Itm Lecture 4

INFORMATICS Information Technology Management

Lecture 4

2rd January 2008 ITM Lecture 4 Advanced Diploma (Thames College)

1

Information o at o Tec Technology o ogy Management a age e t

U i 77: D Unit Design i and dD Development l and d Evaluation of Systems

ITM Lecture 4 Advanced Diploma (Thames College)

2

Processing P ocess g Techniques Tec ques z The

Processing Methods for a system can be divided into: z Online

Processing z Real-time Real time Processing z Batch Processing

ITM Lecture 4 Advanced Diploma (Thames College)

3

Onlinee Processing O P ocess g z

z z z

Online processing refers to a situation where devices called Terminals are connected directly to the computer so that input may be made at any time and the user is able to immediately and directly access data stored in the computer. Online processing is done on a multi-user basis. I Interactive i processing i refers f to a situation i i in i which hi h the h user interacts with the computer. The term Interactive Processing is sometimes used to describe online and real-time processing collectively. ITM Lecture 4 Advanced Diploma (Thames College)

4

Real-time ea t e Processing P ocess g Any data that is received must be immediately processed and updated into the database z Actual A l status off events or records, d transactions i are dealt with as events occur z Database mirrors reality z Real-time Real time system s stem always al a s online z Online system not always real-time z Many system today are both online-real-time systems E.g. systems. E g Banking ATM z

ITM Lecture 4 Advanced Diploma (Thames College)

5

Batch atc Processing P ocess g A method of collectingg and processing p g data in which transactions are accumulated and stored until a specified time when it is convenient or necessary z Batch processing is an economical method d for processing large volumes of data on a routine basis. z An example of batch processing is the processing of overtime claims in a payroll system. z

ITM Lecture 4 Advanced Diploma (Thames College)

6

Interface te ace of o Online O e Systems Syste s z

Commands z

z

z

One method of interacting with the computer is for the user to keyy in commands. This does not contribute to ease of use, since commands must be remembered and mistakes are easilyy made.

Menus z

Menus may list different applications, such as sales ledger purchase ledger or stock control routines, ledger, routines from which the user is guided to sub-menus according to the option p selected. ITM Lecture 4 Advanced Diploma (Thames College)

7

Configuration g for Real-time System y z z

Support pp immediate telecommunications and interactive processing A powerful computer server, server with terminals (e.g (e g microcomputers) at each user site, connected by telecommunications equipment like modems and leased lines

ITM Lecture 4 Advanced Diploma (Thames College)

8

Procedure for Batch Data Processingg z Prepare

Batch Control Sheets z Send batch data to Data Preparation z Check Batch Control Sheets z Enter Data z Validate Data z Process Data

ITM Lecture 4 Advanced Diploma (Thames College)

9

Procedure for Batch Data Processing -Prepare Prepare Batch Control Sheets z Before

sending the batch to data preparation, the number of cards is counted d andd noted d on a b batch h controll sheet. z The total number of hours worked for all the cards is added and also noted on the sheet. ITM Lecture 4 Advanced Diploma (Thames College)

10

Procedure for Batch Data Processing -Send Send Batch Data to Data Preparation z The

batch control sheet is sent with the batched data and a copy is retained in the i i i i ddepartment. initiating

ITM Lecture 4 Advanced Diploma (Thames College)

11

Procedure for Batch Data Processing -Check Check Batch Control Sheets z When

the cards arrive at data preparation, the cards are counted and the total hours checked h k d against i t the th control t l sheet. h t z Any y discrepancies p are checked with the initiating department. z Based B d on the h b batch h controls l sheet, h iit will ill b be possible to determine whether anyy cards have p been mislaid or altered in transit. ITM Lecture 4 Advanced Diploma (Thames College)

12

Procedure for Batch Data Pr Processing in -Enter Ent r D Data t The data is keyed using a keyboard and stored on disk. z This Thi step is i sometimes i called ll d key k punching hi which is an old term from days when punch cards were the main medium for input data. z When punch cards are used used, the data is translated into a machine readable form by punching hi h holes l iin th the cards, d which hi h are llater t read d by a reading machine. z

ITM Lecture 4 Advanced Diploma (Thames College)

13

Procedure for Batch Data Pr Processing in -Validate V lid t Data D t z Validation

of data is done to minimize inaccuracies.

ITM Lecture 4 Advanced Diploma (Thames College)

14

Procedure for Batch Data Processing -Process Process Data z The

data is now complete, complete validated and therefore ready for processing.

ITM Lecture 4 Advanced Diploma (Thames College)

15

OLTP O TP vs. OLAP O P

ITM Lecture 4 Advanced Diploma (Thames College)

16

On Linee Transaction O T a sact o Processing P ocess g z

On Line Transaction Processing (OLTP) Maintains a database that is an accurate model of some real-world real world enterprise. enterprise z Supports day-to-day operations. z Characteristics: z

Short simple transactions z Relatively frequent updates z Transactions access only a small fraction of the database z

ITM Lecture 4 Advanced Diploma (Thames College)

17

On Linee Analytic O a yt c Processing P ocess g z On

Line Analytic Processing (OLAP)

z Uses

information in database to guide strategic decisions. z Characteristics: z Complex

queries z Infrequent I f updates d z Transactions access a large fraction of the database z Data need not be up-to-date p ITM Lecture 4 Advanced Diploma (Thames College)

18

Data ata Warehouses Wa e ouses z OLAP

and Data Mining databases are frequently stored on special servers called D Data W Warehouses: h z Can

accommodate the huge amount of data generated by OLTP systems z Allow All OLAP queries i and d ddata mining i i to b be run off-line so as not to impact the performance of OLTP ITM Lecture 4 Advanced Diploma (Thames College)

19

Data ata Miningg z

Analysis of large pools of data to find patterns and rules that can be used to guide decisionmaking and predict future behavior. behavior

ITM Lecture 4 Advanced Diploma (Thames College)

20

OLAP O P vs. Data ata Miningg z OLAP

tools are front front-end end tools used by users to analyze data that are stored usually i a data in d warehouse. h z Data Mining is an example of an OLAP that enables detection of patterns and trends in large databases.

