Inf1505 Study Notes 2012 Final

INF1505
MIS2
UNISA BCOM
SEMESTER 1
2012
Contents
Fundamentals of Information Systems p2..............................................................5
CH1 Information Systems: An Overview p2........................................................5
1 Computers and IS in Daily Life p4................................................................5
2 Computer Literacy and Information Literacy p6...........................................5
3 The Beginning: Transaction Processing Systems (TPS) p6............................6
4 Management Information Systems (MIS) p7.................................................6
5 Major Components of an IS p7......................................................................6
6 Using IS and IT p10....................................................................................... 8
7 The IT Job Market p15.................................................................................11
CH2 Computers: The Machines Behind Computing p20...................................12
1 Defining a Computer p21........................................................................... 12
2 The History of Computer Hardware p24.....................................................12
3 The Power of Computers p25.....................................................................13
4 Computer Operations p26..........................................................................14
5 Input, Output, and memory Devices p26....................................................14
6 Classes of Computers p31..........................................................................15
7 What is Software p32................................................................................. 16
8 Computer Languages p35..........................................................................16
CH3 Database: Systems, Data Warehouses, and Data Marts p38....................18
1 Databases p39........................................................................................... 18
2
Logical Database Design p42..................................................................19
Components of a DBMS p46....................................................................21
Recent Trends in Database Design and Use p47.....................................22
Data warehouses p49.............................................................................24
Data Marts p53....................................................................................... 27
CH4 Personal, Legal, Ethical, and Organisational Issues of ISs p58..................28

1 Risks Associated with Information Technologies p59..................................28
5
Privacy Issues p61................................................................................... 29
Ethical Issues of Information Technologies p65.......................................29
The Impact of IT in the Workplace p69....................................................31
Green Computing p71.............................................................................31
Data Communication, the Internet, E-Commerce, and Global Information Systems

p94...................................................................................................................... 33
CH5 Protecting Information Resources p74......................................................33
1 Computer and Network Security: Basic Safeguards p75.............................33
2 Security Threats: An Overview p77............................................................34

3 Security Measures and Enforcement: An Overview p81.............................36
4 Guidelines for a Comprehensive Security System p89...............................41
CH6 Data Communication: Delivering Information Anywhere and Anytime p94
......................................................................................................................... 43
1 Defining Data Communication p95.............................................................43
2 Basic Components of a Data Communication System p97.........................43
3 Processing Configurations p99...................................................................44
4 Types of Networks p100.............................................................................45
5 Network Topologies p102...........................................................................45
6 Major Networking Concepts p104...............................................................47
7 Wireless and Mobile Networks p108...........................................................48
8 Wireless Security p112............................................................................... 49
9 Convergence of Voice, Video, and Data p112.............................................50
CH7 The Internet, Intranets, and Extranets p118.............................................51
1 The Internet and the World Wide Web p119...............................................51
2 Navigation Tools, Search Engines, and Directories p123............................51
3 Internet Services p125...............................................................................52
4 Web Applications p126............................................................................... 52
5 Intranets (or corporate portals) p130......................................................52
6 Extranets p132........................................................................................... 53
7 New Trends: The Web 2.0 and 3.0 Eras p133.............................................53
CH8 E-Commerce p140.................................................................................... 55
1 Defining E-Commerce p140........................................................................55
2 Major Categories of E-Commerce p146......................................................56
3 A B2C E-Commerce Cycle p148..................................................................57
4 B2B E-Commerce: A Second Look p149.....................................................57
4.1 Major Models of B2B E-Commerce p149..................................................57
4.1.4 Trading Partner Agreements p151........................................................58
5 Mobile and Voice-Based E-Commerce p151................................................58
6 E-Commerce Supporting Technologies p152..............................................58
CH9 Global Information Systems p158.............................................................59
1 Why Go Global? P159................................................................................. 59
2 Global Information Systems: An Overview p161........................................59
3 Organisational Structures and Global Information Systems p165..............60
3.5 Global Information Systems Supporting Offshore Outsourcing p168.......61
4 Obstacles to Using Global Information Systems p169................................61

CH10 Building Successful Information Systems p174.......................................62
1 Systems Development Life Cycle (SDLC): An Overview p175....................62
2 Phase 1: Planning p176..............................................................................62
2.1 Formation of the task force p178............................................................62
2.2 Feasibility Study p178.............................................................................62
3 Phase 2: Requirements Gathering and Analysis p181................................63
4 Phase 3: Design p183.................................................................................64
4.1 Computer-Aided Systems Engineering (CASE) p183................................64
4.2 Prototyping p184..................................................................................... 64
5 Phase 4: Implementation p185...................................................................64
6 Phase 5: Maintenance p189.......................................................................65
7 New Trends in Systems Analysis and Design p189.....................................65
Fundamentals of Information Systems p2

CH1 Information Systems: An Overview p2
1 Computers and IS in Daily Life p4
Glossary
Information Systems
Information Technologies
MIS
PDA
POS
UPC
Description
Broader in scope
technologies
than
information
Management Information System

Personal Digital Assistant
Point of Sale
Universal Product Code
2 Computer Literacy and Information Literacy p6

Knowledge workers need 2 types of knowledge to be competitive in the
workplace p6:
Knowledge
Computer literacy
Information literacy
Description
- Skill in using productivity software
- Basic knowledge of hardware and
software,
the
internet,
and
collaboration tools and technologies
- Understanding
the
role
of
information in generating and using
BI
- BI is more than just info, it provides:
- Historical views
- Current views
- Predictive views
Of
business
operations
and
environments
What I need to know about BI and transaction processing systems (TPS) p6:
Knowledge area
BI
Transaction processing systems (TPS)
Description
- BI is more than just info, it provides:
- Historical views
- Current views
- Predictive views
of
business
operations
and
environments
- Focus on data collection and
processing
- Major reason for using them is cost
reduction
Knowledge workers should know the following p6:

#
1
2
3
4
5
6
7
Item
Internal and external source of data
How data is collected
Why data is collected
What type of data should be collected
How data is converted to info and eventually to BI
How data should be indexed and updated
How data and info should be used to gain a competitive advantage
3 The Beginning: Transaction Processing Systems (TPS) p6

Typical characteristics of TPS p6:
# Characteristic
1 The operations are repetitive, or
2 Involve enormous volumes of data
4 Management Information Systems (MIS) p7
MIS is an organised integration of the following p7:
#
1
2
3
4
5
Item
Hardware
Software
Technologies
Data
Processes
Human
elements
designed
to
produce: timely, integrated, relevant,
accurate, and useful info for decisionmaking purposes
Description (if any)

Input, output, memory
Commercial, in-house, or both
Method for performing a task in a MIS

app
Users,
programmers,
systems
analysts,
and
other
technical
personnel
Tasks involved in designing a MIS p7:

#
1
2
3
Task
Define the systems objectives clearly
Data must be collected and analysed
Information must be provided in a useful format for decision-making purposes
Organisations use info systems to gain a competitive advantage.
5 Major Components of an IS p7
In addition to hardware, software, and human elements, a MIS includes 4 major
components p7:
#
1
2
3
4
Component
Data
Database
Process
Information
5.1 Data p8
# Study note
1 The data component consists of raw facts and is considered the input to the
system
2 The info that users need affects the type of data that is collected
3 A database is a collection of all relevant data organised in a series of
integrated files
4 There are 2 sources of data:
- Internal: sales records, personnel records
- External: customers, competitors, suppliers, government agencies,
financial institutions, labour and population statistics, economic
conditions
5 Data has a time orientation, so:
- Past data: collected for performance reports
- Current data: collected for operational reports
- Future data: predicted for budgets or cash flow reports
6 Data can be collected in different formats:
- Aggregated: reporting totals for categories of info
- Disaggregated: itemised lists
Pros and cons of the aggregated data format p8:
Format
Aggregate
d
Pro
Useful for reporting
performance
overall
Con
Limits the ability of the decision
maker to focus on specific
factors
5.2 Database p8
# Study note
1 A database is a collection of all relevant data organised in a series of
integrated files
2 A database management system (DBMS) is used to create, organise and
manage databases
3 Databases are also useful for reducing personel time needed to gather,
process and interpret data manually
5.3 Process p9
# Study note
1 The purpose of an ISs process component is generating the most useful type
of info for making decisions
The process component includes: transaction processing reports and models

for decision analysis that can be built into the system or accessed from
external sources
5.4 Information p9
# Study note
1 Info consists of facts that have been analysed by the process component and
is an output of an IS
2 Data and information are different:
- Data: consists of raw facts and by itself is difficult to use for making
decisions
- Information: the output of an IS consists of facts that have been
analysed by the process component, and are thus more useful to the
MIS user
3 The quality of info is determined by its usefulness to users, and its usefulness
determined the success of an IS
4 Info is useful if it enables decision makers to make the right decisions in a
timely manner
5 To be useful info must have the following qualities:
- Timeliness
- Integration with other data and information
- Consistency and accuracy
- Relevance
6 If info lacks these qualities the results are:
- Incorrect decisions
- Misallocation of resources
- Overlooked windows of opportunity
7 Informal info includes:
- Rumours
- Unconfirmed reports
- Stories
8 The ultimate goal of an IS is to generate BI
9 Information technologies support ISs and use the internet, computer
networks, database systems, POS systems and radio frequency identification
(RFID) tags
6 Using IS and IT p10
# Study note
1 Information Systems are designed to:
- Collected data
- Process the collected data
- Deliver timely, relevant and useful info that can be used for making
decisions
2 To achieve this goal, an IS might use many different information technologies
6.1 The Importance of IS p11
# Study note
1
2
3
Info is the second most important resource (after the human element) in any
organisation
Timely, relevant, and accurate info is a critical tool for enhancing a
companys competitive position and for managing the 4 Ms of resources
The 4 Ms of resources:
- Manpower
- Machinery
- Materials
- Money
Major types of information systems include p11:

# IS
1 Personnel information system (PIS) or
human resource information system
(HRIS)
Intranet
Logistics information system (LIS)

- Designed to provide info that
helps
decision
makers
in
personnel carry out their tasks
more effectively
- A PIS/HRIS supports the following
actions:
o Choosing
the
best
job
candidate
o Schedule
and
assign
employees
o Predict future personnel needs
o Reports and stats on employee
demographics
o Allocate
human
and
fin
resources
- A network within an organisation
that uses internet protocols and
technologies
for
collecting,
storing, and disseminating useful
info
that
supports
business
activities such as sales, customer
service, human resources, and
marketing
- Intranets are private
- Designed to:
o Reduce the cost of transporting
materials while
o Maintain safe and reliable
delivery
- Decisions supported by a LIS:
o Improve routing and delivery
schedules
o Select the best modes of
transportation
o Improve
transportation
# IS
Manufacturing
(MFIS)
information
system
Financial information system (FIS)
Marketing information systems (MKIS)

budgeting
o Improve shipment planning
- Designed
to
manage
manufacturing resources so that
companies can:
o Reduce manufacturing costs
o Increase product quality
o Make
better
inventory
decisions
- Some decisions that a MFIS
supports:
o Ordering decisions
o Product cost calculations
o Space utilisation
o Bid evaluation process used
with vendors and suppliers
o Analysis of price changes and
discounts
- Designed to provide info to
financial executives in a timely
manner
- A FIS is used to support the
following decisions:
o Improve budget allocation
o Minimise capital investment
risks
o Monitor cost trends
o Manage cash flows
o Determine portfolio structures
- Designed to improve marketing
decisions
- An effective MKIS should provide:
o Timely,
accurate,
and
integrated info about the
marketing
mix
(price,
promotion,
place,
and
product)
- Decisions that a MKIS supports:
o Analyse market share, sales,
and sales personnel
o Sales forecasting
o Price and cost analysis of items
sold
6.2 Using IT for a Competitive Advantage p13

# Study note
1 Michael Porter identified 3 strategies for competing in the market place:
- Overall cost leadership

- Differentiation
- Focus
IT can help bottom-line and top-line strategies:
- Bottom-line: focus on improving efficiency by reducing overall costs
- Top-line: focus on generating new revenue by offering new products
and services to customers or increasing revenue by selling existing
products and services to new customers
Systems such as supply chain management (SCM), customer relationship
management (CRM), enterprise resource planning (ERP) can reduce costs and
improve customer service.
The goal of these systems is to use IT to create the most efficient, effective
link between suppliers and consumers
Types of strategies include p13:

