces in order to develop a strategy to serve
customers. Once the strategy has been defined, Strategy Management for IT
Services is also responsible for ensuring the implementation of the strategy.
• Service Portfolio Management

• To manage the service portfolio. Service Portfolio Management ensures that
the service provider has the right mix of services to meet required business
outcomes at an appropriate level of investment.
• Demand Management.
• To understand, anticipate and influence customer demand for services.
Demand Management works with Capacity Management to ensure that the
service provider has sufficient capacity to meet the required demand.
The Service Life Cycle – Service Design.
• How are we going to provide it?
• How are we going to build it?
• How are we going to test it?
• How are we going to deploy it?
• Holistic approach to determine the impact of change introduction on the existing

services and management processes
• Processes in Service Design.
• Availability Management.
• To define, analyze, plan, measure and improve all aspects of the availability
of IT services. Availability Management is responsible for ensuring that all IT
infrastructure, processes, tools, roles etc. are appropriate for the agreed
availability targets.
• Capacity Management.
• To ensure that the capacity of IT services and the IT infrastructure is able to
deliver the agreed service level targets in a cost effective and timely manner.
Capacity Management considers all resources required to deliver the IT
service, and plans for short, medium and long term business requirements.
• Service Level Management.

• To negotiate Service Level Agreements with the customers and to design
services in accordance with the agreed service level targets. Service Level
Management is also responsible for ensuring that all Operational Level
Agreements and Underpinning Contracts are appropriate, and to monitor and
report on service levels.
• Risk Management.
• To identify, assess and control risks. This includes analyzing the value of
assets to the business, identifying threats to those assets, and evaluating how
vulnerable each asset is to those threats.
• Supplier Management.
• To ensure that all contracts with suppliers support the needs of the business,
and that all suppliers meet their contractual commitments.
• Compliance Management.
• To ensure IT services, processes and systems comply with enterprise policies
and legal requirements.
• IT Service continuity Management.

• To manage risks that could seriously impact IT services. ITSCM ensures that
the IT service provider can always provide minimum agreed Service Levels,
by reducing the risk from disaster events to an acceptable level and planning
for the recovery of IT services. ITSCM should be designed to support
Business Continuity Management.
The Service Life Cycle – Service Transitions.
• The objective of Service Transition is to build and deploy IT services. Service
Transition also makes sure that changes to services and Service Management
processes are carried out in a coordinated way.
• The processes involved in service transitions are:
• Change Management
• To control the lifecycle of all Changes. The primary objective of Change
Management is to enable beneficial Changes to be made, with minimum
disruption to IT services.
• Change Evaluation
• To assess major Changes, like the introduction of a new service or a
substantial change to an existing service, before those Changes are allowed to
proceed to the next phase in their lifecycle.
• Application Development
• To make available applications and systems which provide the required
functionality for IT services. This process includes the development and
maintenance of custom applications as well as the customization of products from
software vendors.
• Release and Deployment Management

• To plan, schedule and control the movement of releases to test and live
environments. The primary goal of Release Management is to ensure that the
integrity of the live environment is protected and that the correct components are
released.
• Service Validation and Testing

• To ensure that deployed Releases and the resulting services meet customer
expectations, and to verify that IT operations is able to support the new service.
• Service Asset and Configuration Management
• Process Objective: To maintain information about Configuration Items required to
deliver an IT service, including their relationships.
• Knowledge Management
• Process Objective: To gather, analyze, store and share knowledge and information
within an organization. The primary purpose of Knowledge Management is to
improve efficiency by reducing the need to rediscover knowledge.
The Service Life Cycle – Service Operations.
• The objective of ITIL Service Operation is to make sure that IT services are delivered
effectively and efficiently. This includes fulfilling user requests, resolving service
failures, fixing problems, as well as carrying out routine operational tasks.
• The processes involved in service operations are

• Event Management
• To make sure CIs and services are constantly monitored, and to filter and
categorize Events in order to decide on appropriate actions.
• Incident Management
• To manage the lifecycle of all Incidents. The primary objective of Incident
Management is to return the IT service to users as quickly as possible.
• Request Fulfilment
• To fulfill Service Requests, which in most cases are minor (standard) Changes
(e.g. requests to change a password) or requests for information.
• Access Management
• To grant authorized users the right to use a service, while preventing access to
non-authorized users. The Access Management processes essentially execute
policies defined in Information Security Management. Access Management is
sometimes also referred to as Rights Management or Identity Management.
• Problem Management
• To manage the lifecycle of all Problems. The primary objectives of Problem
Management are to prevent Incidents from happening, and to minimize the
impact of incidents that cannot be prevented. Proactive Problem Management
analyzes Incident Records, and uses data collected by other IT Service
Management processes to identify trends or significant Problems.
• IT Operations Control
• To monitor and control the IT services and their underlying infrastructure. The
process IT Operations Control executes day-to-day routine tasks related to the
operation of infrastructure components and applications. This includes job
scheduling, backup and restore activities, print and output management, and
routine maintenance.
• Application Management
• Application Management is responsible for managing applications throughout
their lifecycle.
• Technical Management
• Technical Management provides technical expertise and support for the
management of the IT infrastructure.
The Service Life Cycle – Continual Service Improvement.
• The ITIL Continual Service Improvement (CSI) process uses methods from quality
management in order to learn from past successes and failures. The CSI process aims
to continually improve the effectiveness and efficiency of IT processes and services,
in line with the concept of continual improvement adopted in ISO 20000.
• Key Steps to Improvement. What should

we measure?
Corrective What can we

action measure?
Present and
Gather data
use info
Analyse data Process data

• Key Processes in CSI.
• Service Review
• To review business services and infrastructure services on a regular basis.
The aim of this process is to improve service quality where necessary, and to
identify more economical ways of providing a service where possible.
• Process Evaluation
• To evaluate processes on a regular basis. This includes identifying areas
where the targeted process metrics are not reached, and holding regular
benchmarkings, audits, maturity assessments and reviews.
• Key Processes in CSI.
• Definition of CSI Initiatives

• To define specific initiatives aimed at improving services and processes,
based on the results of service reviews and process evaluations. The resulting
initiatives are either internal initiatives pursued by the service provider on his
own behalf, or initiatives which require the customer’s cooperation.
• Monitoring of CSI Initiatives

• To verify if improvement initiatives are proceeding according to plan, and to
introduce corrective measures where necessary.
Summary.
• Discussed – Service, Service management and the importance to the enterprise.
• An overview of Information Technology Service Management – ITSM.
• The benefits of Information Technology Infrastructure Library – ITIL
• Understood the service lifecycle

• Service Strategy
• Service Design
• Service Transition.
• Service Operations.
• Continual service improvement.
Module 21:
An Overview of E-Commerce
Objectives
• Obtain an understanding of the basics of E-Commerce.
• Become familiar with the different types of E-Commerce.
• To understand the benefits of E-Commerce.
• Learn about the ideas in E-Commerce.

Content.
1. Introduction to E-Commerce
2. E-commerce terminologies.
3. Types of E-commerce
4. Benefits of E-commerce
5. Limitations of E-commerce.
Introduction to E-Commerce.
• E-commerce is one of the most important facets of the Internet to have emerged in
recent times. E-commerce or electronic commerce involves carrying out business
over the Internet with the assistance of computers, which are linked to each other
forming a network.
• To be specific, e- commerce is buying and selling of goods and services and transfer
of funds through digital communications (i.e the internet especially the world wide
web).
• Electronic commerce or e-commerce refers to a wide range of online business

activities for products and services. It also pertains to “any form of business
transaction in which the parties interact electronically rather than by physical
exchanges or direct physical contact.”
• E-commerce is the use of electronic communications and digital information
processing technology in business transactions to create, transform, and redefine
relationships for value creation between or among organisations, and between
organisations and individuals.
• E-commerce is usually associated with buying and selling over the Internet, or
conducting any transaction involving the transfer of ownership or rights to use goods
or services through a computer- mediated network.
E-Commerce E-Business
 Digitally enabled commercial  Digital enablement of transactions
transactions between organizations and processes within a firm, involving
and individuals. information systems under the control
 Digitally enabled transactions include of the firm
all transactions mediated by digital  E-business does not involve
technology commercial transactions across
 Commercial transactions involve the organizational boundaries where
exchange of value across value is exchanged
organizational or individual
boundaries in return for products or
services
Common E-Commerce Terminologies.
• Ad Clicks Number of times that a viewer clicks on an ad banner.
• Address Verification Process used by a credit card processor or other party to verify
that a customer's ordering address matches their records.
• Authorisation The process of checking the validity and available balance
• Bandwidth The amount of information (web pages, text, graphics, video, sound, etc)
that is downloaded through a connection.
• Banner An interactive ad placed on a webpage that is linked to an external

advertiser's website or another internal page within the same website.
• Certificate Authority A Certificate Authority (CA) is a third party which verifies the
identity of merchants and their sites. The certificate authority issues a certificate (also
called a digital certificate or an authentication certificate) to an applicant company,
which can then put the certificate up on its site.
• Commerce Server This is the server that manages and maintains all transactional
and backend data for a commerce website.
• Cookies Cookies collect information as a user surfs the web and feed the information
back to a web server. An online vendor's site will send a cookie (which is most
simply an identification number) to a user's computer, where it is stored in a file on
the user's hard drive and serves as a digital identifier tag that notifies the vendor
whenever that user re- enters the vendor's website.
• Digital Certificate A Digital Certificate issued by a Certificate Authority certifies
that a merchant and a particular website are connected, just as a photo on your
driver's license connects your identity with your personal details. A digital certificate
verifies to the shopper that the virtual store is actually associated with a physical
address and phone number which can increase the shopper’s confidence in the
authenticity of the merchant.
• Hit Each time a Web server sends a file to a browser, a "hit" is recorded in the server
file logs.
• Merchant Account A "bank account" established with a payment processor for the
settlement of credit card transactions. Any merchant who wants to take credit card
orders must establish a merchant account. Internet merchants need a "Card Not
Present Merchant Account.
• “Off-Line Transaction Processing” Capture of order and credit card information
for later authorisation and transaction processing through a traditional card swipe
terminal or through a computer.
• SSL Secure Socket Layer is an encryption technology on the server that scrambles
important data such as credit card numbers and order information when it is being
stored or passed from one computer to another.
Unique features of E-Commerce technology.
Dimension of E-commerce Technology Significance in Business
Ubiquity The marketplace is extended beyond
Internet/Web technology is available every traditional boundaries and is removed from
where: at work, at home, and elsewhere via a temporal and geographic location.
mobile devices, anytime. “Marketspace” is created; shopping can
take place anywhere. Customer
convenience is enhanced, and shopping
costs are reduced.
Global Reach Commerce is enabled across cultural and
The technology reaches across national national boundaries seamlessly and
boundaries, around the earth. without modification. “Marketspace”
includes potentially billions of consumers
and millions of businesses worldwide.
Universal Standards There is one set of technical media
There is one set of technology standards, standards across the globe.
namely internet standards.
Richness Video, audio, and text marketing messages
Video, audio, and text messages are are integrated into a single marketing
possible. message and consuming experience.
Interactivity Consumers are engaged in a dialog that

The technology works through interaction dynamically adjusts the experience to the
with the users. individual, and makes the consumer a co-
participant in the process of delivering
goods to the market.
Information Density Information processing, storage, and
The technology reduces information costs communication costs drop dramatically,
and raises quality. while currency, accuracy, and timeliness
improve greatly. Information becomes
plentiful, cheap, and accurate.
Personalization / Customization Personalization of marketing messages and
The technology allows personalized customization of products and services are
messages to be delivered to individuals as based on individual characteristics.
well as groups.
Multi-Disciplinary nature E-Commerce.
Discipline Details
Marketing Many issues of marketing offline are relevant to online E-
Commerce - for example, cost benefits of advel1isements and
advertisement strategies. Other issues are unique to E-
Commerce, ranging from online marketing strategy to
interactive kiosks.
Computer Science Many of the issues in the infrastructure of E-commerce, such
as languages, multimedia, and networks, fall into the discipline
of computer sciences. Intelligent agents play a major role in E-
Commerce as well.
Consumer behavior Consumer behavior is the key to the success of B2C trade, but
and Psychology so is the behavior of the sellers. The relationship between
cultures and consumer attitude in electronic market is an
example of a research issue in the field.
Discipline Details
Finance The financial markets and banks are one of the major participants in
E-Commerce. Also, financing arrangements are part of many online
transactions. Issues such as using the Internet as a substitute for a
stock exchange and fraud in online stock transactions are a sample of
the many topics of the filed.
Economics Electronic commerce is influenced by economic forces and has a
major impact on world and country economies. Also, theories of
micro and macro-economics need to be considered in E-Commerce
planning, as well as the economic impacts of E-Commerce on firms.
Management The information systems department is usually responsible for the
Information deployment of E-Commerce. This discipline covers issues ranging
System from systems analysis to system integration, not to mention
planning, implementation, security, and payment systems, among
others.
Discipline Details
Accounting and The back-office operations of electronic transactions are similar to
Audit other transactions in some respects, but different in others. For
example, auditing electronic transactions presents a challenge for the
accounting profession; so does the development of methodologies
for cost-benefit justification.
Management Electronic commerce efforts need to be managed properly, and
because of the interdisciplinary nature of E-Commerce, its
management may require new approaches and theories.
Business law Legal and ethical issues are extremely important in E-Commerce,
and ethics. especially in a global market. A large number of legislative bills are
pending, and many ethical issues are interrelated with legal ones,
such as privacy and intellectual property.
Types of E-Commerce.
• The major types of e-commerce are:
• Business-to-Business (B2B)
• Business-to-Consumer (B2C)
• Customer-to-Business (C2B)
• Consumer-to-Consumer (C2C)
Types of E-Commerce – B2B
• B2B e-commerce is simply defined as e-commerce between companies. This is the
type of e-commerce that deals with relationships between and among businesses.
• About 80% of e-commerce is of this type, and most experts predict that B2B e-
commerce will continue to grow faster than the B2C segment.
Types of E-Commerce – B2B
• The advantages of the B2B model are:
• It can efficiently maintain the movement of the supply chain and the
manufacturing and procuring processes.
• It can automate corporate processes to deliver the right products and services
quickly and cost-effectively.
• The B2B model is predicted to become the largest value sector of the industry within
a few years. This is said to be the fastest growing sector of e-commerce.
Types of E-Commerce – B2C
• The B2C model involves transactions between business organizations and
consumers.
• It applies to any business organization that sells its products or services to consumers
over the Internet. These sites display product information in an online catalog and
store it in a database. The B2C model also includes services online banking, travel
services, and health information.
Types of E-Commerce – C2C
• The C2C model involves transaction between consumers. Here, a consumer sells
directly to another consumer.
• However, it is essential that both the seller and the buyer must register with the
auction site. While the seller needs to pay a fixed fee to the online auction house to
sell their products, the buyer can bid without paying any fee. The site brings the
buyer and seller together to conduct deals.
Types of E-Commerce – C2B
• The C2B model involves a transaction that is conducted between a consumer and a
business organization.
• It is similar to the B2C model, however, the difference is that in this case the
consumer is the seller and the business organization is the buyer.
• In this kind of a transaction, the consumers decide the price of a particular product
rather than the supplier. This category includes individuals who sell products and
services to organizations.
• For example, www.monster.com is a Web site on which a consumer can post his bio-
data for the services he can offer. Any business organization that is interested in
deploying the services of the consumer can contact him and then employ him, if
suitable.
Types of E-Commerce – C2B
Types of E-Commerce – Other model
• In addition to the models discussed so far, five new models are being worked on that
involves transactions between the government and other entities, such as consumer,
business organizations, and other governments.
• All these transactions that involve government as one entity are called e-governance.
The various models in the e-governance scenario are:
• Government-to-Government (G2G) model: This model involves transactions