ITM Lecture 4 Advanced Diploma (Thames College)

21

Va dat o Validation Before data can be updated into the database, it must be checked for errors. z This Thi validation lid i can b be ddone iin b both h online li and d batch processing. z

Presence Checks z Format Checks z Range Checks z Reasonableness R bl Ch Checks k z Check Digits z

ITM Lecture 4 Advanced Diploma (Thames College)

22

Validation Va dat o - P Presence ese ce Checks C ec s In this instance, the input data is examined to ensure that all the necessary data items, or fields, are present present. z In the payroll example, a presence check would ensure that fields such as the date of the periodp y number and the hours end,, the employee worked, are present. z Any A sett off data d t failing f ili this thi test t t would ld be b rejected. z

ITM Lecture 4 Advanced Diploma (Thames College)

23

Validation Va dat o - Fo Format at Checks C ec s z This

check ensures that the format of the data in a field is correct, i.e. the correct number b off letters l andd numbers, b iin the h correct order. z If a field is numeric, then any alphabetic data would be rejected.

ITM Lecture 4 Advanced Diploma (Thames College)

24

Validation Va dat o - Range a ge Checks C ec s z This

is a check that numbers or codes are within an accepted range. z Employee payroll numbers, for example, could be subjected to this sort of check. check z Any y employee p y number which does not fall into the accepted range could be assumed to be either a mistake or a deliberate falsehood. ITM Lecture 4 Advanced Diploma (Thames College)

25

Validation - Reasonableness V b Checks z These

are a form of range check which would reject items which are unreasonable. z A claim that an employee has worked 25 hours in a day day, for example example, would fail this test.

ITM Lecture 4 Advanced Diploma (Thames College)

26

Validation Va dat o - C Check ec Digits g ts z z z

z z z

One of the most common type of mistakes is to transpose the figures in a number. The check digits validation check is a method of minimizing the occurrence of transposition. It is a mathematical technique in which the digits form the number b are used d iin a mathematical h i l process, the h result l off which hi h is appended to the original number as the check digit. The number can then be tested using the same mathematical process. If the result is the same check digit, digit then the likelihood of transposition is minimal. If it is different then the number has been transposed. ITM Lecture 4 Advanced Diploma (Thames College)

27

Information o at o Tec Technology o ogy Management a age e t Unit 8: Securityy andd Control,, System y Development Life Cycle

ITM Lecture 4 Advanced Diploma (Thames College)

28

Security and Control, System Development Life Cycle

Ethics and Social Issues

ITM Lecture 4 Advanced Diploma (Thames College)

29

What W at aaree Computer Co pute Ethics? t cs? z Moral

guidelines that govern use of computers and information systems z Unauthorized

use of computer systems z Information privacy z Intellectual property rights z Software theft (piracy) z Information accuracy z Codes of conduct ITM Lecture 4 Advanced Diploma (Thames College)

30

What do yyou think about ethical issues?

ITM Lecture 4 Advanced Diploma (Thames College)

31

Whyy is Information Accuracyy Important? p z

z

Inaccurate input p can result in erroneous information and incorrect decisions based on that information Evaluate Web page's value before relying on its content t t

ITM Lecture 4 Advanced Diploma (Thames College)

32

What are the Ethics of Using C mp t r tto Alt Computers Alterr O Output? tp t? z Alteration

could lead to deliberately misleading photographs

ITM Lecture 4 Advanced Diploma (Thames College)

33

Intellectual te ectua Property P ope ty Rights g ts Intellectual property (IP) refers to work created by inventors, authors, and artists z Intellectual I ll l property rights i h are rights i h to which hi h creators are entitled for their inventions, writings, and works of art z

ITM Lecture 4 Advanced Diploma (Thames College)

34

IT T Code of o Co Conduct duct z Written

guideline that helps determine whether h h specific ifi p action is computer ethical or unethical

ITM Lecture 4 Advanced Diploma (Thames College)

35

Security and Control, System Development Life Cycle

Security and Control

ITM Lecture 4 Advanced Diploma (Thames College)

36

Security Secu ty and a d Controls Co t o s z

z z z z z

Data, software so twa e and a d hardware a dwa e are a e valuable va uab e resources esou ces and a d must ust be kept ept secure from being wrongly changed or being destroyed accidentally or deliberately. Data must also be secured against wrongful disclosure. A hardware fault or a telecommunications fault, can suffer financial loss. loss Confidential data which is being word processed might be vulnerable to unauthorized access. The Data Protection Act 1994 incorporates a principle that computerized personal data be kept secure against wrongful disclosure. If computerized data is not protected properly, there will also be scope for computer fraud. ITM Lecture 4 Advanced Diploma (Thames College)

37

Problems Associated with Computers p z

Data processing by computer created extra problems for control because of its special characteristics: h i i Inaccuracy of Programs and Data z Lose Data on File z Unauthorized Access z No Logging and Tracing z Dishonest Programmers z Accidental Error Cause Problems z

ITM Lecture 4 Advanced Diploma (Thames College)

38

Inaccuracy accu acy of o Programs P og a s and a d Data ata z Large

volumes of data are concentrated into files that are physically very small. z Large quantities of data are processed without ith t human h intervention, i t ti andd so without humans knowingg what is going g g on. z This places great reliance on the accuracy off programs andd off data d on file. fil ITM Lecture 4 Advanced Diploma (Thames College)

39

Lose ose Data ata on o F Filee z Equipment

can malfunction, malfunction data files can become corrupt and store meaningless data, data can get lost when files are copied, and data files are susceptible to loss through theft, flood or fire.