# Strategy
1 Differentiation strategy
Focus strategy

- Organisation try to make their
products and services different
from their competitors
- Examples: Apple, Amazon
- Organisations focus on a
specific market segment to
achieve
a
cost
or
differentiation advantage
- Example: Apple
6.3 Porters 5 Forces Model: Understanding the Business Environment

p14
# Study note
1 Purpose of the 5 Forces framework:
- Analysing an organisation
- Its position in the marketplace
- How IS could be used to make it more competitive
2 The 5 forces are as follows:
- Buyer power
- Supplier power
- Threat of substitute products or services
- Threat of new entrants
- Rivalry among existing competitors
Learn exhibit 1.4: The Five Forces Model p14
The 5 forces p14:
# Strategy
1 Buyer power

- High when customers have many
Supplier power
Threat of
services
Threat of new entrants
Rivalry among existing competitors
substitute
products
or
choices, low when customers have

few choices
Differentiation strategy
High when customers have few
options, low when customers have
more options
Differentiation strategy
High when many alternatives to
an organisations products or
services are available
Low
when
duplicating
a
companys product or service is
difficult
Focus strategy
High when many competitors
occupy the same marketplace,
low
when
there
are
few
competitors
7 The IT Job Market p15

Categories of IT jobs p15:
#
1
2
3
4
5
6
7
Category
Operations and help desk
Programming
Systems design
Web design and web hosting
Network design and maintenance
Database design and maintenance
Robotics and artificial intelligence
Popular IT jobs include p15:

# Strategy
1 CTO/CIO and sometimes Chief Privacy
Officer (CPO)
Manager of IS Services
Systems Analyst
Network Administrator

- Long-range planning
- Keeps an eye out on new
developments in the field
- Manage
risks
and
business
impacts of privacy laws and
policies
- Hardware, software, personnel in
the IS department
- Design and implementation of IS
- Requires thorough understanding
of
business
systems
and
functional areas within a business
organisation
- Design and implement network
Database Administrator (DBA)
Computer Programmer
Webmaster
systems
Cyber security
Database
design
and
implementation
Knowledge of data warehouses
and data mining tools
Writes programs and/or software
that allow an IS to perform a
specific task
Designs
and
maintains
an
organisations website
CH2 Computers: The Machines Behind Computing p20

1 Defining a Computer p21
# Study note
1 A computer is defined as a machine that:
- Accepts data as input
- Processes data without human intervention by using stored
instructions (aka a program)
- Outputs information
2 Garbage in, garbage out (GIGO): if data is erroneous, the info the computer
provides is also erroneous
1.1 Components of a Computer System p22
Learn exhibit 2.1: The building blocks of a computer p22
# Study note
1 Main (primary) memory is where computers store data and instructions
2 The central processing unit (CPU) is divided into 2 components:
- Arithmetic logic unit (ALU): performs arithmetic functions (+, -, *, /)
and comparison or relational operations (<, >, =), which are used to
compare numbers
- Control unit: tells the computer what to do e.g. which device to read or
send output to
3 The bus is the link between devices connected to the computer. A bus can
be:
- Parallel
- Serial
- Internal (local): used for internal components such as video card and
memory
- External: used for external components such as USB
4 Types of processors:
- 32-bit: can use 232 bytes (4GB) of RAM
- 64-bit: can use 264 bytes (16EB) of RAM
5 A disk drive is a peripheral device for:
- Recording info
- Storing info
- Retrieving info
6 A motherboard is the main circuit board containing connectors for attaching
additional boards, it contains:
- CPU
- Basic input/output system (BIOS)
- Memory
- Storage
- Interfaces
- Serial and parallel ports
- Expansion slots
- Controllers for standard peripheral devices such as monitor, disk drive,
and keyboard
7 - A serial port is a communication interface through which info is
transferred one bit at a time

A parallel port is an interface between a computer and a printer, the
computer transfers multiple bits of info to the printer simultaneously
2 The History of Computer Hardware p24

Learn table 2.1: Hardware generations p24
Hardware
generation
First
Second
Third
Date
Fourth
1971-1992
Fifth
1993-present
1946-1956
1957-1963
1964-1970
Major
technologies
Vacuum tube
Transistors
Integrated circuits,
remote data entry,
telecommunicatio
ns
Miniaturisation,
very large scale
integration (VLSI),
personal
computers, optical
disks
Parallel
processing,
gallium arsenide
chips,
optical
technologies
Example
ENIAC
IBM 7904, 1401
IBM 360, 370
Cray XMP, Cray II
IBM System z10
Learn table 2.2: Computer language trends p25

Computer language generation
First
Second
Third
Fourth
Fifth
Major attribute
Machine language
Assembly language
High-level language
Fourth-generation language
Natural language processing (NLP)
3 The Power of Computers p25

# Study note
1 Computers draw their power from 3 factors that far exceed human
capabilities:
- Speed
- Accuracy
- Storage and retrieval: saving data in computer memory, and accessing
data from memory
2 Computer speed is measured as the number of instructions performed during
the following fractions of a second:
4
5
- Millisecond: 1/1,000 of a second

- Microsecond: 1/1,000,000 of a second
- Nanosecond: 1/1,000,000,000 of a second
- Picosecond: 1/1,000,000,000,000 of a second
Data is stored in bits:
- A bit is a single value of 0 or 1
- 8 bits = 1 byte (a byte is the size of a character)
In a binary system: 1 = on and 0 = off
American Standard Code for Information Interchange (ASCII): most common
data code for text files, PC applications, and the internet i.e. used to
represent and transfer data between computers and network systems
ASCII:
- Each alphabetic, numeric, or special character is represented with a 7bit binary number
- Up to 128 characters can be defined (27)
- Unicode and extended ASCII allows up to 256 characters can be
defined (28)
Learn table 2.3: Storage measurements p25
4 Computer Operations p26

# Study note
1 Computers can perform 3 basic tasks:
- Arithmetic operations
- Logical operations
- Storage and retrieval operations
5 Input, Output, and memory Devices p26
5.1 Input Devices p26
5.2 Output Devices p27
# Study note
1 Input devices send data and information to the computer:
- Keyboard and mouse
- Touch screen
- Light pen
- Trackball
- Data tablet
- Barcode reader and optical character reader (OCR)
- Magnetic ink character recognition (MICR)
- Optical mark recognition (OMR)
2 Output devices can output information in visual, audio or digital format
3 The 2 types of memory:
- Main memory: stores data and info and is usually volatile (contents lost
when power is turned off)
- Secondary memory: good for archival storage, it is non-volatile
4
5
- Random access memory (RAM): volatile memory aka read-write memory

- Read-only memory (ROM): is non-volatile; data cant be written to ROM
Cache RAM: resides on the processor
5.2 Output Devices p27

5.3 Memory Devices p28
5.3.1 Main Memory Devices p28
# Study note
1 Most common type of main memory is semiconductor memory chips made of
silicon it can be:
- Volatile or
- Non-volatile
2 There are 2 types of ROM:
- Programmable read-only ROM (PROM): contents cant be erased once
written
- Erasable programmable read-only ROM (EPROM): as above but
contents can be erased and reprogrammed
5.3.2 Secondary Memory Devices p28
# Study note
1 Non-volatile and used for storing large volumes of data for long periods
2 There are 3 main types:
- Magnetic disks p29: data can be accessed in any order
- Magnetic tape p29: stores data sequentially
- Optical disks p29: CD-ROMs, WORM discs, and DVDs
- SAN
- NAS
Learn table 2.4: Capacity of secondary memory devices p30
# Study note
1 Redundant array of independent disks (RAID):
- Collection of disk drives used for fault tolerance and improved
performance
- Data can be stored in multiple places to improve the systems
reliability
5.3.3 Storage Area Networks and Network Attached Storage p30
# Study note
1 SAN:
- Dedicated high-speed network that consists of both hardware and
software
- Used to connect and manage shared storage devices such as:
o Disk arrays
o Tape libraries
o Optical storage devices
Makes storage devices available to all servers on a LAN or WAN
A SAN is a dedicated network
NAS:
- Network-connected computer
- Dedicated to providing file-based data storage services to other
network devices
- Software on the NAS handles features such as: data storage, file
access, file storage, and file management
6 Classes of Computers p31

# Study note
1 Computers are classified based on:
- Cost
- Amount of memory
- Speed
- Sophistication
2 Using the above criteria computers are classified as:
- Sub-notebooks
- Notebooks
- Personal computers
- Mini-computers
- Mainframes
- Supercomputers
6.1 Server Platforms: An Overview p32
# Study note
1 A server is a computer and all the software for managing network resources
and offering services to a network
2 Some server platforms:
- Application servers
- Database servers
- Disk servers
- Fax servers
- File servers
- Mail servers
- Print servers
- Remote access servers (RAS)
- Web servers
7 What is Software p32
# Study note
1 Software is all the programs that run a computer system:
- System software: e.g. OS
- Application software: e.g. applications such as Word and Excel
7.1 Operating System Software p32

# Study note
1 A set of programs for controlling and managing computer hardware and
software
2 An OS provides an interface between the computer and the users and
performs repetitive tasks
3 An OS consists of:
- Control programs
- Supervisor programs
4 Control programs manage computer hardware and resources by
performing the following functions:
- Job management: control and prioritise tasks performed by the CPU
- Resource allocation: manage resources such as storage and memory or
assigning print jobs (in a network)
- Data management: control data integrity by generating checksums to
verify against corruption
- Communication: control the transfer of data among parts of a
computer system
5 Supervisor program aka the kernel:
- Responsible for controlling all other programs in the OS
- Such as: compilers, interpreters, assemblers, utilities for performing
special tasks
7.2 Application Software p33
8 Computer Languages p35
# Study note
1 Machine language
2 Assembly language
3 High-level languages
4 Fourth-generation languages (4GLs)
5 Fifth-generation languages (5GLs)
CH3 Database: Systems, Data Warehouses, and Data Marts

p38
1 Databases p39
# Study note
1 A database is a collection of related data that can be stored in a central
location or in multiple locations
2 Data hierarchy is the structure and organisation of data, which involves
fields, records, and files
3 - A database management system (DBMS) is software for creating, storing,
maintaining, and accessing database files
- A DBMS makes using databases more efficient
4 - Flat files were not arranged in hierarchy and had no relation to one
another
- The problem was that the same data could be stored in more than 1 file,
creating data redundancy
- Data might not be updated in all files consistently, resulting in conflicting
reports generated from these files
- It can be time consuming to update a flat file system
5 A database has the following advantages over a flat file system:
- More info can be generated from the same data
- Complex requests can be handled more easily
- Data redundancy is eliminated or minimised
- Programs and data are independent, so more than 1 program can use
the same data
- Data management is improved
- A variety of relationships among data can be maintained easily
- More sophisticated security measures can be used
- Storage space is reduced
Learn Exhibit 3.2: Interaction between the user, DBMS, and database
p41
1.1Types of Data in a Database p41
# Study note
1 The 2 types of data: internal and external
2 Examples of internal data:
- Transaction records
- Sales records
- Personnel records
3 Examples of sources of external data:
- Competitors, customers, and suppliers
- Distribution networks
- Economic indicators e.g. CPI
- Government regulations
- Labour and population statistics
- Tax records
1.2Methods for Accessing Files p42

# Access
Description
Method
1 Sequential
- Records in files
access
file
are
organised
structure
and processed
in numerical or
sequential
order, typically
the order in
which
they
were entered
- Records
are
organised
based
on
primary key
2 Random
Records can be
access
file accessed in any
structure
order, regardless of
their
physical
location in storage
media
3 Indexed
- Records can be
sequential
accessed
access
sequentially or
method
randomly,
(ISAM)
depending
on
the
number
being accessed
- It uses an index
structure
and
has 2 parts: an
indexed
value
and a pointer to
the
disk
location of the
record
matching
the
indexed value
- Retrieving
a
record requires
at least 2 disk
accesses
Device
Usually
tape
Use
magnetic
Magnetic disk
Effective when
a large number
of records are
processed less
frequently e.g.
quarterly
or
annually
Access speed is
not critical
Fast and effective

when
a
small
number of records
need
to
be
processed daily or
weekly
For
a
small
number,
random
access is used, and
for a large number,
sequential access
is used
2 Logical Database Design p42

