
INFORMATION TECHNOLOGY COMPENDIUM

FOR

C.A. INTERMEDIATE & OTHER EQUIVALENT COURSES

BY

BILAL MAHMOOD SULEHRI

ACFA, ACPA, CICA, CA(F), MBA

RESEARCH ASSISTANTS

DAUD KHAN

JAHANZAIB KHAN

## PREFACE

The examination of ICAP is a grueling test of students' abilities to master a range of subjects to ensure that students who qualify are consummate professionals.

The subject of Information Technology has the highest passing ratio due to CCPT. Students are generally not comfortable with the theory portion as they do not have a hands-on experience and prior understanding of the subject.

IT COMPENDIUM is presented after research, evaluation and analysis of the ModuleD course and recommended study material for around two years and a lot of pain has been taken to ensure that no part of the syllabus is omitted from this book. The book will help students in preparing and revising the subject effectively and a reading will not take more than a couple of hours. However, it is recommended that students should read a recommended book for thorough understanding before switching to IT COMPENDIUM.

I am especially thankful to Mr. Daud Khan & Jahanzaib for their efforts in composing & compiling the book & I am also indebted to Ms. Mehru-nisa for the cover design. Mr. Atif Abidi deserves a special mention as he showed extraordinary commitment by reviewing the book in one sitting and provided valuable suggestions for improvement. Our publisher, Mr. Waheed's invaluable assistance is highly appreciated.

I am extremely thankful to my parents who understood the importance of late sittings in order to complete the book in time.

I hope IT COMPENDIUM will help you in passing the subject. Feedback will be highly appreciated and can be sent to my email address given at the end of the preface.

Kindly remember me in your prayers.

Bilal Mahmood Sulehri - ACFA, ACPA, CICA, CA(F), MBA

bilal@sulehri.com

April 6, 2013

IT COMPENDIUM - V 2.0

## CHAPTER 1: DEFINITION OF COMPUTER

DEFINITION OF COMPUTER

Electronic Data Processing device capable of receiving input, storing sets of instructions for solving problems and generating output with high speed and accuracy

USE OF IT

• Greater accuracy

• Increased speed

• More volume of work

• Lesser work force

• Greater access to data

DISADVANTAGES OF IT

• Produce information for its own sake

• Users may not be able to cope with complex technology

• Development staff and users may not communicate well with each other

• Threat to security

OPERATIONS OF A COMPUTER SYSTEM

• Input

• Processing

• Storage

• Output

SUB UNITS OF CPU

• Instruction decode and CPU control

• Control of addressing for memory and I/O ports

• Data transfer control

• Data and address registers and

• Arithmetic logic unit

SIX BASIC ELEMENTS OF CBIS

• Hardware

• Software

• Databases

• Telecommunications

• People

• Procedures

THE INVENTIONS OF THE MECHANICAL ERA (1623-1900)

ABACUS

3000 BC

A mechanical aid which can be used for easy counting is the abacus. Using a standard abacus, we can perform addition, subtraction, division and multiplication. Apart from this, we can also make use of the abacus for extracting square roots and cubic roots. The user has to memorize certain rules and move the beads around in the abacus for performing the above-mentioned arithmetic operations.

NAPIER'S BONES

17TH CENTURY

Napier's bones was invented by John Napier, a Scottish mathematician who was also known for inventing logarithms. The logarithm is one of the most famous tools which brought about a revolution in calculation methods by changing large and difficult multiplication operations to simple addition of entries in a table.

PASCALINE

17TH CENTURY

Pascaline was invented by Blaise Pascal, a French mathematician and philosopher. Pascaline had a series of wheels with teeth which could be turned using hands and it was used to handle numbers up to 999,999.999. Another name for Pascaline was numerical wheel calculator. It was one of the world's first mechanical adding machine.

DIFFERENCE ENGINE AND ANALYTICAL ENGINE

1823 AND 1833

Charles Babbage, a computer pioneer, designed two classes of engines, the Difference Engine and Analytical Engine. In 1823, Babbage started the fabrication of a difference engine. It was so called because of the mathematical principle on which it was based, namely, the method of finite differences. In 1833, he began the construction of the Analytical Engine which was much more than a calculator. This helped in performing full fledged general-purpose computation instead of mechanical arithmetic calculation.

Punched Cards

1890

Herman Hollerith, an American inventor, developed devices that were able to read information which had been punched into the cards automatically.

Punched Cards

1890

Herman Hollerith, an American inventor, developed devices that were able to read information which had been punched into the cards automatically.

GENERATIONS OF COMPUTER

1ST GEN.

Vacuum tube (1942-1955)

ADVANTAGES

OF 1ST Gen.

• Vacuum tubes were the only electronic components available during those days

• Vacuum tube technology made possible the advent of electronic digital computers

• These computers were the fastest calculating devices of their time. They could perform computations in milliseconds

DISADVANTAGES OF 1ST GEN.

• Too bulky in size

• Unreliable

• Thousands of vacuum tubes that were used emitted large amount of heat and burnt off frequently

• Air conditioning required

• Prone to frequent hardware failures

• Constant maintenance was required

• Non-portable

• Manual assembly of individual components into functioning unit required

• Commercial production was difficult and costly

2ND GEN.

Transistors and others solid state devices (1955-1964)

ADVANTAGES OF 2ND GEN.

• Smaller in size as compared to first generation computers

• More reliable

• Less heat generated

• These computers were able to reduce computational time from milliseconds to micro seconds

• Less prone to hardware failures

• Better portability

• Wider commercial use

DISADVANTAGES OF 2ND GEN.

• Air-conditioning required

• Frequent maintenance required

• Manual assembly of individual components into a functioning unit was required

• Commercial production was difficult and costly

3RD GEN.

Integrated circuits (1964-1975)

ADVANTAGES OF 3RD GEN.

• Smaller in size

• Even more reliable

• Low heat generated

• Reduced computation time from microseconds to nanoseconds

• Maintenance cost was low

• Easily portable

• General purpose

• Less power required

• Manual assembly was not required

• Commercial production was easier and cheaper

DISADVANTAGES OF 3RD GEN

• Air-conditioning was required in many cases

• Highly sophisticated technology required for the manufacture of IC chips

4TH GEN.

Large Scale Integrated Circuit (LSI) (1975— )

ADVANTAGES OF 4TH GEN.

• Smallest in size

• Very reliable

• No air conditioning required

• Faster computation

• Hardware failure is negligible

• Portable

• General purpose

• Minimal labour & cost involved at assembly

• Cheapest among all generations

DISADVANTAGES OF 4TH GEN.

Highly sophisticated technology is required for the manufacturing of LSI chips

5TH GEN.

Artificial Intelligence and Parallel Data Processing (PDP) (Yet to come)

EVOLUTION OF COMPUTERS

ABACUS

The earliest device that could be termed as computer is Abacus, also known as "Soroban". It dates back to 600 B.C

MARK I

1937-44 It used over 3000 electrically actuated switches to control its operations and was approximately 50 feet long and 8 feet high

ATANASOFF-BERRY COMPUTER (1939-42)

It was developed by Dr John Atanasoff. 45 vacuum tubes were used for internal logic and capacitors for storage

ENIAC (1943-46)

Electronic Numerical Integrator And Calculator (ENIAC)

UEDVAC

(1946-52)

Electronic Discrete Variable Automatic Computer (EDVAC)

EDSAC (1947-49)

Electronic Delay Storage Automatic Calculator (EDSAC)

MANCHESTER MARK 1 (1948)

It was designed at Manchester University by a group of scientists headed by Prof. M.H.A. Newman

UNIVACI (1951)

Universal Automatic Computer (UNIVAC) was the first digital computer

TYPES OF COMPUTER (ACCORDING TO WORK)

ANALOG COMPUTER

It is a form of computer that uses continuous physical phenomena such as electrical, mechanical, or hydraulic quantities to model the problem being solved

DIGITAL COMPUTER

A computer that performs calculations and logical operations with quantities represented as digits, usually in the binary number system

HYBRID COMPUTER

Computers capable of inputting and outputting in both digital and analog signals

TYPES OF COMPUTER (ACCORDING TO SIZE)

SUPER COMPUTER

Largest and fastest computer used in specialized areas such as in Defense, Aircraft design, Movies, Weather research

MAINFRAME COMPUTER

Big general purpose computer capable of handling scientific and business applications

MINI COMPUTER

Performed data processing activities on a smaller scale and were developed for process control and system monitoring

MICRO COMPUTERS

Uses Microprocessor as its CPU _i.e._ a small silicon chip on Circuit board in computer system

TYPES OF COMPUTER (ACCORDING TO USAGE)

DESKTOP COMPUTERS

The most common type of personal computer is the desktop computer - a PC that is designed to sit on (or under) a desk or table. These are the systems you see all around you, in schools, homes, and offices and they are the main focus of this book.

NOTEBOOK COMPUTERS

Notebook computers, as their name implies, approximate the shape of an 8.5 by 11-inch notebook and easily fit inside a briefcase. Because people frequently set these devices on their lap, they are also called laptop computers.

TABLET COMPUTERS

The tablet PC is the new development in portable, full-featured computers. Tablet PCs offer all the functionality of a notebook PC, but they are lighter and can accept input from a special pen called a stylus or a digital pen that is used to tap or write directly on the screen.

HANDHELD COMPUTERS

Handheld personal computers are computing devices small enough to fit in your hand. A popular type of handheld computer is the personal digital assistant (PDA). A PDA is no larger than a small appointment book and normally used for special applications, such as taking notes, displaying telephone numbers and addresses and keeping track of dates or agendas.

SMART PHONES

Some cellular phones double as miniature PCs. Because these phones offer advanced features not typically found in cellular phones, they are sometimes called smart phones. These features can include web and e-mail access, special software such as personal organizers or special hardware such as digital cameras or music players.

WORKSTATIONS

A workstation is a specialized; single-user computer that typically has more power and features than a standard desktop PC. These machines are popular among scientists, engineers, and animators who need a system with greater than average speed and the power to perform sophisticated tasks.

SERVER

Provide services to other computing system called clients over a network

LAPTOP

These are portable computers

PALMTOP/PDASMART PHONES

Devices which typically feature a touch screen and Operating System _e.g._ iPhone, HTC Explorer

ADVANTAGES OF COMPUTERS

Speed, Accuracy, Reliability, Storage, Automation, Versatility, Communication, Diligence, No Feeling, Consistency, Precision

DISADVANTAGES OF COMPUTERS

Programmed by human, No Intelligence, No decision making power, Emotionless, Curtail human capabilities.

Basic Strategies in the Business Use of Information Technology

Lower Costs:

Use of IT substantially reduces the cost of business process.

Use IT to lower the costs of customers or suppliers.

Differentiate

Develop new IT features to differentiate products and services.

Use of IT features to reduce the differentiate advantages of competitors.

Use of IT features to focus products and services at selected market niches.

Innovation

Create new products and service that include IT components.

Develop unique new markets or market niches with the help of IT.

Make radical changes to business process with IT that dramatically cut costs;

Improve quality, efficiency, or customer service; or shorten time to market.

Promote Growth

Use IT to manage regional and global business expansion.

Use IT to diversify and integrate into other products and services.

Develop Alliances

Use IT to create virtual organization of business partners.

Develop intern enterprise information system linked by the internet and extranets that support strategic business relationships with customers, suppliers, subcontractors, and others.

## CHAPTER 2: COMPONENTS OF COMPUTER

CENTRAL PROCESSING UNIT (CPU)

CONTROL UNIT

Manages the resources of computer system by executing set of instructions that the CPU can perform.

ARITHMETIC LOGIC UNIT

Arithmetic operations include addition, multiplication, subtraction and division. Logical operations include comparison such as equal to, greater than or less than.

MOTHER BOARD

COMPONENTS OF MOBO

Processor Slot, Expansion Slots and Boards, Cards, Ports and Connectors, Bus.

The Primary Memory/ Storage

Various forms of storage are divided according to their distance from the Central Processing Unit,

Processor Register

• They are internal to the CPU.

• Contain information that the arithmetic and logical unit needs to carry out current instructions.

• They are fastest of all form of computer storage.

• Being switching transistors act as electronic flip-flops.

Cache Memory

• They are special type of internal memory used to increase performance.

• Some of the memory is duplicated

Main Memory

• It contain the currently programs being run.

• Arithmetic and Logic Unit can transfer data between a processor register and Main memory.

• They are also known as "Memory Addresses" .

• RAM is used for main storage in Modern Computers, and are connected to CPU via "Memory Bus."

STORAGE DEVICES

PRIMARY STORAGE DEVICES

RANDOM ACCESS MEMORY (RAM)

Volatile memory constructed with Metal-Oxide Semi Conductor Storage elements (MOS) that temporarily store dynamic data to enhance computer performance.