between 2 governments. For example, if the American government wants to by
oil from the Arabian government, the transaction involved are categorized in the
G2G model.
• Government-to-Consumer (G2C) model: In this model, the government

transacts with an individual consumer. For example, a government can enforce
laws pertaining to tax payments on individual consumers over the Internet by
using the G2C model.
Types of E-Commerce – Other model
• Consumer-to-Government (C2G) model: In this model, an individual consumer
interacts with the government. For example, a consumer can pay his income tax or
house tax online. The transactions involved in this case are C2G transactions.
• Government-to-Business (G2B) model: This model involves transactions between a

government and business organizations. For example, the government plans to build a
fly over. For this, the government requests for tenders from various contractors.
Government can do this over the Internet by using the G2B model.
• Business-to-Government (B2G) model: In this model, the business houses transact

with the government over the Internet. For example, similar to an individual
consumer, business houses can also pay their taxes on the Internet.
Benefits of E-Commerce
• Few innovations in human history encompass as many potential benefits as E-
Commerce does.
• The global nature of the technology, low cost, opportunity to reach hundreds of
millions of people, interactive nature, variety of possibilities, and resourcefulness and
growth of the supporting infrastructure (especially the web) result in many potential
benefits to organisations, individuals, and society.
• These benefits are just starting to materialize, but they will increase significantly as
E-Commerce expands. It is not surprising that some maintain that the E-Commerce
revolution is just 'as pro- found as the change that came with the industrial revolution.
Benefits of E-Commerce – to the organization
• Electronic commerce expands the market lace to national and international market
with minimal capital outlay, a company can easily and quickly locate more
customers, the best suppliers, and the most suitable business partners worldwide.
• Electronic commerce decreases the cost of creating, processing, distributing, storing,

and retrieving paper-based information. For example, by introducing an electronic
procurement system, companies can cut the purchasing administrative costs by as
much as 85 percent.
• Electronic commerce allows reduced inventories and overhead by facilitating “pull”

type supply chain management. In a pull-type system the process starts from
customer orders and uses just-in-time manufacturing.
• The pull-type processing enables expensive customization of products and services

which provides competitive advantage to its implementers.
Benefits of E-Commerce – to the organization
• Electronic commerce reduces the time between the outlay of capital and the receipt
of products and services.
• Electronic commerce initiates business processes reengineering projects By changing

processes, productivity of salespeople, knowledge workers, and administrators can
increase by 100 percent or more.
• Electronic commerce lowers telecommunication cost the internet is much cheaper

than value added networks.
• Other benefits include improved image, improved customer service, new found
business partners, simplified processes, compressed cycle and delivery time,
increased productivity, eliminating paper, expediting access to information, reduced
transportation costs, and increased flexibility.
Benefits of E-Commerce – to the customer
• Electronic commerce enables customers to shop or do other transactions 24 hours a
day, all year round, from almost any location.
• Electronic commerce provides customer with more choices; they can select from
many vendors and from many more products.
• Electronic commerce frequently provides customers with less expensive products

and services by allowing them to shop in many places and conduct quick
comparisons.
• In some cases, especially with digitized products, E-Commerce allows quick

delivery.
• Customers can receive relevant and detailed information in seconds, rather than days
or weeks.
• Electronic commerce makes it possible to participate ate in virtual auctions.
Benefits of E-Commerce – to the society
• Electronic commerce enables more individuals to work at home and to do less
traveling for shopping, resulting in less traffic on the roads and lower air pollution.
• Electronic commerce allows some merchandise to be sold at lowest prices, so less

affluent people can buy more and increase their standard of living.
• Electronic commerce enables people in third world countries and rural areas to enjoy
products and services that otherwise are not available to them.
• Electronic commerce facilitates delivery of public services, such as health care,

education, and distribution of government social services at a reduced cost and/or
improved quality. Health care services, e.g., can reach patients in rural areas.
Limitations of E-Commerce - Technical
• There is a lack of s stem security, reliability, standards and communication protocols.
• There is insufficient telecommunication bandwidth.
• The software e development tools are still evolving and changing rapidly.
• It is difficult to integrate the Internet and E-Commerce software with some existing
applications and databases.
• Vendors may need special Web servers and other infrastructures in addition to the
network servers.
• Some E-Commerce software might not fit with some hardware or may be
incompatible with some operating systems or other components.
Limitations of E-Commerce – Non-Technical
• Lack of awareness
• Lack of infrastructure
• Skeptic attitude
• Credit card fraud
• Lack of cyber laws
• Lack of skills and expertise.

Summary.
• Discussed E-Commerce, its definition and the difference between E-commerce and
E-business.
• List the common E-Commerce terminologies – web server, card authentication and
others
• Enumerate the various types of E-Commerce model – B2B, B2C, C2C and C2B
• Highlighted the benefits of E-Commerce as it relates to the organization, customer

and society.
• The limitations of E-Commerce as it relates to technical and non-technical issues.

Module 22:
Introduction to Computer Security.
Objectives
• Obtain an understanding and overview of computer security.
• Become familiar with the different security threats in computing.
• To understand the elements of computer security.
• Learn about computer security policy.

Content.
1. Introduction to computer security.
2. Computer Security Threats
3. Elements of computer security.
4. Roles and Responsibilities for security issues.
5. Computer Security Policy

Introduction to computer security.
• The growth of computers and of information technology has been explosive. Never
before has an entirely new technology been propagated around the world with such
speed and with so great a penetration of virtually every human activity.
• Unfortunately, there is also a dark side to computers: They are used to design and
build weapons of mass destruction as well as military aircraft and nuclear submarines
which are very destructive.
• Computer systems are vulnerable to many threats that can inflict various types of
damage resulting in significant losses. This damage can range from errors harming
database integrity to fires destroying entire computer centers.
• Losses can stem, for example, from the actions of supposedly trusted employees
defrauding a system, from outside hackers, or from careless data entry clerks.
• Precision in estimating computer security-related losses is not possible because many
losses are never discovered, and others are "swept under the carpet" to avoid
unfavorable publicity.
• The effects of various threats varies considerably: some affect the confidentiality or
integrity of data while others affect the availability of a system.
• The security of any computer system is linked to 3 key factors which are: if any of
this is violated then there is a security issue.
• Confidentiality
• Availability
• Integrity.
• Confidentiality
• Confidentiality is the concealment of information or resources. The need for
keeping information secret arises from the use of computers in sensitive fields
such as government and industry.
• Integrity
• Integrity refers to the trustworthiness of data or resources, and it is usually
phrased in terms of preventing improper or unauthorized change. Integrity
includes data integrity (the content of the information) and origin integrity (the
source of the data, often called authentication).
• Availability
• Availability refers to the ability to use the information or resource desired.
Availability is an important aspect of reliability as well as of system design
because an unavailable system is at least as bad as no system at all. The aspect of
availability that is relevant to security is that someone may deliberately arrange
to deny access to data or to a service by making it unavailable.
• The objective/ definition of an computer system security programme is to protect an
organisation's information by reducing the risk of loss of confidentiality, integrity
and availability of that information to an acceptable level.
• A good computer security programme involves two major elements, risk analysis and
risk management.
• In the risk analysis phase, an inventory of all information systems is taken. For each
system, its value to the organisation is established and the degree to which the
organisation is exposed to risk is determined.
• Risk management, on the other hand, involves selecting the controls and security
measures that reduce the organisation's exposure to risk to an acceptable level.
Computer Security Threats
• A threat is a potential violation of security. The violation need not actually occur for
there to be a threat.
• The fact that the violation might occur means that those actions that could cause it to
occur must be guarded against (or prepared for). Those actions are called attacks.
• Those who execute such actions, or cause them to be executed, are called attackers.
• The three security services—confidentiality, integrity, and availability— counter

threats to the security of a system.
• Threats can be divided into four broad classes:

• Disclosure, or unauthorized access to information;
• Deception, or acceptance of false data;
• Disruption, or interruption or prevention of correct operation;
• Usurpation, or unauthorized control of some part of a system.
• Snooping.
• The unauthorized interception of information, is a form of disclosure. It is passive,

suggesting simply that some entity is listening to (or reading) communications or
browsing through files or system information.
• Wiretapping, or passive wiretapping, is a form of snooping in which a network is

monitored. (It is called “wiretapping” because of the “wires” that compose the
network, although the term is used even if no physical wiring is involved.)
Confidentiality services counter this threat.
• Modification or alteration,
• An unauthorized change of information, covers three classes of threats. The goal
may be deception, in which some entity relies on the modified data to determine
which action to take, or in which incorrect information is accepted as correct and is
released.
• Modification or alteration,
• If the modified data controls the operation of the system, the threats of disruption
and usurpation arise. Unlike snooping, modification is active; it results from an
entity changing information.
• Active wiretapping is a form of modification in which data moving across a
network is altered; the term “active” distinguishes it from snooping (“passive”
wiretapping).
• Masquerading or spoofing
• An impersonation of one entity by another, is a form of both deception and
usurpation. It lures a victim into believing that the entity with which it is
communicating is a different entity.
• For example, if a user tries to log into a computer across the Internet but instead
reaches another computer that claims to be the desired one, the user has been
spoofed. Similarly, if a user tries to read a file, but an attacker has arranged for the
user to be given a different file, another spoof has taken place.
• Repudiation of origin.
• A false denial that an entity sent (or created) something, is a form of deception. For
example, suppose a customer sends a letter to a vendor agreeing to pay a large
amount of money for a product.
• The vendor ships the product and then demands payment. The customer denies
having ordered the product and by law is therefore entitled to keep the unsolicited
shipment without payment.
• The customer has repudiated the origin of the letter. If the vendor cannot prove that
the letter came from the customer, the attack succeeds.
• A variant of this is denial by a user that he created specific information or entities

such as files. Integrity mechanisms cope with this threat.
• Denial of receipt.
• A false denial that an entity received some information or message, is a form of
deception. Suppose a customer orders an expensive product, but the vendor
demands payment before shipment.
• The customer pays, and the vendor ships the product. The customer then asks the
vendor when he will receive the product. If the customer has already received the
product, the question constitutes a denial of receipt attack.
• The vendor can defend against this attack only by proving that the customer did,
despite his denials, receive the product. Integrity and availability mechanisms
guard against these attacks.
• Delay.
• A temporary inhibition of a service, is a form of usurpation, although it can play a
supporting role in deception. Typically, delivery of a message or service requires
some time t; if an attacker can force the delivery to take more than time t, the
attacker has successfully delayed delivery.
• Denial of service.
• A long-term inhibition of service, is a form of usurpation, although it is often used

with other mechanisms to deceive.
• The attacker prevents a server from providing a service. The denial may occur at
the source (by preventing the server from obtaining the resources needed to
perform its function), at the destination (by blocking the communications from the
server), or along the intermediate path (by discarding messages from either the
client or the server, or both).
• Denial of service poses the same threat as an infinite delay. Availability

mechanisms counter this threat.
Elements of computer security.
• There are basically 8 elements of computer security thus:
• Computer Security Supports the Mission of the Organization.

• The purpose of computer security is to protect an organization's valuable
resources, such as information, hardware, and software. Through the selection
and application of appropriate safeguards, security helps the organization's
mission by protecting its physical and financial resources, reputation, legal
position, employees, and other tangible and intangible assets.
• Unfortunately, security is sometimes viewed as thwarting the mission of the

organization by imposing poorly selected, bothersome rules and procedures on
users, managers, and systems.
• Computer Security is an Integral Element of Sound Management.
• Information and computer systems are often critical assets that support the mission
of an organization. Protecting them can be as critical as protecting other
organizational resources, such as money, physical assets, or employees.
• Computer Security Should Be Cost-Effective.

• The costs and benefits of security should be carefully examined in both monetary
and nonmonetary terms to ensure that the cost of controls does not exceed
expected benefits. Security should be appropriate and proportionate to the value of
and degree of reliance on the computer systems and to the severity, probability and
extent of potential harm.
• Computer Security Responsibilities and Accountability Should Be Made Explicit.
• The responsibilities and accountability of owners, providers, and users of computer
systems and other parties11 concerned with the security of computer systems
should be explicit. The assignment of responsibilities may be internal to an
organization or may extend across organizational boundaries.
• Systems Owners Have Security Responsibilities Outside Their Own
Organizations.
• If a system has external users, its owners have a responsibility to share appropriate
knowledge about the existence and general extent of security measures so that
other users can be confident that the system is adequately secure.
• Computer Security Requires a Comprehensive and Integrated Approach.

• Providing effective computer security requires a comprehensive approach that
considers a variety of areas both within and outside of the computer security field.
This comprehensive approach extends throughout the entire information life cycle.
• Computer Security Should Be Periodically Reassessed.

• Computers and the environments they operate in are dynamic. System technology
and users, data and information in the systems, risks associated with the system
and, therefore, security requirements are ever-changing.
• Computer Security is Constrained by Societal Factors.
• The ability of security to support the mission of the organization(s) may be limited
by various factors, such as social issues. For example, security and workplace
privacy can conflict.
• Commonly, security is implemented on a computer system by identifying users and
tracking their actions. However, expectations of privacy vary and can be violated
by some security measures. (In some cases, privacy may be mandated by law.)
Roles and Responsibilities for security issues.
• One fundamental issue that arises in discussions of computer security is: "Whose
responsibility is it?"
• Of course, on a basic level the answer is simple: computer security is the responsibility
of everyone who can affect the security of a computer system. However, the specific
duties and responsibilities of various individuals and organizational entities vary
considerably.
• Detailed below are the roles and responsibilities of the various officials and
organizational offices typically involved with computer security.
• Senior Management
• Ultimately, responsibility for the success of an organization lies with its senior
managers. They establish the organization's computer security program and its
overall program goals, objectives, and priorities in order to support the mission of
the organization.
• Computer Security Management
• The Computer Security Program Manager (and support staff) directs the
organization's day-today management of its computer security program. This
individual is also responsible for coordinating all security-related interactions
among organizational elements involved in the computer security program as well
as those external to the organization.
• Program and Functional Managers/Application Owners.