ITM Lecture 4 Advanced Diploma (Thames College)

40

Unauthorized U aut o ed Access ccess Unauthorized people can gain access to data on files, and read confidential data or tamper with the h ddata. z This is a p particular p problem with on-line systems y because access to a computer program and master file can be from any remote terminal. terminal z It is even possible for Hacker to use their computers to gain access to files and programs y of other systems. z

ITM Lecture 4 Advanced Diploma (Thames College)

41

No Logging ogg g and a dT Tracing ac g z Information

on a computer file can be changed without leaving any physical trace of the change. z It does d nott help h l matters tt that th t computers t lack jjudgment g and errors in data processing by computer can go undetected when this would not be the case with manual data processing. ITM Lecture 4 Advanced Diploma (Thames College)

42

Dishonest s o est Programmers P og a es z

z

z

Programmers are experts experts, and with careful planning planning, dishonest programmers can tamper with programs to their o own n benefit benefit. A case has been recorded, for example, of a programmer who arranged for all fractions of a penny in salaries to be paid into a bank account which the programmer opened and from which he y took the money. Several thousand payments mounted up over time into substantial sums of money. money ITM Lecture 4 Advanced Diploma (Thames College)

43

Accidental cc de ta Error o Cause Problems P ob e s What is to stop a computer operator from using a disk containing master file data to take output f from a different diff program?? z If this were done,, the data on the master file could be wiped out. z This Thi is i such h an important i p t t source off potential p t ti l error that controls to prevent this from happening should be built into nay computer y system. z

ITM Lecture 4 Advanced Diploma (Thames College)

44

The N Need for Securityy and Controls z Computer

systems controls must be maintained regardless of the size of application or method of processing (batch or real time) time). z If certain controls are difficult to establish in a microcomputer system (for example, division of responsibilities), responsibilities) more emphasis must be placed on other controls. ITM Lecture 4 Advanced Diploma (Thames College)

45

Thee Risks T s s to Data ata z The

dangers associated with information storage magnetic medium include the following: z Physical

Security z Environmental Security z Loss of Confidentiality z Processing P i the th Wrong W File Fil z Hardware or Program g Corruption p ITM Lecture 4 Advanced Diploma (Thames College)

46

The Risks to Data - Physical y Securityy z Tapes

or disks can be stolen stolen, mislaid or damaged or destroyed by fire, flood or vandalism.

ITM Lecture 4 Advanced Diploma (Thames College)

47

The Risks to Data - Environmental Securityy z Tapes

and disks are susceptible to magnetic fields, dust and extremes of temperature and humidity. z Although Alth h in i modern d PCs PC the th problems bl off environmental control have been reduced, they are still quite important.

ITM Lecture 4 Advanced Diploma (Thames College)

48

The Risks to Data - Loss of Confidentialityy z Information

stored in magnetic fields may be accessed by unauthorized persons. z This is a particular problem in larger systems t with ith remote t terminals, t i l or in i time ti p bureau applications. pp sharingg or computer

ITM Lecture 4 Advanced Diploma (Thames College)

49

The Risks to Data - Processing Pr in th the Wr Wrong n Fil File z Since

data is in magnetic form, form and not visible, the wrong file could be read, or a file could be overwritten when its data is still needed. needed

ITM Lecture 4 Advanced Diploma (Thames College)

50

The Risks to Data – H rd r orr Pr Hardware Program r mC Corruption rr pti n z Hardware

or software faults may damage or destroy the data on files.

ITM Lecture 4 Advanced Diploma (Thames College)

51

Co t o s Controls z

Controls which can be implemented p to counter the risks fall into two categories. z

General Controls ensure that the computer environment is secure. They fall into two groups. Administrativee Controls are Administrati r ddesigned si n d tto support s pp rt th the smooth continuing operation of systems. z System Development Controls are designed to ensure that any new system does not present new risks to the environment. z

z

Application Controls are built into operations, and ensure that processed data is accurate and complete. ITM Lecture 4 Advanced Diploma (Thames College)

52

Administrative d st at ve Controls Co t o s z

z z

z

Some controls can be applied at relatively small cost, simply by introducing sensible administrative and organizational measure. Administrative controls are controls over data and data securityy that are achieved byy administrative measures. They should be applied in the data processing department or computer centre, department, centre where an organization is large enough to have one, and in other offices. With PC systems, systems administrative controls will ill include incl de controls over handling the computer hardware, software and files. files ITM Lecture 4 Advanced Diploma (Thames College)

53

Administrative d st at ve Controls Co t o s z Administrative

controls should include:

z Controls

over Personnel z The Segregation of Duties z Physical Ph i l Security S i z Access Controls z Protection Against Hacking and Viruses z Good G d Office Offi Practice P i z Back-up p and Standbyy Facilities ITM Lecture 4 Advanced Diploma (Thames College)

54

Controls Co t o s over ove Personnel Pe so e z

Controls related to personnel, personnel which were developed before the advent of computers: z z z

Job rotation Enforced vacations Access to information granted not on the basis of rank in the management hierarchy or precedent, but on a need-to-know basis

Some employees, such as the systems analyst and the computer security officer, are always in a position of trust. z A well-designed security system puts a few people as possible in this p p powerful p position. z

ITM Lecture 4 Advanced Diploma (Thames College)

55

Thee Segregation T Seg egat o of o Duties ut es Work should be divided between systems analysts, programmers and operating staff, and operations jobs themselves should be divided between data control, data preparation and computer r room operations. p r ti z The functions of an organization structure are: z

z

z

z

To assign responsibility responsibilit for certain tasks to specific jobs and individuals. To p prevent fraud.