# Study note
1 The physical view involves how data is stored on and retrieved from storage
media, such as hard disks, magnetic tapes, or CDs
2 The logical view involves how info appears to users and how it can be
organised and retrieved
The first step in database design is defining a data model
3 A data model determines how data is:
- Created
- Represented
- Organised
- Maintained
4 A data model usually contains:
- Data structure: describes how data is organised and the relationship
among records
- Operations: describes methods, calculations that can be performed on
data, such as updating and querying data
- Integrity rules: defines the boundaries of a database, such as max and
min values for a field, and constraints e.g. what type of data can be
stored in a field, and access methods
5 Some examples of the types of data models:
- Relational model
- Object-oriented model
- Hierarchical model
- Network model
6 Hierarchical model (Exhibit 3.3 p43):
- The relationship between records form a tree-like structure
(hierarchical)
- Records are called nodes
- Relationships between records are called branches
- The node at the top is called the root, and every other node (called a
child) has a parent
- Nodes with the same parents are called twins or siblings
7 Network model (Exhibit 3.4 p44):
- Similar to hierarchical but records are organised differently
- Unlike hierarchical, each record can have multiple parent and child
records
2.1The Relational Model p44
# Study note
1 Relational model:
- Uses two-dimensional tables or rows and columns of data
- Rows are records (also called tuples)
- Columns are fields (also referred to as attributes)
2 To begin designing a relational database, you must first design the logical
structure by defining each table and the fields in it
3 The collection of the above definitions is stored in the data dictionary
4 The data dictionary can also store other definitions such as:
- Data types for fields
# Study note
- Default values for fields
- Validation rules for data in each field
5 - Every record must be identified by a primary key
- Primary key: uniquely identifies every record in a relational database
- To establish relationships among tables so that data can be linked and
retrieved more efficiently, a primary key for one table can appear in other
tables it is then called a foreign key
- Foreign key:
o Field in a relational table that matches the primary key column
of another table
o It can be used to cross-reference tables
6 Normalisation:
- Improves database efficiency by eliminating redundant data
- Ensures that only related data is stored in a table
- Normalisation can go through several stages from first normal form (1NF)
to fifth normal form (5NF)
- Tasks performed in a 1NF stage:
o Eliminate duplicated fields from the same table
o Create separate tables for each group of related data
o Identify each record with a unique field (the primary key)
7 - Data is retrieved using operations that pick and combine data from 1 or
more tables
- There are several operations:
o Select
o Project
o Join
o Intersect
o Union
o Difference
8 The most commonly used operations (Exhibits on p45):
- Select: searches data in a table and retrieves records based on certain
criteria (conditions)
- Project: pares down a table by eliminating columns (fields) according
to certain criteria e.g. a list of student but without their ages
- Join: combines 2 tables based on a common field e.g. primary key in
first table and foreign key in second table
3 Components of a DBMS p46

DBMS includes these components:
#
1
2
3
4
5
DBMS Component
Database engine
Data definition
Data manipulation
Application generation
Data administration
3.1Database Engine p46

# Study Note
1 The database engine is the heart of a DBMS and is responsible for:
- Data storage
- Manipulation
- Retrieval
2 It converts logical requests into their physical equivalents by interacting with
components of the DBMS (usually the data manipulation component)
3.2Data Definition p46
# Study Note
1 Used to create and maintain the data dictionary and define the structure of
files in a database
2 This component is used for changes to a databases structure, such as:
- Adding or deleting fields
- Changing a fields size
- Changing the data type stored in a field
3.3Data Manipulation p46
# Study Note
1 Used to add, modify, and retrieve records from a database
2 Typically a query language is used for this component:
- Structured Query Language (SQL): consists of several keywords
specifying actions
- Query By Example (QBE): request data by constructing a statement
made up of query forms
3 Basic format of a SQL query: SELECT field FROM table or file WHERE
conditions
3.4Application Generation p47
# Study Note
1 Used to design elements of an application using a database:
- Data entry screens
- Interactive menus
- Interfaces with other programming languages
3.5Data Administration p47
# Study Note
1 Used for tasks such as:
- Backup
- Recovery
- Security
- Change management
- Determine who has
summarised as:
o Create
permission
to
perform
certain
functions,
# Study Note
o Read
o Update
o Delete (CRUD)
2 Database administrator (DBA) responsibilities:
- Designing and setting up a database
- Establishing security measures to determine users access rights
- Developing recovery procedures in case data is lost or corrupted
- Evaluating database performance
- Adding and fine-tuning database functions
4 Recent Trends in Database Design and Use p47
Recent trends include:
#
1
2
3
4
5
Trend
Data-driven websites
Natural language processing
Distributed databases
Client/server databases
Object-oriented databases
4.1Data-Driven Web Sites p47

# Study Note
1 Data-driven website:
- Acts as an interface to a database, retrieving data for users and
allowing users to enter data in the database
- Improves access to info so users experiences are more interactive
- Reduces the support and overhead needed to maintain static web sites
- Changes are made to the data source, not the web site the web site
adjusts automatically
2 Popular in:
- e-commerce websites
- News sites
- Forums and discussion groups
- Subscription services such as newsletters
4.2Distributed Databases p48
# Study Note
1 A distributed database stores data on multiple servers throughout an
organisation
2 Security issues are more challenging because of multiple access points from
both inside and outside the organisation, the following items should be
clearly defined:
- Security policies
- Scope of user access
- User privelages
- Authorised users must be identified
# Study Note
3 Organisations might choose a distributed database for the following reasons:
- The design reflects the organisations structure better e.g. an
organisation with many branches
- Local storage of data decreases response time but increases
communication costs
- Distributing data among multiple sites minimises the effects of
computer failures
- Increased capacity as opposed to only 1 computer (server)
- Several small integrated systems might cost less than 1 large system
- Storing data at remote sites can help reduce costs for remote users
- It is not limited by datas physical location
4 3 approaches to setting up a DDBMS (can be combined):
- Fragmentation
- Replication
- Allocation
5 Fragmentation:
- Addresses how tables are divided among multiple locations
- Horizontal fragmentation breaks a table into rows, storing all fields
(columns) in different locations
- Vertical fragmentation stores a subset of columns in different locations
- Mixed fragmentation (combines vertical and horizontal) stores only
site-specific data in each location
6 Replication:
- Each site stores a copy of data of the organisations database
- Although it can increase costs, it also increases availability of data
- Each sites copy can be used as a backup for other sites
7 Allocation:
- Combines fragmentation and replication
- Each site stores the data it uses most often
- Improves response time for local users (those in the same location as
the database storage facilities)
4.3Client/Server Databases p49

Users workstations (clients) are linked in a LAN to share the services of a single
server.
4.4Object-Oriented Databases p49

# Study Note
1 Recap: a relational database has a simple structure: relationships between
tables are based on a common value (the key)
2 Object-oriented databases were developed to address the inherent problem
in relational databases i.e. representing more complex data relationships
sometimes isnt possible
3 - Like object-oriented programming, object-oriented databases represents
real world entities with database objects
# Study Note
- An object consists of:
o Attributes - characteristics describing an entity
o Methods operations or calculations that can be performed on
the objects data
4 Example:
- Class: vehicle (think of a class as a category or type of object)
- Object: car
- Attributes: year, make, model, license number
- Method: addVehicle
5 Encapsulation:
- Grouping objects along with their attributes and methods into a class
(essentially means grouping related items into a single unit)
- Helps handle more complex types of data, such as images and graphs
6 Inheritance:
- New objects can be created faster and more easily by entering new
data in attributes
7 - In contrast to query languages used to interact with a relational database,
interaction with an object-oriented database takes place via methods,
which are called by sending a message to the object
- Messages are usually generated by an event of some kind e.g. pressing
enter or click mouse button
- Examples of object-oriented DBMSs: Progress ObjectStore, Objectivity/DB
Learn Exhibit 3.5: Objects, classes, attributes, and methods p50
5 Data warehouses p49

# Study Note
1 Data warehouse:
- Collection of data from a variety of sources
- Used to support decision-making applications and generate business
intelligence
- Aka hypercubes because they store multidimensional data
- The advantage of a hypercube is that it enables fast manipulations and
calculations (refer OLAP)
Data mart:
- Smaller version of a data warehouse
- Used by a single department or function
2 Characteristics of a data warehouse (as opposed to a database):
- Subject oriented focused on a specific area where as data in a
database is transaction/function oriented
- Integrated comes from a variety of sources, unlike data in a database
- Time variant categorised based on time (such as historical info),
whereas data in a database only keeps recent data in memory
- Types of data captures aggregated data, whereas data in a database
captures raw transaction data
- Purpose used for analytical purposes, whereas data in a database is
# Study Note
used for capturing and managing transactions
3 The 4 major components of a data warehouse config:
- Input
- Extraction
- Transformation
- Loading (ETL)
5.1Input p50
# Study Note
1 Can come from a variety of data sources:
- External data sources
- Databases
- Transaction files
- Enterprise Resource Planning (ERP) systems: collect, integrate, process
data
- Customer relationship management (CRM) systems: collect and
process data
5.2Extraction, Transformation, and Loading (ETL) p50
# Study Note
1 Refers to the processes used in a data warehouse
2 Extraction:
- Collecting data from a variety of sources and;
- Converting it into a format that can be used in transformation
processing
- Parse (divide into pieces) data to make sure it meets the data
warehouses structural needs
3 Transformation:
- Done to make sure the data meets the data warehouses needs
- Tasks include:
o Selecting only certain columns or rows to load
o Translating coded values, such as replacing yes with 1 and no
with 2
o Performing select, project, and join operations on data
o Sorting and filtering data
o Aggregating and summarising data before loading it in the data
warehouse
4 Loading: the process of transferring data to the data warehouse
5.3Storage p51
# Study Note
1 Collected info is organised in a data warehouse as:
- Raw data: info in its original form
- Summary data: gives subtotals of various categories
# Study Note
- Metadata: info about data such as content, quality, condition, origin
etc.
5.4Output p51
Learn Exhibit 3.6: A data warehouse configuration p52
5.4.1 Online Analytical Processing p51
# Study Note
1 Online transaction processing (OLTP):
- Systems are used to facilitate and manage transaction-oriented
applications: point of sale, data entry, retrieval transaction processing
- Usually use internal data and respond in real time
2 Online analytical processing (OLAP):
- Generates business intelligence: allows you to analyse info that has
been summarised in multidimensional ways
- Used to perform trend analysis and sift through massive amounts of
stats to find specific info i.e. these tools usually have a drill-down and
drill up feature for accessing multilayer info
- Sometime aka slicing and dicing
- Uses multiple sources of info
- Provides multidimensional analysis: view data based on time, product,
location
5.4.2 Data-Mining Analysis p52
# Study Note
1 Data-mining analysis is used to discover patterns and relationships
2 Typical questions that can be answered using data-mining tools:
- Which customers are likely to respond to a new product?
- Which customers are likely to respond to a new ad campaign?
- What product should be recommended to this customer based on his
or her past buying patterns?
3 Vendors of data mining software include:
- SAP Business Objects
- SAS
- Cognos
- Informatica
5.4.3 Decision-Making Reports p53
Examples of what a data warehouse can allow you to do:
# Study Note
1 Cross-reference segments of an organisations operations for comparison
purposes
2 Generate complex queries and reports faster and easier with data
warehouses than with databases
3 Generate reports efficiently using data from a variety of sources in different
# Study Note
formats and stored in different locations throughout an organisation
4 Find patterns and trends that cant be found with databases
5 Analyse large amounts of historical data quickly
6 Assist management in making well-informed business decisions
7 Manage a high demand for info from many users with different needs and
decision-making styles
6 Data Marts p53
# Study Note
1 Data mart:
- Smaller version of a data warehouse
- Used by a single department or function
- Focus on business functions for a specific user group (see above)
2 Data marts have the following advantages over data warehouses:
- Access to data is often faster because of their smaller size
- Response time for users is improved
- Easier to create because theyre smaller and often less complex
- Less expensive
- Users are targeted better, because a data mart is designed for a
specific department or division
CH4 Personal, Legal, Ethical, and Organisational Issues of