READ ONLY MEMORY (ROM)

Perform the basic control and supervisory operation of the computer. Four types of ROM are - PROM, EPROM, EAROM and EEPROM.

TYPES OF ROM

PROM

Programmable Read-only Memory It can only be programmed once.

EPROM

Erasable Programmable Read-only Memory It can be reprogrammed more than 1,000 times by exposure to ultraviolet light.

EAROM

Electrically Alterable Read-Only Memory It can be modified a bit at a time.

EEPROM

Electrically Erasable Programmable Read-Only Memory it can be rewritten like flash device.

SECONDARY STORAGE DEVICES

Stores the data permanently in millions and billions of bytes

TAPE DEVICE

It is an external storage device that can be used for making copies of audio, video, and data.

It accesses data sequentially.

FLOPPY DISKETTE

Magnetic disk used to store data before the age of Compact Disk.

MAGNETIC DISC

Direct access medium known as Hard Disk, is a stack of one or more metal platters that spin on one spindle like a stack of rigid diskette.

CD

The Compact Disc is an optical disc used to store digital data.

Types:

CD-R

it can be written only once.

CD-RW

it can be rewritten as many time as you like.

DVD

Digital Video Disc/ Digital Versatile Disc is an optical disc storage format, invented and developed by Philips, Sony, Toshiba, and Panasonic in 1995.

DEFINITION OF INPUT DEVICE

A device that is used to feed the data or information from outside world into the computer system.

EXTERNAL STORAGE DEVICES

_E.g._

• Flash Drive

• Portable HDD _etc._

USE OF EXTERNAL STORAGE DEVICES

• Portability being a separate device from PCs

• Computer application carriers.

• Recording backup.

• Updating security and antivirus definitions in systems which are not connected to the Internet.

• Transporting huge amount of data.

THREATS

Threats involved in use of external storage devices

• Increased chances of data theft.

• Increased chances of Virus attacks.

MITIGATING MEASURES

• Restrict the use where extremely necessary.

• Maintain system

generated log and review it periodically.

• Prohibit use of personal devices.

• Use antivirus scanning.

TYPES OF INPUT DEVICES

EXAMPLES OF INPUT DEVICES

Key board, Mouse, Touch Screen, Light Pen, Track Ball, Joy Stick, Scanner, Camera, Microphone & Speech recognition, Digitizing Tablets, MIDI Devices, Display devices

TYPES

MICR

Magnetic Ink Character Recognition, or MICR, is a character recognition technology used primarily by the banking industry to facilitate the processing and clearance of cheques and other document. The MICR encoding, called the MICR line, is located at the bottom of a cheque or other voucher and typically includes the document type indicator, bank code, bank account number, cheque number and the amount, plus some control indicator.

The technology allows MICR readers to scan and read the information directly into a data collection device.

OCR

Optical Character Recognition, Light scanning technique used to produce light dark pattern. It is computer software designed to translate images of handwritten or typewritten text (captured by scanner) into machine-editable text or to translate pictures of characters into a standard code.

OMR

Optical Mark Recognition Uses photo-electric device, which recognizes character by absorption on the document. It is commonly used for scoring tests.

SMART CARD SYSTEM

It contains a microprocessor chip and memory to store the data _e.g._ UBL credit card

BAR CODE READER

A light sensitive detector identifies the bar code image using laser beam. Used in EPOS systems _e.g._ in Gourmet, Hyper Star _etc._

BIOMETRICS

Based on physical (something you are) or behavioral (something you do) characteristics. This is not a foolproof process because certain biometric features can change _e.g._ fingerprints, voice.

PALM

In this technique, ridges, valleys and minutiae data found on the palm is analyzed when the palm is placed on a scanner. Response time: 2-3 seconds.

HAND GEOMETRY

The physical characteristics of users' hands and fingers are measured from a 3D perspective. Response time: 2-3 seconds.

IRIS

A person's iris has over 300 characteristics; around 260 of these are used to identify a person in this technique. Response time: 3-5 seconds.

RETINA

This technique uses optical technology to map the capillary pattern of the eye's retina. Patterns of the retina are measured at over 400 points. Response time: 4-7 seconds.

FINGERPRINT

The user places his finger on an optical device/ silicon surface to get the finger scanned. Response time: 5-7 seconds.

FACE

Image of the face is captured by a camera. Response time: 3-4 seconds.

TYPES OF OUTPUT DEVICES

MONITOR

Monitors are video display terminal that displays the processed data, which the users can view on screen of different sizes.

TYPES OF MONITORS

LCD

Liquid crystal display works by blocking light from a high intensity source in order to display a picture. Liquid crystals are sandwiched between two glass plates.

CRT (Cathode Ray Tube)

The cathode ray tube (CRT) is a display containing an electron gun (a source of electrons or electron emitter) and a fluorescent screen used to view images.

CRT is the technology used in most televisions and computer display screens. A CRT works by moving an electron beam back and forth across the back of the screen. Each time the beam makes a pass across the screen, it lights up phosphor dots on the inside of the glass tube, thereby illuminating the active portions of the screen. By drawing many such lines from the top to the bottom of the screen, it creates an entire screen full of images.

TFT (Thin Film Transistor)

TFT LCD is an active matrix LCD, in contrast to passive matrix LCDs or simple, direct-driven LCDs with a few segments.

TFT a type of LCD flat-panel display screen, in which each pixel is controlled by from one to four transistors. The TFT technology provides the best resolution of all the flat-panel techniques, but it is also the most expensive. TFT screens are sometimes called active-matrix LCDs.

LED (Light Emitting Diode)

An LED display is a flat panel display, which uses light-emitting diodes as a video display.

LED, an electronic device that lights up when electricity is passed through it. LEDs are usually red. They are good for displaying images because they can be relatively small, and they do not burn out. However, they require more power than LCDs. It consists of tiny bulbs which emit light and these bulbs give a more realistic display as compared to others. It is more power consuming. Local dimming LED display consumes more power than LCD display. Therefore, the tradeoff seems to be between economizing your energy bill and better picture quality. But the edge lit LED displays use less power than an LCD of the same size. Sony, Samsung and Philips have launched LED display models. Similar to LCD monitors, LED screens do not have screen burn-in problem, and are therefore, suitable for computer use.

The LED gives a more a realistic color as compared to LCD.

PRINTERS

PRINTERS

Printers are devices that produce hard copies of information stored in computer on to the papers or on transparencies or on other media

IMPACT PRINTER

A printer strikes a print head on the ribbon and form the character by chemical or electronic means.

SERIAL PRINTERS

Dot-matrix printer, Daisywheel printer.

LINE PRINTERS

Chain Printer, Drum printer

NON-IMPACT PRINTER

A printer does not strike a print head on the ribbon and form the character by chemical or electronic means _e.g._ Thermal printer, Ink-Jet printer and Laser printer and Multifunctional printer.

GRAPH PLOTTER

A device capable of tracing out graphs, designs and maps into paper.

THERMAL PRINTER

Is a digital printing process which produces a printed image by selectively heating coated thermal paper, when the paper passes over the thermal print head. The coating turns black in the areas where it is heated, producing an image. Two-color direct thermal printers can print both black and an additional color (often red) by applying heat at two different temperatures.

INKJET PRINTER

Inkjet printing is a type of computer printing that creates a digital image by propelling droplets of ink onto paper. Inkjet printers are the most commonly used type of printer, and range from small inexpensive consumer models to very large professional machines that can cost tens of thousands of dollars.

LASERJET PRINTER

Laser printing is a digital printing process that rapidly produces high quality text and graphics on plain paper. As with digital photocopiers and multifunction printers (MFPs), laser printers employ a xerographic printing process, but differ from analog photocopiers in that the image is produced by the direct scanning of a laser beam across the printer's photoreceptor.

IMPORTANT TERMS

PIXEL

The smallest part of a Digital Image.

DISPLAY RESOLUTION

Number of maximum pixels that can be displayed on screen

DOT PITCH

Is the distance between two pixels.

VIDEO GRAPHICS ADAPTER

A video card (also called a video adapter, display card, graphics card, graphics board, display adapter or graphics adapter) is an expansion card which generates a feed of output images to a display.

REFRESH RATE

The refresh rate is the number of times in a second that display hardware draws the data.

On CRT displays, increasing the refresh rate decreases flickering, thereby reducing eye strain. However, if a refresh rate is specified that is beyond what is recommended for the display, damage to the display can occur.

SPEAKERS

The sound card translates digital sound into the electric current that is sent to the speakers for the purpose of producing output.

PAST PAPERS

Q.3 (A2012)

During the last two decades IT industry has seen enormous growth. Various technologies are now available for capturing of data.

Required:

Briefly explain each of the following:

(a) Bar Code Readers (c) MICR technology

(b) OCR software (d) OMR process (10 marks)

A.3

(a)Bar Code Readers

It is a computer peripheral which reads barcodes printed on various surfaces. The bar codes are generally used for tagging prices in retail sector and tagging book reference numbers in international publications.

It generally consists of a light source, a lens and a photo conductor translating optical impulses into electrical ones. Almost all barcode readers currently produced contain decoder circuitry analysing the barcode's image data provided by the photo conductor and sending the barcode's content to the scanner's port.

(b) OCR software

Optical character recognition, usually abbreviated to OCR, is a computer software program designed to translate images of handwritten or typewritten text, usually captured by a scanner, into machine-editable text, or to translate pictures of characters into a standard encoding scheme.

(c) MICR technology

Magnetic Ink Character Recognition is a special kind of technology that is used by the banking industry to facilitate the processing of cheques. MICR characters are printed at the bottom of the cheque in a specified font using ink with a magnetic signature. The letters are read with a device similar in nature to the head of an audio tape recorder.

(d) OMR process

Optical Mark Recognition is the process of capturing data by contrasting reflectivity at predetermined position on a page. By shining a beam of light onto the document the scanner is able to detect a marked area because it is more reflective than an unmarked surface. This technology is widely used in MCQs based examinations.

Q.1 (A2011)

After a recent mishap in Kamal Electrical Company Limited, one of its directors has suggested that the use of external storage devices should be prohibited altogether. However, the IT manager is of the view that this suggestion is not practical.

Required:

(a) Explain how you would justify the IT Manager's contention. (03 marks)

(b) Identify the threats involved in the use of external storage devices and suggest steps to minimize them. (02 marks)

A.1

(a)The IT Manager's contention is justified as for various tasks use of external storage devices is inevitable. Some of the tasks which either necessarily require use of external storage devices or could be performed in most efficient and economical manner through the use of such devices are as follows:

(i) Portability being a separate device from PCs

(ii) Computer application carriers.

(iii) Recording backup.

(iv) Updating security and antivirus definitions in systems which are not connected to the Internet.

(v) Transporting huge amount of data.

(b)The threats involved in the use of external storage devices are as follows:

(i) Increased chances of data theft.

(ii) Increased chances of Virus attacks.

Mitigating Measures:

• Restrict the use where extremely necessary.

• Maintain system generated log and review it periodically.

• Prohibit use of personal devices.

• Use antivirus scanning.

## CHAPTER 3: COMPUTER NETWORKS

FUNCTION BASED

• Data Network

• Voice Network

• Multimedia Network

AREA COVERAGE BASED NETWORKS

LAN (Local Area Network)

A high speed data transfer network that supports 1 MBPS to 50 Mbps or more.

BENEFITS OF LAN

• Security

• Organizational benefits

• Inexpensive workstation

• Data management benefits

• Distributed processing

• Software cost and up-gradation

• Emailing and message broadcasting

MAN (Metropolitan Area Network)

Based on Fiber Optic transmission technology that supports 10 Mbps transferring of data.

WAN (Wide Area Network)

Uses long distance telephone services and satellite = transmission. It operates at lower link speeds of about 1 Mbps.

PAN (Personal Area Network)

PAN refers to a small home network connecting small devices and gadgets through both wired and wireless (Bluetooth) medium.

CAN (Campus Area Network)

CAN follows the same principles as a local area net¬work, only on a larger and more diversified scale. With a CAN, different campus offices and organizations can be linked together. For example, in a typical univer¬sity setting, a bursar's office might be linked to a registrar's office. In this man¬ner, once a student has paid his or her tuition fees to the bursar, this information is transmitted to the registrar's system so the student can enroll for classes.

HAN (Home Area Network) HAN is a network contained within a user's home that connects a person's digital devices, from multiple computers and their peripheral devices, such as a printer, to telephones, VCRs, DVDs, televisions, video games, home security systems, "SMART" appliances, fax machines, and other digital devices that are wired into the network.