Duties may be segregated by ensuring that no member of staff works more than of: z z z

Data capture and entry Computer operations Systems analysis and programming ITM Lecture 4 Advanced Diploma (Thames College)

56

Physical P ys ca Security Secu ty z Physical

security comprises two sorts of controls: z Protection

against disasters such as fire and

flood z Protection against intruders gaining physical access to the h system

ITM Lecture 4 Advanced Diploma (Thames College)

57

Physical Security – Pr t ti n Against Protection A in t Disasters Di t r z

z z

The p physical y environment has a major j effect on information system security and so planning it properly is an important p p part of an adequate q securityy plan. p Fire is the most serious hazard to computer systems. A proper fire safety plan is an essential feature of security procedures. Fire safety includes: z

z z z

Site preparation Si i ((appropriate i Building B ildi Materials M i l andd Fire Fi Doors) Detection (Smoke Detectors) Extinguishers (such as Sprinklers) Tr i i for Training f r St Staff ff in i Observing Ob r i Fir Fire SSafety f t Procedures Pr d r ITM Lecture 4 Advanced Diploma (Thames College)

58

Physical Security – Pr t ti n Against Protection A in t Intruders Intr d r z

Methods of controlling human access include: z z z

Personnel (security guards) Mechanical devices (such as keys, keys whose issue is recorded) Electronic identification devices (such as card-swipe systems, where cards are p passed trough g readers))

It may not be cost effective or convenient to have the same type yp of access controls in the whole buildingg all of the time. z The various security requirements of different departments should be estimated,, and appropriate pp p boundaries drawn. z Some areas will be very restricted, whereas others will be relativelyy open. p z

ITM Lecture 4 Advanced Diploma (Thames College)

59

Physical Security – Ph i l Installation Physical In t ll ti n Security S rit z

Measures Meas res to ensure ens re physical ph sical security sec rit in the computer room are as follows: z

z

z

z

Computer rooms should be kept locked when not in use and only authorized personnel should have keys. Computers files should be kept locked in a safe place, such as a fireproof safe. The physical conditions in which the hardware and files are kept should be suitable, that is not too hot, damp or rusty. Measures should be taken to minimize the risks of fire. ITM Lecture 4 Advanced Diploma (Thames College)

60

Access ccess Controls Co t o s z Access A

controls t l are controls t l designed d i d to t prevent unauthorized access to data files p or programs. z Access A controls l which hi h can b be b built il iinto y software are: system's z Passwords z Encryption

and Authentication (Data Communications Controls)) ITM Lecture 4 Advanced Diploma (Thames College)

61

Passwo ds Passwords z Passwords P d

can be b applied li d to t data d t files, fil program files an parts of a program. z The computer does not allow a user access to the relevant facilities until he has typed in the appropriate password. One password may be required to read a file and another to write new data. z The terminal user can be restricted to the use of certain files and programs. programs z

ITM Lecture 4 Advanced Diploma (Thames College)

62

Limitation tat o of o Passwords Passwo ds z

z

Passwords ought to be effective in keeping out unauthorized users, but they are by no means foolproof. foolproof Experience has shown that unauthorized access can be obtained. b i d z

z

By experimenting with possible passwords, an unauthorized person can gain i access to a program or fil file by b guessing i the h correct password. Someone who is authorized to access a data or program file may tell an unauthorized person what the password is, perhaps p p through g carelessness. ITM Lecture 4 Advanced Diploma (Thames College)

63

Encryption c ypt o and a d Authentication ut e t cat o z

When data is transmitted o over er a comm communication nication link or within a network, there are three security dangers: z z z

A hardware fault Unauthorized access by an eavesdropper Direct intervention byy someone who sends false messages down a line, claiming to be someone else, so that the recipient of the message will think that it has come from an authorized source.

ITM Lecture 4 Advanced Diploma (Thames College)

64

What W at iss Encryption? c ypt o ? Encryption E r pti iis th the only l secure r way tto pr preventt eavesdropping. z Encryption involves b g the data at one scrambling end of the line, transmitting the scrambled data and unscrambling it at the h receiver's i ' end d off the h line. z

ITM Lecture 4 Advanced Diploma (Thames College)

65

What W at iss Authentication? ut e t cat o ? z

Authentication is a technique to make sure that a message has come form an authorized sender.

z

Authentication involves adding an extra field to a record, with the contents of this field derived from the remainder of the record d by b applying a formula that has previously b been agreed db between senders d and the recipients of data. ITM Lecture 4 Advanced Diploma (Thames College)

66

Protection against g Hackingg and Viruses z As A

it becomes b common ffor computers t to t communicate over longg distances, the risk of corruption or theft of data or even whole programs becomes much greater. greater z Two interconnected security y issues are Hacking and Viruses.

ITM Lecture 4 Advanced Diploma (Thames College)

67

Hac g Hacking A Hacker is a person who attempts to invade the privacy of a computer system. z Hackers are normally skilled programmers and have been known to find out passwords with ease. z The fact that billions of bits of information can be transmitted in bulk over the public telephone network has made it hard to trace individual hackers hackers, who can therefore make repeated attempts to invade systems. z Hackers have in the past mainly been concerned to copy information, but a recent trend has been their desire to corrupt it. z

ITM Lecture 4 Advanced Diploma (Thames College)

68

V uses Viruses A computer virus is a piece of software which infects programs and data and which replicates itself. z Viruses can spread via data disks, disks but have been known to copy themselves over whole networks. z The most serio seriouss type t pe of virus ir s is one which hich infects an operating system as this governs the whole running of a computer system system. z There are a number of types of virus. z

z z z

A Trojan A time bomb A trap door ITM Lecture 4 Advanced Diploma (Thames College)

69

Viruses V uses - T Trojan oja z z

z

A Trojan is a program is a piece of code triggered by certain events. A program will ill b behave h normally ll untilil a certain i event occurs, for example disk utilization reaches a certain i percentage. A logic bomb, by responding to such conditions, maximizes damage. z

For example, it will be triggered when a disk is nearly full, or when a large number of users are using the system.