ISs p58
1 Risks Associated with Information Technologies p59
Many of the risks mentioned here can be minimised or prevented by:
#
1
2
3
What You Can Do

Installing OS updates regularly
Using anti-virus and anti-spyware software
Using e-mail security features
1 Cookies p59
# Study Note
1 Cookies are small text files with unique ID tags that are embedded in a web
browser and saved on the users hard drive
2 Spyware and Adware p60
Spyware study notes:
# Study Note
1 Spyware is software that secretly gathers info about users while they browse
the web
2 Spyware can also interfere with users control of their computers by
installing additional software and redirecting web browsers
3 Some spyware changes computer settings, resulting in slow internet
connections, changes to default home pages, and loss of functions in other
programs etc.
Adware study notes:
# Study Note
1 Adware is a form of spyware that collects info about the user without the
users consent
2 It uses this info to display ads in the web browser based on info it collects
from the users browsing patterns
3 In addition to antivirus software, installing an ad-blocking feature is
recommended
3 Phishing p60
# Study Note
1 Phishing is sending fraudulent e-mails that seem to come from legitimate
sources
2 They usually direct e-mail recipients to false websites that look like the real
thing for purposes of capturing private info e.g. bank account numbers or
passwords
4 Keyloggers p60
# Study Note
1 Keyloggers monitor and record keystrokes and can be software or hardware
devices
5 Sniffing and Spoofing p60
# Study Note
1 Sniffing is capturing and recording network traffic can be used to monitor
network performance
2 Spoofing is an attempt to gain access to a network by posing as an
authorised user to find sensitive info it can be illegitimate programs posing
as legitimate ones
6 Computer Crime and Fraud p60
# Study Note
1 Computer fraud is the unauthorised use of computer data for personal gain
e.g. transferring money
2 Examples of computer crimes include:
- Denial-of-service atatcks
- Identity theft
- Software piracy
- Distributing child pornography
- E-mail spamming
- Writing or spreading viruses
- Stealing files for industrial espionage
- Changing computer records illegally
- Virus hoaxes
5 Privacy Issues p61
# Study Note
1 There are 3 NB concepts regarding internet and network privacy:
- Acceptable use policies: a set of rules specifying the legal and ethical
use of a system and the consequences of noncompliance
- Accountability: refers to issues involving both the users and the
organisations responsibility and liability
- Nonrepudiation: a method for binding all involved parties to a contract
2 Guidelines to eliminate or minimise the invasion of privacy: study p63
1 E-mail p63
# Study Note
1 Spam (junk mail) is unsolicited e-mail sent for advertising purposes
2 Ease of access is a concern whether an e-mail is distributed through the
internet or through a company network
2 Data Collection on the Internet p64

# Study Note
1 There are 2 common technologies used for data collection:
- Cookies
- Log files: generated by web server software and record a users actions
on a website
5 Ethical Issues of Information Technologies p65

# Study Note
1 Ethics means doing the right thing and its meaning can vary from culture to
culture and person to person
2 An example of a code of ethics moral guidelines:
- Contribute to society and human well-being
- Avoid harm to others
- Be honest and trustworthy
- Be fair and take actions not to discriminate
- Honour property rights, including copyrights and patents
- Give proper credit for intellectual property
- Respect the privacy of others
- Honour confidentiality
1 Censorship p66
# Study Note
1 There are 2 types of information available on the internet: public and
private
2 Public information can be censored for the following reasons:
- Public policy reasons e.g. publishing sensitive military info
- If the content is deemed offensive to a political, religious or cultural
group
2 Intellectual Property p67
# Study Note
1 Intellectual property is a legal umbrella covering protections that involve:
- Copyrights
- Trademarks
- Trade secrets
- Patents for creations of the mind developed by people or businesses
2 Intellectual property can be divided into 2 categories:
- Industrial property: inventions, trademarks, logos, industrial designs
etc.
- Copyrighted material: literary and artistic works
3 Things to know about copyright laws:
- Copyright laws protect tangible materials and online materials
- These include: web pages, HTML code, computer graphics
- As long as the content can be printed or saved on a storage device
# Study Note
- Copyright laws give only the creator exclusive rights meaning no one
else can reproduce, distribute, or perform the work without permission
- Copyrights last for the authors lifetime + 70 years and do not need to
be renewed
4 Things to know about trademarks and patents:
- A trademark protects product names and identifying marks e.g. logos
- A patent protects new processes patents last 20 years (14 years for
design patents)
- An organisation can benefit from a patent in at least 3 ways:
o Generate revenue by licensing its patent
o Use the patent to attract funding for further R&D
o Use the patent to keep competitors from entering certain market
segments
5 Cybersquatting registering, selling, or using a domain name to profit from
someone elses trademark
3 Social Divisions and Digital Divide p68
# Study Note
1 Exists between the information rich and the information poor
5 The Impact of IT in the Workplace p69
Read Table 4.1: The benefits and potential drawbacks of Telecommuting p69
# Study Note
1 Information technologies have led to job deskilling this occurs when:
- Skilled labour is eliminated by high technology
- A job is downgraded from a skilled to a semiskilled or unskilled position
- It usually takes place when a job is automated or when a complex job
is fragmented into a sequence of easily performed tasks
2 Fast communication using e-mail instead of inter-office memos
3 Virtual organisations:
- Networks of independent companies, suppliers, customers, and
manufacturers connected via IT to share skills and costs and have
access to each others markets
- Does not need central offices or a hierarchy
- Advantages include:
o Each participating company can focus on what it does best, thus
improving the ability to meet customers needs
o Cost of hiring additional employees is reduced because skills are
shared
o Companies can respond to customers faster and more efficiently
o Time needed to develop new products is reduced
o Products can be customised more to respond to customers
needs
1 IT and Health Issues p71

# Study Note
1 Work habit and work environments can cause physical problems due to:
- Static electricity
- Inadequate ventilation
- Poor lighting
- Dry air
- Unsuitable furniture
- Too few rest breaks
2 Health problems related to computer equipment include:
- Vision problems: fatigue, itching, blurred vision
- Musculoskeletal problems: back sprain and wrist pain
- Skin problems: rashes
- Stress-related problems: headaches and depression
3 Ergonomic factors that can solve many of these problems:
- Flexible or wireless keyboards
- Correct lighting
- Special monitors for workers with vision problems
5 Green Computing p71
# Study Note
1 Green computing is computing that promotes a sustainable environment
and consumes the least amount of energy
2 Green computing involves:
- The design
- Manufacture
- Use
- Disposal
of:
- Computers
- Servers
- Computing devices
in such a way that there is minimal impact on the environment
3 The benefits of green computing:
- Helps an organisation save on energy costs
- Improves the quality of the environment that we live and work in
3 Read ways to pursue a green computing strategy on p72
Data Communication, the Internet, E-Commerce, and

Global Information Systems p94
CH5 Protecting Information Resources p74
1 Computer and Network Security: Basic Safeguards p75
Hackers use a variety of tools to break into computers:
#
1
2
3
4
Study Note
Sniffers
Password crackers
Rootkits
Journals: Phrack and 2600: The Hacker Quarterly
Types of hackers p76:

#
1
2
3
Study Note
Script kiddie
Black hat
White hat, aka ethical hackers
There are 3 important aspects of computer and network security, collectively

referred to as the CIA triangle:
# Study Note
1 Confidentiality non-disclosure of info to anyone who isnt authorised
2 Integrity refers to the accuracy of info resources with an organisation as
well as identifying authorised users and granting them acess privileges
3 Availability
The McCumber Cube p76:
# Study Note
1 It is represented as a 3 dimensional cube
2 It defines 9 characteristics of information security:
- Transmission
- Storage
- Processing
- Confidentiality
- Integrity
- Availability
- Human factors
- Policy and practices
- Technology
3 This model includes the different states in which information can exist in a
system:
# Study Note
- Transaction
- Storage
- Processing
In addition, a comprehensive security system must provide 3 levels of security
p77:
# Study Note
1 Level 1: front-end servers e.g. e-mail and webservers must be protected
against unauthorised access
2 Level 2: Back-end systems must be protected to ensure:
- Confidentiality
- Accuracy
- Integrity of data
3 Level 3: the corporate network must be protected against:
- Intrusion
- Denial-of-service attacks
- Unauthorised access
The first step in planning a comprehensive security system: A faulttolerant system uses a combination of hardware and software for improving
reliability it is a way of ensuring availability in case of a system failure.
Some
commonly
used
methods
include
p77:
# Study Note
1 Uninterruptable power supply (UPS) serves 2 crucial tasks:
- It serves as a power source to continue running the server (usually for
a short period)
- Safely shuts down the server
2 Redundant array of independent disks (RAID):
- Collection of disk drives used to store data in multiple places
- Stores a value called a checksum that is used to verify that data has
been stored or transmitted without error
3 Mirror disks:
- Uses 2 disks containing the same data
- It is a level-1 RAID system
2 Security Threats: An Overview p77
2.1 Intentional Threats p77
Intentional computer and network threats include:
# Threat
1 Viruses
2 Worms
#
3
4
5
6
7
8
9
Threat
Trojan programs
Logic bombs
Backdoors
Blended threats e.g. worm launched by a Trojan
Rootkits
Denial-of-service attacks
Social engineering
2.1.1 Viruses p78

# Study Note
1 Consists of a self-propagating program code thats triggered by a specific
time or event, the virus attaches itself to other files when the program or OS
containing the virus is used
2 Indications that a computer might be infected by a virus:
- Some programs have suddenly increased in size
- Files have been corrupted, or you cant open some files
- Hard disk free space is reduced drastically
- The keyboard locks up, or the screen freezes
- Available memory dips down more than usual
- Disk access is slow
- Computer tasks take longer than usual to start
- Unexpected disk activity
- Unfamiliar messages on the screen
2.1.2 Worms p79
# Study Note
1 Travels from computer to computer but doesnt usually erase data
2 Unlike a virus, it is an independent program that can spread itself without
having to be attached to a host program
3 Eats up resources, eventually bringing a computer or a network to a halt
2.1.3 Trojan Programs p79
# Study Note
1 Contains code intended to disrupt a computer, network, or website and is
usually hidden inside a popular program
2 They dont replicate themselves as viruses and worms do
2.1.4 Logic Bombs p79
# Study Note
1 Type of Trojan program used to release a virus, worm, or other destructive
code
2 Triggered at a certain time e.g. birthday of a famous person or by a specific
event e.g. pressing enter
2.1.5 Backdoors p79

# Study Note
1 Also called a trapdoor
2 Programming routine built into a system by its designer or programmer that
enables the designer or programmer to bypass security and sneak back into
the system later to access programs or files
2.1.6 Blended Threats p79
# Study Note
1 Security threat that combines the characteristics of computer viruses, worms,
and other malicious codes with vulnerabilities found on public and private
networks
2 Blended threats search for vulnerabilities on computer networks and then
take advantage by embedding malicious codes in the servers HTML files or
by sending unauthorised e-mails from compromised servers with a worm
attachment
2.1.7 Denial-of-Service Attacks (DoS) p80
# Study Note
1 Floods a network or server with service requests to prevent legitimate users
access to the system
2 Usually target internet servers: web, FTP, or mail servers (although any
system connected to the internet running TCP services is subject to attack)
2.1.8 Social Engineering p80
# Study Note
1 Means using people skills such as being a good listener and assuming a
friendly, unthreatening air to trick others into revealing private info
2 It takes advantage of the human element of security systems
3 Common techniques include:
- Dumpster diving
- Shoulder surfing
3 Security Measures and Enforcement: An Overview p81
Organisations can take many steps to guard against threats:
#
1
2
3
4
5
6
7
8
Study Note
Biometric security measures
Non-biometric security measures
Physical security measures
Access controls
Virtual private networks (VPN)
Data encryption
E-commerce transaction security measures
Computer Emergency Response Team (CERT)
3.1
#
1
2
3
4
5
6
7
8
9
1
0
Biometric Security Measures p81