• Program or Functional Managers/Application Owners are responsible for a
program or function (e.g., procurement or payroll) including the supporting
computer.
• Technology Providers.
• System Management/System Administrators. These personnel are the managers
and technicians who design and operate computer systems. They are responsible
for implementing technical security on computer systems and for being familiar
with security technology that relates to their system.
• Supporting Functions.
• The security responsibilities of managers, technology providers and security
officers are supported by functions normally assigned to others.
• Users
• Users also have responsibilities for computer security. Two kinds of users, and
their associated responsibilities, are described below.
• Users of Information. Individuals who use information provided by the computer
can be considered the "consumers" of the applications.
• Users of Systems. Individuals who directly use computer systems (typically via a
keyboard) are responsible for following security procedures, for reporting security
problems, and for attending required computer security and functional training.
Computer Security Policy
• A security policy is a statement of what is, and what is not, allowed.
• Policies
• High level statements that provide guidance to workers who must make present
and future decision
• Standards
• Requirement statements that provide specific technical specifications
• Guidelines
• Optional but recommended specifications
Access to
network resource
will be granted
Passwords
through a unique
will be 8
user ID and
characters
password
long
Passwords
should include
one non-alpha
and not found
in dictionary
• Elements of a Policy are:
• Set the tone of Management
• Establish roles and responsibility
• Define asset classifications
• Provide direction for decisions
• Establish the scope of authority
• Provide a basis for guidelines and procedures
• Establish accountability
• Describe appropriate use of assets
• Establish relationships to legal requirements
• The 10 step approach to security policy
• Policy Hierarchy
Governance
Policy
Access Control
User ID Policy
Policy
Password
Access Control User ID naming
Construction
Authentication convention
standard
Password
Construction
guidelines
Summary.
• Discussed computer security definition in terms of Confidentiality, Availability and
Integrity.
• Enumerated the elements of computer security.
• Discussed the roles and responsibility of different levels of personnel in the

organization as it relates to security.
• The various threat to security as manifested in snooping, modification or alteration,

repudiation of origin and others.
• Discussed what management should put in place to counter the threats - that is
policy, standards and procedures.
Module 23:
Computer Security – Technologies and Tools
Objectives
• Obtain an understanding of the various tools and technologies used to
protect information system.
• Become familiar with Firewall and how its used for security.
• To understand the importance of Intrusion Detection System
• Learn about cryptography and security.

Content.
1. Introduction and overview.
2. Firewalls
3. Intrusion Detection System
4. Cryptography
5. Digital Certificate.
Introduction and overview
• Many techniques exist for ensuring computer and network security
• Firewalls
• Intrusion Detection System
• Cryptography
Firewall.
• A firewall is an integrated collection of security measures designed to prevent
unauthorized electronic access to a networked computer system.
• A network firewall is similar to firewalls in building construction, because in both

cases they are intended to isolate one "network" or "compartment" from another.
• A firewall is simply a program or hardware device that filters the information coming
through the Internet connection into your private network or computer system. If an
incoming packet of information is flagged by the filters, it is not allowed through.
Firewall.
• To protect private networks and individual machines from the dangers of the greater
Internet, a firewall can be employed to filter incoming or outgoing traffic based on a
predefined set of rules called firewall policies.
• Packets flowing through a firewall can have one of three outcomes:

• Accepted: permitted through the firewall
• Dropped: not allowed through with no indication of failure
• Rejected: not allowed through, accompanied by an attempt to inform the source
that the packet was rejected
Firewall - Policies.
• Policies used by the firewall to handle packets are based on several properties of the
packets being inspected, including the protocol used, such as:
• TCP or UDP
• The source and destination IP addresses
• The source and destination ports
• The application-level payload of the packet (e.g., whether it contains a virus).
• There are two fundamental approaches to creating firewall policies to effectively

minimize vulnerability to the outside world while maintaining the desired
functionality for the machines in the trusted internal network (or individual
computer).
• Blacklist approach
• All packets are allowed through except those that fit the rules defined
specifically in a blacklist.
Firewall - Policies.
• This type of configuration is more flexible in ensuring that service to the internal
network is not disrupted by the firewall, but is naïve from a security perspective
in that it assumes the network administrator can enumerate all of the properties of
malicious traffic.
• Whitelist approach
• A safer approach to defining a firewall rule set is the default-deny policy, in

which packets are dropped or rejected unless they are specifically allowed by the
firewall.
Firewall - Types.
• Packet filters (stateless)
• If a packet matches the packet filter's set of rules, the packet filter will drop or
accept it.
• A stateless firewall doesn’t maintain any remembered context (or “state”) with
respect to the packets it is processing. Instead, it treats each packet attempting to
travel through it in isolation without considering packets that it has processed
previously.
• Stateless firewalls may have to be fairly restrictive in order to prevent most

attacks.
Firewall - Types.
• “Stateful" filters
• It maintains records of all connections passing through it and can determine if a

packet is either the start of a new connection, a part of an existing connection, or
is an invalid packet.
• Stateful firewalls can tell when packets are part of legitimate sessions originating
within a trusted network.
• Stateful firewalls maintain tables containing information on each active
connection, including the IP addresses, ports, and sequence numbers of packets.
• Using these tables, stateful firewalls can allow only inbound TCP packets that are
in response to a connection initiated from within the internal network.
• Application layer
• It works like a proxy it can “understand” certain applications and protocols.
• It may inspect the contents of the traffic, blocking what it views as inappropriate
content (i.e. websites, viruses, vulnerabilities, ...)
Firewall - Configuration.
• Firewalls are customizable. This means that you can add or remove filters based on
several conditions. Some of these are:
• IP addresses
• Each machine on the Internet is assigned a unique address called an IP address.
IP addresses are 32-bit numbers, normally expressed as four "octets" in a "dotted
decimal number."
• A typical IP address looks like this: 216.27.61.137. For example, if a certain IP
address outside the company is reading too many files from a server, the firewall
can block all traffic to or from that IP address.
• Domain names
• Because it is hard to remember the string of numbers that make up an IP address,
and because IP addresses sometimes need to change, all servers on the Internet
also have human-readable names, called domain names.
• For example, it is easier for most of us to remember
www.islamiconlineuniversity.com than it is to remember 67.205.85.72. A
company might block all access to certain domain names, or allow access only to
specific domain names.
• Protocols
• The protocol is the pre-defined way that someone who wants to use a service
talks with that service. The "someone" could be a person, but more often it is a
computer program like a Web browser.
• Protocols are often text, and simply describe how the client and server will have
their conversation. The http in the Web's protocol. Some common protocols that
you can set firewall filters for include: HTTP, FTP, SMTP or TELNET and others
• Ports
• Any server machine makes its services available to the Internet using numbered
ports, one for each service that is available on the server.
• For example, if a server machine is running a Web (HTTP) server and an FTP
server, the Web server would typically be available on port 80, and the FTP
server would be available on port 21. A company might block port 21 access on
all machines but one inside the company.
• Specific words and phrases

• This can be anything. The firewall will sniff (search through) each packet of
information for an exact match of the text listed in the filter.
• For example, you could instruct the firewall to block any packet with the word
"X-rated" in it. The key here is that it has to be an exact match. The "X-rated"
filter would not catch "X rated" (no hyphen). But you can include as many
words, phrases and variations of them as you need.
Intrusion Detection System - IDS.
• Intrusion
• Actions aimed at compromising the security of the target (confidentiality,
integrity, availability of computing/networking resources)
• Intrusion detection
• The identification through intrusion signatures and report of intrusion activities
• Intrusion prevention
• The process of both detecting intrusion activities and managing automatic
responsive actions throughout the network
• The IDS manager compiles data from the IDS sensors to determine if an intrusion
has occurred.
• This determination is based on a set of site policies, which are rules and conditions
that define probable intrusions.
• If an IDS manager detects an intrusion, then it sounds an alarm

• An IDS is designed to detect a number of threats, including the following:
• Masquerader: an attacker who is falsely using the identity and/or credentials of

a legitimate user to gain access to a computer system or network
• Misfeasor: a legitimate user who performs actions he is not authorized to do.
• Clandestine user: a user who tries to block or cover up his actions by deleting
audit files and/or system logs
• In addition, an IDS is designed to detect automated attacks and threats, including the
following:
• Port scans: information gathering intended to determine which ports on a host
are open for TCP connections
• Denial-of-service attacks: network attacks meant to overwhelm a host and shut
out legitimate accesses.
• Malware attacks: replicating malicious software attacks, such as Trojan horses,
computer worms, viruses, etc.
• ARP (Address Resolution Protocol) spoofing: an attempt to redirect IP traffic in a

local-area network.
• DNS cache poisoning: a pharming attack directed at changing a host’s DNS cache to
create a falsified domain-name/IP-address association
Intrusion Detection System - Types.
• Rule-Based Intrusion Detection
• Rules identify the types of actions that match certain known profiles for an
intrusion attack, in which case the rule would encode a signature for such an
attack. Thus, if the IDS manager sees an event that matches the signature for such
a rule, it would immediately sound an alarm, possibly even indicating the
particular type of attack that is suspected.
• Statistical Intrusion Detection

• A profile is built, which is a statistical representation of the typical ways that a
user acts or a host is used; hence, it can be used to determine when a user or host
is acting in highly unusual, anomalous ways.
• Once a user profile is in place, the IDS manager can determine thresholds for
anomalous behaviors and then sound an alarm any time a user or host deviates
significantly from the stored profile for that person or machine.
Cryptography.
• Cryptography is the study of secret (crypto-) writing (-graphy) concerned with
developing algorithms which may be used to:
• conceal the context of some message from all except the sender and recipient
(privacy or secrecy), and/or
• verify the correctness of a message to the recipient (authentication) form the
basis of many technological solutions to computer and communications security
problems
• Cryptography
• The art or science encompassing the principles and methods of transforming an
intelligible message into one that is unintelligible, and then retransforming that
message back to its original form
• Plaintext
• The original intelligible message
Cryptography.
• Ciphertext
• The transformed message
• Cipher
• An algorithm for transforming an intelligible message into one that is
unintelligible by transposition and/or substitution methods
• Key
• Some critical information used by the cipher, known only to the sender &
receiver
• Encipher (encode)
• The process of converting plaintext to ciphertext using a cipher and a key
Cryptography.
• Decipher (decode)
• The process of converting ciphertext back into plaintext using a cipher and a key
• Cryptanalysis
• The study of principles and methods of transforming an unintelligible message
back into an intelligible message without knowledge of the key. Also called
codebreaking
• Code
• An algorithm for transforming an intelligible message into an unintelligible one
using a code-book
Cryptography.
• Decipher (decode)
• The process of converting ciphertext back into plaintext using a cipher and a key
• Cryptanalysis
• The study of principles and methods of transforming an unintelligible message
back into an intelligible message without knowledge of the key. Also called
codebreaking
• Code
• An algorithm for transforming an intelligible message into an unintelligible one
using a code-book
Cryptography – Encryption.
• Encryption and Decryption.
• Encryption: a process of encoding a message so that its meaning is not obvious
• Decryption: the reverse process

Cryptography – Public Key encryption.
Digital Certificate
• Certificates are the framework for identification information, and bind identities with
public keys. They provide a foundation for
• Identification ,
• Authentication and
• Non-repudiation.
• Digital certificates are electronic files that are used to identify people and resources
over networks such as the Internet.
• Digital certificates also enable secure, confidential communication between two

parties using encryption. When you travel to another country, your passport provides
a way to establish your identity and gain entry.
Digital Certificate
• Digital certificates provide similar identification in the electronic world. Certificates
are issued by a Certification Authority (CA). Much like the role of the passport
office, the role of the CA is to validate the certificate holder’s identity and to “sign”
the certificate so that it cannot be tampered with.
• Once a CA has signed a certificate, the holder can present their certificate to people,
Web sites and network resources to prove their identity and establish encrypted,
confidential communications.
• A standard certificate typically includes a variety of information pertaining to its

owner and to the CA that issued it, such as:
• The name of the holder and other identification information required to identify
the holder, such as the URL of the Web server using the certificate, or an
individual’s e-mail address
Digital Certificate
• The holder’s public key (more on this below), which can be used to encrypt sensitive
information for the certificate holder
• The name of the Certification Authority that issued the certificate x A serial number.
• The validity period (or lifetime) of the certificate (a start and an end date)
Digital Certificate
Summary.
• Discussed computer security definition in terms of Confidentiality, Availability and
Integrity.
• Enumerated the elements of computer security.
• Discussed the roles and responsibility of different levels of personnel in the

organization as it relates to security.
• The various threat to security as manifested in snooping, modification or alteration,

repudiation of origin and others.
• Discussed what management should put in place to counter the threats - that is
policy, standards and procedures.
Module 24:
Introduction to Computer Viruses
Objectives
• Obtain an understanding and overview of computer viruses.
• Become familiar with the different types of computer viruses.
• To understand how viruses affects the computer system
• Learn about the ideas on how to protect computer system from virus
attack.
Content.
1. Introduction to computer virus
2. Definitions of computer viruses.
3. Types of computer viruses
4. How virus affects/infect your system.
5. How to protect computers from viruses.

Introduction to computer virus.
• Computer viruses are the bane of modern computing.
• An estimated 50,000 computer viruses provided a variety of effects ranging from the
nearly unpleasant to the catastrophic situation.
• They attack all platforms and are written in all popular computer languages.
• As internet connectivity grows, the ease with which computer viruses can spread also
grows.
• In 1984, the first computer viruses were contained at a few sites. In 2000, the
ILOVEYOU program spread worldwide within hours.
• Understanding the threat of computer viruses requires understanding what computer

security is.
Introduction to computer virus.
• A security policy states what is and is not, allowed. Such policy may refer to action
(for example, user are not allowed to alter a set of configuration files), to
configurations (for example, a system must require a password to authenticate a user)
or both.
• A security mechanism enforces some aspect of a security policy. The threat that
viruses pose is the ability to evade the restriction that the security mechanism
impose.
• The computer virus thereby violates the security policy, threatening data and the
operation of the system.
• The term computer virus is widely misused, and worse misunderstood.