BIT RATE

Bit rate is a measure of the speed for the data traffic. Technically it can be defined as, the number of bits transmitted per second.

When we connect to the internet with our normal dialups, usually we get a popup that we have connected to our ISP with 50 kbps. It means that:

The bit rate

= 50 kbps

= 50 x 1000 bits per second

BANDWIDTH

Bandwidth is a measure of the capacity of a data channel. Technically speaking, bandwidth is the range of frequencies that a data carrier supports.

The more the bandwidth, the more traffic channels we can run simultaneously.

SERIAL COMMUNICATION

In serial communication the data is transmitted bit by bit, i.e., one bit at a standard time interval.

Examples: Mouse port (COM), USB port, Keyboard port, Telephone Line

PARALLEL COMMUNICATION

In parallel communication the data is transmitted with groups of bits or bytes in parallel at a standard time interval. The number of bits that will be transmitted in parallel vary from device to device. For example some devices transmit 4 bits in parallel at a time, while some devices transmit a number of bytes in parallel at a time.

Examples: Printer port (LPT), Hard disk bus (IDE)

IMPORTANT TERMS

INTERNET

Internet is a global network of networks.

INTRANET

The company's internal version of the Internet is called an intranet. , an intranet uses the same Web server software that gives the public access to Web sites over the Internet. The major difference is that an intranet usually limits access to employees and selected contractors having ongoing business with the company.

EXTRANET

When an intranet is established, no body outside the organization can access the company's intranet. We can allow few users from outside the organization (e.g. stakeholders) to access the company's intranet. When we configure our intranet like this, it is called Extranet.

ETHERNET

Ethernet refers to the common computer networks (LANs) usually found in offices and universities.

MODEMS

Modems perform a simple function: They translate digital signals from a computer into analog signals that can travel across conventional phone lines. The modem modulates the signal at the sending end and demodulates at the receiving end.

Modulation = Conversion of Digital Signal to Analog Signal

Demodulation = Conversion of Analog Signal back to Digital Signal

USES OF MODEM

» Faxing Alternatives: Rather than purchasing an expensive fax machine that takes up space and ties up a phone line, many telecommuters use the more affordable scanner instead. Using fax software, they can send and receive faxes directly from their PC

» Wireless Communications: With the use of access points offered by hotels and cafes, having a wireless NIC for a laptop can allow mobile users access to the company's private network via the Internet at any time

» Service Accounts: Telecommuters are often responsible for setting up and maintaining their own accounts for communications and Internet services, especially when their home is in a different city than their employer's office

NETWORK INTERFACE CARD (NIC)

NICs—sometimes called network cards—are the mechanisms by which computers connect to a network.

REPEATER

Repeaters are network devices that are used to amplify the data signals. Repeaters can also be called as amplifiers or signal boosters. Different kinds of repeaters are available for different kinds of communication media.

HUB

Hub is a very simple device used to create small networks. Small hubs have 4 to 6 ports. Bigger hubs can have more ports.

SWITCH

Switch is a networking device (physically appears like a hub) used to create small to medium sized computer networks.

BRIDGE

Bridges are networking devices that are used to divide a large network into smaller sub-networks so that the total amount of the traffic on the network is reduced.

ROUTERS

Routers are network devices that route data around the network.

GATEWAY

Gateway is a networking component that converts the data from one format to another.

PEER-TO-PEER (P2P) / CLIENT-SERVER ARCHITECTURE

A peer-to-peer network is a very simple network. In peer-to-peer networking architecture each computer is responsible to manage its own resources (e.g. printers, hard disks and scanners etc) and can share these resources with other computers on the network.

CIRCUIT SWITCHING

In this networking method, a connection called a circuit is set up between two devices, which is used for the whole communication.

PACKET SWITCHING

In this network type, no specific path is used for data transfer. Instead, the data is chopped up into small pieces called packets and sent over the network. The packets can be routed, combined or fragmented (divided into further smaller components), as required to get them to their eventual destination. On the receiving end, the process is reversed—the data is read from the packets and re-assembled into the form of the original data.

IP ADDRESS

Every machine on the Internet has a unique identifying number, called an IP Address. A typical IP address looks like this:

• 278.135.255.169

PROXY SERVERS

A proxy server is a computer that offers a computer network service to allow clients on a network to make indirect network connections to the internet.

FIREWALL

A firewall is simply a software program or a hardware device that filters the information coming through the Internet connection into a private network or computer system. If the sender of the incoming information is identified as an intruder, or if an incoming packet of information contains a potential threat to the network, the incoming packing is discarded and not forwarded to the network.

COMPONENTS OF NETWORK

SENDER / RECEIVER

A host computer at both ends which send and receive the data.

COMMUNICATION INTERFACE DEVICES

• Network Interface Cards

• Switches and Routers

• Hubs

• Bridges

• Repeaters and Gateways

• Modem

• Multiplexer

• Front-end communication processors

• Protocol converters

• Remote access devices.

DUMB TERMINAL

Provides for data entry and information exit.

SMART TERMINAL

Having Microprocessors and some internal storage. It has data editing capability and can consolidate input data.

REMOTE JOB TERMINAL

Groups' data into blocks for transmission to a computer from remote site.

KEYBOARD PRINTER TERMINAL

Consists of a key board for sending information to the computer and a printer, for providing a copy of the input and for receiving information from the computer.

COMMUNICATION CHANNEL

• Guided Media (Twisted Pair cable, Coaxial cable and Optical Fiber cable)

• Unguided Media (Wireless transmission).

COMMUNICATION SOFTWARE FUNCTIONS

• Access control

• Network management

• Data and file transmission

• Error detection and control

• Data security

NETWORK TOPOLOGY Geometrical arrangement of computer resources, remote devices, and communication facilities to share the information. The four are:

NETWORK MEDIA

WIRE-BASED _GUIDED_ BOUNDED MEDIA

• It uses physical path

• Consist of cables

• e.g Coaxial cable , Twisted pair cable , Fiber optics

WIRELESS-BASED _UNGUIDED_ UNBOUNDED MEDIA • It uses electromagnetic radio waves

• No physical link

• e.g Microwaves , Satellite , Mobile Communication

WIRELESS NETWORKS

WIRELESS: 802.11

• The wireless standard that is becoming very popular follows the family of speci¬fications called 802.11 or Wi-Fi.

• The 802.11b standard describes specifications for wireless speeds up to 11 Mbps, which is a little faster than the slowest form of Ethernet (10 Mbps) but much faster than the typical 1.5 Mbps high-end DSL connection.

• The 802.1J p standard describes specifications for wireless LANs that provide 20+ Mbps connection speeds.

WIRELESS ACCESS POINT

• In a wireless environ¬ment, single or multiple PCs can connect through a single wireless access, point(WAP).In larger wireless topologies, multiple wireless machines can roam through different access points and stay on the same network domain with the same level of security. If the network must grow to handle more users, or expand its range, extension points can be added.

• To create a wireless LAN, a wireless access point is needed.

MICROWAVE

• Microwaves are ultra high frequency UHF radio signals.

• Microwaves can be transmitted between radio transmitters and receivers which are in sight of each other. Each of these relay stations is known as a repeater.

• Repeaters are sited to create a network along which signals can be sent. The ultra high frequency nature of microwaves minimises distortion.

• The Mercury One-To-One personal communications network (PCN) in the UK uses microwave technology.

SATELLITE

Each satellite maintains a constant position in relation to the earth's surface; this is referred to as a geosynchronous orbit. Radio transmissions are received by the satellite, which includes a repeater and an amplifier, to boost the signal, and send it onwards to receivers on another continent.

MOBILE DATA SERVICES

The technology exists to sent and receive messages from one computer to an other using radio signals. For example, a user of laptop might wish to obtain some data from a company database while he is out of the office.

TYPES OF NETWORK TOPOLOGY

STAR TOPOLOGY

Communication channel controlled by Centralized System.

ADVANTAGES OF STAR TOPOLOGY

• Network expansion is relatively easy. As PE would grow, additional computers or any other peripheral device may be added without disrupting the network.

• It is economical than Mesh, as less cable is required to connect all workstations to the central hub/switch.

• Due to availability of central system different kinds of security measures can be implemented ranging from port level security to MAC address authentication.

• Although two other topologies i.e., Bus and Ring could also be used, Star topology is much better than these two topologies in respect of security, network availability, expansion and administration.

BUS TOPOLOGY

Single network cable connected with node via communication line.

RING TOPOLOGY

Direct point-to-point link between two neighboring nodes with unidirectional mode.

MESH TOPOLOGY

Random connection of nodes using communication links.

ADVANTAGES OF MESH TOPOLOGY

• A fully connected mesh network does not have a single point of failure i.e., if the connection between any two nodes fails, the remaining connections would continue to work.

• Security and data transmission rate is relatively high as each dedicated link carries traffic only between the two nodes it connects.

DISADVANTAGES OF MESH TOPOLOGY

• It is relatively difficult to add further computers/devices, because each new computer/device is required to be connected with all the existing computers/devices.

• Setting up a Mesh Topology is expensive than any other network topology. To link 'n' devices mesh network requires n(n-1)/2 physical channels. This would require significantly higher quantity of cable as compared to any other topology.

TOKEN RING

A type of computer network in which all the computers are arranged in a circle. A token, which is a special bit pattern, travels around the circle. To send a message, a computer catches the token, attaches a message to it and lets it continue to travel around the network.

HYBRID

Hybrid networks use a combination of any two or more topologies in such a way that the resulting network does not exhibit one of the standard topologies (e.g., bus, star, ring, etc.)

DATA TRANSMISSION MODES

SYNCHRONOUS TRANSMISSION

Large volume of information can be transmitted at a single time with synchronous transmission. This type of transmission involves simultaneous flow of several bytes of data.

ASYNCHRONOUS TRANSMISSION

This transmission involves the sending and receiving of data at a time. It is most often used by microcomputers and other systems characterized by slow speeds.

TRANSMISSION PROTOCOLS

Protocols are set of rules for communication between computers ensuring timings, sequencing, and error checking for data transmission.

OPEN SYSTEM INTERCONNECTION (OSI) MODEL:

• Application layer

• Network layer

• Presentation layer

• Data link layer • Session layer

• Presentation layer

• Transport layer

TCP/IP Transmission Control Protocol / Internet Protocol

• Application layer

• Internet layer

• Transport layer

• Network Interface layer.

WIRELESS LAN

WIFI It is a flexible data communication system that uses radio frequency (RF) technology to transmit and receive data over the air with minimizing the need for wired connections.

CLIENT/SERVER TECHNOLOGY

A computing technology in which the hardware and software components are distributed across a network to accept the request sent by the client machine to the server machine for processing of data.

VIRTUAL PRIVATE NETWORK (VPN):

A network that uses a public network (usually the Internet) to connect remote sites or users together with "virtual" connections routed through the Internet from the company's private network to the remote site or employee. Two types of VPNs are:

• Virtual Private Dial-up Network (VPDN)

• Site-to-site VPN

ISDN

INTEGRATED SERVICES DIGITAL NETWORK System of digital phone connections to allow simultaneous voice and data transmission across the world. Two types of ISDN services are BRI & PRI

BASIC RATE INTERFACE BRI consists of two 64 Kbps B channels and one 16 Kbps D channel suitable for individual users.

PRIMARY RATE INTERFACE (PRI)

PRI consists of 23 B channels and one 64 Kbps D channel for users with higher capacity requirements.

COPPER WIRE

Copper has been used in electric wiring since the invention of the electromagnet and the telegraph in the 1820s. The invention of the telephone in 1876 created further demand for copper wire as an electrical conductor.

Characteristics

• This is a twisted pair of cables.

• It is inexpensive.

• It has low transmission rate and relatively high error rate because there is only minimal anti-interference screening.

• It allows straight forward addition of extra nodes.

COAXIAL CABLE

Coaxial cable, or coax, is a type of cable that has an inner conductor surrounded by a tubular insulating layer, surrounded by a tubular conducting shield. Many coaxial cables also have an insulating outer sheath or jacket. The term coaxial comes from the inner conductor and the outer shield sharing a geometric axis. Coaxial cable was invented by English engineer and mathematician Oliver Heaviside, who patented the design in 1880.

Characteristics

• Coaxial cable is similar to domestic television aerial cable.

• It gives significantly better performance than twisted pair cable, as there is less risk of distortion of data at higher rates of transmission.

• Anti interference screening is also better than twisted pair cable. Heavier grades of cables allow broadband transmission, increasing the number of signals which can be carried simultaneously.

• It allows straightforward addition of extra nodes.