Study Note
Use a physiological element to enhance security measures
It is unique to a person and cant be stolen, lost, copied, or passed on to
others
Biometric security includes:
- Facial recognition shape, pattern, and positioning
- Fingerprints
- Hand geometry compare length of each finger, translucence of
finger tips, webbing between fingers against stored data
Iris analysis
Palm prints palm reader uses near infrared light to capture a users vein
pattern
Retinal scanning
Signature analysis pen pressure, speed, length of time to sign
Vein analysis in wrist and back of the hand but no direct contact is made
Voice recognition translate words into digital patterns, recorded and
examined for tone and pitch and can work over long distances e.g. ordinary
telephone
Drawbacks include:
- High costs
- Users reluctance
- Complex installation
3.2 Non-biometric Security Measures p81

The 3 main non-biometric security measures are:
#
1
2
3
Study Note
Callback modems
Firewalls
Intrusion detection systems
3.2.1 Callback Modems p82

# Study Note
1 Verifies whether a users access is valid by logging the user off and the
calling the user back
2 Useful in organisations with many employees who work off-site and who need
to connect to the network from remote locations
3.2.2 Firewalls p82
# Study Note
1 Combination of hardware and software that acts as a filter or barrier between
a private network and external computers or networks, including the internet
# Study Note
2 A firewall can examine data passing into or out of a private network and
decide whether to allow the transmission based on:
- Users ID
- The transmissions origin and destination
- The transmissions contents
3 Info being transmitted is stored in a packet, after examining the packet, a
firewall can take one of the following actions:
- Reject the incoming packet
- Send a warning to the network administrator
- Send a message to the packets sender that the attempt failed
- Allow the packet to enter (or leave) the private network
4 The main types of firewalls are:
- Packet-filtering firewalls
- Application-filtering firewalls
- Proxy servers
Packet-filtering firewalls work like this p83:
# Study Note
1 Packet-filtering firewalls control data traffic by configuring a router to
examine packets passing into and out of the network
2 The router examines the following info in a packet:
- Source IP address and port
- Destination IP address and port
- Protocol used
3 Based on this info, rules called packet filters determine whether a packet is
accepted, rejected, or dropped
4 For example:
- A packet filter can be set up to deny packets from specific IP addresses
- A packet-filtering firewall informs senders if packets are rejected but
does nothing if packets are dropped
- Senders have to wait until their requests time out to learn that the
packets they sent werent received
5 These firewalls record all incoming connections, and packets that are rejected
might be a warning sign of unauthorised attempts
6 Packet-filtering firewalls are inefficient because:
- They have to examine packets one-by-one
- They might be difficult to install
- They cant usually record every action taking place at the firewall
Application-filtering firewalls work like this p83:
# Study Note
1 Application-filtering firewalls are generally more secure and flexible than
packet-filtering firewalls but they are more expensive
2 Typically, they are software that is installed on a host computer (a dedicated
workstation or server) to control use of network applications, such as:
- E-mail
- Telnet
# Study Note
- FTP
3 These firewalls monitor the following:
- Which applications were requested
- The time at which application requests take place
4 Application-filtering firewalls filter viruses and log actions more effectively
than packet-filtering firewalls this helps network admins spot potential
security breaches
5 These firewalls are often slower than other firewalls which can affect network
performance this is due to all the application filtering that they do
Proxy servers work like this p83:
# Study Note
1 A proxy server is software that acts as an intermediary between two systems
between network users and the internet
2 Its often used to protect the network against unauthorised access from the
outside by hiding the network addresses of internal systems
3 It can also be used as a firewall that scans for malware and viruses, speeds
up network traffic, or takes some load off internal servers (which firewalls
cant do) it can also block requests from certain servers
4 Learn Exhibit 5.4: A proxy server p84
Guidelines for improving a firewalls capabilities p84:
# Study Note
1 Identify what data must be secured, and conduct a risk analysis to assess the
costs and benefits of a firewall
2 Compare a firewalls features with the organisations security needs
3 Compare features of packet-filtering firewalls, and proxy servers
4 Examine the costs of firewalls
5 Compare the firewalls security with its ease-of-use
6 Check the vendors reputation, technical support, and update policies
3.2.4 Intrusion Detection Systems (IDS) p84
# Study Note
1 An IDS can protect against both external and internal access (unlike firewalls)
2 Theyre usually placed in front of a firewall and can identify:
- Attack signatures
- Trace patterns
- Generate alarms for the network administrator
- Cause routers to terminate connections with suspicious sources
- Prevent DoS attacks
3 An IDS monitors network traffic and uses the prevent, detect, and react
approach to security
4 It requires a lot of processing power and can affect network performance
and it might need additional config to prevent it from generating false
positive alarms
3.3 Physical Security Measures p84

# Study Note
1 Physical security measures primarily control access to computers and
networks and include devices for securing computers and peripherals from
theft
2 Common physical security measures:
- Cable shielding protection from electromagnetic interference (EMI)
- Corner bolts
- Electronic trackers secured to the computer at the power outlet
- Identification (ID) badges checked against a list of authorised
personnel
- Proximity-release door openers radio transmitters
- Room shielding non-conductive material
- Steel encasements fit over entire computer and can be locked
3.4 Access Controls p86
# Study Note
1 Access controls are designed to protect systems from unauthorised access in
order to preserve data integrity
2 Two widely used access controls are:
- Terminal Resource Security
- Passwords
3 Guidelines to increase the effectiveness of passwords:
- Change passwords frequently
- Passwords should be 8 characters or longer
- Passwords should be a combination of uppercase and lowercase
letters, numbers, and special symbols, such as @ or $
- Passwords should not be written down
- Passwords shouldnt be common names e.g. the users first or last
name or dictionary words
- Passwords shouldnt be increased or decrease sequentially, or follow a
pattern
3.5 Virtual Private Networks (VPN) p87

# Study Note
1 A VPN provides a secure tunnel through the internet for transmitting
messages and data via a private network
2 Data is encrypted before its sent through the tunnel with a protocol, such as
Layer 2 Tunnelling Protocol (L2TP) or Internet Protocol Security (IPSec)
3 Downside of VPNs:
- Transmission speeds can be slow
- Standardisation can be a problem
4 VPNs are an alternative to:
- Private leased lines
# Study Note
- Dedicated Integrated Services Digital Network (ISDN) lines
- T1 lines
Learn Exhibit 5.6: A VPN configuration p87
3.6 Data Encryption p87

# Study Note
1 Data encryption transforms data, called plaintext or cleartext, into a
scrambled form called ciphertext that cant be read by others
2 The rules for encryption, known as the encryption algorithm, determine
how simple or complex the transformation process should be the receive
then unscrambles the data by using a decryption key
3 A commonly used encryption protocol is secure sockets layer (SSL) it
manages transmission security on the internet
4 A more recent cryptographic protocol is transport layer security (TLS)
ensures data security and integrity over public networks, such as the internet
similar to SSL, TLS encrypts the network segment used for performing
transactions
5 Encryption algorithms use a key to encrypt and decrypt data the keys size
varies from 32 bits to 168 bits
6 There are 2 main types of encryption:
- Asymmetric (public key encryption)
- Symmetric (secret key encryption)
7 Asymmetric encryption:
- Uses 2 keys: a public key and a private key
- Slow and requires a lot of processing power
8 Symmetric encryption:
- The same key is used to encrypt and decrypt the message
- The sender and receiver must agree on the key and keep it secret
- Advanced Encryption Standard (AES)
9 Digital signatures:
- You encrypt a message with your private key and use an algorithm that
hashes the message and creates a message digest
- The message digest cant be converted back to the original message
- The you use the private key to encrypt the message digest
- This encrypted piece is called the message signature
- You then send the encrypted message and digital signature
- The recipient has your public key and uses it to decrypt the message
and then uses the same algorithm that you did to hash the message
and create another version of the message digest
- The recipient uses your public key to decrypt your digital signature and
get the message digest you sent
- The recipient then compares the two message digests
3.7 E-Commerce Transaction Security Measures p89

In e-commerce 3 factors are critical for security:
#
1
2
3
4
Study Note
Authentication
Confirmation
Non-repudiation (of origin and receipt)
Other factors:
- Integrity
3.8 Computer Emergency Response Team (CERT) p89

# Study Note
1 Currently CERT focuses on:
- Security breaches
- DoS attacks
CERT offers guidelines on handling and preventing these incidents
4 Guidelines for a Comprehensive Security System p89
The following steps should be considered when developing a comprehensive
security plan:
# Step
1 Set up a security committee with representatives from all departments as
well as upper management the committees responsibilities include:
- Developing clear, detailed security policy and procedures
- Providing security training and security awareness for key decision
makers and computer users
- Periodically assessing the security policys effectiveness
- Developing and audit procedure for logins and system use
- Overseeing enforcement of the security policy
- Designing an audit trail procedure for incoming and outgoing data
2 Post the security policy in a visible place
3 Raise employees awareness of security problems
4 Revoke terminated employees passwords and ID badges
5 Keep sensitive data, software, and printouts locked up in secure locations
Exit programs and systems promptly, and never leave logged-on
workstations unattended
6 Limit computer access to authorised personnel only
7 Install anti-virus programs and make sure theyre updated automatically
8 Install only licenses software bought from a reputable dealer
9 Install firewalls and intruder detection systems and consider biometric
security measures
4.1 Business Continuity Planning (BCP) p91
# Study Notes
1 Outlines procedures for keeping an organisation operational in the case of
natural disaster or network attack or intrusion
# Study Notes
2 A disaster recovery plan lists the tasks that must be performed to restore
data and equipment as well as the steps to prepare for disaster, such as:
- Back up all files
- Review security and fire standards for computer facilities periodically
- Review info from CERT and other security agencies periodically
- Make sure staff members have been trained and are aware of the
consequences of possible disasters and steps to reduce the effects of
disasters
- Test the DR plan with trial data
- Identify vendors of all software and hardware used in the organisation
and make sure their contact details are up-to-date
- Document all changes made to hardware and software
- Get a comprehensive insurance policy for computers and network
facilities review it periodically to make sure it is adequate
- Set up alternative sites to use in case of a disaster cold vs. hot sites
- Investigate using a colocation facility rented from a third party
- Check sprinkler systems, fire extinguishers, and halon gas systems
- Keep backups in off-site storage, test data recovery procedures
periodically, and keep detailed record of machine-specific information
- Keep a copy of the disaster recovery plan off site
- Go through a mock disaster to assess response time and recovery
procedures
3 If disaster strikes, organisations should follow these steps to resume normal
operations as soon as possible:
- Put together a management crisis team to oversee the recovery plan
- Contact the insurance company
- Restore phone lines and other communication systems
- Notify all affected people, including customers, suppliers, and
employees
- Set up a help desk to assist affected people
- Notify the affected people that recovery is underway
- Document all actions taken to regain normality; revise the DR plan if
needed
CH6 Data Communication: Delivering Information Anywhere

and Anytime p94
1 Defining Data Communication p95
# Study Note
1 Definition: The electronic transfer of data from one location to another: a data
communication system enables an information system to deliver information
2 A data communication system can also improve the flexibility of data
collection and transmission: it is the basis of virtual organisations and ecollaboration
3 Why managers need to know about data communication:
- Enhance decision makers efficiency and effectiveness: collaboration
and coordination
- Improve productivity: email, networks
2 Basic Components of a Data Communication System p97
# Study Note
1 A data communication system includes the following components:
- Sender and receiver devices
- Modems and routers
- Communication medium (channel)
2 Basic concepts p97:
- Bandwidth: the amount of data that can be transferred from one
point to another in a certain time period, usually one second. Express
as bps, Kbps, Mbps, Gbps
- Attenuation: the loss of power in a signal as it travels from the
sending device to the receiving device
- Data transmission channels broadband (multiple pieces of data
are sent simultaneously) or narrowband (voice-grade transmission
channel transmitting a max of 56,000 bps)
- Synchronisation both devices must start and stop communicating
at the same point, handled with protocols
- Protocols rules that govern data communication incl. error
detection, message length, transmission speed. Protocols also help
ensure compatibility between different manufacturers devices
- Modem - A modem is a device that connects a user to the internet.
Wireless users and satellite users dont need a modem
- DSL digital subscriber line
2.1 Sender and receiver devices p97
A sender and receiver device can take various forms p97:
#
1
2
3
4
Device
Input/output device, or thin client
Smart terminal
Intelligent terminal, workstation, or personal computer
Netbook computer
# Device
5 Mini computers, mainframes, or supercomputers
6 Smartphones, mobile phones, MP3 players, PDAs, and game consoles
2.2 Modems (short for modulator-demodulator) p97
Not any
2.3 Communication Media ( or channels) p98