What is computer virus.
• A virus is a computer program that executes when an infected program is executed.
Therefore only executable files can be infected. On MS-DOS systems, these files
usually have the extensions .EXE, .COM, .BAT or .SYS.
• Another class of files called overlay files can also be infected. These files often have
the extension .OVL, although other extensions such as .OV1 are sometimes used.
• A computer virus is an executable program. Depending upon the nature of a virus, it

may cause damage of your hard disk contents and/or interface normal operation of
your computer.
• A virus can be introduced to a computer system along with any software program.
For internet users, this threat can come from downloading files through FTP (File
transfer protocol) or refreshing e-mail attachments.
What is computer virus.
• When a virus introduced to a computer system, it can attach itself to, or sometimes
even replace, an existing program.
• Thus, when the user runs the program in question, the virus is also executed. This
usually happens without the user being aware of it.
• A virus program contains instruction to initiate some sort of “event” that affects the
infected computer. Each virus has an unique event associated with it. These events
and their effects can range from harmless to devastating.
• By definition, a virus infects other programs with copies of itself. It has the ability to
clone itself, so that it can multiply, constantly seeking new host environments.
• The most harmless viruses do only that, simply replicating and spreading to new
systems. Or the virus program may damage other programs and/or alter data, perhaps
self destructing when done. The only evidence viruses like this leave is the
destruction they have inflicted on the infected system. This makes it very difficult to
develop defenses against the virus.
Destructive non-virus programs.
• Aside from viruses, there are other threats to user systems, including:
• Worms
• Trojan Horses
• Logic Bombs
• As well as being potentially destructive by themselves, each can also be used as a

vehicle to propagate any virus.
Destructive non-virus programs - Worms
• Viruses are far from the only maverick programs that can disrupt a computer system.
Worms are constructed to infiltrate legitimate data processing programs and alter or
destroy the data.
• Often what people believe is a virus infection is, in fact, a worm program. This is not
as serious because worms do not replicate themselves. But the damage caused by a
worm attack can be just as serious as a virus, especially if not discovered in time.
• For example, suppose a worm program instructs a bank’s computer to transfer funds
to an illicit account. The fund transfers may continue even after the worm is
destroyed.
• However, once the worm invasion is discovered, recovery is much easier because
there is only a single copy of the worm program to destroy since the replicating ability
of the virus is absent. This capability may enable it to re-infect a system several times.
A worm is similar to a benign tumor while a virus is like a malignant one.
Destructive non-virus programs – Trojan Horse.
• A Trojan Horse is a destructive program that has been disguised (or concealed in) an
innocuous piece of software.
• Indeed, worm and virus programs may be concealed within a Trojan Horse. Trojan
Horses are not viruses because they do not reproduce themselves and spread as
viruses do.
• The mythical story of the original Trojan Horse is well known. When Greek warriors
concealed themselves in an attractive wooden horse and left it outside the gates of
the besieged city of Troy, the Trojans assumed it was a friendly peace offering and
took it in.
• The Greek warriors then leaped out and wreaked havoc. Trojan Horse software
works on the same principle. A program may seem both attractive and innocent,
inviting the computer user to copy (or download) the software and run it. Trojan
Horses may be games or some other software that the victim will be tempted to try.
Destructive non-virus programs – Logic Bomb.
• Writing a logic bomb program is similar to creating a Trojan Horse. Both also have
about the same ability to damage data, too.
• Logic bombs include a timing device so it will go off at a particular date and time.
• For example, other virus programs often include coding similar to that used in logic
bombs, but the bombs can be very destructive on their own, even if they lack the
ability of the virus to reproduce.
• Logic bombs are usually timed to do maximum damage. That means the logic bomb
is a favored device for revenge by disgruntled former employees who can set it to
activate after they have left the company.
Types of viruses.
• There are several different types of viruses that can infect PC systems, including:
• Boot sector viruses
• File infecting viruses
• Polymorphic viruses
• Stealth viruses
• Multi-partite viruses
Types of viruses - Boot sector.
• Boot sector viruses are those that infect the boot sector (or master boot record) on a
computer system.
• They first move or overwrite the original boot code, replacing it with infected boot
code. They will then move the original boot sector information to another sector on
the disk, marking that sector as a bad spot on the disk so it will not be used in the
future.
• Boot sector viruses can be very difficult to detect since the boot sector is the first
thing loaded when a computer is starts. In effect, the virus takes full control of the
infected computer.
Types of viruses - Boot sector.
• About three out of every four virus infections reported are boot sector viruses. The
only way that a system can become infected with a boot sector virus is to boot using
an infected floppy disk.
• This is most commonly done when a user leaves a floppy disk in a drive and reboots
the system (with the drive door closed). Good anti-virus software will look for an
infected floppy disk when a user boots from the floppy drive and before the boot
strap is loaded.
Types of viruses – File infecting.
• File infecting viruses are, unsurprisingly, viruses that infect files. Sometimes these
viruses are memory resident.
• However, they will commonly infect most, if not all of the executable files (those
with the extensions .COM, .EXE, .OVL and other overlay files) on a system. Some
file infecting viruses will only attack operating system files (such as
COMMAND.COM), while others will attack any file that is executable.
• Some of these viruses act like boot sector infectors. They replace the “program load”
instructions in an executable file with their own instructions, and move the original
program load instructions to a different part of the file.
• Happily, this usually increases the file’s size, making detection a little easier. Other
file infecting viruses work by using companion files. They rename all files with
.COM extensions to .EXE, then write a file with the same name and a .COM
extension.
Types of viruses – File infecting.
• This new file will usually have the “hidden” attribute, making it difficult to detect
with ordinary file handling commands. By default, MS-DOS executes the .COM file
before the .EXE file so that the .COM file is executed first, loading the virus.
Types of viruses – Polymorphic.
• Polymorphic viruses change their appearance with each infection. Such encrypted
viruses are usually difficult to detect because they are better at hiding themselves
from anti-virus software. That is the purpose of the encryption.
• Polymorphic viruses take encryption a step further by altering the encryption

algorithm with each new infection. Some polymorphic viruses can assume over two
billion different guises.
• This means anti-virus software products must perform algorithmic scanning, as

opposed to standard string-based scanning techniques that can find simpler viruses.
Types of viruses – Stealth.
• Stealth viruses attempt to hide from both the operating system and anti-virus
software.
• To do this, they must stay in memory so they can intercept all attempts to use the
operating system (system calls). The virus can hide changes it makes to file sizes,
directory structures, and/or other operating system aspects.
• Since part of the virus is memory resident, there will be less memory available to
users. The virus must hide this fact as well as from both users and anti-virus
software.
• Stealth viruses must be detected while they are in memory. Once found, they must be
disabled in memory before the disk-based components can be corrected.
Types of viruses – Multi-partite.
• Multi-partite viruses are those that infect both boot sectors and executable files.
• They are the worst viruses of all because they can combine some or all of the stealth
techniques, along with polymorphism to prevent detection.
How viruses affect/ infect systems.
• Before you can safeguard your system against viruses, it’s important to understand
how they spread and what they do to infected systems.
• The best virus protection program is consistent, ongoing education of computer users
about the virus threat. Even with the proliferation of on-line services and
communications, most viruses are still spread via infected floppy disks/ flash drives.
• The front line in the war against viruses must be fought by the user who is about to
put a disk into the drive. Without an effective, ongoing education campaign, virus
fighting efforts will be doomed to lighting backfires against infections already in
place.
• Here are four common scenarios that spread viruses:
• A user brings a game to work that his child downloaded from a local computer
BBS. Without thinking, the user runs the game on the company network to show
fellow workers how cool it is. Unbeknownst to this user, the game program was
infected with a virus. Now the entire company network is infected, too.
• Software purchased from a retailer in shrink wrap is infected because the store
re-wrapped some returned software without checking the disks for viruses.
Unfortunately, the original buyer had tried the software out on an infected
machine.
• An instructor distributes disks to students so they can complete a class

assignment. One student decides to do his homework in the office at night.
Unfortunately, the instructor was not vigilant and distributed infected disks to the
entire class.
• A friend gives you a disk so you can try out a new graphics program. The infection
on your friends machine spreads to yours when you run the program for the first
time. (The nifty graphics available don’t quite compensate for the three weeks you
spend reconstructing your lost data files.)
How to protect your system.
• Different organizations have different styles of operation. This fact extends to the
ways they set up their computer networks and operating procedures. That makes it
impossible for any document to set down a detailed set of procedures that can be
used to cover each and every organization subject to virus attack.
• However, any good virus defense system must include:
• An ongoing training and education program for users
• Systematic use of anti-virus software
• A record-keeping system to identify ongoing weak points in the system.
• Furthermore in defining the security procedures, the following 5 areas should be

considered.
• Different organizations have different styles of operation. This fact extends to the
ways they set up their computer networks and operating procedures. That makes it
impossible for any document to set down a detailed set of procedures that can be
used to cover each and every organization subject to virus attack.
• However, any good virus defense system must include:
• An ongoing training and education program for users
• Systematic use of anti-virus software
• A record-keeping system to identify ongoing weak points in the system.
• Furthermore in defining the security procedures, the following 5 areas should be

considered.
• The number and density of personal computers
• If your company has many PCs or if there is a high ratio of computers to
employees, your procedures should be more formal and extensive.
• The extent to which computers are interconnected

• Note that interconnection does not have to be via a network. If data is routinely
moved from one computer to another via “sneaker net” (copying to a floppy disk
and walking it across the room to the other computer), your computers are
interconnected.
• The factor you must consider is the extent to which data is moved between
computers, not the number of feet (or miles) of wire connecting them.
• The pace of operations

• Some businesses simply operate at a faster pace than others. Examples include
security brokerage houses, travel agents and airline reservation operations.
• The number of locations where computers are used
• To the extent that computers are physically located at a distance, more people
will have to coordinate their security activities. In addition, they will have to
agree on what procedures are appropriate. Remember, coordination problems
increase in proportion to the square of the number of people involved.
• On-line real-time operations

• If a PC-based network is used to support an on-line operation, the highest
possible level of anti-virus security is necessary.
How to protect your system - Antivirus
• Software is only one piece of the war against viruses. However, it is an essential
component.
• Anti-virus software must be able to perform three tasks:
• Test files and directories for the presence of viruses.
• Clean infected files.
• Provide ongoing real-time protection against memory resident viruses.

How to protect your system – General rules
• Turn off file sharing on the desktop or if you need some kind of file sharing, apply
user-level security.
• Don't open email attachments from unknown senders.
• Use rich text files instead of word documents. RTF files prevent the spread of micro
viruses, because they do not contain virus.
• All downloaded files from email should be saved to disk first and then virus scanned
to determine if they are virus free before executing them.
• If possible, dedicate a computer to virus control. This computer is designated as the

one that will be used to handle all incoming data. (Ironically, this means the virus
control computer is most likely to be infected from time to time.)
Summary.
• General introduction to computer viruses and their dangerous effects on computer.
• Defined what a computer viruses.
• The various type of destructive programs that are non-virus - worms, Trojan horses
and logic bomb.
• Enumerated the various types of viruses - boot sector, file infecting, polymorphic and
others.
• Discussed how to protect your system from virus.

• Antivirus
• General security tips
Module 25:
Introduction to Information System Audit
Objectives
• Obtain an understanding and overview of IT audit objectives.
• Become familiar with audit in a computerized environment.
• To understand the audit methodology
• Learn about the ideas audit techniques and audit trail.

Content.
1. Audit Objectives
2. Controls in Computer Systems.
3. Audit Methodology
4. Audit Trail.
IS Audit Objectives
• Auditing is a systematic and independent examination of information systems
environment to ascertain whether the objectives, set out to be achieved, have been
met or not.
• Auditing is also described as a continuous search for compliance. The objective of

the IS audit are to identify risks that an organization is exposed to in the
computerized environment.
• IS audit evaluates the adequacy of the security controls and informs the management
with suitable conclusions and recommendations. IS audit is an independent subset of
the normal audit exercise.
IS Audit Objectives
• Information systems audit is an ongoing process of evaluating controls; suggest
security measures for the purpose of safeguarding assets/resources, maintaining data
integrity, improve system effectiveness and system efficiency for the purpose of
attaining organization goals.
• Well-planned and structured audit is essential for risk management and monitoring
and control of information systems in any organization.
• The key objectives of IS audit are:
• Safeguarding IS assets:
• The Information systems assets of the organization must be protected by a system
of internal controls. It includes protection of hardware, software, facilities,
people, data, technology, system documentation and supplies.
IS Audit Objectives
• This is because hardware can be damaged maliciously, software and data files may
be stolen, deleted or altered and supplies of negotiable forms can be used for
unauthorized purposes.
• The IS auditor will be require to review the physical security over the facilities, the
security over the systems software and the adequacy of the internal controls. The IT
facilities must be protected against all hazards. The hazards can be accidental hazards
or intentional hazards.
• Maintenance of Data Integrity.

• Data integrity includes the safeguarding of the information against unauthorized
addition, deletion, modification or alteration. The desired features of the data are
described here under:
• Accuracy: Data should be accurate. Inaccurate data may lead to wrong
decisions and thereby hindering the business development process.
IS Audit Objectives
• Confidentiality: Information should not lose its confidentiality. It should be
protected from being read or copied by anyone who is not authorized to do so.
• Completeness: Data should be complete
• Reliability: Data should be reliable because all business decision are taken on the
basis of the current database.
• Efficiency: The ratio of the output to the input is known as efficiency. If output is
more with the same or less actual input, system efficiency is achieved, or else system
is inefficient. If computerization results in the degradation of efficiency, the effort for
making the process automated stands defeated. IS auditors are responsible to
examine how efficient the application in relation to the users and workload.
Control in Computer Systems.
• Computer systems are efficient and achieve results accurately and at great speed if
they work the way they are designed to.
• They have controls provided to ensure this but the controls have to be effective. The
controls are of great value in any computerised system and it is an important task for
auditing and for an auditor to see that not only adequate controls exist, but that they
also work effectively to ensure results and achieve objectives.
• Controls in a computer information system reflect the policies, procedures, practices

and organisational structures designed to provide reasonable assurance that
objectives will be achieved.
• The controls in a computer system ensure effectiveness and efficiency of operations,

reliability of financial reporting and compliance with the rules and regulations.
• Objectives of control
• The objectives of controls do not change with the introduction of computers. It is the
control techniques that change with many of the manual controls being computerised
and new technical computer controls added to achieve the same objectives.
• Typical control objectives within a government Data Processing function are to

ensure:
• Provision of effective organisational control over functions related to Data
Processing by clearly defining organisational objectives.
• Effective management control over development of Data Processing resources in
accordance organisational objectives.
• Practices related to Data Processing activities in accordance with statutory
requirements and down administrative procedures.
• Formulation of an adherence to policies, standards and procedures for all functions
related to Data Processing.
• Efficiency and effectiveness of the Data Processing systems towards achievement of

its desired objectives.
• Significance of controls
• Presence of controls in a computerised system is significant from the audit point
of view as these systems may allow duplication of input or processing, conceal or
make invisible some of the processes, and in some of the auditee organisations
where the computer systems are operated by outside contractors employing their
own standards and controls, making these systems vulnerable to remote and
unauthorised access.
• Apart from this, the significance of controls lies in following possibilities:
• Data loss due to file damage, data corruption (manipulation), fire, burglary,
power failure (or fluctuations), viruses etc.
• Error in software can cause manifold damage as one transaction in a

computer system may affect data everywhere.
• Computer abuse like fraud, vengeance, negligent use etc. is a great potential danger
and
• Absence of audit trails make it difficult for an auditor to ensure efficient and
effective functioning of a computerised system.
• Information system controls are broadly classified into two broad categories:
• General Controls
• General controls include controls over data centre operations, system software
acquisition and maintenance, access security, and application system
development and maintenance.
• They create the environment in which the application systems and application
controls operate.
• Examples include IT policies, standards, and guidelines pertaining to IT security

and information protection, application software development and change
controls, segregation of duties, service continuity planning, IT project
management, etc.
• Application Controls
• Application controls pertain to specific computer applications. They include

controls that help to ensure the proper authorisation, completeness, accuracy, and
validity of transactions, maintenance, and other types of data input.
• Examples include system edit checks of the format of entered data to help
prevent possible invalid input, system enforced transaction controls that prevent
users from performing transactions that are not part of their normal duties, and
the creation of detailed reports and transaction control totals that can be balanced
by various units to the source data to ensure all transactions have been posted
completely and accurately.
Audit Methodology.
• Preliminary evaluation.
• The first step in audit should be preliminary evaluation of the computer systems
covering:
• How the computer function is organised.
• Use of computer hardware and software.
• Applications processed by the computer and their relative significance to the

organization.
• Methods and procedures laid down for implementation of new applications or

revision to existing applications.
Audit Methodology.
• In course of preliminary evaluation, the auditor should ascertain the level of control
awareness in the auditee Organisation and existence (or non-existence) of control
standards.
• The preliminary evaluation should inter alia identify potential key controls and any
serious key control weaknesses. For each control objective the auditor should state
whether or not the objective has been achieved; if not, he should assess the
significance and risks involved with due to control deficiencies.
• Audit methodology.
• After completing the preliminary evaluation of the computer systems, the auditor
has to decide about the appropriate audit approach, system based or direct
substantive testing. In doing so, the aspects to be borne in mind are:
Audit Methodology.
• Results of the preliminary evaluation.
• Extent to which reliance can be placed on any work carried out by Internal Audit.
• Nature of any constraints like lack of any audit trail and the practicability of
testing.
• Effective compliance testing of key computer controls (which may be difficult).
• Each control to be tested will require large samples.
• The Audit methodology can adopt two different approaches:
• A direct substantive testing.