TWISTED PAIR CABLES

Twisted pair cabling is a type of wiring in which two conductors (the forward and return conductors of a single circuit) are twisted together to cancel out electromagnetic interference (EMI) from external sources and reduce signal loss. Twisted pair cables were invented by Alexander Graham Bell in 1881.

FIBRE OPTIC CABLE

An optical fiber cable is a cable containing one or more optical fibers. The optical fiber elements are typically individually coated with plastic layers and contained in a protective tube suitable for the environment where the cable will be deployed.

Characteristics

• The center conductor of a fiber-optic cable is a fiber that consists of highly refined glass or plastic designed to transmit light signals.

• It is virtually interference free and has extremely high data transmission rates.

• It does not support the addition of nodes.

• Transmission is essentially in one direction.

BENEFITS OF NETWORKING

• Networking offers centralized management and security.

• It results in flexible working environment. Work can be done from anywhere.

• Networking offers resource sharing. Data and equipment can be shared regardless of physical location.

• Networking offers load sharing and balancing. Load can be shared from busy servers to idle machines.

• Networking can also offer facility of reliability and backup. If primary machines shuts down backup machine can start working immediately.

• Networking facilitates instant availability of information.

NETWORK ADMINISTRATION AND CONTROLS

The following activities fall under network administration:

• Monitoring the network's capacity

• Adding capacity to the network by increasing bandwidth, interconnecting additional nodes etc

• Training people to use the network effectively

• Assisting IT professionals in writing applications

• Backing up the network software and data regularly

• Putting security procedures in place to make certain that only authorized users have access to the network, and ensuring that all security procedures are followed.

• Making sure that network personnel can respond quickly and effectively in the event of a network operational or security failure.

• Diagnosing and troubleshooting problems on the network and determining the best course of action to take to solve them.

PAST PAPERS

Q.1 (S2012)

Progressive Explorer (PE) is a small travel agency. Due to recent growth in PE's business, the management is planning to expand its staff and facilities. Presently, there are only two computers which are connected with each other through direct cable while the only printer is attached with one of the computers through local port. The new setup is likely to have ten computers and two printers which would be connected with each other through an appropriate network topology. One of the partners of PE, who has some experience of IT matters, has recommended the use of Mesh Topology.

Required:

Identify two advantages and two disadvantages of using Mesh Topology in the above situation.

(04 marks)

Suggest one other network topology which in your opinion is best suited for PE. Give reasons to justify your suggestion. (04 marks)

A.1

(a) Advantages of Mesh Topology are as follows:

(i) A fully connected mesh network does not have a single point of failure i.e., if the connection between any two nodes fails, the remaining connections would continue to work.

(ii) Security and data transmission rate is relatively high as each dedicated link carries traffic only between the two nodes it connects.

Disadvantages of Mesh Topology are as follows:

(i) It is relatively difficult to add further computers/devices, because each new computer/device is required to be connected with all the existing computers/devices.

(ii) Setting up a Mesh Topology is expensive than any other network topology. To link 'n' devices mesh network requires n(n-1)/2 physical channels. This would require significantly higher quantity of cable as compared to any other topology.

(b) Star Topology seems to be most appropriate for PE because of the following reasons:

(i) Network expansion is relatively easy. As PE would grow, additional computers or any other peripheral device may be added without disrupting the network.

(ii) It is economical than Mesh, as less cable is required to connect all workstations to the central hub/switch.

(iii) Due to availability of central system different kinds of security measures can be implemented ranging from port level security to MAC address authentication.

(iv) Although two other topologies i.e., Bus and Ring could also be used, Star topology is much better than these two topologies in respect of security, network availability, expansion and administration.

Q.4 (A 2011)

Explain the key characteristics of three commonly used wired telecommunication media. (06 marks)

A.4

Key characteristics of commonly used wired telecommunication media are as follows:

Copper wire

(a)This is a twisted pair of cables.

(b)It is inexpensive.

(c)It has low transmission rate and relatively high error rate because there is only minimal anti-interference screening.

(d)It allows straightforward addition of extra nodes.

Coaxial cable

(a)Coaxial cable is similar to domestic television aerial cable.

(b)It gives significantly better performance than twisted pair cable, as there is less risk of distortion of data at higher rates of transmission.

(c)Anti interference screening is also better than twisted pair cable. Heavier grades of cables allow broadband transmission, increasing the number of signals which can be carried simultaneously.

(d)It allows straightforward addition of extra nodes.

Fiber optic cable

(a)The center conductor of a fiber-optic cable is a fiber that consists of highly refined glass or plastic designed to transmit light signals.

(b)It is virtually interference free and has extremely high data transmission rates.

(c)It does not support the addition of nodes.

(d)Transmission is essentially in one direction.

Q.2 (S2011)

Huma Traders (HT) is a family owned company. It has experienced significant growth during the past few years. The company is running various applications on standalone computers. It is being suggested that all computers should be connected through Local Area Network in order to install an efficient management reporting system. However, some members of the family management do not agree as they have serious concerns as regards confidentiality and security of data in networking environment.

Required:

(a) List five benefits of networking over standalone systems. (05 marks)

(b) Identify any four controls over the network, to minimise the risk to confidentiality and security of data. (04 marks)

A.2

(a)Benefits of networking over standalone systems are as follows:

(i)Networking offers centralized management and security.

(ii)It results in flexible working environment. Work can be done from anywhere.

(iii)Networking offers resource sharing. Data and equipment can be shared regardless of physical location.

(iv)Networking offers load sharing and balancing. Load can be shared from busy servers to idle machines.

(v)Networking can also offer facility of reliability and backup. If primary machines shuts down backup machine can start working immediately.

(vi)Networking facilitates instant availability of information.

(b)HT may take the following measures to minimize the risks to confidentiality of data:

(i)Define user authorization matrix and ensure that users' rights are managed strictly according to that.

(ii)Enable audit trails.

(iii)Disable USB ports and other portable storage devices. Only authorized users with 'need to have basis' permissions should be allowed to use such devices.

(iv)Implement email/ Internet scanning and monitoring system.

(v)Disable the use of Internet through dial up or mobile devices.

Q.1 (A2010)

Patoki Limited is a small but growing organization. Presently it is using standalone computers only.

However, in view of ever increasing need, it has hired you to connect its computers using a suitable network topology.

Required:

Write a report to the management explaining the architecture of Bus, Star and Ring topologies and how they differ in respect of the following.

(i) Single point of failure

(ii) Network expansion

(iii) Centralized control system

(iv) Security

(v) Cost (12 marks)

A.1

Bus Topology:

A linear bus topology consists of a single cable with a terminator at each end. All nodes (file server, workstations, and peripherals) are connected to the linear cable.

(i) Single point of failure: Bus/cable is single point of failure.

(ii)Network Expansion: It is very easy to add further computers _i.e._ by using a new T– connector the cable can be extended to add another computer. However, the network may be disrupted while a computer is added.

(iii)Centralized Control System: There is no centralized control system and the data is transferred on cable.

(iv)Security: Security is weak because data traverses on entire cable before terminating on addressee's station so practically everyone can see each other's data.

(v)Cost: Least expensive of all topologies as no central hub or switch is required and required less amount of cable.

Star Topology:

A star topology is designed with each node (file server, workstations, and peripherals) connected directly to a central network hub, switch, or concentrator.

(i)Single point of failure: Central network hub/switch is single point of failure.

(ii)Network Expansion: Network expansion depends on available ports on central hub/switch. However, in case the port is available, the peripheral device can be added without disrupting the network.

(iii)Centralized Control System: All addresses, destinations and data flow is managed by central hub/switch.

(iv)Security: Due to availability of central system different kinds of security measures can be implemented ranging from port level security to MAC (Media Access Control) address authentication.

Due to central controls system and intelligent switching data is only forwarded to required address instead of continuous broadcasting

(v)Cost: Expensive than all other topologies as it requires a central hub/switch and more cable is required to connect all workstations to the hub/switch.

Ring Topology:

In this topology all machines are connected to form a loop. A single channel connects all computers.

(i)Single point of failure: Due to single loop, every point on the cable is a single point of failure. However, due to looping characteristics machines can still use the available path in clockwise or anticlockwise direction.

(ii)Network Expansion: It is relatively easy to connect new devices in this topology. However, the network may be disrupted while a computer is added.

(iii)Centralized Control System: There is no centralized control system and like bus topology, data is transferred on the cable.

(iv)Security: In ring network tokens are assigned to computers for data transfer, still the data has to traverse the whole cable before reaching the destined computer. Like bus topology, data is practically accessible to all other nodes.

(v)Cost: It is expensive than Bus but less expensive than Star Topology.

Q.1 (S2010)

National University of Business Education (NUBE) is considering to connect the networks installed in its campuses which are three kilometers apart. While reviewing the IT department's proposal in this regard, the head of procurement has observed that IT department has recommended the use of a particular type of cable as data transmission medium without giving any justification for its selection.

Required:

As IT Manager of the university, write a note to the head of procurement describing the key characteristics of four types of data transmission media that are commonly used for connecting networks. Give justification to support your recommendation. (10 marks)

A.1

Copper wire

This is a twisted pair of cables. It is widely available and inexpensive. However, it has low transmission rate and relatively high error rate because there is only minimal anti-interference screening. It allows straightforward addition of extra nodes. Telephone line is an example of copper wire.

Coaxial Cable

Coaxial cable is similar to domestic television aerial cable. It gives significantly better performance than twisted pair cable, as there is less risk of distortion of data at higher rates of transmission. Anti interference screening is also better than twisted pair cable. Heavier grades of cables allow broadband transmission, increasing the number of signals which can be carried simultaneously. It allows straightforward addition of extra nodes.

Fibre optic cable

These are virtually interference free and have extremely high data transmission rates up to one billion bits per second. It is popular in WAN, but less widely used in LANs for two reasons, first it is relatively high cost option, secondly it does not support the addition of nodes , which makes it unsuitable for ring type LANs, and transmission is essentially in one direction, which makes it unsuitable for bus type LANs.

Microwave

These are ultra high frequencies (UHF) radio signals; they can be transmitted between radio transmitters and receivers which are in the site of each other. Each of these relay stations are known as repeaters. Repeaters are cited a network along which signals can be sent. The ultra high frequency nature of microwave minimizes distortion.

One particular characteristic of the microwave system is that it cannot bend around corners; therefore microwave antennas must be in "line of sight" of each other - that is, unobstructed.

In the given scenario it is suggested to go with fiber optic technology due to following reasons:

(i) No interference from external factors.

(ii) No problem in terms of line of sight.

(iii) No problem with multipath distortion.

(iv) Unlimited bandwidth.

(v) High Reliability.

(vi) Low cross talk, interference between adjacent cables.

(vii) Though satellite is also a better option, it is much expensive than fiber optic and does not suit to NUBE.

Q.7 (A2009)

(a) In a networking environment, what do you understand by "Protocol" and "Communication Protocol"? (02)

(b) Write brief notes describing the salient features of each of the following:

(i) Transmission Control Protocol _Internet Protocol (TCP_ IP) (03)

(ii) Open Systems Interconnection Protocol (OSI) (03)

(iii) Wireless Application Protocol (WAP) (03)

Ans.7

(a)

Protocol An agreed set of operational procedures governing the format of data being transferred and the signals initiating, controlling and terminating the transfer is known as Protocol.

Communication Protocol A Communication Protocol is the set of standard rules for data representation, signaling, authentication and error detection required to send information over a communication channel.

(b)

TCP/IP It is the wide area network protocol that provides communication across diverse interconnected networks.

The IP component provides routing from the department to the enterprise network, then to regional networks and finally to the global Internet.

TCP is responsible for verifying the correct delivery of data from client to server. Data can be lost in the intermediate network. TCP adds support to detect errors or find lost data and to trigger retransmission until the data is correctly and completely received.

(c)

OSI This protocol is divided into seven functions in a seven layer reference model.

The seven layers of OSI model are as follows:

1. Physical layer

2. Data link layer

3. Network layer

4. Transport layer

5. Session layer

6. Presentation layer

7. Application layer

Layers 1 to 4 handle the movement of data from one place to another.

Layers 5 to 7 deal with the exchange of data between applications.

(d)

WAP It allows users to access information instantly via handheld wireless devices such as mobile phones, pagers, two-way radios and communicators.

It supports most wireless networks. These include GSM, CDMA, TDMA, CPDP and Mobitex _etc._

It is supported by all operating systems. Windows CE, OS/9, Palm OS, EPOC and Java OS are some of the operating systems that are specifically engineered for handheld device.

WAPs that use displays and access the Internet runs micro browsers. Such browsers have small file size that can accommodate the low memory constraints of handheld device and the low bandwidth of a wireless handheld network.