Communication media connect sender and receiver devices they can be
conducted (wired) or radiated (wireless).
# Study Note
1 Conducted media- provide a physical path along which signals are
transmitted:
- Twisted pair cable: twisted copper lines used in the telephone network
and communication within buildings
- Coaxial cable: both data and voice transmissions used for long
distance telephone transmissions and LANs
- Fibre optic cable: glass tubes surrounded by concentric layers of glass
called cladding to form a light path through wire cables
2 Radiated media use an antenna for transmitting data through air or water
(broadcast radio, microwave and satellite use line-of-sight)
3 Processing Configurations p99
Centralised, decentralised, and distributed:
# Study Note
1 Centralised processing - all processing is done at one central computer not
in use much anymore
2 Decentralised processing each department has its own computer called an
organisational unit
3 Distributed processing maintains centralised control and decentralises
operations (processing power is distributed among several locations). The
advantages include:
- Accessing unused processing power is possible
- Modular design means computer power can be added based on need
- Distance and location arent limiting
- Compatible with organisational growth because workstations can be
added
- Fault tolerance improved because of availability of redundant
resources
- Reliability is improved because system failures can be limited to one
site
- The system is more responsive to user needs
The disadvantages include:
# Study Note
- Dependence on communication technology
- Incompatibility between equipment
- More challenging network management
3.4 Open Systems Interconnection Model (OSI) p100
The OSI is a seven-layer architecture for defining how data is transmitted from
computer to computer in a network, from the physical connection to the network
to the applications that users run. OSI also standardises interactions between
network computers exchanging information. Each layer in the architecture
performs a specific task:
# Study Note
1 Application layer the window through which applications access network
services e.g. file transfers, database access, and email
2 Presentation layer responsible for formatting message packets
3 Session layer establishes a communication session between computers
4 Transport layer Generates the receivers address and ensures the
integrity of messages, provides methods for controlling data flow, ordering
received data, and acknowledging received data
5 Network layer Responsible for routing messages
6 Data link layer Oversees the establishment and control of the
communication link
7 Physical layer Specifies the electrical connections between computers and
the transmission medium, and defines the physical medium for
communication
4 Types of Networks p100
LAN, WAN and MAN in which computers are connected using a network interface
card (NIC). A NIC, or adapter card, is a hardware components that enables
computers to communicate over a network.
4.1 LANs p100
A LAN connects workstations and peripheral devices that are in close proximity
(covers a limited geographical area) and one company owns it. Data transfer
speed varies from 100Mbps to 10Gbps.
LANs are used to:
# Study Note
1 Share resources: peripherals, files, software
2 Integrate services email, file sharing
In a LAN environment, there are two key terms to remember:
# Study Note
1 Ethernet standard communication protocol embedded in software and
hardware devices
# Study Note
2 Ethernet cable used to connect computers, hubs, switches, routers to a
network
4.2 WANs p101
A WAN can span several cities or countries and is usually owned by several
different parties. The data transfer speed depends on the speed of its
interconnections, or links and can vary from 28.8Kbps to 155Mbps
4.3Metropolitan Area Networks (MANs) p101
A MAN is designed to handle data communication for multiple organisations in a
city and/or nearby cities. The data transfer speed varies from 35Mbps to
155Mbps.
5 Network Topologies p102
A network topology represents a networks physical layout, incl. the arrangement
of computers and cables.
5.1 Star topology p102
# Star Topology Study Note
1 Consists of a central computer (server) and a series of nodes (workstations or
peripheral devices)
2 The host computer supplies the main processing power
3 Advantages include:
- Cable layouts are easy to modify
- Centralised control makes detecting problems easier
- Nodes can be added to the network easily
- More effective at handling heavy but short bursts of traffic
4 Disadvantages include:
- Central host means a single point of failure
- Many cables required which increases cost
5.2 Ring Topology p103
# Ring Topology Study Note
1 No host computer is required, each computer manages its own connectivity
2 Computers and devices are arranged in a circle so that each node is
connected to two other nodes: upstream and downstream neighbour with
transmission in one direction
- Less cable that a star topology
- If any link between nodes is severed, the entire network is affected
- Diagnosing problems and modifying the network are more difficult than
with a star topology
5.3 Bus Topology (or linear bus) p103

# Bus Topology Study Note
1 Connects nodes along a network segment, but the ends of the cable arent
connected, as they are in a ring topology a hardware device called a
terminator is used at each end of the cable to absorb the signal
2 Common speeds in a bus topology are: 1, 2.5, 5, 10, 100Mbps, 1Gbps and
10Gbps
3 A node failure has no effect on any other node
- Easy to extend
- Very reliable
- Wiring layout is simple and uses the least amount of cable of any
topology
- Ability to handle steady (even) traffic
- Fault diagnosis is difficult
- Bus cable can be a bottleneck when network traffic is heavy
5.4 Hierarchical Topology (or tree topology) p103
# Hierarchical Topology Study Note
1 Combines computers with different processing strengths in different
organisational levels e.g. mainframe
2 Uses controllers and multiplexers (hardware device that allows several nodes
to share one communication channel)
- Good network control and lower cost compared with star topology
- Network expansion might pose a problem
- Traffic congestion at root and higher-level nodes
5.5 Mesh Topology (plex or interconnected) p104
# Mesh Topology Study Note
1 Every node is connected to every other node
2 Very reliable but costly and difficult to maintain and expand
6 Major Networking Concepts p104
6.1 Protocols p104
# Protocols Study Notes
1 Methods and rules that electronic devices use to exchange information
2 Some protocols deal with hardware connections, others control data
transmission and file transfers
3 Protocols specify the format of message packets sent between computers
6.2 Transmission Control Protocol/Internet Protocol (TCP/IP) p104

# TCP/IP Study Notes
1 TCP/IP is an industry-standard suite of communication protocols it enables
interoperability i.e. allows linking of devices running on many different
platforms
2 TCP:
- Operates at OSIs transport layer
- Primary function: establish link between hosts, ensure message
integrity, sequencing, and acknowledging packet delivery, and
regulating data flow between source and destination nodes
3 IP :
- Operates at OSIs network layer
- Responsible for packet forwarding
- Divided into 2 parts: network address and node address
6.3 Routing p105
# Routing Study Notes
1 Packet switching a network communication method that divides data into
small packets and transmits them to an address, where they are reassembled
2 A packet collection of binary digits incl. message data and control
characters for formatting and transmitting, sent from computer to computer
over a network
3 The path or route that data takes on a network is determined by the type of
network and the software used to transmit data the process of deciding
which path that data takes is called routing
4 The decision about which route to follow is done in one of two ways:
- At a central location (centralised routing) using a routing table
(lists nodes on a network and the path to each node, along with
alternate routes and the speed of existing routes). One node (network
routing manager) is in charge of selecting the path for all packets
- Distributed routing relies on each node to calculate the best
possible route. Each node contains its own routing table with current
information on the status of adjacent nodes so that the best possible
route can be followed
6.4 Routers p106
# Routers Study Notes
1 A router is a network connection device containing software that connects
network systems and controls traffic flow between them
2 Routers:
- Operate at the OSI network layer and handle routing packets on a
network
- Can select the best possible path for packets based on distance or cost
- Can prevent network jams that delay packet delivery and handle
packets of different sizes
- Can be used for segmenting(isolate a portion of the LAN from the rest
of the network)
3 There are 2 types of routers - static and dynamic:
# Routers Study Notes

- Static router: requires the network routing manager to give it
information about which addresses are on which network
- Dynamic router: can build tables that identify addresses on each
network
6.5 Client/Server Model p106
Study exhibits on p107-108
# Client/Server Study Notes
1 In the most basic client/server config, the following events usually take place:
1. The user runs client software to create a query
2. The client accepts the request and formats it so that the server can
understand it
3. The client sends the request to the server over the network
4. The server receives and processes the query
5. The results are sent to the client
6. The results are formatted and displayed to the user in an
understandable format
2 The three levels of logic:
- Presentation logic how data is returned to the client e.g. GUI
- Application logic software processing requests for users
- Data management logic data management and storing operations
The following sections describe typical architectures for dividing the three logics
between client and server p106:
# Client/Server Study Notes
1 Two-tier architecture, or traditional client/server model p106-107
- Advantages of application development speed, simplicity, power
- Disadvantages of changes in application logic result in major
modification on clients
2 N-tier architecture p108:
- Attempts to balance the workload between client and server by
removing application processing from both the client and server and
placing it on a middle-tier server
- Advantages: improving network performance
- Disadvantages: network management is more challenging because
theres more network traffic
7 Wireless and Mobile Networks p108
# Wireless and Mobile Networks Study Notes
1 Advantages p108:
- Mobility
- Flexibility
- Ease of installation
- Low cost
2 Disadvantages p109:
# Wireless and Mobile Networks Study Notes

- Limited throughput (similar to bandwidth)
- Limited range
- In-building penetration problems
- Vulnerability to frequency noise e.g. thunderstorms and lightning
- Security e.g. sniffers
7.1 Wireless Technologies p109
WLANs and WWANs: study table 6.2 WLANs versus WWANs on p110
7.2 Mobile Networks p110
Study Exhibit 6.10 Mobile Network Architecture p110
Mobile networks have a three-part architecture:
1. Base stations send and receive transmissions to and from subscribers
2. Mobile telephone switching offices (MTSO) transfer calls between national
or global phone networks and base stations
3. Subscribers (users) connect to base stations by using mobile
communication devices
# Mobile Networks Study Notes
1 To improve the efficiency and quality of digital communications, two
technologies have been developed:
- Time Division Multiple Access (TDMA)
- Code Division Multiple Access (CDMA)
2 TDMA:
- Divides each channel into 6 slots
- Each user is allocated 2 slots: one for transmission, one for reception
- Increases efficiency by 300%, allows carrying three calls on one
channel
3 CCMA:
- Transmits multiple encoded messages over a wide frequency
- Decodes them at the receiving end
4 Advanced Mobile Phone System (AMPS):
- Analogue mobile phone standard developed by Bell Labs in 1983
- Stopped support in 2008
Study Table 6.3: Generations of Cellular Networks p111
8 Wireless Security p112
An AP is the part of a WLAN that connects it to other networks. Techniques for
improving the security of WLANs:
# Wireless Security Study Notes
1 SSID (Service Set Identifiers)
2 WEP (Wires Equivalent Privacy) key manually entered into AP and client
computer
3 EAP (Extensible Authentication Protocol) dynamically generated based on
# Wireless Security Study Notes

users ID and password
4 WPA (Wi-Fi Protected Access) combines strongest features of WEP and EAP:
keys are fixed as in WEP, or dynamically changed as in EAP
5 WPA2 uses EAP to obtain a master key p112
9 Convergence of Voice, Video, and Data p112
In data communication, convergence refers to integrating voice, video, and data
so that multimedia information can be used for decision making. Common
applications of convergence include:
#
1
2
3
4
5
Convergence Study Notes

E-commerce
Entertainment e.g. videos on demand
Increased availability and affordability of video and computing conferencing
Consumer products and services, such as virtual classrooms, telecommuting,
and virtual reality
Read more on telepresence..
CH7 The Internet, Intranets, and Extranets p118

1 The Internet and the World Wide Web p119
# The Internet and WWW Study Notes
1 - The internet is a network of networks. It started in 1969 as a US
Department of Defence project called Advanced Research Projects
Agency Network (ARPANET)
- ARPANET evolved into the National Science Foundation Network
(NSFNET) in 1987 which is considered the first internet backbone
- The internet backbone is a foundation network linked with fibre-optic
cables and made up of many interconnected high-capacity data routers
2
- The WWW or the Web changed the internet in 1989 by introducing a
GUI to the internet
- The Web was proposed by Tim Berners-Lee at CERN (The European
Organisation for Nuclear Research)
- The Web organises information by using hypermedia (documents that
include embedded references to audio, text, images, video, and other
documents)
1.1 Domain Name System p120
# DNS Study Notes
1 - Domain name - unique identifier of computer or network address on the
internet. Every domain name has a suffix indicating the TLD (top-level
domain) it belongs to
- IP addresses are assigned by ICANN (the Internet Corporation for Assigned
Names and Numbers)
- URL address of a document or site on the internet
2 Study table 7.1: Generic Top-Level Domains p122
3 HTML p122
1.2 Types of Internet Connections p123
Types of DSL services:
# DNS Study Notes
1 Symmetric DSL (SDSL) same data transmission rate up and downstream
1.5Mbps
2 Asymmetric DSL (ADSL) lower upstream 3.5Mbps; higher downstream
24Mbps
3 Very high-speed DSL (VDSL) up/downstream up to 100Mbps
4 T1 and T3 lines 24 simultaneous channels at 1.544Mbps or 2.048Mbps p123
2 Navigation Tools, Search Engines, and Directories p123
The 3 categories of tool used to get around the internet:
# Internet Category Study Notes
1 Navigation tools
2 Search engines
# Internet Category Study Notes