ITM Lecture 4 Advanced Diploma (Thames College)

70

Viruses V uses - T Timee Bomb o b zA

time ti bomb b b iis similar i il tto a logic l i bomb b b except p that it is triggered gg at a certain date. z Companies have experienced virus attacks on April A il F Fool's l' D Day and d on F Friday id 13th 13 h . z These were released by time bombs. bombs

ITM Lecture 4 Advanced Diploma (Thames College)

71

Viruses V uses - T Trap ap Door oo A trap tr p door d r is i not n t it itself lf a virus, ir b butt it is i an n undocumented entry point into a computer system. z It is not to be found in design g specifications p but may be put in by software developers to enable them to bypass access controls while working on a new piece of software. z Because B it i is i not documented, d d it i may be b forgotten f and used at a later date to insert a virus. z

ITM Lecture 4 Advanced Diploma (Thames College)

72

Protection P otect o Against ga st Viruses V uses z

How can organizations protect themselves against viruses? z

z

z

z

z

z

Vaccine programs exist which can deal with some viruses, but if the virus lives in the bootstrap program, the virus can work before the vaccine is loaded. loaded Organizations must guard against the introduction of unauthorized software to their systems. O Organizations i i should h ld as a matter off routine i ensure that h any risk ik received from outside with data on it is virus-free before the disk is used. Any flaws in a widely used program should be rectified as soon as they come to light There should be a clear demarcation between the storage of data files and program files on disk. Organizations need to establish procedures and reviews to minimize the chances of infection. Virus protection controls should become part of the internal control system of an organization. ITM Lecture 4 Advanced Diploma (Thames College)

73

Good O Office ce P Practice act ce z

There are several points of good practice which can together make a major contribution to the integrity of a system. z

Data is often shared between users. There should be a designated data owner for each file, responsible for: z z z

z

z z

z

Keeping data accurate and up to date Deciding who should have access to the data Developing security procedures in conjunction with the data security manager

If a computer p t printout p i t t is i likely lik l to t include i l d confidential fid ti l data, d t it should h ld be b shredded before being thrown away. Disks should not be left lying around an office. The computer's environment (humidity, temperature and dust) should be properly controlled. Files should sho ld be backed up p regularly. reg larl ITM Lecture 4 Advanced Diploma (Thames College)

74

Maintenance a te a ce and a d Support Suppo t z

All computers are covered by some kind of warranty from the manufacturer when they are bought new. What should the computer p user do after the warrantyy period p has expired? p z

Ask a third party computer repair company to come in and do the repair work. The drawbacks to this are that: z

z

z

z

Repair companies give priority treatment to contract customers. One-off One off repair charges will be very high. high

The user can arrange a maintenance contract with the manufacturer or a third party repair company. A third option is breakdown insurance, which provides cover for breakdowns and certain consequential losses. ITM Lecture 4 Advanced Diploma (Thames College)

75

Back-up ac up aand d Sta Standby dby Facilities Fac t es A major aspect of system security is to ensure provision of the required services continuously without deterioration in performance. z For many applications this will require that some duplication in the system be tolerated or even discouraged. z Administrative controls should be introduced: z

z

To enable file data to be recreated when a file is lost or corrupted;

z

To provide stand-by hardware facilities whenever a hardware item breaks down.

ITM Lecture 4 Advanced Diploma (Thames College)

76

Recreating File Data when a File is L t orr Corrupted Lost C rr pt d One of the worst things that could happen in data processing by computer is the loss of all the data on a master file or the loss of a program. z Files might be physically lost, physically damaged and become unreadable. z Controls are therefore needed to enable a data or program file fil to be b created d if the h original i i l iis lost or corrupted. z

ITM Lecture 4 Advanced Diploma (Thames College)

77

Business us ess Continuity Co t u ty Planning Pa g A disaster is anyy securityy event which can cause a significant disruption to the IT capabilities for long enough to affect the operations of an organization. z Organizations O i i must prepare ffor disasters di so that h they are able to recover form one should it happen. z A Disaster Recovery Plan (DRP) is also known as a Contingency Plan or a Business Continuity Plan (BCP) (BCP). z

ITM Lecture 4 Advanced Diploma (Thames College)

78

Resumption esu pt o after a te a Crisis C ss The key to successful recovery is adequate preparation. z Seldom does a crisis destroy irreplaceable equipment; q p most computing p g equipment q p systems personal computers to mainframes - are standard, "off the shelf systems y that can easilyy be replaced. p z Data and locally developed programs are more vulnerable, l bl since i th these cannott be b quickly i kl substituted from another source. z

ITM Lecture 4 Advanced Diploma (Thames College)

79

Backup ac up A Backup is a copy of all or part of a file to assist in re­establishing a lost file. z A Complete p Backup p is copying py g everything y g on the system y (including system files, user files, scratch files, and directories) and done at regular times, so that the system can be regenerated after a crisis. z In critical transaction systems this problem is solved by keeping a complete l recordd off changes h since i the h llast b backup. k z If a system handles bank teller operations, the individual tellers duplicate their processing on paper records; if the system fails, fails people can start with the backup version and reapply all changes paper p copies. p from the collected p z

ITM Lecture 4 Advanced Diploma (Thames College)

80

Off-site O s te Backup ac up z z

z z z

A backup copy is useless if it is destroyed in the crisis. crisis Major computing installations rent warehouse space some distance di t fr from th the computing p ti system, t in i some cases 15 or 20 miles away. A ab As backup k is completed, l d it is transported d to the h backup site. Keeping a backup version separate from the system reduces the risk of its loss. Similarly, the paper trail is also stored somewhere other than at the main computing p g facility. y ITM Lecture 4 Advanced Diploma (Thames College)

81

Auditing ud t g z

z

Implementing controls in an organization can be very complicated and difficult to enforce. Are controls installed as intended? Are they effective? Did any breach of security occur? These and other questions need to be answered by independent and unbiased observers. Such observers perform an auditing task. There are ttwo o types t pes of audits. a dits z

z

The Operational Audit determines whether the IT department is working properly properly. The Compliance Audit determines whether controls have been implemented properly and are adequate. adequate ITM Lecture 4 Advanced Diploma (Thames College)

82

Risk s Management a age e t z

z

It is usually not economical to prepare protection against every possible threat. An IT security rit pr program r m must provide a process for assessing threats and deciding which ones to prepare for and which ones to ignore. ITM Lecture 4 Advanced Diploma (Thames College)