WAP supports HTML and XML, however, WML language is specifically devised for small screens and one-hand navigation without a keyboard.

## CHAPTER 4: INFORMATION SYSTEMS

SYSTEM

A system is a collection of men, machines and methods (MMM) organized to accomplish a set of specific functions.

TYPES

A system can be separated from other on the following basis

• Function

• Space time and people

• Formality

• Automation

• Noise

SUB SYSTEMS

Every system can be broken down into subsystems, or subsets. Each subsystem can be broken down into sub-subsystems

COMPONENTS OF SYSTEMS

A system has three component parts:

• inputs

• processes and

• outputs

WHY SYSTEMS EXIST

A typical manufacturing company or service organization can be viewed as a system. Inputs are received and processed by people and machine to produce output of goods and services. The objectives of the organization are thereby fulfilled.

FEEDBACK

In the basic system model, feedback which is based on past performance of a process and which is gathered to govern future performance is single loop feedback.

POSITIVE FEEDBACK

It results in control action which cause actual results to maintain (or increase) their path of deviation from planned results.

CONTROL DELAY

Delay in receiving the feedback information, or in acting on it, will cause the required adjustment to occur later than it should.

FEED FORWARD

Control based on comparing original targets or actual results with a current forecast of future results is referred to as feed forward control.

DISTRIBUTED SYSTEM

It is a combination of processing hardware located at a central place, _e.g._ a mainframe computer, with other, usually smaller, computers located at various sites within the organization. The central and dispersed computers are linked by a communications network.

FLAT STRUCTURE

• Small in size

• Few levels of management

• Chain of command is short

• Broad span of control

• Suited to mass production

TALL STRUCTURE

• Large organization

• High levels of management

• Long chain of command

• Narrow span of control

• More suitable for specialized work.

NOISE

Any disturbance during communication is known as noise

Types

• Data redundancy

• Error and omission

• Distortion (error on sending and receiving ends)

SYSTEM APPROACH Three step theory:

• It start by identifying what the whole system is

• It identifies where the objectives of system is whole

• It must plan with objectives in mind

OPEN LOOP SYSTEM

A system where control is exercised regardless of the output produced by the system.

CLOSED LOOP SYSTEM

A system where part of output is fed-back, so that output can initiate control action to change either the activities of the system or the system's input.

SENSOR

Is the device by which information (or data) is collected and measured.

COMPARATOR

Is the means by which the actual results of the system are measured against predetermined plans or system objectives.

HIERARCHY OF SYSTEM

Feature of system hierarchy by J-Yan

• A system is composed of sub systems.

• It is always possible to find another system of which this system is a part except universal system

• System might be a High level system or a Low level system

• A hierarchy of system exists whereby low level system is composed into high level system.

• Low level systems are composed of other lower level systems.

• Every system is a sub system of another system, except universal system

ORGANIZATIONAL INFORMATION SYSTEMs

DATA FLOW

Data flows represent the movement of data or information from one person, group, department or organization to another.

INFORMATION SYSTEM

An information system is a collection of hardware, software, data, people and procedures that are designed to generate information that supports the day to day short-range, and long-range activities of users in an organization.

HOW INFORMATION SYSTEM WORKs

An information system uses the resources of people, hardware, software, data, and network to perform input, processing, output, storage, and control activities that convert data resources into information products.

1. PEOPLE RESOURCES

Specialist -

systems analysts, software developers, systems operators

End User –

anyone else who uses information systems

2. HARDWARE RESOURCES

Machines –

computers, video monitors, magnetic disk drives, printers, optical scanners.

Media –

floppy disks, magnetic tape, optical disks, plastic cards, paper forms

3. SOFTWARE RESOURCES

Programs –

operating system programs, spreadsheet programs, word processing programs, payroll programs

Procedures –

data entry procedures, error correction procedures, paycheck distribution procedures

4. DATA RESOURCES

Product description, customer records, employee files, inventory databases

5. NETWORK RESOURCES

Communication media, Communication processors, network access and control software

6. INFORMATION PRODUCT Management reports and business documents using text and graphics display, audio responses, and paper forms

TYPES OF SYSTEMS

INTEGRATED SYSTEMS

Integrated systems are made up of a number of systems which, although capable of autonomous operation, may be linked closely to form a comprehensive and single view of the user.

NON -INTEGRATED SYSTEM

• Only in one department

• Communicate with other departments manually

INTEGRATED SYSTEM

• In all departments

• Automatic updates

• Connect whole organization as one unit

OFFICE AUTOMATION SYSTEMS

Office Automation Systems are systems that try to improve the productivity of employees who need to process data and information. Perhaps the best example is the wide range of software systems that exist to improve the productivity of employees working in an office (e.g. Microsoft Office XP) or systems that allow employees to work from home or whilst on the move.

KMS

Knowledge Management Systems ("KMS") exist to help businesses create and share information. These are typically used in a business where employees create new knowledge and expertise - which can then be shared by other people in the organization to create further commercial opportunities. Good examples include firms of lawyers, accountants and management consultants.

MIS

A Management Information System, or MIS, is an information system that generates accurate, timely and organized information so managers and other users can make decisions, solve problems, supervise activities, and track progress.

TPS

A Transaction Processing System (TPS) is an information system that captures and processes data generated during an organization's day-to-day transactions

OR

A Transaction Processing System (TPS) Process data resulting from business transaction, update operational databases, and produce business documents. Examples: sales and inventory processing and accounting systems.

PCS

Process Control Systems (PCS) Monitor and control industrial process. Examples: petroleum refining, power generation and steel production systems.

ECS

Enterprise Collaboration Systems (ECS) Support team, workgroup, and enterprise communication and collaboration. Examples: e-mail, chat, and videoconferencing, groupware systems.

EIS Executive Information System (EIS) provide critical information from MIS, DSS, and other sources tailored to the information needs of executives. Examples: system for easy access to analyses of business performance, actions of competitors, and economic developments to support strategic planning.

Features

• Provision of summary of long documents

• Drill down information

• Data manipulation facilities

• Graphical user interface

• Gathers data from external and internal sources

• Supports unstructured decision making

• Template system

Qualities of good EIS

• Easy to use

• Make data easy to access

• Provide tools for analysis

• Provide presentation tools

DSS

A decision support system (DSS) is an information system designed to help users reach a decision when a decision making situation arises.

Some decision support system includes query language, statistical analysis capabilities, spreadsheets, and graphics that help you extract data and evaluate the results.

Features

• Provides decision alternatives

• Assists in decision making

• Wide range of alternative information gathering

• Analytical tools

• User-friendly

• Flexible

• Can handle simple & complex models

• Gathers data from external and internal sources

• EIS is a special type of DSS

Architecture

• Language subsystem

• Problem processing subsystems

• Knowledge processing subsystems

EXPERT SYSTEMS

An expert system is an information system that captures & stores the knowledge of human experts & then imitates human reasoning & decision making processes for those having less expertise.

NEURAL NETWORKS Neural networks are other application of AI, seen by some as the 'next step' in computing. Neural computing is modeled on biological process of human brain.

Neural networks can learn from experience. They can analyze vast quantities of complex data and identify patrons from which predictions can be made. They have the ability to cope with incomplete or 'fuzzy' data, and can deal with previously unspecified or new situations.

TRANSACTION PROCESSING IN BUSINESS AND ACCOUNTING APPLICATION

ERP

Enterprise Resource Planning systems (ERPs) integrate (or attempt to integrate) all data and processes of an organization into a single unified system. A typical ERP system will use multiple components of computer software and hardware to achieve the integration.

ORACLES E-BUSINESS SUITE

Sometime referred to as Oracles ''E-Business Suite'', Oracle Applications (currently in use the 11i series version), contains several product lines such as Oracle Finance, Oracle Logistics. Oracle HR, Oracle Sales, and others. Within each product, there are several modules, each to be separately licensed.

SYSPRO

SYSPRO provides enterprise business software solutions targeted at the SMB (small and medium businesses) market place.

MICROSOFT DYNAMICS

Microsoft Dynamics is a line of software for business solution made by Microsoft. It was previously known by that codename of Project Green.

DATA ENTRY

Is a process in which data is captured of controlled by recording, coding and editing activities.

REPORT

A formal statement of the result of an investigation or of any matter on which definite information is required, made by some person or body, instructed of or required to do so.

BATCH PROCESSING

Batch input allows for better control over the input data, because data can be grouped into numbered batches.

ON-LINE PROCESSING

It covers a wide range of processing systems, but essential feature of an on-line system is that data is input to a computer from its point(s) of origin normally using keyboard input of data.

REAL-TIME PROCESSING

It is the continual receiving and rapid processing of data so as to be able, more or less instantly, to feed back the results of that input to the source of the data.

DISTRIBUTED SYSTEMS

These usually have several inter connected processors in separate locations. Each processor has it own local peripherals including disc storage, printers and terminals.

MULTI-PROCESSING

It involves linking two or more CPUs to optimize the handling of data. While one CPU executing one set of instruction, another CPU can be executing a different set.

PAST PAPERS

Q.4 (A2012)

Through the use of Artificial Intelligence (AI), Expert Systems can imitate human thinking and behavior for the purpose of reasoning and reaching conclusions.

Required:

(a) Briefly describe key components of an Expert System. (05 marks)

(b) List four key benefits of AI over human intelligence. (04 marks)

(c) Describe by way of an example as to how an expert system could be used in each of the

following areas:

• Healthcare

• Prediction

• Human resource management

• Production

• Accounting (05 marks)

A.4

(a)

Key components of an expert system are as follow:

(i)Knowledge base

It contains rules and facts from past experience. The knowledge base interfaces with a database in obtaining data to analyse a particular problem in deriving an expert conclusion.

(ii)Knowledge Acquisition Program

It includes: Knowledge Interface and Data Interface.

Knowledge Interface: It allows the expert to enter knowledge into the system without the traditional mediation of a software engineer.

Data Interface: It enables the expert system to collect data from non–human resources, such as measurement instruments in a power plant.

(iii)User Interface

It enables users to interact with the system. Through the user interface, the Expert System, puts questions to the users and they reply by providing the required information.

(iv)Inference Engine

It executes the reasoning to decide which rules apply and allocates priorities.

(v)Explanation Engine

It explains how a particular fact was inferred.

(b)

Key benefits of using Artificial Intelligence (AI) over human intelligence are as follows:

(i) AI and its expertise are permanent, whereas human experts may leave the business.

(ii) AI can be easily copied.

(iii) AI is consistent whereas human experts and decision makers may not be so consistent.

(iv) AI can be documented electronically.

(c)

Healthcare

Recognising diseases or other conditions based on displayed signs and symptoms and suggesting possible cure.

Prediction

Inferential systems like weather forecasting.

Human resource management

HR manager may determine whether the company is in compliance with an array of government employment laws.

Production

A machine may be programmed to suggest possible reasons for a malfunction.

Accounting

By processing the available data, decisions such as budgeting, tax planning, project management etc can be carried out.

Q.2 (S2012)

Greek Laboratories Limited (GLL) is a drug manufacturer and has a Management Information

System to control the decision making process.

Required:

(a) Differentiate between a closed loop control system and an open loop control system. (04 marks)

(b) Give any three examples of decisions that may be taken by GLL using each of the above types of control systems. (06 marks)

A.2

(a)

Closed Loop Control System

A closed loop system is self contained and does not interact nor does it make exchanges across its boundaries with its environment.

Part of the output is fed back so that the output can initiate control action to change either the activities of the system or the system's input

Open Loop Control System

An open loop system interacts and makes exchanges with its environment. Such exchanges affect the system and its performance.

Control is exercised regardless of the output produced by the system. Since information from within the organisation is not used for control purposes, control must be exercised by external intervention.

(b)

GLL may take the following decisions using closed loop control system:

(i) Monitor the profitability of product lines and reduce, stop or increase production of certain lines.

(ii) Monitor the results with budget in order to identify the deviations from plan and to take appropriate actions.

(iii) Monitor the punctuality of staff and record their punctuality status in their personal files.

GLL may take the following decisions using open loop control system:

(i) Stop the production of a profitable business line on receiving the results of a new medical research.

(ii) Revise the prices of a drug on account of competitor's prices.

(iii) Adjust staff salaries as a result of government's directives.

Q.2 (A2011)

The management of Jamal Airways (JA) is revisiting its information processing and reporting systems. After carrying out a need analysis and evaluating the capabilities of existing systems, the management is inclined to develop a customized Executive Support System (ESS). However, many directors are not convinced as some of them have poor experience of such systems.