• A System based audit.
Audit Methodology.
• Direct Substantive Testing.
• If Direct Substantive Testing approach is chosen, a sample of transactions should

be selected and tested. Result of the preliminary evaluation will be of help
particularly as it would have:
• Provided an overall assessment of the control environment and identified any

serious weaknesses which should be raised with the auditee.
• Given sufficient familiarity with the system to be able to decide the point
from which to select the transactions for testing and how to substantiate them
efficiently.
• Provide sufficient information to determine any initial requirement for any

CAATs (Computer Assisted Audit Technique)
Audit Methodology.
• Systems Based Audit.
• For System Based Audit approach, aspects of regularity, economy, efficiency and
effectiveness of the system have to be looked into besides evaluating data
integrity, and data security as explained below:
• System effectiveness is measured by determining whether the system
performs the intended functions and whether users get the needed
information, in the right form when required.
• A system is economical and efficient if it uses the minimum number of
information resources to achieve the output required by the users. The use of
system resources - hardware, software, personnel and money - should be
optimized.
• System activities would be regular if they comply with applicable laws, rules,
policies, guidelines.
• Achieving data integrity implies that the internal controls must be adequate to
ensure that
Audit Methodology.
• Audit Techniques.
• IT audit techniques refer to the use of computers, including software, as a tool to
independently test computer data of audit interest. Some well-established
techniques are:
• Collecting and processing a set of test data that reflects all the variants of data
and errors which can arise in an application system at different times.
• Using integrated test facilities, built into the system by the auditee to help the
auditor in his requirements, as one of the users of the system.
• Simulating the auditee's application programs using audit software to verify

the results of processing.
• Reviewing program listings periodically to see that there are no unauthorised

alterations to the programs.
Audit Methodology.
• Audit Techniques.
• IT audit techniques refer to the use of computers, including software, as a tool to
independently test computer data of audit interest. Some well-established
techniques are:
• Collecting and processing a set of test data that reflects all the variants of data
and errors which can arise in an application system at different times.
• Using integrated test facilities, built into the system by the auditee to help the
auditor in his requirements, as one of the users of the system.
• Simulating the auditee's application programs using audit software to verify

the results of processing.
• Reviewing program listings periodically to see that there are no unauthorised

alterations to the programs.
Audit Methodology.
• Using either commercial software or in-house developed programs to interrogate and
retrieve data applying selection criteria and to perform calculations.
• Extracting samples of data from the auditee database/files, using sampling

techniques, for post analysis and review. The nature of data and type of analysis
required determine what technique is to be employed. The auditor should give the
sample size and design.
• Computer audit techniques are employed for:

• Verification of ledger balances and control totals independently.
• Recalculation of critical computerised calculations to check mathematical
correctness.
• Range checks to verify the working of computer based controls and testing for
exception conditions.
• Testing the validity of data which have gone into the master file.
• Detection of data abuse/frauds.
Audit Trail.
• Objective of audit trail is to obtain sufficient evidence matter regarding the reliability
and integrity of the application system.
• To achieve this, the audit trail should contain enough information to allow
management, the auditor and the user:
• To recreate processing action.

• To verify summary totals.
• To trace the sources of intentional and unintentional errors.
• The audit trail should include the following information:
• System information including start up time, stop time, restarts, recovery etc.
• Transaction information including input items which change the database, control
totals and rejected items (relevant to database applications).
Audit Trail.
• Communication information including terminal log-on/off, password use, security
violation, network changes and transmission statistics (relevant to transaction
processing i.e. TP applications).
• In a computer system, the audit trail may not always be apparent as in a manual
system since data are often retained in magnetic media and output is limited to a
small number of total items processed, with reports produced only on exception
basis.
• The general procedure is to first investigate control totals and run to run totals within
the whole system and then to check and substantiate the audit trail by limited
checking through records and files or by taking intermediate printouts of audit
interest.
Audit Trail.
• If the design of the computer system does not provide for adequate audit trail this
should be brought out in audit review, highlighting control weaknesses or lack of
controls in the system.
• Apart from errors that might creep into the system, there is a possibility of frauds,
which might occur due to undetected control weaknesses.
Summary.
• Discussed the IS audit objectives - Safeguarding IS assets and Maintenance of data
integrity.
• Components of data integrity - Accuracy, confidentiality, efficiency, completeness

and reliability.
• The objectives of control in computer systems.
• The various types of control - Application level and General level control.
• Audit methodology using the direct substantive testing or system based audit
• Audit techniques and audit trail.

Module 26:
E-Payment System.
Objectives
• Obtain an understanding of the E-Payment System.
• Become familiar with the different types of E-Payment Systems
• To understand the concepts behind Secure Electronic Transaction (SET)

Protocol.
Content.
1. Introduction to E-Payment
2. Types of E-Payment
3. Comparison of E-Payment types
4. Secure Electronic Transaction (SET) Protocol

Introduction to E-Payment.
• The emergence of e-commerce has created new financial needs that in many cases
cannot be effectively fulfilled by the traditional payment systems.
• Recognizing this, virtually all interested parties are exploring various types of
electronic payment system and issues surrounding electronic payment system and
digital currency.
• Broadly electronic payment systems can be classified into four categories:

• Online Credit Card Payment System,
• Online Electronic Cash System,
• Electronic Cheque System and
• Smart Cards based Electronic Payment System.
• Each payment system has its advantages and disadvantages for the customers and
merchants.
Introduction to E-Payment.
• These payment systems have numbers of requirements: e.g. security, acceptability,
convenience, cost, anonymity, control, and traceability.
• For instance, new types of purchasing relationships-such as auction between

individuals online-have resulted in the need for peer-to-peer3 payment methods that
allows individuals to e-mail payments to the other individual.
• Recognizing this, virtually all interested parties (i.e. academicians, government,

business community and financial service providers) are exploring various types of
electronic payment system and issues surrounding electronic payment system and
digital currency.
Process of E-Payment.
• Electronic payment systems have been in operations since 1960s and have been
expanding rapidly as well as growing in complexity. After the development of
conventional payment system, EFT (Electronic Fund Transfer) based payment
system came into existence.
• It was first electronic based payment system, which does not depend on a central
processing intermediary. An electronic fund transfer is a financial application of EDI
(Electronic Data Interchange), which sends credit card numbers or electronic
cheques via secured private networks between banks and major corporations.
• To use EFT to clear payments and settle accounts, an online payment service will
need to add capabilities to process orders, accounts and receipts. But a landmark
came in this direction with the development of digital currency.
Process of E-Payment.
• The nature of digital currency or electronic money mirrors that of paper money as a
means of payment. As such, digital currency payment systems have the same
advantages as paper currency payment, namely anonymity and convenience.
Types of E-Payment.
• With the growing complexities in the e-commerce transactions, different electronic
payment systems have appeared in the last few years.
• The grouping can be made on the basis of what information is being transferred
online on this bases there are four types of electronic payment systems:
• E-Cash.
• Electronic Cheques (i-cheques)
• Credit Cards
• Smart Cards and

E-Payment - Ecash
• Similar to regular cash, e-cash enables transactions between customers without the
need for banks or other third parties. When used, e-cash is transferred directly and
immediately to the participating merchants and vending machines.
• Electronic cash is a secure and convenient alternative to bills and coins. This
payment system complements credit, debit, and charge cards and adds additional
convenience and control to everyday customer cash transactions.
• E-cash is transferred directly from the customer's desktop to the merchant's site.
Therefore, e-cash transactions usually require no remote authorization or personal
identification number (PIN) codes at the point of sale.
• E-cash can be transferred over a telephone line or over the Web. The microprocessor
chip embedded onto the card keeps track of the e-cash transactions. Using e-cash the
customer has two options: a stand-alone card containing e-cash or a combination
card that incorporates both e-cash and debit.
E-Payment - Ecash
1. Consumer buys e-cash from Bank.
Merchant
2. Bank sends e-cash bits to consumer (after

charging that amount plus fee)
5
4
3. Consumer sends e-cash to merchant
Bank 3
4. Merchant checks with Bank that e-cash s valid
(check for forgery or fraud)
2
5. Bank verifies that e-cash is valid 1
6. Parties complete transaction: e.g., merchant

present e-cash to issuing back for deposit once
goods or services are delivered.
E-Payment – Ecash
• Advantages
• More efficient, eventually meaning lower prices

• Lower transaction costs
• Anybody can use it, unlike credit cards, and does not require special
authorization
• Disadvantages
• Tax trail non-existent, like regular cash

• Money laundering
• Susceptible to forgery
E-Payment – Echeque
• Electronic cheques address the electronic needs of millions of businesses, which
today exchange traditional paper cheques with the other vendors, consumers and
government.
• The e-cheque method was deliberately created to work in much the same way as
conventional paper cheque. An account holder will issue an electronic document
that contains the name of the financial institution, the payer‟s account number, the
name of payee and amount of cheque.
• Most of the information is in uncoded form. Like a paper cheques echeques also
bear the digital equivalent of signature: a computed number that authenticates the
cheque from the owner of the account.
• Digital chequing payment system seeks to extend the functionality of existing

chequing accounts for use as online shopping payment tools.
• Advantages:
• They do not require consumers to reveal account information to other individuals

when setting an auction.
• They do not require consumers to continually send sensitive financial
information over the web.
• They are less expensive than credit cards and
• They are much faster than paper based traditional cheque.
• Disadvantages.
• The disadvantage of electronic cheque system includes their relatively high fixed
costs.
E-Payment – Payments Card.
• The term payment card describes all types of plastic cards used to make purchases.
• Credit card: Has a spending limit based on a user’s credit history.
• Debit card: Removes an amount from a cardholder’s bank account Transfers it to
the seller’s bank account.
• Charge card: Carries no spending limit. Amount charged is due at the end of the
billing period
• Advantages:
• Widespread acceptance
• Usually have built-in security for merchants
• Disadvantage:
• Payment card service companies charge merchants per-transaction fees and
monthly processing fees.
E-Payment – Payments Card.
E-Payment – Smart Card.
• A smart card is about the size of a credit card, made of a plastic with an embedded
microprocessor chip that holds important financial and personal information.
• The microprocessor chip is loaded with the relevant information and periodically
recharged. In addition to these pieces of information, systems have been developed to
store cash onto the chip.
• The money on the card is saved in an encrypted form and is protected by a password to
ensure the security of the smart card solution. In order to pay via smart card it is
necessary to introduce the card into a hardware terminal.
• The device requires a special key from the issuing bank to start a money transfer in
either direction. Smart cards can be disposable or rechargeable.
• Smart cards have been extensively used in the telecommunications industry for years.
Smart-card technology can be used to hold information on health care, transportation,
• A smart card is about the size of a credit card, made of a plastic with an embedded
microprocessor chip that holds important financial and personal information.
• The microprocessor chip is loaded with the relevant information and periodically
recharged. In addition to these pieces of information, systems have been developed to
store cash onto the chip.
• The money on the card is saved in an encrypted form and is protected by a password to
ensure the security of the smart card solution. In order to pay via smart card it is
necessary to introduce the card into a hardware terminal.
• The device requires a special key from the issuing bank to start a money transfer in
either direction. Smart cards can be disposable or rechargeable.
• Smart cards have been extensively used in the telecommunications industry for years.
Smart-card technology can be used to hold information on health care, transportation,
identification, retail, loyalty programs and banking, to name a few.
• Smart cards are broadly classified into two groups:
• Contact:
• This type of smart card must be inserted into a special card reader to be read and
updated. A contact smart card contains a microprocessor chip that makes contact
with electrical connectors to transfer the data.
• Contact-less:
• This type of smart card can be read from a short distance using radio frequency. A
contact-less smart card also contains a microprocessor chip and an antenna that
allows data to be transmitted to a special card reader without any physical contact.
• This type of smart card is useful for people who are moving in vehicles or on foot.
They are used extensively in European countries for collecting payment for
highway tolls, train fares, parking, bus fares, and admission fees to movies,
theaters, plays, and so forth.
• Advantages of smart cards include the following:
• Stored many types of information

• Not easily duplicated
• Not occupy much space
• Portable
• Low cost to issuers and users
• Included high security
• The disadvantages of smart cards are the lack of universal standards for their design
and utilization. On the other hand, smart card applications are expected to increase as a
result of the resolution of these disadvantages in the near future.
Comparison of E-Payment Systems.
Features Online Credit Electronic Cash Electronic Smart Cards
Card Cheque
Actual Payment Paid later Prepaid Paid later Prepaid
Time
Transaction The store and Free transfer. No Electronic The smart card
information bank checks the need to leave the checks or of both parties
transfer status of the name of parties payment make the
credit card involved indication must transfer
be endorsed
Online and Online Online Offline transfers Offline transfers
offline transactions transactions are allowed are allowed
transactions
Bank account Credit card No Involvement The bank The smart card
involvement account makes account makes account makes
the payment the payment the payment
Card Cheque
Users Any legitimate Anyone Anyone with a Anyone with a
credit card users bank account bank or credit
card account
Party to which Distributing Store Store Store
payment is Bank
made out
Consumer’s Most of the risk Consumer is at Consumer bears Consumer is at
transaction risk is borne by the risk of the most of the risk, risk of the smart
distributing bank, electronic cash but the card getting
consumers only getting stolen, consumer can stolen, lost or
have to bear part lost, or misused stop check misused
of the risk payments at any
time
Card Cheque
Current degree Credit card Unable to meet Can not meet Credit card
of popularity organizations financial internet international organizations
check for standards in the standards, check for
certification then areas of therefore its not certification then
total the expansion very popular total the
purchases. potential and purchases.
Therefore, it can internationalism Therefore it can
be used be used
internationally, internationally,
and is the most and is becoming
popular payment more widely
type used.
Mobility Yes No No Yes
Card Cheque
Limit on Depends on the Depends on how No Limit Depends on how
transfer limit of the credit much is prepaid much money is
card saved.
Database Safeguards Needs to Safeguards Safeguards
safeguarding regular credit safeguard a regular account regular account
card account large database, information information
information and maintain
records of the
serial numbers
of used
electronic cash.
Secure Electronic Transaction (SET) Protocol.
• Jointly designed by MasterCard and Visa with backing of Microsoft, Netscape, IBM,
GTE, SAIC, and others.
• Designed to provide security for card payments as they travel on the Internet.
• Contrasted with Secure Socket Layers (SSL) protocol, SET validates consumers
and merchants in addition to providing secure transmission
• SET specification
• Uses public key cryptography and digital certificates for validating both
consumers and merchants
• Provides privacy, data integrity, user and merchant authentication, and consumer
nonrepudiation
The SET protocol coordinates the activities of the customer, merchant, merchant’s bank,
and card issuer.
• SET-protected payments work like this:
• Consumer makes purchase by sending encrypted financial information along

with digital certificate
• Merchant’s website transfers the information to a payment card processing center

while a Certification Authority certifies digital certificate belongs to sender
• Payment card-processing center routes transaction to credit card issuer for

approval
• Merchant receives approval and credit card is charged
• Merchant ships merchandise and adds transaction amount for deposit into
merchant’s account.
• All parties hold certificates signed directly or indirectly by a certifying authority.