83

Security and Control, System Development Life Cycle

System Development Life Cycle

ITM Lecture 4 Advanced Diploma (Thames College)

84

What is System y Development p Life Cycle? y The System Development Life Cycle (SDLC) is the set of z activities i i i that h analysts, l ddesigners i and d users carry out to develop an implement an information system. z

ITM Lecture 4 Advanced Diploma (Thames College)

85

System Development Syste eve op e t Lifee Cycle Cyc e The System Development Life Cycle (SDLC) method is classically thought of as the set of activities that analysts, analysts designers and users carry out to develop and implement an information system. z In most business situations, situations the activities are all closely related, usually inseparable, and even the order of the steps in these activities may be difficult to determine. z Different parts of a project can be in various phases at the same time, with some components undergoing analysis y while others are at advanced design g stages. g z

ITM Lecture 4 Advanced Diploma (Thames College)

86

System Development Syste eve op e t Lifee Cycle Cyc e zT Thee

systems sys e s development deve op e lifee cycle cyc e method e od consists of the following phases: Preliminary Investigation (include Feasibility Study) z Determination D t i ti off System S t Requirements R i t z Design of System z Development of Software (include Programming) z Systems y Testingg z Implementation z Post-implementation Post implementation z

ITM Lecture 4 Advanced Diploma (Thames College)

87

Preliminary P e a y Investigation vest gat o A request to receive assistance from information systems can be made for many reasons, but in each case someone ((a manager, g , an employee, p y , or a systems y specialist) initiates the request. z The major task in this phase is the Feasibility Study. z The key issue is to determine the likelihood of success in the project such as examining which technology to be used. z The Costs and Benefits of the project would also be evaluated to ensure that the project has positive returns. e s. z

ITM Lecture 4 Advanced Diploma (Thames College)

88

Determination of Systems y Requirements q The analysts would study the existing system and examine the problems. z As A th the ddetails t il are gathered, th d the th analysts l t identify id tif features the new system should have, including b h the both h iinformation f i and d the h system should h ld produce and operational features such as processing i controls, l response times, i and d iinput and output methods. z The user plays a major role in defining their q requirements. z

ITM Lecture 4 Advanced Diploma (Thames College)

89

Design es g of o System Syste z The

design of an information system produces the details that state how a system will meet the requirements req irements identified during d ring systems analysis. z There are various aspects to systems design. Design the Input z Design the Processing z Design D si n the th Output O tp t z Design the Storage z

ITM Lecture 4 Advanced Diploma (Thames College)

90

Design g of System y - Design g the Input p z The

systems design also describes how data is to input. z This includes the design of input screens, etc.

ITM Lecture 4 Advanced Diploma (Thames College)

91

Design g of System y - Design g the Processingg z The

systems design also describes how the data will be processed. z Individual data items and calculation procedures are written in detail. p

ITM Lecture 4 Advanced Diploma (Thames College)

92

Design g of System y - Design g the Output p Systems analysts begin the design process by identifying reports and other output the system will produce. produce z Then the specific data on each are pinpointed. z Designers sketch the form or display as they expect it to appear when the system is complete. z This may be done on paper or on a computer display, using one of the automated system design tools available. z

ITM Lecture 4 Advanced Diploma (Thames College)

93

Design g of System y - Design g the Storage g z Designers

define the database and select storage devices, such as magnetic disk, magnetic i tape, or even paper files. fil

ITM Lecture 4 Advanced Diploma (Thames College)

94

Development eve op e t of o Software So twa e z When

the system design is approved, approved the detailed development work begins. z This involves the actual programming work together g with database setup p etc. that are all bases on the systems design.

ITM Lecture 4 Advanced Diploma (Thames College)

95

Systemss Testing Syste Test g z z z

z z

Du g syste During systemss testing, test g, the t e testing test g iss used experimentally e pe e ta y to ensure that the software does not fail. Special test data are input for processing, and the results examined. A limited number of users may be allowed to use the system so analysts l t can see whether h th they th try t to t use it in i unforeseen f ways. It is preferable to discover any surprises before the organization implements the system and depends on it. In manyy organizations, g , testingg is performed p byy persons p other than those who wrote the original programs to ensure more complete and unbiased testing and more reliable software. ITM Lecture 4 Advanced Diploma (Thames College)

96

Implementation p e e tat o z Many

activities take place during the implementation phase. z Each of these is done to prepare the user p or the environment for the operational usage of the system that has been developed. developed z Site

Preparation z Training ITM Lecture 4 Advanced Diploma (Thames College)

97

Implementation p e e tat o - SSite te Preparation P epa at o z The

worksite must be prepared before the system can be used operationally. z Workstations must be set up with adequate p for the p personal computer, p ,p printer,, space modem, etc. z Power P supply l andd lights li h must be b installed i ll d or enhanced. Then the actual equipment must be installed and tested. ITM Lecture 4 Advanced Diploma (Thames College)

98

Implementation p e e tat o - T Training a g z Training

must be conducted for the users of the system and this usually takes the f form off classroom l training. i i

ITM Lecture 4 Advanced Diploma (Thames College)

99

Post p e e tat o Post-Implementation z The

activities which take place immediately after cutover are onsite support and the P I l Post-Implementation i Review. R i z Onsite

Support pp z Post-Implementation Review (PIR)

ITM Lecture 4 Advanced Diploma (Thames College)

100

Post-Implementation p - Onsite Support pp z Initial

teething problems are expected and the IT professionals should provide onsite assistance i to users.