Required:

Being one of the board members of JA and an active supporter of ESS, identify the:

(a) Key features of an ESS. (05 marks)

(b) Factors that may have been responsible for the problems experienced by some of the directors. (05 marks)

A.2

(a)

Key features of an Executive Support System (ESS) are as follows:

(i) It is capable of capturing data from organisation's main system and of presenting it in summarized form.

(ii) It allows to drill-down from higher levels of information to lower.

(iii) It facilitates the comparison of current year data with previous years and also helps in trend analysis.

(iv) It is capable of presenting the data in graphic form which is easier to understand.

(v) It allows creating template for particular type of data. For example, sales figures would be presented in a particular format irrespective of changes in the volume of information required.

(b)

Some of the directors of Jamal Airways might have experienced failure of an ESS on account of the following:

(i) Lack of commitment on the part of executive(s) responsible to sponsor the ESS.

(ii) Management's lack of awareness about the features and benefits of the ESS.

(iii) Failure to clearly define the ESS's link to business objectives.

(iv) Use of inappropriate technology for the development and execution of ESS.

(v) Failure to properly manage the spread and evolution of the system.

Q.3 (S2011)

Ekram Super Store (ESS) is a medium sized departmental store with a very high turnover. It has a Management Information System (MIS) system in place which produces a variety of reports.

Mr. Taffazul, who has recently been appointed as the manager is not satisfied with the effectiveness of the reporting system for decision making purposes. He believes that MIS is of limited use unless it is integrated with a Transaction Processing System (TPS).

Required:

(a) Describe MIS and TPS and give a suitable example of each. (04 marks)

(b) Briefly describe how the integration of MIS with TPS would improve the process of decision making at ESS. (04 marks)

A.3

(a)

Management Information System (MIS)

It is a system which converts data into information and communicates that information in an appropriate form, to managers at all levels and in all functions to enable them to make timely and effective decisions. Examples of MIS

Budget forecasting and analysis, financial reporting (e.g., balance sheets, income statements, cash flow reports), inventory reporting, salary analysis and sales forecasting _etc._

Transaction Processing System (TPS)

It is system that captures and processes data generated during an organization's day-to-day transactions. It serves the organization at operational level.

Examples of TPS

Airline reservations, bank deposits and withdrawals, course registration, hotel checkin/checkout, inventory procurement and payroll _etc._

(b)

Integration of MIS with TPS reduces re-input of data in the MIS which in turn minimizes human involvement, reduces chances of errors and saves time.

Consequently, it gives the confidence that most updated and correct information is available for decision making.

If the TPS is a real time system then the integration of MIS with TPS would allow the management to have vital information such as stock position, orders outstanding etc; at any given point in time.

Q.9 (A2010)

Sujawal Limited is engaged in the production and sale of consumer products. Its products are marketed through wholesalers located in all the major cities of Pakistan. During an annual get together of major stakeholders, a large number of wholesalers have identified the following issues:

(i) Frequent stock-out of popular products.

(ii) Delays in processing of their orders.

(iii) Improper response from customer services on their queries and complaints.

Required:

Explain what role can be played by the company's IT department in addressing the above complaints. (05 marks)

A.9

Information Technology (IT) department can help in the following way to alleviate the customers complaints:

(a) It can develop an integrated system that would link inventory, order processing, sales and marketing and other important business systems. It would help to make available updated information at all times and would therefore allow management to plan their purchasing, production and stock quantities

(b) An updated position of orders in the queue could be made available for the concerned personnel both at the operational as well as top management level.

(c) IT department can develop a system through which customers can register their complaints online. It will reduce the cost and time involved in lodging the claim and would also allow the top management to review the status of unresolved complaints.

(d) The IT department can devise an online tracking system which would allow the whole sellers to monitor the progress of their orders, queries and complaints.

Q.2 (S2010)

The management of Proficient Consultants (PC) is considering to install an Expert System as it is concerned about losing the expertise of some of its key employees. However, the CEO is concerned that huge cost would have to be incurred which would far outweigh the benefits.

Required:

(a) To what extent an Expert System can substitute the expertise of a key employee? (02)

(b) What other benefits can be secured by deploying an Expert System?(04)

(c) Limitations and constraints which the company must consider before acquiring the expert system. (03)

A.2

(a)

Expert system can be used to acquire knowledge base from existing employees based on their past experience.

The Expert system can substitute the expertise of key employees in a complex situation/decision provided:

 The key employee whose expertise is needed had faced such situation or similar situation in the past.

 The key employee has stored his strategy to deal with situation or decision taken in such situation, in the knowledge base of the expert system.

(b)

Other Benefits of Expert System

(i) It can reduce the number of people or it can reduce the coordination and consultancy cost between employees when a complex decision is to be made.

(ii) The decisions made by using its knowledge database would be consistent while human decisions may sometimes be inconsistent and affected by other factors.

(iii) The decisions and knowledge is documented, hence any decision can subsequently be justified.

(iv) Decisions can be made quickly.

(v) This knowledge base containing key employees expertise, remain with the company while employees can leave any time.

(vi) Expert system will carry out a detailed analysis while a human may forget to consider many things.

(vii) It can work continuously, while a human being has his/her limitations.

(c)

Limitations and Constraints of Expert System

(i) Expert systems are expensive, as they require initial cost and cost of maintenance.

(ii) Humans are naturally more creative as compared to computers.

(iii) If relevant information is not present in its knowledge base, the system is unable to make a decision. In such a situation, further input of data / information is required.

(iv) In expert system, Domain experts are not available to explain the logic and reasoning.

(v) Wrong decisions might be taken on account of errors in the knowledge base.

Q.1 (A2009)

Modern Pharmaceuticals Limited (MPL) is a large organization with country wide presence. It is considering to replace its centralized system with distributed processing system. In order to create awareness among the senior executives of the company about distributed processing system, you have been asked by the management to give a presentation on:

(a) Distributed Processing System and its important characteristics. (07)

(b) Risks and challenges in adopting distributed processing approach. (04)

Ans.1

(a)

Distributed system is defined as a system in which there are several autonomous but interacting processors and or data stores at different geographical locations linked over communication networks.

Some of the important characteristics of distributed processing system are as follows:

(i) A computer can access files from other computers in the system.

(ii) The computers within the system are able to process data jointly or interactively.

(iii) Files are stored centrally or at local sites. (Redundancy)

(iv) Processing can be carried out centrally as well as locally.

(v) Authority is decentralized as processing can be performed autonomously by local computers.

(vi) End-users of computing facilities are given responsibility for, and control over their own data.

(b)

Risks and challenges in adopting distributed processing approach are as follows:

(i) Security risks arise because processed data is also required to be transmitted.

(ii) As there is reliance on remote systems for processing so failure of remote system and / or communication link can affects local processing also.

(iii) It is hard to administer and manage a distributed system rather than centralized system.

(iv) Cost of maintaining the system increases as more sophisticated equipment and trained staff is required at more than one location.

(v) Data accuracy issues may arise.

## CHAPTER 5: COMPUTER PROGRAMMING

PROGRAM

A program is a set of instructions which enable particular processes to be performed by a computer

TYPES OF PROGRAM

• System software

o Operating Systems (including Utility programs)

• Application software

o Programming & translation software

FOR COMMON EXTENSIONS PROGRAM FILES

EXECUTABLE FILES

An executable file is the part of a program that actually sends commands to the processor. In fact, when you run a program, you are running the executable file. The processor executes the commands in the file-thus the name executable file. Executable files usually (but do not always) have the file name extension .exe.

INITIALIZATION FILES

An initialization (.ini) file contains configuration information, such as the size and starting point of a window, the color of the background, the user's name, and so on. Initialization file help programs start running or contain information that programs can use as they run.

BATCH FILES

A batch (.bat) file automates common or repetitive tasks. A batch file is a simple program that consists of an unformatted text file containing one more operating system commands.

CODE

The term code refers to statements that are written in any programming language, as in machine code _machine language or high-level code_ high-level language.

MACHINE CODE

Machine code or machine language is a system of instructions executed directly by a computer's central processing unit (CPU). Each instruction performs a very specific task, typically either an operation on a unit of data (in a register or in memory, _e.g._ add or move), or a jump operation (deciding which instruction executes next, often conditional on the results of a previous instruction).

Every executable program is made up of a series of these automatic instructions. Machine code may be regarded as an extremely hardware-dependent programming language or as the lowest-level representation of a compiled and/or assembled computer program.

Instructions are in binary form (the 1 and 0 corresponding to the on and off states of a computer).

ASSEMBLY LANGUAGE

Assembly languages were a subsequent development from machine code. They are also machine specific, but the task of learning and writing the language is made easier than with machine language because they are written in symbolic form (e.g ADD, SUB and MULT)

LOW-LEVEL LANGAUGE

To overcome the low-level language difficulty of machine dependency, high-level (or machine independent) languages were developed.

HIGH LEVEL LANGUAGE

Some high-level languages are said to be problem-oriented, because they have been created to deal with particular types of data processing problem.

3RD GL

Third-generation languages (3GLs) make it easier to write structured programs. Because they were the first languages to use true English-like phrasing, they also make it easier for programmers to share it in the development of programs.

_e.g._ C , C++ , COBOL , Java , PL/1 , BASIC , ActiveX , FORTRAN , CORAL , Pascal _etc._

4TH GL

Fourth generation languages, or 4GLs, are an ill-defined term that refers to software intended to help computer users or computer programmers to develop their own application programs more quickly and cheaply.

MACHINE LANGUAGE

The symbolic assembly language must be translated into the machine code which 'works' the particular computer.

COMPILERS AND INTERPRETERS

COMPILERS

A compiler converts all source code into machine code, creating an executable file. The output of the compiler is called object code.

INTERPRETERS

An interpreter also converts source code to machine code. Instead of creating an executable object code file, however, the interpreter translates and then executes each line of the program, one line at a time.

DUTIES OF PROGRAMMER

The programmer must test the object program with test data. A diagnostic routine, of debugging routine, provides for outline program testing and error correction during program development.

SOFTWARE WRITERS

• Employees of the computer hardware manufacturer

• A software house

• Computer programmers

• End users

GOOD PROGRAMMING PRACTICES

• The program requirements must be specified in full and in writing

• Specifications will be prepared by system analyst and the programmer convert these specifications into written program

• In developing a program, a programmer should keep working papers

• The working papers might include a decision table or flowchart (or both)

• Writing a program, the programmer should try to keep it as short as possible

• Programs should be tested when they have been written

• Provision should be made for program amendments

• A record should be kept of all program errors that are found during ' live ' processing of data, and the correction that are made to the program

• To avoid a mix-up, each version of a program should be separately identified,

CHAPTER 6: FLOWCHART & DECISION TABLE

OPERATIONS WHICH CAN BE DONE WITHIN A PROGRAM

• Arithmetic calculations

• Reading an input record

• Comparisons

• Output of an item of information or data to output device

• Moving data

• Giving an item of data a certain value

• Branching conditional/unconditional

LOOP

A sequence of instructions that are executed repeatedly until a specific condition is satisfied, when program will then go on to carry out another sequence of instructions.

PROGRAM ANALYSIS

Determines the Input, Output and Processing of data.

Algorithm:

An effective method for solving a problem expressed as a finite sequence of instructions.

PROGRAM DESIGNING

Determines the function to be performed using flow chart and file layout.

PROGRAM CODING

Conversion of logic of the program outlined in the flowchart which describes program statement or instruction by using rules concerning format and syntax.

PROGRAM DEBUGGING

A process of finding errors in program and ratifying them using diagnostic routine.

PROGRAM DOCUMENTATION

Includes program specification, program descriptions, test data, operational manual and finally, maintenance documentation.

PROGRAM MAINTENANCE

Modification, Rewriting and restructuring of program, based on requirements of business data processing application subjected to the continued changes in near future.

FLOW CHART

A diagram that shows sequence of steps to solve a particular problem. It is a logical flow of steps which show sequence of operations of a program by using symbols and interconnecting lines.

Types:

• System flowchart

• Program flowchart

GUIDELINE TO PREPARE FLOW CHARTS

• In drawing a proper flowchart, all necessary requirements should be listed out in logical order.

• The flowchart should be clear, neat and easy to follow. There should not be any room for ambiguity in understanding the flowchart.

• The usual direction of the flow of a procedure or system is from left to right or top to bottom.

• Only one flow line should come out from a process symbol.

• Only one flow line should enter a decision symbol, but two or three flow lines, one for each possible answer, should leave the decision symbol.

• Only one flow line is used in conjunction with terminal symbol.

• Write within standard symbols briefly. As necessary, you can use the annotation symbol to describe data or computational steps more clearly.

• If the flowchart becomes complex, it is better to use connector symbols to reduce the number of flow lines. Avoid the intersection of flow lines if you want to make it more effective and better way of communication.