3 Directories indexes of info based on keywords in documents
2.1 Navigation Tools p123
n/a
2.2 Search Engines and Directories p124
Search engines follow this three-step process:
# Search Engine Study Notes
1 Crawling the web crawlers, spiders, bots
2 Indexing server farms index data coming in from crawlers by using
keywords for retrieval purposes
3 The search process the index is used to look up the term
Directories:
# Directory Study Notes
1 Directories organise info into categories there are 2 types of categories:
automated (or crawler-based) and human-powered directory
2 Automated creates indexes of search terms and collects these terms
automatically by using crawlers
3 Human-powered manual submission of keywords i.e. relies on users to
supply the data
3 Internet Services p125
3.1 Email p125
n/a
3.2 Newsgroups and Discussion Groups p125
# Newsgroup and Discussion Group Study Notes
1 Discussion group exchanging opinions and ideas on a specific topic, usually
technical
2 Newsgroup more general in nature
3.3 Instant Messaging p125
IRC and IM.
3.4 Internet Telephony p126
Advantages of VOIP p126:
#
1
2
3
4
Advantages of VOIP
Cost savings
Users dont experience busy lines
Voicemails can be received on the computer
Users can screen callers even if caller has caller ID blocked
# Advantages of VOIP
5 Users can have calls forwarded from anywhere in the world
6 Users can direct calls to the correct departments and take automated orders
4 Web Applications p126
Refer p126 for list of industries.
5 Intranets (or corporate portals) p130
# Intranet Study Notes
1 An intranet is a network within an organisation that uses internet protocols
and technologies such as TCP/IP, FTP, SMTP and others for collecting, storing
and disseminating useful info that supports business activities such as sales,
customer service, HR, marketing etc.
5.1 The Internet vs Intranets p131
Study Table 7.2: The Internet vs intranets p131
5.2 Applications of an Intranet p131
A well-designed intranet can make the following types of info available p131:
#
1
2
3
4
Information
HR management
Sales and marketing
Production and operations
Accounting and finance
6 Extranets p132
# Extranet Study Notes
1 An extranet is a secure network that uses the Internet and Web technologies
to connect intranets of business partners so that communication between
organisations or consumers is possible
2 Considered to be IOS inter-organisational system
An extranet has the same benefits as an intranet as well as other advantages, as
follows p133:
#
1
2
3
4
5
Extranet Advantages
Coordination between business partners, suppliers, distributors, customers
Feedback - instant
Customer satisfaction instant info, ordering, e-commerce
Cost reduction reduces inventory costs
Expedited communication improves communication by linking intranets
7 New Trends: The Web 2.0 and 3.0 Eras p133

Study Table 7.4: Web 1.0 vs Web 2.0 p134
7.1 Blogs p134

n/a
7.2 Wikis p134
n/a
7.3 Social networking sites p135
n/a
7.4 RSS Feeds p135
Uses XML format (a subset of SGML). Read p135 for more on XML, HTML and
CSS.
7.5 Podcasting p136
n/a
7.6 The Internet 2 p137
A collaborative effort to develop advanced Internet technologies and applications
for higher education and academic research.
# I2 Study Notes
1 Gigapop connect a variety of high performance networks, and the exchange
of I2 traffic with a specified bandwidth
2 Relies on NSFNET and MCI backbone network service (vBNS)
Applications of I2 include p137:
# I2 Application
1 Learningware IMS (Instructional Management System) e.g. WebEx and
Elluminate Live
2 Digital Library electronic repository of educational resources
3 Teleimmersion share a virtual environment created on the Web e.g. virtual
reality
4 Virtual laboratories
CH8 E-Commerce p140

1 Defining E-Commerce p140
E-commerce is part of e-business; they are not the same thing. E-commerce is
buying and selling goods and services over the internet.
1.1 The Value Chain and E-Commerce p142
# Value Chain and E-Commerce Study Notes
1 Michael Porter introduced the value chain concept in 1985
2 The value chain concept consists of a series of activities designed to meet
business needs by adding value (or cost) in each phase of the process
3 The value chain is about understanding what aspects of an organisations
business add value for customers and then maximising those aspects
4 Study Exhibit 8.1 Michael Porters Value Chain p142
5 Primary activities in the value chain:
- Inbound logistics
- Operations
- Outbound logistics
- Marketing and sales
- Service
6 A company is a part of a value chain if it:
- Buys goods or services from suppliers
- Adds features to increase value
- Sells goods or services to customers
1.2 E-Commerce vs. Traditional Commerce p143
# Value Chain and E-Commerce Study Notes
1 Click-and-brick e-commerce companies that operate as a mix of traditional
commerce and e-commerce
2 Read Table 8.1: E-commerce vs. Traditional Commerce p144
1.3 Advantages and Disadvantages of E-Commerce p144
Advantages of e-commerce:
#
1
2
3
4
5
6
7
8
9
1
Advantages of E-Commerce
Creating better relationships with suppliers, customers and business
partners
Creating price transparency i.e. all market participants can trade at the
same price
Operate around the clock and around the globe
Gathering more info about potential customers
Increasing customer involvement e.g. feedback forms
Improving customer service
Increasing flexibility and ease of shopping
Increasing opportunities for collaboration
Increasing return on investment i.e. lower inventory costs
Personalised services and product customisation
#
0
1
1
Advantages of E-Commerce
Reducing admin and transaction costs
Disadvantages of e-commerce:
#
1
2
3
4
Disadvantages of E-Commerce
Bandwidth capacity problems
Security issues
Accessibility
Acceptance
1.4 E-Commerce Business Models p144

# E-Commerce Business Model
1 Merchant transfers the old retail model to the e-commerce world e.g.
Amazon.com
2 Brokerage brings sellers and buyers together on the web and collects
commission on transactions e.g. ebay.com
3 Advertising e.g. Googles AdWords
4 Mixed generating revenue from more than one source
5 Infomediary e-commerce sites that collect info on consumers and
businesses and then sell this info to other companies for marketing purposes
e.g. bizrate.com
6 Subscription sell digital products or services using online subscriptions e.g.
Wall Street Journal
2 Major Categories of E-Commerce p146
2.1 Business-to-Consumer E-Commerce p146
# B2C Study Notes
1 Pure play no physical store
2 Brick-and-mortar do have a physical store
2.2 Business-to-Business E-Commerce p147
n/a
2.3 Consumer-to-Consumer E-Commerce p147
# C2C Study Notes
1 Online classified ads, auction sites, intranets
2.4 Consumer-to-Business E-Commerce p147
# C2B Study Notes
1 Consumers selling online surveys to companies
2.5 Government and Non-Business E-Commerce p147

# Government and Non-Business (e-gov) Study Notes
1 Government-to-citizen (G2C) tax filing and payments, forms, voter
registration
2 Government-to-business (G2B) Sales of government assets, license apps
and renewals
3 Government-to-government (G2G) Disaster assistance and crisis response
4 Government-to-employee (G2E) e-training
2.6 Organisational or Intra-business E-Commerce p147
# Organisational or Intra-Business Study Notes
1 Inside an organisation
3 A B2C E-Commerce Cycle p148
# B2C E-Commerce Cycle Study Notes
1 Information sharing
2 Ordering
3 Payment
4 Fulfilment
5 Service and support
4 B2B E-Commerce: A Second Look p149
# B2B E-Commerce Study Notes
1 Same as B2C but uses additional technologies: intranets, extranets, VPNs,
EDI, EFT
2 Results in improved supply chain management among business partners
4.1 Major Models of B2B E-Commerce p149
The 3 main models: Seller, buyer or intermediary (third party). This has resulted
in the following marketplace models: seller-side, buyer-side, third-party exchange
marketplace. There is also trading partner agreements which is gaining
popularity.
4.1.1 Seller-Side Marketplace p149
# Seller-Side Marketplace Study Notes
1 Sellers who cater to specialised markets come together to create a common
marketplace for buyers
2 e-procurement order and receive supplies directly from suppliers
3 Main objectives prevent purchase from suppliers not on approved list of
sellers and to eliminate processing costs
4.1.2 Buyer-Side Marketplace p150
# Buyer-Side Marketplace Study Notes
1 A buyer, or group of buyers, opens an electronic marketplace and invites
# Buyer-Side Marketplace Study Notes

sellers to bid on announced products or RFQs
2 Advantages for sellers include:
- Conduct sales transactions
- Automate the order management process
- Conduct post-sales analysis
- Automate the fulfilment function
- Improve understanding of buying behaviours
- Provide an alternative sales channel
- Reduce order placement and delivery time
4.1.3 Third-Party Exchange Marketplace p150
# Third-Party Exchange Marketplace Study Notes
1 Controlled by a third party, the marketplace generates revenue from the fees
charged for matching buyers and sellers
2 Vertical market concentrates on a specific industry or market e.g. beef and
dairy
3 Horizontal market concentrates on a specific function or business process
and automates it for different industries e.g. employee benefits admin
4.1.4 Trading Partner Agreements p151
# Trading Partner Agreements Study Notes
1 Main objective automate negotiating processes and enforce contracts
between participating businesses
2 EbXML (electronic business Extensible Markup Language) standardising the
exchange of e-commerce data via XML
5 Mobile and Voice-Based E-Commerce p151
# Mobile and Voice-Based E-Commerce Study Notes
1 Based on wireless application protocol (WAP)
6 E-Commerce Supporting Technologies p152
Electronic payment systems, web marketing, and search engine optimisation.
6.1 Electronic Payment Systems p152
# Electronic Payment Systems Study Notes
1 Smartcards loaded with information and updated periodically
2 E-cash usually works with a smartcard and recharged electronically
3 E-check electronic version of paper cheque
4 E-wallets store personal and financial information
5 Micropayments
6.2 Web Marketing p153
# Web Marketing Study Notes
1 Cost per thousand (CPM)
#
2
3
4
Web Marketing Study Notes

Cost per click (CPC)
Click-through rate (CTR)
Spot leasing
6.3 Search Engine Optimisation (SEO) p154

Keywords, page title, inbound links.
CH9 Global Information Systems p158

1 Why Go Global? P159
n/a
2 Global Information Systems: An Overview p161
# GIS Study Notes
1 An information system that works across national borders, facilitates
communication between HQ and subsidiaries in other countries and
incorporates all the technologies and applications found in a typical IS to
store, manipulate and transmit data across cultural and geographical
boundaries.
2 A GIS is an IS for managing global operations, supporting an international
companys decision-making processes, and dealing with complex variables in
global operations and decision-making
3 Strategic planning is a core function of a GIS
4 A GIS can be defined along 2 dimensions:
- Control (centralised): using managerial power to ensure adherence to the
organisations goals
- Coordination (decentralised): the process of managing the interactions
between activities in different, specialised parts of an organisation
2.1 Components of a Global Information System p162
Most GISs have 3 basic components:
#
1
2
3
4
5
6
7
GIS Study Notes

A network capable of global communication
A global database
Information-sharing technologies
Value-added networks private multipoint networks managed by a third
party and used by organisations on a subscription basis
A GIS must have: bridges, routers, gateways, switching nodes
Noise How immune a medium is to outside electronic interference
Transmission technologies:
- Synchronous: both parties must be connected
- Asynchronous: both parties dont need to be connected
- Multiplexing
- Digital (baseband)
- Analogue (broadband)
Transborder data flow (TDF) includes national and international agreements
on privacy protection and data security
2.2 Requirements of Global Information Systems p163