ITM Lecture 4 Advanced Diploma (Thames College)

101

Post-Implementation Post Implementation - PIR z The

post post-implementation implementation review is an evaluation or both the process and product q lit quality. z The strengths g and weaknesses of the system are discussed with a view to improving it it. z Similarly, the process of its development, the SLDC, is reviewed with the intention of learningg from mistakes. ITM Lecture 4 Advanced Diploma (Thames College)

102

Advantages dva tages of o Traditional T ad t o a SDLC S C Formal review at the end of each phase allows maximum management control z This approach creates considerable system documentation z Formal F l documentation d i ensures that h systems requirement can be traced back to stated business needs z It p produces manyy intermediate products p that can be reviewed to see whether they meet the user's needs & conform to standards z

ITM Lecture 4 Advanced Diploma (Thames College)

103

Disadvantages g of Traditional SDLC z

z z z

Users gett a system U t that th t meets t the th needs d as understood by the developers; this may not be what was really needed Documentation is expensive and time-consuming to create. It I is i also l difficult diffi l to kkeep current User needs are unstated or are misunderstood Users cannot easily review intermediate products & evaluate whether a particular product (e.g. DFD) meets their business requirements ITM Lecture 4 Advanced Diploma (Thames College)

104

Information o at o Tec Technology o ogy Management a age e t

Unit U i 99: E End dU Users D Development l and Evaluation of Systems

ITM Lecture 4 Advanced Diploma (Thames College)

105

Thee Rise T se of o End-User d Use Co Computing put g z The Th

number b off people l andd offices ffi using i p g ((EUC)) products p has End-User Computing increased tremendously over the past d d decade. z The costs of computers have dropped and the cost of skilled labor has increased.

ITM Lecture 4 Advanced Diploma (Thames College)

106

End-User d Use Development eve op e t z Use U

powerful f l software f tools. l z For certain applications applications, end-user end user development is both a productive and successful strategy. z Does not eliminate the need for systems analysts or programmers, nor can it replace the information systems group. ITM Lecture 4 Advanced Diploma (Thames College)

107

End-User d Use Development eve op e t The Software Th S f Development D l Life Lif Cycle C l (SDLC) is i not the only approach for systems development work, End-user Development is an alternative. z It places responsibility for developing applications in the hands of the end-user. z The Th nature off the h application li i will ill often f ddecide id whether conventional IT-department development or end-user development is carried out. z

ITM Lecture 4 Advanced Diploma (Thames College)

108

Institutional VS End-User Application pp Deciding D idi ffactor is i the h nature off the h application li i z Application pp are classified into the two categories: g z

Institutional systems (developed by IT department) z End-user End ser ssystems stems (developed by b end-users) end sers) z

z

Project Selection Committees must have a policy that determines which applications are p suitable for end-user development

ITM Lecture 4 Advanced Diploma (Thames College)

109

Types yp of End-User Development p Projects j z End-user E d

development d l projects j can range p qqueries and reports p to from simple building complete application systems. z Enquiries ii

and d Reports z Presentation of Data in Alternate Forms z Development of Worksheets z Applications ITM Lecture 4 Advanced Diploma (Thames College)

110

Types of End-User Development Pr j t -Enquiries Projects Enq iri and nd R Reports p rt z The Th

application li i systems already l d exist i andd p enquiry q y the users learn to use special software tools to make online enquiries, or t create to t or modify dif reports. t z Example: p z How

many depositors have more than one type of savings account with our bank?

ITM Lecture 4 Advanced Diploma (Thames College)

111

Types of End-User Development Projects Presentation of Data in Alternate Forms z The Th

existing i i reports may present data d iin a tabular form. z The end-user may use software tools to present the same data in the form of a graph instead.

ITM Lecture 4 Advanced Diploma (Thames College)

112

Types of End-User Development Projects -Development Development of Worksheets z The Th

end-user d may use a spreadsheet dh p a business model for software to develop analysis and computation (such as market share, h ttrendd analysis l i etc). t )

ITM Lecture 4 Advanced Diploma (Thames College)

113

Types of End-User Development Pr j t -Applications Projects Appli ti n z The Th

end-user d may use a database d b software f p the to define the database and develop input screens and output reports.

ITM Lecture 4 Advanced Diploma (Thames College)

114

Advantages g of End-User Development p z As

spreads, spreads and more End-User End User Computing (EUC) and more office workers are trained, the h b benefits fi off EUC software f will ill b be realized. z The benefits of EUC are described below: z Increased I d

IIndividual di id l P Performance f z Easier Implementation z Technological Literacy ITM Lecture 4 Advanced Diploma (Thames College)

115

Advantages of End-User Development -Increased Increased Individual Performance z Perhaps P h

the h single i l most iimportant benefit b fi to be derived from EUC is increased individual performance from the viewpoint off both b th effectiveness ff ti andd efficiency. ffi i

ITM Lecture 4 Advanced Diploma (Thames College)

116

Advantages of End-User Development -Easier Easier Implementation One off the O h problems bl with i h traditional di i l development approaches is that the end-user is not closely involved. z The system might not be what the end-user expected, and worse yet, it might be unsatisfactory. ti f t z With end-user development p usingg EUC tools, it is more likely that the final system will be exactly what the end end-user user wants and expects. expects z

ITM Lecture 4 Advanced Diploma (Thames College)

117

Advantages of End-User Development -Technological Technological Literacy z If

workers k are already l d knowledgeable k l d bl gy, theyy will be able to about technology, assimilate new technologies into the organization i ti quickly i kl andd thus th enable bl the th g to take earlyy advantage g of anyy organization benefits that may accrue.