• Ensure that the flowchart has a logical start and finish.

• It is useful to test the validity of the flowchart by passing through it with a simple test data.

BENEFITS

• Quicker grasp of relationships

• Effective analysis

• Communication

• Documentation

• Efficient coding

• Orderly check out of problem

• Efficient program maintenance.

LIMITATIONS

• Complex logic

• Modification

• Reproduction

• Link between conditions and actions

• Standardization

• Loss of technical details

• Lack of transformation between one level of design to another level of design

PROGRAM FLOWCHART

Concerned with logical/arithmetic operations on data within CPU and the flow of data between the CPU and Input/output peripherals.

ARITHMETICAL AND LOGICAL OPERATION

• Addition

• Division

• Printing

• Subtraction

• Transfer

• Feed

• Multiplication

• Comparison

START/END

Start of end symbol. A program flowchart has one start and one end

OPREATION SYMBOL

Operation symbol (e.g. Arithmetic calculation, Read print etc)

ROUTINE

A routine of several program instructions, not just one (e.g. a sub-routine, instruction to open or close files)

DECISION

Decision or Condition table this must have two (or occasionally three) flow-lines coming out of it. When comparison are being made and conditions established, this symbol should be used

ON-PAGE CONNECTOR

Connector is a symbol to show where one part of flow chart connects to another, without drawing a connection line to show the flow. These are used for example when a flow chart goes off the end of the page and is continued on the next page

MACRO LEVEL FLOWCHART

It shows the big picture and generally has fewer than six steps.

MINI LEVEL FLOWCHART

The term "mini" or "midi" is used for a flowchart that falls between the big picture of the macro level and the fine detail of micro level.

MICRO LEVEL FLOWCHART

The micro-level or ground-level view provides a very detailed picture of a specific portion of the process by documenting every action and decision.

DEPLOYMENT OR MATRIX FLOWCHART

A deployment flowchart maps out the process in terms of who is doing the steps. It is in the form of a matrix, showing the various participants and the flow of steps among these participants. It is chiefly useful in identifying who is providing inputs or services to whom, and areas where different people may be needlessly doing the same task.

OPPORTUNITY FLOWCHART

It differentiates process activities that add value from those that add cost only.

Value-Added Steps: are essential for producing the required product or service.

Cost-Added-Only Steps: are not essential for producing the required product or service.

DECISION TABLES

DECISION TABLE

A precise yet compact way to model complicated logic which defines the possible contingencies that may be considered within the program and the appropriate course of action for each contingency.

FOUR PARTS OF DECISION TABLE

• Condition stub

• Condition entries

• Action stub

• Action entries

STEPS TO CREATE A DECISION TABLE

1. List all causes in the decision table

2. Calculate the number of possible combinations

3. Fill columns with all possible combinations

4. Reduce test combinations

5. Check covered combinations

6. Add effects to the table.

TYPES OF DECISION TABLE

LIMITED ENTRY TABLES

The condition and action statements are complete. The condition and action entries merely define whether or not a condition exists or an action should be taken.

Y Condition exists

N Condition does not exist

_ Condition/Action does not apply

X Execute the action statement

EXTENDED ENTRY TABLE

Condition and action statements are not complete, but are completed by the condition and action entries. Condition and action entries not necessarily be defined as Y, N and X.

MIXED ENTRY

It combines both the limited and extended entry forms.

ENGINEERING BENEFITS

• Makes it easy to observe all possible conditions are accounted for

• Easy to audit control logic, decision tables demand that a programmer thinks of all possible conditions

• As logic is extremely important for programming, decision tables are an excellent tools for designing control logic

LIMITATION OF DECISION TABLES

Decision tables are not good at expressing sequence or procedure. This is best left to graphical techniques such as flowcharting.

PAST PAPERS

Q.7 (A2012)

The ATM machines of Creative Bank Limited (CBL) contain biometric security features besides conventional PIN control. The customers of CBL have a choice either to use Card + PIN or Card + Biometric option. Customers of other banks can also withdraw cash from CBL's ATM; however, they can only use Card + PIN option. A customer's card is captured by the machine after three consecutive unsuccessful attempts.

Required:

Prepare a program flowchart showing the process of cash withdrawal from CBL's ATM.

Assume that transactions other than cash withdrawals are not allowed. (10 marks)

Q.4 (S2012)

(a) Briefly explain three types of Decision Tables. (05 marks)

(b) State two advantages and two limitations of Decision Tables(04 marks)

A.4

(a)

Types of decision tables are as follows:

(i) Limited Entry

In this type of decision table, the condition and action statements are complete. The condition and action entries define whether or not a condition exists (i.e., Yes or No) or whether an action should be taken. Besides it refers to a situation where the condition does not apply, or it makes no difference whether the condition exists or not.

(ii) Extended Entry

In this type, the statements in the table are more open-ended. The question does not suggest the answer with limited options, but expects further information from a variety of possible options. The expression of conditions is partly given in the quadrants and the rest is expressed in the entries quadrants in the form of answers.

(iii) Mixed Entry

It combines both the limited and extended entry forms. While the limited and extended entry forms can be mixed within a table, only one form may be used within a condition statement or an action statement.

(b)

Advantages of decision tables are as follows:

(i) It is possible to check that all combinations have been considered.

(ii) It is easy to trace from actions to conditions.

Limitations of decision tables are as follows:

(i) They are not good at expressing sequence or procedure.

(ii) Multiple decision environments can quickly produce very large decision tables. These can be split into a number of smaller tables but interrelating these tables can be difficult.

Q.6 (A2011)

The flowchart is a mean of visually presenting the flow of data through an information processing system, the operations performed within the system and the sequence in which they are performed.

Required:

(a) Draw and briefly explain five symbols commonly used in a flowchart. (05 marks)

(b) Identify the advantages of using flowcharts. (05 marks)

(b) Advantages of using flowcharts are as follows:

(i)Communication: Flowcharts facilitate in communicating the logic of a system to all concerned.

(ii)Proper documentation: Program flowcharts serve as a good program documentation, which is needed for various purposes.

(iii)Efficient Coding: The flowcharts act as a guide or blueprint during the systems analysis and program development phase.

(iv)Proper Debugging: The flowchart helps in debugging process.

(v)Efficient Program Maintenance: The maintenance of operating program becomes easy with the help of flowchart, thereby enhancing the programmer's efficiency.

Q.7 (S2011)

Care Laboratories (CL) allows its customers to access their blood test reports through Internet. At the time of payment the system creates a unique user ID and password which is printed on the payment receipt. The customer is allowed to log on to CL's website on or after the specified date, to access the report. After logging on to the website the customer is required to input his email address after which the system automatically sends the test report to that email address. After sending the email, the system automatically signs off the customer and displays the message: "Your report has been sent to your email address."

If the customer tries to log on before the report receiving date, the system displays the message:

"Your report would be available on the date specified on your payment receipt."

The user ID and password is valid only for fifteen days after the date on which the report becomes available.

Required:

Draw a program flowchart to depict the above process from customer sign in to automatic sign off. (07 marks)

Q.6 (A2009)

Sirzameen Bank Limited (SML) has launched a promotion for its credit card customers. According to the promotion, the customers will receive a gift voucher worth Rs. 500 with their monthly bill if they spend Rs. 15,000 more than their last month spending and their last month bill is not less than Rs. 10,000.

Draw a flow chart showing the above process. (05)

## CHAPTER 7: SOFTWARE

COMPUTER AIDED SOFTWARE ENGINEERING

CASE TOOLS

The importance of precise program design is that problems arising in testing are minimized. Software engineering techniques (including Computer Aided Software Engineering – CASE) were designed in response to a situation where the haphazard and ad-hoc design of programs made alternations difficult and maintenance time-consuming.

POSSIBLE USE OF CASE TOOLS

STAGES OF SDLC

Project Initiation

• Generate project schedule in various forms

Analysis & Design

• Produce diagrams _e.g._ flowcharts, DFDs _etc._

• Generate Data dictionary

Design (Logical & Physical)

• Produce model diagrams

• Data structures

• Automate screen and report design

Implementation

• Installation schedule

• Program code generator

Maintenance

• Version control

• Change specification and tracking

UPPER CASE TOOLS

Also called Analysts Workbenches

• Diagramming tools

• Analysis tools

• Case repository

LOWER CASE TOOLS

Also called Programmers Workbenches

• Document generators

• Screen & report layout generators

• Code generators

ADVANTAGES OF CASE TOOLS

• Quicker document/ diagram preparation

• Improved accuracy of diagrams

• Prototyping is made easier

• Blocks of code can be re-used

TYPICAL CASE TOOLS

• Code generation tools

• UML (Unified Modeling Language) tools

• Refactoring tools

• QVT or Model transformation tools

• Configuration management tools

OUTPUT OF CASE TOOLS FOR SSADM

• Database schema

• Data flow diagrams

• Entity relationship diagrams

• Program specification

• User documentation

DATA FLOW DIAGRAMS (DFD)

These diagrams are used to show how data flows between the various processes in the system. DFD's are an excellent communication tool as they are simple enough for users to understand & yet detailed enough to form the basis for the systems design process.

ENTITY RELATIONSHIP DIAGRAMS (ERD)

Entity relationship diagrams identify the major objects about which data is stored and chart their interrelationship. Like most formal techniques, its major value is that it forces the analyst into a structured and detailed investigation of all the data used in the system.

OPERATING SYSTEMS & UTILITY SOFTWARE

OPERATING SYSTEM

Operating system provides a software platform on top of which other programs, called application programs, can run. The application programs must be written to run on top of a particular operating system. An operating system is basically a set of programs that provide control of the CPU (central processing unit) and its resources.

OPEN SYSTEM, SENSIBLE PATH FOR Only which:

Are hearing a major change in their computer configuration any way.

Having a substantive desire in use of IT, throughout the organization

Receive multi set, multi tasking computers.

UTILITY SOFTWARE

Programmed which performs a function that may be required a no. of other programs or in a no. of circumstances

e.g.:

The conversion, file copying, and memory computer, listing files or directories, comparison, deleting files.

Three pages are also thrown as service programs.

UTILITY PROGRAMS

• Text editor

• Debugging tools

• Sort and merge

• Memory adown programs

• Trace routine

• Peripheral interchange programs

• Compression software

• Drag nonstick problems

• Backup utility

• Disk defragmentation

TYPES OF ANTIVIRUS

ANTIVIRUS PROGRAMS

Applications that detect, prevent and possibly remove all known viruses from files located in a micro computer had drive

SCANNERS

Took for sequences of bits called signature that are typical of universal programs

INTEGRITY CHECKERS

Integrity checkers scan and maintain a database of sorts regarding pertinent information on all or critical system files. If a program attempts to modify one of these guarded files, the integrity checker will alert the user and prompt for input.

ACTIVE MONITORS Interpret DOS & ROM Basic-Input-Output-System (BIOS) calls, looking for virus-like actions. Active monitors can be annoying because they cannot distinguish between a user request and a program or virus request.

OPERATING SYSTEMS

LINUX

Is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of Linux is the Linux kernel, an operating system kernel first released 5 October 1991 by Linus Torvalds

WINDOWS

Windows was developed as a front end addition to the MS-DOS operating system.

In 1993, Microsoft launched Windows NT, a complete operating system in its own right, designed for networks, and now providing strong competition for other network operating systems like Novell Netware.

UNIX

The UNIX operating system was developed by AT &T in 1969 as a non-proprietary multitasking OS that could be portable to different computer architectures. It is an example of an open system.

NetWare

NetWare is a network operating system developed by Novell, lnc. It initially used cooperative multitasking to run various services on a PC, and the network protocols were based on the archetypal Xerox XNS stack.

NetWare

NetWare is a network operating system developed by Novell, lnc. It initially used cooperative multitasking to run various services on a PC, and the network protocols were based on the archetypal Xerox XNS stack.

COMMUNCATION SOFTWARE

WEB BROWSER

A web browser is a software application that enables a user to display and interact with text, images, and other information typically located on a web page at a website on the world wide web or a LAN.

E-MAIL CLIENT

E-mail software or an e-mail client, also called a Mail User Agent (MUA), is a computer program that is used to read and send e-mail.

ONLINE CHAT

Online chat can refer to any kind of communication over the internet, but is primarily meant to refer to direct 1-on-1 chat or chat rooms, using tools such as instant messaging applications-computer programs. Internet Relay Chat, talkers.

VOIP

Voice over internet Protocol, also called VoIP, IP Telephony, internet telephony, Broadband telephony, Broadband Phone and Voice over Broadband is the routing of voice conversations over the internet or through any other IP-based network.