# GIS Study Notes
1 MNC multinational corporation
2 TDF transborder data flow
3 A GIS, like any IS, is classified according to different managerial support it
# GIS Study Notes

provides:
- Operational
- Tactical
- Strategic
4 Operational requirements of a GIS p164:
- Global data access: online access to info from locations around the world
- Consolidated global reporting
- Communication between HQ and subsidiaries
- Management of short-term foreign exchange risks
5 Strategic requirements of a GIS op164:
- Strategic planning support
- Management of conflicts and political risks
- Management of long-term foreign exchange risks
- Management of global tax risks
2.3 Goals of Global Information Systems p165
Several issues must be addressed before adding a GIS to a MNC:
#
1
2
3
4
GIS Issue to be Addressed

The organisations business opportunities in the global marketplace
Substantial resource commitments must be made, usually years in advance
Screening of organisational personnel for technical and business expertise
Coordination of migration from old system to new system
Some other names for GISs p165:

#
1
2
3
4
GIS Alternate Name

Global marketing information systems
Strategic intelligent systems
Transnational management support systems
Global Competitive Intelligent Systems
3 Organisational Structures and Global Information Systems p165

The 4 common types of global organisations:
#
1
2
3
4
Global Organisation
Multinational
Global
International
Transnational
3.1 Multinational Structure p165

# Multinational Study Notes
1 Decentralised: Production, sales, and marketing are decentralised, and
financial management remains the parents responsibility study Exhibit
9.1: A Multinational Structure p165
# Multinational Study Notes

2 Subsidiaries operate autonomously but report to the parent company
regularly
3.2 Global Structure (or franchiser) p166
# Global Structure Study Notes
1 Highly centralised information systems study Exhibit 9.2: A Global
Structure p167
2 Subsidiaries have little autonomy and rely on HQ for all process and control
decisions
3 E.g.: McDonalds, KFC
3.3 International Structure p167
# International Structure Study Notes
1 Operated much like a multinational corporation, but subsidiaries depend on
HQ more for process and production decisions e.g. domestic exporters, also
Caterpillar
2 IS personnel are regularly exchanged among locations
3 Study Exhibit 9.3: An International Structure p167
3.4 Transnational Structure p167
# Transnational Structure Study Notes
1 The parent and all subsidiaries work together in designing policies,
procedures, and logistics
2 Might have several regional divisions that share authority and responsibility
3 It does not have its HQ in a particular country e.g. City Group, Sony, Ford
4 Usually focuses on optimising supply sources and using advantages available
in subsidiary locations
5 Study Exhibit 9.4: An Transnational Structure p168
3.5 Global Information Systems Supporting Offshore Outsourcing p168
# GIS Systems Supporting Offshore Outsourcing Study Notes
1 Offshore outsourcing is an alternative for developing ISs
4 Obstacles to Using Global Information Systems p169
The following factors can hinder the success of a GIS:
#
1
2
3
4
5
GIS Study Notes

Lack of standardisation
Cultural differences
Diverse regulatory practices
Poor telecommunication infrastructures
Lack of skilled analysts and programmers
4.1 Lack of Standardisation p169

n/a
4.2 Cultural Differences p170
n/a
4.3 Diverse Regulatory Practices p170
n/a
CH10 Building Successful Information Systems p174

1 Systems Development Life Cycle (SDLC): An Overview p175
Study Exhibit 10.1: Phases of the SDLC p176
Identify potential
systems
Phase
Conduct
Phase 11 -- Planning
Planning
preliminary
analysis of
Conduct
requirements
feasibility studies
and define the
problem
Make go and nogo decisions
Phase
Phase 22 -- Requirements
Requirements gathering
gathering and
and analysis
analysis
Phase
Phase 33 -- Design
Design
Phase
Phase 44 -- Implementation
Implementation
Phase
Phase 55 -- Maintenance
Maintenance
2 Phase 1: Planning p176

# SDLC Study Notes
1 The 4 whys: why, who, when, what
2.1 Formation of the task force p178
n/a
2.2 Feasibility Study p178
A feasibility study has 5 major dimensions p179:
#
1
2
3
4
5
Feasibility Dimensions
Economic
Technical - Concerned with the technology that will be used in the system
Operational - A measure of how well the proposed solution will work in the
organisation and how internal and external customers will react to it is the IS
worth implementing?
Schedule - Concerned with whether the new system can be completed on
time
Legal
2.2.1 Economic Feasibility p179

# Economic Feasibility Study Notes
1 Assesses a systems costs and benefits
2 The most common analysis methods are:
- Payback
- NPV
- ROI
- IRR (internal rate of return)
- CBA (cost-benefit analysis)
3 The CBA should include the following sections:
- Executive summary
- Introduction
- Scope and purpose
- Analysis method
- Recommendations
- Justifications
- Implementation plans
- Summary
- Appendix
4 Examples of useful supporting documentation:
- Organisational charts
- Workflow plans
- Floor plans
- Statistical information
- Project sequence diagrams
- Timelines
- Milestone charts
3 Phase 2: Requirements Gathering and Analysis p181
During this phase, the team attempts to understand the requirements to
determine the main problem with the current system or processes, and looks for
ways to solve problems by designing the new system. Note that any system has
3 parts:
-
Process
Data
UI
# Phase 2: Requirements Gathering and Analysis Study Notes

1 Step 1 is gathering requirements; step 2 is process analysis
2 The creation of the system specifications document indicates the end of the
analysis phase and the start of the design phase
There are 2 main approaches for analysis and design of information systems
p181:
# The 2 Main Approaches for Analysis and Design of ISs
1 The structured systems analysis and design approach (SSAD):
- Treats process and data independently
# The 2 Main Approaches for Analysis and Design of ISs

- Sequential approach that requires completing analysis before design
can begin
2 Object oriented approach:
- Combines process and data analysis
- Thin line between analysis and design
Study Table 10.1: Examples of Tools Used in SSAD Analysis Models p182
4 Phase 3: Design p183
During the design phase, analysts choose the solution thats the most realistic
and offers the highest payoff for the organisation. The design phase consists of 3
parts:
# The 3 Parts of the Design Phase
1 Conceptual design overview of system, does not include hardware or
software
2 Logical design makes conceptual design more specific, indicates hardware
and software
3 Physical design created for a specific platform
4.1 Computer-Aided Systems Engineering (CASE) p183
CASE tools support the design phase by helping analysts to do the following:
#
1
2
3
4
5
How CASE Tools Support the Analyst

Keep models consistent with each other
Document models with explanations and annotations
Ensure that models are created according to specific rules
Create a single repository of all models related to a single system
Track and manage changes to the design; create multiple versions of the
design
4.2 Prototyping p184

Prototypes are used for the following purposes:
#
1
2
3
4
Prototype purpose
Gathering system requirements in the planning phase
Helping to determine system requirements
Technical feasibility POC (proof-of-concept)
Selling the proposed system to users and management selling prototype
Prototyping is done in 4 steps p184:

#
1
2
3
Step
Define the initial requirements
Develop the prototype
Review and evaluate the prototype
# Step
4 Revise the prototype
Study advantages and disadvantages of prototyping on p185
5 Phase 4: Implementation p185
Takes that take place in the implementation phase:
#
1
2
3
4
5
6
7
8
Task
Acquiring new equipment
Hiring new employees
Training employees
Planning and designing the systems physical layout
Coding
Testing
Designing security measures and safeguards
Creating a disaster recovery plan
Options for converting an IS p186:

# Option
1 Parallel conversion old and new systems run simultaneously for a short time
2 Phased-in-phased-out conversion as each module of the new system is
converted, the corresponding part of the old system is retired e.g. accounting
and finance
3 Plunge (direct cutover) conversion
4 Pilot conversion introduce system in only a limited area e.g. a department
5.1 Request for Proposal (RFP) p186
Study Exhibit 10.4: Main Components of a RFP p186
5.2 Implementation Alternatives p187
SDLC is sometimes called insourcing i.e. a system is developed internally. There
is also self-sourcing and outsourcing (also crowdsourcing).
An outsourcing company can employ the SDLC approach to develop the
requested system by using the following options p188:
#
1
2
3
Option
Onshore outsourcing same country
Nearshore outsourcing neighbouring country
Offshore outsourcing any part of the world
6 Phase 5: Maintenance p189

n/a
7 New Trends in Systems Analysis and Design p189

The SDLC model might not be appropriate in the following situations:
#
1
2
3
4
Situation
Lack of specifications the problem is not well-defined
The input-output process cant be identified completely
One time problem (ad hoc)
Users needs change constantly
7.1 Service-Oriented Architecture (SOA) p189

# SOA Study Notes
1 SOA is a philosophy and a software and system development methodology
that focuses on the development, use, and reuse of small, self-contained
blocks of code (called services) to meet the software needs of an organisation
2 The fundamental principle behind SOA is that the blocks of code can be
reused in a variety of different applications, allowing new business processes
to be created from a pool of existing services
3 SOA advocates that core functions and dynamic function be decoupled
7.2 Rapid Application Development (RAD) p190
# RAD Study Notes
1 Concentrates on user involvement and continuous interaction between users
and designers
2 Combines planning and analysis phase into one phase and develops a
prototype of the system
3 RAD uses an iterative process, also called incremental development that
repeats the design, development, and testing steps as needed, based on
feedback from users
4 Disadvantage: narrow focus and low quality
7.3 Extreme Programming (XP) p190
# XP Study Notes
1 XP divides a project into smaller functions, and runs in small phases
2 XP delivers the system to users as early as possible and then makes changes
that the user suggests
3 Developers usually work on the same code in teams of 2 sharing a
keyboard this is called pair programming
7.4 Agile Methodology p191
# Agile Study Notes
1 Emphasis on limiting a projects scope focuses on setting a minimum
number of requirements and turning them into a working product
2 Agile is about responding to changing needs instead of sticking to a set plan

Inf1505 Study Notes 2012 Final

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Inf1505 Study Notes 2012 Final

Caricato da

Copyright:

Formati disponibili

INF1505

Logical Database Design p42..................................................................19

Components of a DBMS p46....................................................................21

Recent Trends in Database Design and Use p47.....................................22

Data warehouses p49.............................................................................24

Data Marts p53....................................................................................... 27

CH4 Personal, Legal, Ethical, and Organisational Issues of ISs p58..................28

Privacy Issues p61................................................................................... 29

Ethical Issues of Information Technologies p65.......................................29

The Impact of IT in the Workplace p69....................................................31

Green Computing p71.............................................................................31

Data Communication, the Internet, E-Commerce, and Global Information Systems

2 Security Threats: An Overview p77............................................................34

4 Obstacles to Using Global Information Systems p169................................61

Fundamentals of Information Systems p2

Management Information System

2 Computer Literacy and Information Literacy p6

Transaction processing systems (TPS)

Knowledge workers should know the following p6:

3 The Beginning: Transaction Processing Systems (TPS) p6

Description (if any)

Method for performing a task in a MIS

Tasks involved in designing a MIS p7:

Organisations use info systems to gain a competitive advantage.

The process component includes: transaction processing reports and models

Major types of information systems include p11:

Logistics information system (LIS)

Description (if any)

Financial information system (FIS)

Marketing information systems (MKIS)

Description (if any)

6.2 Using IT for a Competitive Advantage p13

- Overall cost leadership

Types of strategies include p13:

Description (if any)

6.3 Porters 5 Forces Model: Understanding the Business Environment

Description (if any)

Threat of new entrants

Rivalry among existing competitors

choices, low when customers have

7 The IT Job Market p15

Popular IT jobs include p15:

Description (if any)

Database Administrator (DBA)

CH2 Computers: The Machines Behind Computing p20

transferred one bit at a time

2 The History of Computer Hardware p24

Cray XMP, Cray II

IBM System z10

Learn table 2.2: Computer language trends p25

3 The Power of Computers p25

- Millisecond: 1/1,000 of a second

Learn table 2.3: Storage measurements p25

4 Computer Operations p26

- Random access memory (RAM): volatile memory aka read-write memory

5.2 Output Devices p27

6 Classes of Computers p31

7.1 Operating System Software p32

CH3 Database: Systems, Data Warehouses, and Data Marts

1.2Methods for Accessing Files p42

Fast and effective

2 Logical Database Design p42

3 Components of a DBMS p46

3.1Database Engine p46