ITM Lecture 4 Advanced Diploma (Thames College)

118

Disadvantages g of End-User Development p z Cost C

C Controll z Product Control

ITM Lecture 4 Advanced Diploma (Thames College)

119

Disadvantages of End-User Development -Cost Cost Control z

z z

Because EUC iis usually B ll iinitiated i i d through h h ddepartments and supported by departmental budgets (not the MIS d department), ) many organizations i i really ll do d not know k the total amount that they are spending on computer technology. h l The total organizational effort in end-user computing may not be optimized. The same software p package g may be p purchased over and over again, each time by a different group within the firm. ITM Lecture 4 Advanced Diploma (Thames College)

120

Disadvantages of End-User Development -Product Product Control z

z z

Since end-users often make their own final choices on products, it is not unusual to find many different products in a firm performing the same function. The fact that many of these products are incompatible makes it worse. Product proliferation is particularly problematic because data often cannot be transferred among applications, and an unusual burden is placed on training users users. ITM Lecture 4 Advanced Diploma (Thames College)

121

Types of o Users Use s z End-user End user

development strategy places the responsibility for developing applications in the hands of the end-user z Executives, Executives

managers, managers supervisors, supervisors and other employees who are not IT professionals.

z Users

actually develop programs or procedures to retrieve data or perform calculations and computer processing. ITM Lecture 4 Advanced Diploma (Thames College)

122

Types of o Users Use s Within the group of users, users there are different sub­groups with different responsibilities and i l involvement with i h EUC and d computing i iin general. z Some users are directly involved in using computer hardware and software software. z Others are more removed form the computer and for example, may make decisions on p usage g and policies. p computer z

ITM Lecture 4 Advanced Diploma (Thames College)

123

Changes C a ges in Roles o es z

z z

z z

As both technology gy and business increase in complexity, p y, it is necessary for both IT personnel and users to learn something about the other's work. IT personnell can no longer l be b only l technical h i l specialists. i li They must understand the business and be training in business functions before they can effectively assist in improving the business through the user of information technology. Users have become more knowledgeable in computers and systems development. With the increased availability of personal computers and access to training courses, courses users now have greater understanding of the choices available to them. ITM Lecture 4 Advanced Diploma (Thames College)

124

Evaluation va uat o o of Syste Systemss z z z z z

The evaluation process is extremely important as the organization will have to live with the eventual choice. Evaluation should highlight the degree to which the proposed product satisfies the needs as specified. The vendor who is supplying the product should also be evaluated as vendor competence and support matter too. Evaluation is usually a joint effort and should not be solely the responsibility of the technical staff. An Evaluation Committee is formed comprising representatives from the various user groups, as well as technical staff. ITM Lecture 4 Advanced Diploma (Thames College)

125

Evaluation va uat o Criteria C te a z General

Evaluation Criteria z Hardware-Specific p Evaluation Criteria z Software-Specific Evaluation Criteria z Vendor-Specific Evaluation Criteria

ITM Lecture 4 Advanced Diploma (Thames College)

126

General Ge e a Evaluation va uat o Criteria C te a z Functionality z Ease

of learningg / Ease to Use z Costs z Warranty

ITM Lecture 4 Advanced Diploma (Thames College)

127

General Evaluation Criteria F n ti n lit Functionality z The

EUC product must meet the basic functional needs of the user. z Example zA

spreadsheet must be able to perform computations and modeling. z A printer i must b be able bl to print i with i h various i ffonts and sizes, and on different types of paper.

ITM Lecture 4 Advanced Diploma (Thames College)

128

General Evaluation Criteria – E off L Ease Learning rnin / E Ease tto U Use z The

product must be relatively easy to learn and to use. z Software must contain simple instructions and nd pr preferably f r bl a m mouse-driven s dri n graphical r phi l user interface. z The help feature must contain concise and clear l instructions i i on handling h dli or errors, etc. ITM Lecture 4 Advanced Diploma (Thames College)

129

General Evaluation Criteria C t Costs z This

is obviously an important consideration. z If two similar products are comparable in f t r s and features nd performance, p rf rm n pri price would ld definitely be the deciding factor. z Even if a particular product is obviously superior, i a user may choose h a cheaper h product simply p p y because it is within budget. g ITM Lecture 4 Advanced Diploma (Thames College)

130

General Evaluation Criteria W rr nt Warranty z The

period and coverage of the warranty is also of importance. z A three year parts and service warranty can b tr be translated nsl t d to t concrete n r t cost st savings. s in s

ITM Lecture 4 Advanced Diploma (Thames College)

131

Hardware-Specific Evaluation Crit ri Criteria z Ergonomic

Design (人類工程學設計)

z Capacity p y

ITM Lecture 4 Advanced Diploma (Thames College)

132

Hardware-Specific Evaluation Criteria - Ergonomic Design z

z

Ergonomics covers a wide variety of design features which ensures that the product suits the user and not the other way around. Ergonomics is also related to health and safety concerns Some ergonomics design features in a PC concerns. setup are: z z z

z

Monitors should have minimal glare to prevent eye-strain. eye strain Monitor should be able to swivel for the comfort of the user. P i t should Printers h ld nott be b too t noisy i as it irritates i it t the th users nearby PC should emit minimal or no radiation. radiation ITM Lecture 4 Advanced Diploma (Thames College)

133

Hardware-Specific Evaluation Criteria - Capacity When comparing hardware products from different vendors, one important consideration b id it besides its performance p f is i its it capacity. p it z This translate into two specific p areas: z

Storage - the larger the disk storage, the more data aand dp programs og a s ca can be stored sto ed online. o i e. z Memory - the larger the RAM, the faster the processing will be be. z

ITM Lecture 4 Advanced Diploma (Thames College)

134

Software-Specific p Evaluation Criteria z Software

Reliability

z This

is a difficult criteria to evaluate as there is always a possibility of software detects or bugs. g z The only way to evaluate reliability yourself is th through h extensive t i testing. t ti

ITM Lecture 4 Advanced Diploma (Thames College)

135

Vendor-Specific p Evaluation Criteria z

Experience & Track Record z

z

The vendor should have sufficient experience in the particular hardware and software in order to be able to anticipate problems and perform a smooth implementation. p e e tat o .

Financial Stability z

z

The financial Th fi i l stability bili off a vendor d is i important i as companies from medium, and long-term alliances with their vendors. vendors If a company suffers from financial mismanagement, it is less likely to be able to provide good service. service ITM Lecture 4 Advanced Diploma (Thames College)

136

Questions & Discussion

ITM Lecture 4 Advanced Diploma (Thames College)

137