• Advantages of SET
• Information security: Neither anyone listening in nor a merchant can use the
information passed during a transaction for fraud.
• Credit card security: There is no chance for anybody to steal a credit card.
• Flexibility in shopping: If a person has a phone he/she can shop.
• Disadvantages of SET
• Not easy to implement

• Not as inexpensive as expected
• Expensive to integrated with legacy applications
• Not tried and tested, and often not needed
• Scalability is still in question
Summary.
• Discussed the emergence of E-Payment and the process involved in E-Payment
• Enumerate the different types of E-Payment system
• Compare the different types of E-payment system
• Discussed the Secure Electronic Transaction (SET) Protocol.

Module 27:
Introduction to Data Warehouse.
Objectives
• Obtain an understanding and definition of data warehouse.
• Become familiar with the different Data Warehouse Architectures.
• To understand the conceptual modelling of data warehouse
• Learn about the difference between database and data warehouse.

Content.
1. Introduction to Database Warehouse
2. Definition of Data warehouse
3. Data Warehouse Architectures
4. Conceptual modelling of data warehouse.

Introduction.
• Information assets are immensely valuable to any enterprise, and because of this,
these assets must be properly stored and readily accessible when they are needed.
• However, the availability of too much data makes the extraction of the most
important information difficult, if not impossible.
• Data warehousing is a phenomenon that grew from the huge amount of electronic
data stored in recent years and from the urgent need to use that data to accomplish
goals that go beyond the routine tasks linked to daily processing.
• Generally speaking, we can state that creating a data warehouse system does not
require that new information be added; rather, existing information needs
rearranging. This implicitly means that an information system should be previously
available.
Introduction.
• Operational data usually covers a short period of time, because most transactions
involve the latest data.
• A data warehouse should enable analyses that instead cover a few years. For this
reason, data warehouses are regularly updated from operational data and keep on
growing.
• If data were visually represented, it might progress like so: A photograph of

operational data would be made at regular intervals. The sequence of photographs
would be stored to a data warehouse, and results would be shown in a movie that
reveals the status of an enterprise from its foundation until present.
• Fundamentally, data is never deleted from data warehouses and updates are normally
carried out when data warehouses are offline. This means that data warehouses can
be essentially viewed as read-only databases.
Introduction – Why data warehouse.
• Data explosion in data base management systems (DBMS).
• Inefficient retrieval of required information.
• Needs of Decision Support Systems (DSS) to facilitate decision making.
• Extracting, cleaning, transforming, and filtering data from DBMS and provide
efficient access to required information.
• Who needs data warehouse?
• Decision makers who rely on mass amount of data.

• Those who use customized, complex processes to obtain information from
various data sources.
• Those who want to use simple technology to access data.
• Those who require systematic approach for decision
Introduction – Why data warehouse.
• Two major functions of data warehousing.
• Extracting necessary information for decision making from heterogeneous data

sources and stored in the data warehouse.
• Providing queries and decision analyses to users

Definition of Data Warehouse.
• Data warehousing is a collection of methods, techniques, and tools used to support
knowledge workers—senior managers, directors, managers, and analysts—to
conduct data analyses that help with performing decision-making processes and
improving information resources.
• A data warehouse is a subject-oriented, integrated, time-variant, and non-volatile

collection of data in support of management’s decision-making process.
• Subject-oriented.
• The warehouse is organized around the major subjects of the enterprise (e.g.
customers, products, and sales) rather than the major application areas (e.g.
customer invoicing, stock control, and product sales).
• This is reflected in the need to store decision-support data rather than application-
oriented data.
• Integrated.
• The data warehouse integrates corporate application-oriented data from different

source systems, which often includes data that is inconsistent.
• The integrated data source must be made consistent to present a unified view of
the data to the users.
• Time-variant data
• Data in the warehouse is only accurate and valid at some point in time or over
some time interval.
• Time-variance is also shown in the extended time that the data is held, the
implicit or explicit association of time with all data, and the fact that the data
represents a series of snapshots.
• Non-volatile
• Data in the warehouse is not updated in real-time but is refreshed from

operational systems on a regular basis.
• New data is always added as a supplement to the database, rather than a

replacement.
Difference between Database and Data Warehouse.
Database Data Warehouse
Used for Online Transactional Processing Used for Online Analytical Processing
(OLTP) but can be used for other purposes such (OLAP). This reads the historical data for
as Data Warehousing. This records the data from the Users for business decisions.
the user for history.
The tables and joins are complex since they are The Tables and joins are simple since they
normalized (for RDMS). This is done to reduce are de-normalized. This is done to reduce
redundant data and to save storage space. the response time for analytical queries.
Entity – Relational modeling techniques are used Data – Modeling techniques are used for the
for RDMS database design. Data Warehouse design.
Optimized for write operation. Optimized for read operations.
Performance is low for analysis queries. High performance for analytical queries.
Difference between Database and Data Warehouse.
Database Data Warehouse
Holds current data Holds historical data
Stores detailed data Stores details, lightly and highly
summarized data
Data is dynamic Data is static
Transaction driven Analytic driven
Supports day-to-day decisions Support strategic decisions
Serves large number of clerical / operational Serves relatively low number of
users managerial users
Steps in building a Data Warehouse.
• Below are the basic steps in building data warehouse.
• Collect & analyze business requirement

• Build data model and data warehouse physical design
• Define data sources.
• Select data warehouse technology & platform
• Extract, transform, clean & load data into the warehouse
• Select access and report tools
• Select database access tools
• Select data analysis & display tools
• Update data warehouse
Data Warehouse Architectures.
• The following architecture properties are essential for a data warehouse system.
• Separation Analytical and transactional processing should be kept apart as much

as possible.
• Scalability Hardware and software architectures should be easy to upgrade as the

data volume, which has to be managed and processed, and the number of users’
requirements, which have to be met, progressively increase.
• Extensibility The architecture should be able to host new applications and

technologies without redesigning the whole system.
• Security Monitoring accesses is essential because of the strategic data stored in

data warehouses.
• Administerability Data warehouse management should not be overly difficult.

Data Warehouse Architectures – Single Layer.
• A single-layer architecture is not frequently used in practice. Its goal is to minimize
the amount of data stored; to reach this goal, it removes data redundancies. In this
case, data warehouses are virtual.
• This means that a data warehouse is implemented as a multidimensional view of

operational data created by specific middleware, or an intermediate processing layer.
• The weakness of this architecture lies in its failure to meet the requirement for
separation between analytical and transactional processing.
• Analysis queries are submitted to operational data after the middleware interprets
them. It this way, the queries affect regular transactional workloads.
• In addition, although this architecture can meet the requirement for integration and
correctness of data, it cannot log more data than sources do.
Data Warehouse Architectures – Single Layer.
• For these reasons, a virtual approach to data warehouses can be successful only if
analysis needs are particularly restricted and the data volume to analyze is huge.
Data Warehouse Architectures – Two Layer.
• The requirement for separation plays a fundamental role in defining the typical
architecture for a data warehouse system. Although it is typically called a two-layer
architecture to highlight a separation between physically available sources and data
warehouses, it actually consists of four subsequent data flow stages
• Source layer
• A data warehouse system uses heterogeneous sources of data. That data is
originally stored to corporate relational databases or legacy databases, or it
may come from information systems outside the corporate walls.
• Data staging
• The data stored to sources should be extracted, cleansed to remove
inconsistencies and fill gaps, and integrated to merge heterogeneous sources
into one common schema.
• Data staging
• The so-called Extraction, Transformation, and Loading tools (ETL) can merge
heterogeneous schemata, extract, transform, cleanse, validate, filter, and load
source data into a data warehouse.
• Technologically speaking, this stage deals with problems that are typical for
distributed information systems, such as inconsistent data management and
incompatible data structures.
• Data warehouse layer

• Information is stored to one logically centralized single repository: a data
warehouse. The data warehouse can be directly accessed, but it can also be used
as a source for creating data marts, which partially replicate data warehouse
contents and are designed for specific enterprise departments.
• A data mart is a subset or an aggregation of the data stored to a primary data
warehouse. It includes a set of information pieces relevant to a specific business
area, corporate department, or category of users.
• Analysis
• In this layer, integrated data is efficiently and flexibly accessed to issue
reports, dynamically analyze information, and simulate hypothetical business
scenarios.
• Technologically speaking, it should feature aggregate data navigators,
complex query optimizers, and user-friendly GUIs.
Data Warehouse Architectures – Three Layer.
• In this architecture, the third layer is the reconciled data layer or operational data
store. This layer materializes operational data obtained after integrating and
cleansing source data.
• As a result, those data are integrated, consistent, correct, current, and detailed. The
data warehouse that is not populated from its sources directly, but from reconciled
data.
• The main advantage of the reconciled data layer is that it creates a common reference
data model for a whole enterprise. At the same time, it sharply separates the
problems of source data extraction and integration from those of data warehouse
population.
• Remarkably, in some cases, the reconciled layer is also directly used to better
accomplish some operational tasks, such as producing daily reports that cannot be
satisfactorily prepared using the corporate applications, or generating data flows to
feed external processes periodically so as to benefit from cleaning and integration.
• However, reconciled data leads to more redundancy of operational source data. Note
that we may assume that even two-layer architectures can have a reconciled layer
that is not specifically materialized, but only virtual, because it is defined as a
consistent integrated view of operational source data.
Conceptual Modelling of data warehouse.
• A conceptual data model is a summary-level data model that is most often used on
strategic data projects. It typically describes an entire enterprise. Due to its highly
abstract nature, it may be referred to as a conceptual model.
• Common characteristics of a conceptual data model:

• Enterprise-wide coverage of the business concepts. Think Customer, Product,
Store, Location, Asset.
• Designed and developed primarily for a business audience
• Contains around 20-50 entities (or concepts) with no or extremely limited
number of attributes described. Sometimes architects try to limit it to printing on
one page.
• Contains relationships between entities, but may or may not include cardinality
and nullability.
• Entities will have definitions.
• The most popular data model for a data warehouse is a multi-dimensional model
such a model can exist in the form of:
• Star schema
• Snowflake schema
• Fact constellations
• Star Schema
• In the star schema design, a single object (the fact table) sits in the middle and is
radically connected to other surrounding objects (dimension lookup tables) like a
star. Each dimension is represented as a single table. The primary key in each
dimension table is related to a foreign key in the fact table.
• All measures in the fact table are related to all the dimensions that fact table is
related to. In other words, they all have the same level of granularity.
• A star schema can be simple or complex. A simple star consists of one fact table;
a complex star can have more than one fact table.
• The snowflake
• schema is an extension of the star schema, where each point of the star explodes
into more points.
• In a star schema, each dimension is represented by a single dimensional table,

whereas in a snowflake schema, that dimensional table is normalized into
multiple lookup tables, each representing a level in the dimensional hierarchy.
• The main advantage of the snowflake schema is the improvement in query

performance due to minimized disk storage requirements and joining smaller
lookup tables.
• The main disadvantage of the snowflake schema is the additional maintenance

efforts needed due to the increase number of lookup tables.
• The snowflake
• Fact constellations
• Multiple fact tables share dimension tables, viewed as a collection of stars,

therefore called or fact constellation galaxy schema
Summary.
• Discussed the need for data warehouse.
• Understood the differences between database and data warehouse.
• Enumerated the various data base architecture – single, two and three layers.
• Discussed the various types of Conceptual Modelling of data warehouse data - Star
schema, Snowflake schema and Fact constellations.
Module 28:
Computer Building Blocks.
Objectives
• Obtain an understanding of the binary numbering system and its need in
building computer system
• Become familiar with the different numbering systems and how numbers
can be converted from one another.
• To understand the concepts behind Boolean logic, truth table, logic gates
and circuits
Content.
1. Binary Numbers.
2. Boolean logic
3. Truth table.
4. Logic gates
5. Circuits.
Binary Numbers.
• A computer’s internal storage techniques are different from the way people represent
information in daily lives.
• Information inside a digital computer is stored as a collection of binary data.

Externally, for data we use
• digits 0 1 ... 9
• characters A a % $
• whole numbers (integers) 23 -404
• decimal numbers 1.23 0.000345
• fractions 2/3 1/456
• strings of characters this is an example
• symbols Â  
and combinations of these organized in various ways.
Binary Numbers.
• Every day numbering system are based on base 10
• We use numbers 0,1,2,3,4,5,6,7,8,9 (10 numbers), hence base 10
• As an Illustration, each column in our system stands for a power of 10 starting at

100
Power of Base 𝟏𝟎𝟒 𝟏𝟎𝟑 𝟏𝟎𝟐 𝟏𝟎𝟏 𝟏𝟎𝟎
Position Value 10,000 1,000 100 10 1
1 2 3 5
103 102 101 100
1,235 = 1 x one thousand + 2 x one hundred + 3 x ten + 5 x one

Binary Numbers.
• Definition: A bit (binary digit) is a 0 or a 1.
• These are organized into bytes which are 8 contiguous bits:
Example: 0011 1001
• Representing positive integers: Almost all digital computers use a base 2 (or binary)
representation.
• The computer number system is based on binary number – Base 2
• A single binary number is called a bit or binary digit
• Computers perform operations on binary numbers group called words.
• Most computers today can use 32, 64, or 128 bit word (e.g. 64 bit or 32 bit O/S)
Binary Numbers.
Computer numbers are 1 and 0 !
ON/YES/TRUE/NON-ZERO
=1 =0
A basic electronic switch can show both computer

numbers in two different possible states
Binary Numbers.
Why Binary Numbers Not Decimal.
• We need a device that has only 2 stable energy states, not 10.
• Examples:
• light bulb
• toggle switch
• a voltage threshold where all voltages above that threshold represent 1 and all
below represent 0
• Why do we need a device that has only 2 stable energy states, not 10?
• There is no reason theoretically why a decimal computer couldn't be built.
• Binary computers are built for reliability reasons:

• As electric devices age, they become unreliable and their energy states
drift.
• A base-10 device needs 10 reliable states.
• A base-2 device needs only 2 reliable states.
Why Binary Numbers Not Decimal.
• Illustration of Binary numbers converted to decimal.
11 = 1 × 21 + 1 × 20 = 310
101 = 1 × 22 + 0 × 21 + 1 × 20 = 4 + 1 = 510
1001 = 1 × 23 + 1 × 20 = 8 + 1 = 910
1100 = 1 × 23 + 1 × 22 = 8 + 4 = 1210
11101 = 1 × 24 + 1 × 23 + 1 × 22 + 1 × 20 = 2910
1001001 = 1 × 26 + 1 × 23 + 1 × 20 = 64 + 8 + 1 = 7310
1100110 = 1 × 26 + 1 × 25 + 1 × 22 + 1 × 21 = 10110
0.1 = 1 × 2−1 = 0.510
0.11 = 1 × 2−1 + 1 × 2−2 = 0.5 + 0.25 = 0.7510
10.0011 = 1 × 21 + 1 × 2−3 + 1 × 2−4 = 2.187510
Decimal Numbers.
• Decimal numbering system.
Base 10 Remainder
• Base-10. 2 255
• Each position is a power of 10 127 1
3052 = 3 x 103 + 0 x 102 + 5 x 101 + 2 x 100 63 1
31 1
• Converting decimal to Binary
15 1
• For example 255 base 10 to Binary is 11111111
7 1
3 1
• What is 245 base 10 when converted to Binary?
1 1
1
• Given k bits, the largest unsigned integer is
2k – 1 Read from bottom
• Given 4 bits, the largest is 24-1 = (2*2*2*2) -1 = 16-1
= 15.
Character Representation.
• Various encoding schemes have been used. All use numbers to represent the
characters.
• One common encoding scheme is the ASCII (American Standard Code for
Information Interchange) scheme.
• ASCII code set is 8 bits per character; 256 character codes .
• A is 65 (or 0100 0001 in binary)

• a is 97 (or 0110 0001 in binary)
• Another scheme is the Unicode symbol set which provides a major expansion of the
ASCII encodings.
• UNICODE code set.
• 16 bits per character; 65,536 character codes.
Hexadecimal Numbers.
• The word hexadecimal is derived from the Greek root hex (six) and the Latin root
decem (ten). In this system the base b = 16 and we use sixteen symbols to represent
a number.
• The set of symbols is
• S = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F}
• Note that the symbols A, B, C, D, E, F are equivalent to 10, 11, 12, 13, 14, and 15
respectively. The symbols in this system are often referred to as hexadecimal digits.
• Its an easier way to express binary number is using hexadecimal (base 16)
• A single hexadecimal makes use of 4 binary bits.
• It makes it easier to convert between number systems (Binary, decimal, hexadecimal

and octal - base 8)
Hexadecimal Numbers.
• The following shows that the number (2AE)16 in hexadecimal is equivalent to 686 in
decimal.
• The equivalent decimal number is N = 512 + 160 + 14 = 686.

Boolean Logic.
• Boolean logic is a branch of mathematics that deals with rules for manipulating the
two logical values:
• true (represented by a single bit 1)
• false (represented by a single bit 0)
• The word Boolean is usually capitalized because the area is named after George
Boole (1815-1864) an English mathematician and logician who developed the logic
rules that have proved useful in computing and in designing circuits.
• A Boolean expression is any expression that evaluates to either true or false.
• Boolean logic operations on electronic signals can be built out of transistors and
other electronic devices.
Boolean Logic.
• Below are the basic Boolean operations
• a AND b
• True only when a is true and b is true
• a OR b
• True when a is true, b is true, or both are true
• NOT a
• True when a is false and vice versa
• Boolean expressions
• Constructed by combining together Boolean operations
• Example: (a AND b) OR ((NOT b) AND (NOT a))
The Truth Table.
• The truth value of a statement is the classification as true or false which denoted by T
or F.
• A truth table is a listing of all possible combinations of the individual statements as

true or false, along with the resulting truth value of the compound statements.
• Truth tables are an aide in distinguishing valid and invalid arguments.
• In the truth table representation the following should be noted.
• AND can be represented with ^

• OR can be represented with v
• NOT can be represented with ~
• True which is T can be represented as 1
• False which is F can be represented as 0
The Truth Table.
• Truth Table for ~p
• Recall that the negation of a statement is the p ~p

denial of the statement.
• If the statement p is true, the negation of p, i.e. T F

~p is false.
• If the statement p is false, then ~p is true. F T

• Note that since the statement p could be true or
false, we have 2 rows in the truth table.
The Truth Table.
• The truth table for p and q
p q p^q
• Recall that the conjunction is the joining of two
statements with the word and.
T T T
• The number of rows in this truth table will be 4.
(Since p has 2 values, and q has 2 value.)
T F F
• For p ^ q to be true, then both statements p, q,
must be true.
F T F
• If either statement or if both statements are false,
then the conjunction is false.
F F F
The Truth Table.
• The truth table for p OR q
p q pvq
• Recall that a disjunction is the joining of two
statements with the word or. T T T
• The number of rows in this table will be 4, since
we have two statements and they can take on the T F T
two values of true and false.
• For a disjunction to be true, at least one of the F T T

statements must be true.
• A disjunction is only false, if both statements are

F F F
false.
Gates.
• A gate is an electronic device that operates on a collection of binary inputs to
produce a binary output.
• We will use 3 basic gates that correspond to the 3 Boolean operations:
• The combination of AND, OR and NOT can produce

• inverted AND = NAND
• inverted OR = NOR
An OR Gate A NOR Gate
An AND Gate A NAND Gate
A NOT Gate
Gates.
• AND gate
• Two input lines, one output line
• Outputs a 1 when both inputs are 1
• OR gate
• Outputs a 1 when either input is 1
• NOT gate
• One input line, one output line
• Outputs a 1 when input is 0 and vice versa
• NAND gate
• Outputs a 0 when both inputs are 1
Gates.
• NOR gate
• Two input
lines, one
output line
• Outputs a 0
when either
input is 1
Circuit.
• Logic gates can be combined together to produce more complex logic circuits
(networks)
• The output from a logic circuit (network) is checked by producing a truth table.
a
b
c
d
• This circuit can be represented as a Boolean expression:

• (a AND b) AND (NOT (c OR d)) or, equivalently, ab(c+d)'
Circuit.
a
b output
The truth Table

a b c output It can be expressed by the Boolean expression
0 0 0 1
0 0 1 0 ab +c'
0 1 0 1
0 1 1 0
1 0 0 1
1 0 1 0
1 1 0 1 Note 3 input values require 23 rows in the table.
1 1 1 1
Summary.
• Discussed the binary numbering system
• Understood the need for the binary numbering system and the other types of
numbering system Decimal and Hexadecimal
• Explained how conversion from one numbering system to another is done.
• Discussed the Boolean logic, truth table, logic gates and circuits.
Module 29:
Compiler Construction.
Objectives
• Obtain an understanding of translators and the relationship with High-
level language.
• Become familiar with compliers
• To understand the complier translation process.
• Learn about the different stages of the translation process.

Content.
1. Introduction
2. Relationship between high-level language and translators.
3. Translators
4. Compiler
5. Compiler Processes
Introduction.
• Users of modern computing systems can be divided into two broad categories.
• There are those who never develop their own programs, but simply use ones
developed by others.
• Then there are those who are concerned as much with the development of programs
as with their subsequent use.
• This latter group - of whom we as computer scientists form a part - is fortunate in

that program development is usually aided by the use of high-level languages for
expressing algorithms, the use of interactive editors for program entry and
modification, and the use of sophisticated job control languages or graphical user
interfaces for control of execution.
Introduction.
• Programmers armed with such tools have a very different picture of computer
systems from those who are presented with the hardware alone, since the use of
compilers, editors and operating systems - a class of tools known generally as
systems programs - removes from humans the burden of developing their systems at
the machine level.
• That is not to claim that the use of such tools removes all burdens, or all possibilities
for error, as the reader will be well aware.
• In order for high-level languages to be usable, one must be able to convert programs
written in them into the binary or hexadecimal digits and bitstrings that a machine
will understand.
• At an early stage it was realized that if constraints were put on the syntax of a high-
level language the translation process became one that could be automated.
Introduction.
• This led to the development of translators or compilers - programs which accept (as
data) a textual representation of an algorithm expressed in a source language, and
which produce (as primary output) a representation of the same algorithm expressed
in another language, the object or target language.
The relationship between high-level language and translator.
• Computer languages are generally classed as being "high-level" (like Pascal, Fortran,
Ada, Modula-2, Oberon, C or C++) or "low-level" (like ASSEMBLER).
• High-level languages are claimed to possess several advantages over low-level ones:
• Readability:
• A good high-level language will allow programs to be written that in some ways
resemble a quasi-English description of the underlying algorithms.
• If care is taken, the coding may be done in a way that is essentially self-
documenting, a highly desirable property when one considers that many
programs are written once, but possibly studied by humans many times
thereafter.
• Portability
• High-level languages, being essentially machine independent, hold out the
promise of being used to develop portable software. This is software that can, in
principle (and even occasionally in practice), run unchanged on a variety of
different machines - provided only that the source code is recompiled as it moves
from machine to machine.
• Structure and object orientation

• There is general agreement that the structured programming movement of the
1960’s and the object-oriented movement of the 1990’s have resulted in a great
improvement in the quality and reliability of code. High-level languages can be
designed so as to encourage or even subtly enforce these programming
paradigms.
• Generality:
• Most high-level languages allow the writing of a wide variety of programs, thus
relieving the programmer of the need to become expert in many diverse
languages.
• Brevity:
• Programs expressed in high-level languages are often considerably shorter (in
terms of their number of source lines) than their low-level equivalents.
• Error checking:
• Being human, a programmer is likely to make many mistakes in the development
of a computer program. Many high-level languages - or at least their
implementations - can, and often do, enforce a great deal of error checking both
at compile-time and at run-time. For this they are, of course, often criticized by
programmers who have to develop time-critical code, or who want their
programs to abort as quickly as possible.
Translators
• Translator is defined as a computer program that converts instructions written in one
language to another without changing the initial logic in terms of computer language
Source Language instruction Translator Target language instruction
• There are various class of translator. It is common to distinguish between several

well-established classes of translator:
• Assembler
• The term Assembler is usually associated with those translators that map low-
level language instructions into machine code which can then be executed
directly.
• Individual source language statements usually map one-for-one to machine-level
instructions.
Translators
• Macro-assembler
• Is also associated with those translators that map low-level language instructions
into machine code.
• Most source language statements map one- for-one into their target language
equivalents, but some macro statements map into a sequence of machine- level
instructions - effectively providing a text replacement facility, and thereby
extending the assembly language to suit the user.
• Compiler
• The term compiler is usually associated with those translators that map high-level
language instructions into machine code which can then be executed directly.
• Individual source language statements usually map into many machine-level
instructions.
Translators
• Pre-processor
• The term pre-processor is usually associated with those translators that map a
superset of a high-level language into the original high-level language, or that
perform simple text substitutions before translation takes place.
• The best-known pre-processor is probably that which forms an integral part of
implementations of the language C, and which provides many of the features that
contribute to the widely- held perception that C is the only really portable
language.
• High-level translator
• High-level translator is often associated with those translators that map one high-
level language into another high-level language - usually one for which
sophisticated compilers already exist on a range of machines.
• Such translators are particularly useful as components of a two-stage compiling
system, or in assisting with the bootstrapping techniques to be discussed shortly.
Compiler - Introduction.
• A compiler is a computer program (or set of programs) that transforms source code
written in a programming language (the source language) into another computer
language (the target language, often having a binary form known as object code).
Source Target
program compiler program
Error
message
• A source program/code is a program/code written in the source language, which is
usually a high-level language.
• A target program/code is a program/code written in the target language, which often
is a machine language or an intermediate code.
Compiler - Introduction.
• The most common reason for wanting to transform source code is to create an
executable program. The name "compiler" is primarily used for programs that
translate source code from a high-level programming language to a lower level
language (e.g., assembly language or machine code).
• If the compiled program can run on a computer whose CPU or operating system is
different from the one on which the compiler runs, the compiler is known as a cross-
compiler. A program that translates from a low level language to a higher level one is
a decompiler.
• A program that translates between high-level languages is usually called a language

translator, source to source translator, or language converter. A language rewriter is
usually a program that translates the form of expressions without a change of
language.
Compiler - History.
• The term “compiler” was coined in the early 1950s by Grace Murray Hopper.
Translation was then viewed as the “compilation” of a sequence of routines selected
from a library.
• The first compiler of the high-level language FORTRAN was developed between
1954 and 1957 at IBM by a group led by John Backus. Proved the viability of high-
level and thus less machine dependent languages. The study of the scanning and
parsing problems were pursued in the 1960s and 1970s and led fairly to a complete
solution.
• This became standard part of compiler theory. Resulted in scanner and parser
generators that automate part of compiler development. The development of methods
for generating efficient target code, known as optimization techniques, is still an
ongoing research Compiler technology was also applied in rather unexpected areas:
• Text-formatting languages and
• Hardware description languages for the automatic creation of VLSI circuits.
Compiler – Translation Process.
• A compiler performs two major tasks:
• Analysis of the source program.

• Synthesis of the target-language instructions
• Phases of a compiler:
• Scanning
• Parsing
• Semantic Analysis
• Intermediate Code Generation
• Intermediate Code Optimizer
• Target Code Generator
• Target Code Optimizer
• Three auxiliary components interact with some or all phases:
• Literal Table
• Store constants and strings used in program reduce the memory size by
reusing constants and strings Can be combined with symbol table
• Error Handler
• Error can be found in every phase of compilation.

• Errors found during compilation are called static (or compile-time) errors.
• Errors found during execution are called dynamic (or run-time) errors.
• Compilers need to detect, report, and recover from error found in source
programs
• Error handlers are different in different phases of compiler.
• Symbol Table
• Identifiers are names of variables, constants, functions, data types, etc.
• Store information associated with identifiers
• Information associated with different types of identifiers can be different.
• Information associated with variables are name, type, address,size (for
array), etc.
• Information associated with functions are name,type of return value,
parameters, address, etc.
• Accessed in every phase of compilers
• The scanner, parser, and semantic analyzer put names of identifiers in
symbol table.
• The semantic analyzer stores more information (e.g. data types) in the
table.
• The intermediate code generator, code optimizer and code generator use
information in symbol table to generate appropriate code.
Compiler – Scanner stage.
• The scanner begins the analysis of the source program by:
• Reading file character by character.
• Grouping characters into tokens.
• Eliminating unneeded information (comments and white space).
• Entering preliminary information into literal or symbol tables.
• Processing compiler directives by setting flags.
• Tokens represent basic program entities such as: Identifiers, Literals, Reserved
Words, Operators, Delimiters, etc.
• Example: a := x + y * 2.5 ; is scanned as

• a identifier y identifier
• := assignment operator * multiplication operator
• x identifier 2.5 real literal
• + plus operator ; semicolon
Compiler – Parse stage.
• A parser gets a stream of tokens from the scanner, and determines if the syntax
(structure) of the program is correct according to the (context-free) grammar of the
source language.
• Then, it produces a data structure, called a parse tree or an abstract syntax tree,
which describes the syntactic structure of the program.
• A syntax tree is a more condensed version of the parse tree. A syntax tree is usually
generated as output by the parser
Compiler – Semantics Analyzer stage.
• It gets the parse tree from the parser together with information about some syntactic
elements.
• It determines if the semantics or meaning of the program is correct.
• This part deals with static semantic.

• Semantic of programs that can be checked by reading off from the program only.
• Syntax of the language which cannot be described in context-free grammar.
• Mostly, a semantic analyzer does type checking.
• It modifies the parse tree in order to get that (static) semantically correct code.
• The semantic analyzer does the following:
• Checks the static semantics of the language.

• Annotates the syntax tree with type information
Compiler – Intermediate Code Generation stage.
• An intermediate code generator takes a parse tree from the semantic analyzer
generates a program in the intermediate language.
• Comes after syntax and semantic analysis
• Separates the compiler front end from its backend
• Intermediate representation should have 2 important properties:
• Should be easy to produce.
• Should be easy to translate into the target program
Compiler –Code Generator stage.
• A code generator takes either an intermediate code or a parse tree produces a target
program.
• Generates code for the target machine, typically:

• Assembly code, or
• Relocatable machine code.
• Properties of the target machine become a major factor
• Code generator selects appropriate machine instructions
• Allocates memory locations for variables
• Allocates registers for intermediate computations

Compiler –Code Improvement stage.
• Code improvement techniques can be applied to:
• Intermediate code – independent of the target machine.
• Target code – dependent on the target machine
• Intermediate code improvement include:

• Constant folding
• Elimination of common sub-expressions
• Identification and elimination of unreachable code (called dead code)
• Improving loops
• Improving function calls
• Target code improvement include:

• Allocation and use of registers
• Selection of better (faster) instructions and addressing modes
Compiler – Interpreter stage.
• Is a program that reads a source program and executes it.
• Works by analyzing and executing the source program commands one at a time.
• Does not translate the source program into object code.
• Interpretation is sensible when:
• Programmer is working in interactive mode and needs to view and update

variables.
• Running speed is not important.
• Commands have simple formats, and thus can be quickly analyzed and executed.
• Modification or addition to user programs is required as execution proceeds
Compiler – Interpreter stage.
• Well-known examples of interpreters:
• Basic interpreter, Lisp interpreter, UNIX shell command interpreter, SQL
interpreter
• In principle, any programming language can be either interpreted or compiled.

• Some languages are designed to be interpreted, others are designed to be
compiled
• Interpreters involve large overheads.
• Execution speed degradation can vary from 10:1 to 100:1

• Substantial space overhead may be involved
Summary.
• Discussed the concept of translator and the relationship between high-level
languages.
• Listed the advantages of high-level languages over translator - readability,

portability, structure and object orientation, generality and error handling.
• Discussed the various types of translators - Assembler, Macro-assembler,

preprocessor, high-level translator and complier.
• Enumerated the various stages in the complier process – Scanning, Parsing, Semantic
Analysis, Intermediate Code Generation, Intermediate Code Optimizer, Target Code
Generator and Target Code Optimizer
Module 30:
Computer Technology and the society.
Objectives
• Describe some of the major impacts of information technology on individuals,
organizations, and society.
• Understand the changes that take place in the workplace and the lives of individuals
when information technology eliminates geographical and spatial barriers.
Content.
1. Computer and community.
2. Impact of IT to society
Computer and community.
• The Problems
• There is a worry that computers have a negative impact on us, our children, and
our society
• Hurts local community vibrancy
• Causes isolation from neighbors
• Erodes family life
• On-line commerce affects real stores and community-based professionals
• Face-to-face gathering
• Emphasis on individual rather than community
• May lead to underdeveloped social skills

• May lead to internet addiction
Computer and community.
• The Positives
• Allows for new ways of doing old tasks

• Teleworking
• Automation
• E-Commerce
• Research
• Greater range of communication
• Online convenience = Real World Freedom
• Greater depth in communication

Impact of IT to Society.
• IT Is Eliminating the Barriers of Time, Space, and Distance.
• One of the most noticeable developments precipitated by information technology

is the elimination of numerous barriers that traditionally separated individuals,
organizations, and societies at different geographic locations.
• In essence, information technology is redefining the entire concept of time,

space, and distance. Proliferation of high-speed data communication networks
that span the globe enables companies to integrate geographically distant
manufacturing and research facilities, link international financial markets, and
even provide customer service from halfway around the world.
• Offshore outsourcing is one of the manifestations of the trend toward

globalization— blurring of geographic barriers—that is accelerated by
information technology.
• Well-educated English-speaking employees residing in countries like India and
the Philippines can perform services demanded by firms based in the United
States, Great Britain, or any other country.
• In fact, outsourcing of white-collar services has already become mainstream,

with software development and call-center operations being among the most
prevalent.
• Furthermore, the outsourcing trends are naturally expanding into such activities
as processing of insurance claims, transcription of medical records, engineering
and design work, financial analysis, market research, and many others.
• From a macroeconomic perspective, the effects of offshore outsourcing are quite

positive: It facilitates a more efficient allocation of human resources by removing
the imperfections introduced by geographical boundaries. On a microeconomic
level, numerous companies will benefit from lower costs of outsourced activities.
• Impacts of Working from Home or Virtual Office.
• All forms of telecommuting working from home (WFH) or a virtual office give
employees greater flexibility in their working locations and hours.
• Working in a virtual office is one way an employee can telecommute by

completing job duties virtually anywhere—a car, hotel room, airport, or any
hotspot
• Potential Benefits of Telecommuting or Virtual Work to Individuals.

• Reduces or eliminates travel related time and expenses.
• Improves health by reducing stress related to compromises made between family
and work responsibilities.
• Allows closer proximity to and involvement with family.
• Allows closer bonds with the family and the community.
• Decreases involvement in office politics
• Increases productivity despite distractions.
• Potential Benefits of Telecommuting or Virtual Work to Organizations.
• Reduces office space needed.

• Increases labor pool and competitive advantage in recruitment.
• Decreases employee turnover, absenteeism, and sick leave usage.
• Improves job satisfaction and productivity
• Potential Benefits of Telecommuting or Virtual Work to Organizations.

• Conserves energy and lessens dependence on foreign oil.
• Preserves the environment by reducing traffic-related pollution and congestion.
• Reduces traffic accidents and resulting injuries or deaths.
• Reduces the incidence of disrupted families when people do not have to quit their
jobs if they need to move because of a spouse’s new job or family obligations.
• Increased employment opportunities for the homebound.
• Allows the movement of job opportunities to areas of high unemployment
• Impacts of IT on Structure, Authority, Power, and Job Content.
• Flat organizational hierarchies.

• IT increases span of control (more employees per supervisor), increases
productivity, and reduces the need for technical experts (due to expert systems).
• Fewer managerial levels will result, with fewer staff and line managers.
• Reduction in the total number of employees, reengineering of business processes,
and the ability of lower-level employees to perform higher-level jobs may result
in flatter organizational hierarchies.
• Change in blue-to-white-collar staff ratio.

• The ratio of white- to blue-collar workers increases as computers replace clerical
jobs, and as the need for information systems specialists increases. However, the
number of professionals and specialists could decline in relation to the total
number of employees in some organizations as intelligent and knowledge-based
systems grow.
• Growth in number of special units

• IT makes possible technology centers, e-commerce centers, decision support
systems departments, and/or intelligent systems departments. Such units may
have a major impact on organizational structure, especially when they are
supported by or report directly to top management.
• Centralization of authority
• Centralization may become more popular because of the trend toward smaller
and flatter organizations and the use of expert systems.
• On the other hand, the Web permits greater empowerment, allowing for more
decentralization. Whether use of IT results in more centralization or in
decentralization may depend on top management’s philosophy.
• Change in power and status

• Knowledge is power, and those who control information and knowledge are
likely to gain power.
• The struggle over who controls the information resources has become a conflict
in many organizations. In some countries, the fight may be between corporations
that seek to use information for competitive advantage and the government (e.g.,
Microsoft vs. the Justice Dept.).
• Elsewhere, governments may seek to hold onto the reins of power by not letting
private citizens access some information (e.g., China’s restriction of Internet
usage).
• Change in Job Content.
• Job content is interrelated with employee satisfaction, compensation, status, and
productivity. Resistance to changes in job skills is common, and can lead to
unpleasant confrontations between employees and management.
• Impacts of IT on personnel issues.
• Shorter career ladders.

• In the past, many professionals developed their abilities through years of
experience and a series of positions that exposed them to progressively more
complex situations.
• The use of IT, and especially Web-based computer-aided instruction, may short-
cut this learning curve.
• Changes in supervision.
• IT introduces the possibility for greater electronic supervision. In general, the
supervisory process may become more formalized, with greater reliance on
procedures and measurable (i.e., quantitative) outputs and less on interpersonal
processes. This is especially true for knowledge workers and telecommuters.
• Impacts of IT on personnel issues.
• Job mobility.
• The Web has the potential to increase job mobility. Sites such as techjourney.com
can tell you how jobs pay in any place in the United States. Sites like
monster.com offer places to post job offerings and résumés. Using
videoconferencing for interviews and intelligent agents to find jobs is likely to
increase employee turnover.
• Impacts on Health and Safety.
• Computers and information systems are a part of the environment that may
adversely affect individuals’ health and safety. To illustrate, we will discuss the
effects of job stress and long-term use of the keyboard.
• Job Stress.
• An increase in workload and/or responsibilities can trigger job stress.
Although computerization has benefited organizations by increasing
productivity, it has also created an ever-increasing workload for some
employees.
• Some workers, especially those who are not proficient with computers, but
who must work with them, feel overwhelmed and start feeling anxious about
their jobs and their job performance. These feelings of anxiety can adversely
affect workers’ productivity.
• Management’s responsibility is to help alleviate these feelings by providing
training, redistributing the workload among workers, or by hiring more
individuals.
• Impacts on Health and Safety.
• Repetitive Strain (Stress) Injuries.

• Other potential health and safety hazards are repetitive strain injuries such as
backaches and muscle tension in the wrists and fingers. Carpal tunnel syndrome is
a painful form of repetitive strain injury that affects the wrists and hands. It has
been associated with the long-term use of keyboards.
• Lessening the Negative Impact on Health and Safety.
• Designers are aware of the potential problems associated with prolonged use of
computers. Consequently, they have attempted to design a better computing
environment. Research in the area of ergonomics (the science of adapting
machines and work environments to people) provides guidance for these designers.
• For instance, ergonomic techniques focus on creating an environment for the
worker that is safe, well lit, and comfortable. Devices such as antiglare screens
have helped alleviate problems of fatigued or damaged eyesight, and chairs that
contour the human body have helped decrease backaches.
• Impacts Social Network.
• A False Sense of Connection

• We see this false sense of connection a lot more within families and relationships.
• One of the biggest enemies in many homes is - time. Complaining that ―There’s
never enough time‖, has become an increasingly common excuse.
• So we sit at the table or we go out; rationalizing that ―we are spending time
together‖. However, there is no real connection taking place with each other, when
each person is on their own media device.
• Focusing problems – easily distracted and loss of ability to concentrate.
• Lack of concern about one-on-one relationships – prioritizing social networking
over face to face family and friend relationships.
• Lessening communication skills – talking less, difficulty articulating thoughts into
words, inattentive when others are speaking.
• Impacts Social Network.
• Unconcerned about obligations in the “real” world – more interested in checking
status updates and communicating on the internet than participating in activities off of
the computer.
• Withdrawal symptoms (agitation, fidgeting, aggressiveness, etc) when unable to
participate in social networking for a period of time.‖
• The digital divide.
• Technologies enabling access to information are not distributed evenly among

various groups of people. For some people, information continues to be a scarce
resource, which puts them at a comparative economic and social disadvantage.
• The gap in computer technology in general, and now in Web technology in

particular, between those who have such technology and those who do not is
referred to as the digital divide.
• This situation has made some people particularly in the third world to be at the
disadvantage.
• Machines Are Performing Functions Previously Performed by Humans
• One of the distinguishing traits of humankind is the continuous quest to find tools
and techniques to replace human work and manual labor. Information technology
greatly accelerates this process and allows machines to perform a variety of
complex functions, which, in the past, could be performed only by humans.
• Robotics offers a clear example of information technology eliminating the need for
human labor. Computerized transaction processing systems, automated teller
machines, intelligent scheduling software, and voice recognition systems illustrate
information technology’s capability to replace administrative and clerical work.
• Moreover, artificial intelligence and expert systems are now able to perform the
work of white-collar professionals. As functionality of machines and computer
systems continues to evolve, it will transform societies by influencing such critical
factors as the quality of life, the dynamics of labor markets, and the nature of
human interactions.
• Quality of life
• Refers to measures of how well we achieve a desirable standard of living. For

example, the use of robots in uncomfortable or dangerous environments is one of
the primary ways of improving the quality of life with information technology.
• For decades, robots have been used to replace physically demanding or tedious
activities in manufacturing plants. Robots and other quasi-autonomous devices
have become increasingly common on farm fields, in hospitals, and even in private
homes, improving the quality of life of numerous people.
• Impact on labour market.

• One of the most prominent concerns is the fear that due to technological advances,
machines will replace millions of workers, leading to mass unemployment. Robots
and office automation systems are effectively competing with humans for blue-
collar and clerical jobs. It is important to note that white-collar occupations are not
immune to the impact of information technology either.
Summary.
• Discussed the various impact of technology on the:
• Individual
• Community
• Organization.

Islamic Online University: Course: Computer 101

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Islamic Online University: Course: Computer 101

Uploaded by

Copyright:

Available Formats

Islamic Online University

Course: Computer 101

• Obtain an understanding of general concepts database.

• Become familiar with the concept of database design

• To understand the characteristics of a database

• Learn more about various types of database.

3. Introduction to Database Management System.

4. Data Model and types of data model.

• Confirm problems or issues

• Data storage: The segregated data has to be stored properly.

• Data arranging: It is very important to arrange the data properly

• Data Coding: Data will be coded for easy reference.

• Database Management System.

• The collection of data, usually referred to as the database, contains information

• Database systems are designed to manage large bodies of information. Management

• Data independency: Application program should not be exposed to details of data

• Efficient data access: DBMS utilizes a variety of sophisticated techniques to store

• Reduced application development time: DBMS supports important functions that

• Complexity: A database system creates additional complexity and requirements. The

• Qualified Personnel: The professional operation of a database system requires

• Lower Efficiency: A database system is a multi-use software which is often less

• Performance: Optimizing the performance of the queries is one of the important

• Communications tool to facilitate interaction among the designer, the applications

• Good database design uses an appropriate data model as its foundation

• The types of data model are:

• A unique student identifier must be assigned to each student.

• A relationship is an association among several entities. For example, a course

• The overall logical structure (schema) of a database can be expressed graphically by

• A unique student identifier must be assigned to each student.

• A relationship is an association among several entities. For example, a course

• The overall logical structure (schema) of a database can be expressed graphically by

• Rectangles represent entity sets.

• Diamonds represent relationship sets

• Ellipses represent attributes – Double ellipses represent multivalued attributes –

• Underline indicates primary key attributes

• The data is arranged in a relation which is visually represented in a two dimensional

• Substantial hardware and system software overhead

• The need for data

• The methods of data management

• Discussed data base management system.

• Difference between file system and DBMS

• Advantages and disadvantages of DBMS

Course: Computer 101

• Obtain an understanding of what is regarded as a system.

• Become familiar with the concept of Software development life cycle

• To understand the characteristics of system analysis.

• Learn more about the role of system analyst.

4. Types of system analysis

5. Software development life cycle.

• Systems development can generally be thought of as having two major components:

• Systems design is the process of planning a new system or replace or complement an

• A system is an orderly grouping of interdependent components linked together

• A well-designed system also includes an additional element referred to as ‗control‘

• Organization implies structure and order. It is the arrangement of components

• In the design of a business system, for example, a computer system is designed

• In an organization, for example, purchasing must interact with production,

• The inter-relationship between these components enables the computer to

• They are coordinated and linked together in a planned way to achieve an

• Central objective is the last characteristics of a system.

• It would be better in such cases to prepare a cost-benefit analysis to convince the

• The essential elements of inputs are:

• Physical or Abstract Systems