VIDEO CONFERENCE (VC)

A videoconference (also known as a videoconference) is a set of interactive telecommunication technologies which allow two or more locations to interact via two-way video and audio transmissions simultaneously. It has also been called visual collaboration and is a type of groupware.

COMPONENTS REQUIRED FOR AVC SYSTEM

• Video input : video camera or webcam

• Video output: computer monitor, television or projector

• Audio input: microphones, CD/DVD player, cassette player, or any other source of audio outlet.

• Audio output: usually loudspeakers associated with the display device or telephone

• Data transfer: analog or digital telephone network, LAN or Internet

• Computer

ISSUES IN VC

• Eye contact: plays a large role in conversational turn-taking, perceived attention and intent, and other aspects of group communication. While traditional telephone conversations give no eye contact cues, many videoconferencing systems are arguably worse in that they provide an incorrect impression that the remote interlocutor is avoiding eye contact. Some telepresence systems have cameras located in the screens that reduce the amount of parallax observed by the users. This issue is also being addressed through research that generates a synthetic image with eye contact using stereo reconstruction.

• Appearance consciousness: the video stream may be recorded. The burden of presenting an acceptable on-screen appearance is not present in audio-only communication. Early studies by Alphonse Chapanis found that the addition of video actually impaired communication, possibly because of the consciousness of being on camera.

• Signal latency: The information transport of digital signals in many steps need time. In a telecommunicated conversation, an increased latency (time lag) larger than about 150–300 ms becomes noticeable and is soon observed as unnatural and distracting. Therefore, next to a stable large bandwidth, a small total round-trip time is another major technical requirement for the communication channel for interactive videoconferencing.

PAST PAPER

Q.5 (A2012)

(a) List ten tasks that are typically performed by an operating system (05)

(b) Briefly describe the following types of antivirus software:

(i) Scanners

(ii) Integrity Checkers (05)

A.5

(a)

An operating system typically performs the following tasks:

(i) Checking that the hardware (including peripheral devices) is functioning properly.

(ii) Calling programme files and data files from external storage into memory.

(iii) Opening and closing of files, checking of file labels _etc._

(iv) Assigning programme and data files from memory to peripheral devices.

(v) Maintenance of directories in external storage.

(vi) Controlling input and output devices including the interaction with the users.

(vii)Controlling system security.

(viii)Handling of interruptions and communicating with the user.

(ix) Running checkpoint programmes and procedures.

(x) Managing multitasking and multiprogramming.

(b)

(i) SCANNERS

Scanners look for sequences of bits called signatures that are typical of virus programs. They identify different types of viruses by examining memory, disk boot sectors, executables and command files for bit patterns that match a known virus. it than takes appropriate steps like clearing the virus, informing the user _etc._

(ii) INTEGRITY CHECKERS

It computes a binary number on a known virus-free program that is then stored in a database file. The number is called a cyclical redundancy check or CRC. When that program is called to execute, the checker computes the CRC on the program about to be executed and compares it to the number in the database. A match means no infection; a mismatch means that a change in program has occurred. A change in program could mean a virus within it.

Q.6 (A2012)

You have recently joined as System Development Manager of Search Industries Limited which is a new company and is actively involved in automation of all of its major activities. You observed that your team consists of young and energetic programmers but most of them have learnt their programming skills on their jobs with little formal training. As a result, they are weak in documentation and waste a lot of time in making amendments before a program is finalized. They also lack the ability to use programming tools effectively.

Required:

(a) State five good programming practices which you would like your team to follow. (05 marks)

(b) Identify any five types of Computer Aided Software Engineering (CASE) tools and specify how each of the identified tool helps in system development process. (05 marks)

A.6

(a)

I would like to suggest the following good programming practices to the Search Industries Limited's team:

(i) Specify all the program requirements and record them in writing.

(ii) Always keep the working papers which are made during program development.

(iii) When writing a program, try to keep it as short as possible and logically well-structured.

(iv) Test every new/amended program according to the specification given by system analyst.

(v) Keep record of all programming errors and subsequent corrections to the programs, which are found during live processing.

(b)

Key types of CASE tools and their usefulness in system development process are as follows:

(i) Diagramming tools: Such tools automate the production of diagrams and hence SRL's team could use these tools to draw the system models.

(ii) Analysis tools: They are used to check the logic, consistency and completeness of system diagrams, forms and reports.

(iii) CASE repository: It is a specialized database that can store system models, detailed descriptions and specifications, and other products of system development which can be shared by all developers.

(iv) Screen and layout generators: These tools allow prototyping of the user-interface to be produced and amended quickly.

(v) Document generators: They are used to assemble, organize and report on system models, descriptions, specifications and prototypes that can be reviewed by system owners, users, designers and developers.

(vi) Code generators: They automate the production of code based on the processing logic input to the generator.

Note: Students were required to identify and explain only five types of CASE tools.

Q.3 (S2012)

Usage of technology is dramatically altering the way business world operates. In an era of financial austerity and rising travel expenses, usage of video conferencing is one such technological development which is altering traditional modes of meeting people in other locations.

Required:

Specify any five issues which limit the use of video conferencing(05 marks)

A.3

Following issues with video conferencing may affect its adoption:

(i) Connectivity issues are quite common, especially in developing countries.

(ii) Trained staff is required to support the video conferencing session.

(iii) During conduct of video conferencing sessions need of operational/technical level staff is inevitable. However, presence of such staff during strategic management meetings could compromise the confidentiality of certain high level decisions.

(iv) Setting up a video conferencing facility requires high initial cost.

(v) Eye contact plays a large role in conversational turn-taking, perceived attention and intent, and other aspects of group communication. In fact, videoconferencing systems provide a false impression that the remote interlocutor is avoiding eye contact.

Q.4 (S2011)

(a) List any six good practices which should be followed by the programmers while writing an application program and later on, making changes as a part of program maintenance or modification. (06 marks)

(b) Explain how CASE tools could be helpful to the programmers in effective and efficient programming. (04 marks)

A.4

(a)

Some of the good practices that may be followed while writing a new program or making changes in an existing program are as under:

(i) The program requirements must be specified in full and in writing.

(ii) A program should be logically well structured and should follow the international standardization requirements in terms of security, monitoring and evaluation.

(iii) Each version of the program should be identified separately to avoid mix up.

(iv) Appropriate working papers should be maintained to keep track of important events and what decisions were taken in each case.

(v) Detailed training and awareness sessions shall be arranged for programming team so that all team members are on same footing.

(vi) The programs should always be tested whenever they have been written.

(vii) Records shall be kept as regards all errors that were found during live processing of data and the correction that are made to the program.

(viii) Unrealistic deadlines for deliverables should not be agreed upon.

(b)

CASE tools could be helpful in effective and efficient programming as:

(i) Prototyping becomes easier as re-design can be made very quickly.

(ii) Diagrams could be prepared and amended efficiently.

(iii) Blocks of codes could be reused with appropriate modification in similar functions or processes.

(iv) Consistency of terminology and maintenance of documentation standards is ensured.

(v) Debugging tools are available for detecting and correcting errors.

Q.3 (S2010)

Perpendicular Limited's network is down due to a virus attack. Management has asked the IT manager to explain why the viruses were able to penetrate the system, in the presence of disk scanner antivirus software.

Required:

As IT Manager of the company explain:

(a) Two more kinds of antivirus software, besides conventional disk scanners; (04)

(b) How the controls against viruses be strengthened further? Also discuss the possible justification for your failure to install the appropriate software. (04)

A.3

(a)

Besides conventional disk scanners, following types of virus scanners are usually used:

(i) Active Monitors / Behavior-Based Detection: This kind of software will sit in memory and look for so-called "virus-like behavior" or "suspicious activities". In essence, these programs are looking for the types of actions taken on files or boot sectors that are usually performed by a virus when it tries to spread. Active monitors can be annoying because they cannot distinguish between a user request and a program request. As a result users are asked to confirm actions like formatting a disk or deleting a file.

(ii) Integrity Checkers: They compute a binary number on a known virus free program that is then stored in a database file. The number is called a Cyclical Redundancy Check (CRC). When that program is called to execute, the checker computes the CRC on the program that is to be executed and compares it with the number in the database. A match means no infection; a mismatch means that a change in the program has occurred i.e., a virus could be present.

(b)

Measures to strengthen controls against viruses

(i) The controls against viruses be strengthened by installing a combination of different types of antivirus software, because disk scanners carry certain limitations such as inability to detect virus like actions and inability to perform cyclic redundancy check.

(ii) Designing and implementing sound antivirus policies.

(iii )Educating users about potential virus sources and their controls.

(iv) Restricted use of removable storage media.

(v) Installation of properly configured firewall. Periodic review and update of the firewall policy.

Reasons of failure

At the time of previous capital budget approval, it was pointed out to the management that merely installing conventional disk scanner antivirus software is not enough to prevent viruses from penetrating. Besides disk scanners, active monitors and integrity checkers were also requested in the budget. Consequently, various other measures were suggested/required which involved purchase of hardware as well as software. However, our request was turned down and consequently we were unable to carry out the desired steps.

Q.5 (S2010)

Many organizations prefer in-house development of computer applications in order to achieve cost effectiveness and ensure that deadlines are met.

Required:

Explain the following, assuming you are the Project Manager responsible for in-house development of an application and you are using SDLC approach:

(c) the possible uses of Computer Aided Software Engineering (CASE) tools for achieving cost effectiveness and time saving. (05)

A.5

(c)

Possible uses of CASE tools for achieving cost effectiveness and time saving are as follows:

(i) Quickly generating project schedules in various formats.

(ii) Producing diagrams e.g., flowcharts, DFDs _etc._

(iii) Producing system model diagrams.

(iv) Defining data structures.

(v) Automating Screen Report designing.

(vi) Producing Installation Schedule.

(vii)Generating Program codes.

(viii)Version controlling.

(ix) Change specification and change tracking.

(x) Test data generators.

CHAPTER 8: E-COMMERCE & THE WEB

E-COMMERCE

Electronic commerce, commonly known as e-commerce, refers to the buying and selling of products or services over electronic systems such as the Internet and other computer networks.

TECHNOLOGIES USED IN E-COMMERCE E

lectronic commerce draws on such technologies as electronic funds transfer, supply chain management, Internet marketing, online transaction processing, electronic data interchange (EDI), inventory management systems, and automated data collection systems.

E-COMMERCE & INTERNET

Modern electronic commerce typically uses the World Wide Web at least at one point in the transaction's lifecycle, although it may encompass a wider range of technologies such as e-mail, mobile devices and telephones as well.

E-BANKING

E-banking includes familiar and relatively mature electronically based products in markets, such as telephone banking, credit cards, ATM's and directs deposit.

ELECTRONIC TRADING

Is a mode of trading that uses information technology to bring together a buyer and a seller through electronic media to create a virtual marketplace.

E-BUSINESS

The application of information and communication technologies (ICT) in support of all the activities of business. Commerce constitutes the exchange of products and services between businesses, groups and individuals and can be seen as one of the essential activities of any business. Electronic commerce focuses on the use of ICT to enable the external activities and relationships of the business with individuals, groups and other businesses.

CATEGORIES OF E-COMMERCE

B2C

Business to Consumer concentrates to retail or sale side of the e-Commerce. It is commerce between companies and consumers, involves customers gathering information; purchasing physical goods like books or travel or information goods like downloadable digitized material content, such as software, music or electronic books.

_E.g._ Amazon.com, Aroma.pk

B2C DISADVANTAGES

• Security concerns, _e.g._ security of credit card information _etc._

• Absence of tangible relationship between seller and distribution channels

• What you see is (sometimes) not what you get

• Logistics, shipping and distribution challenges

• No "touch" or "trial" (as required in several items like clothes)

B2B

Business to Business E-Commerce provides new opportunities for business influence emerging technologies to build their businesses.

B2B DISADVANTAGES

• Security concerns, (B2B will only thrive in a secure environment)

• High investment needed for implementation of industry recognized standards

• Heavily technology driven. Only large companies can adopt B2B due to significant cost involved

B2B2C

B-to-B-to-C is one of the least well-defined piece of the e-commerce spectrum. B2B2C is basically defined as using B2B to help support and rejuvenate companies attempting B2C.

B2E

• Business to Employee refers to use of technology to handle activities that take place within a business.

• Employees hired are based on various geographical locations. _e.g._ Telecommuting.

• Collaborative working. Latest example: Google Drive (Google Docs)

• _E.g._ blogging, writing, software development _etc._

Prerequisites

• Employee should own a PC/ laptop

• Fast and secure internet connection

Consideration

• Cost of travelling

• Security of company's data

• Sensitivity of company's data

C2C

Consumer to Consumer E-Commerce refers to exchange of goods and services (including value added information and knowledge) between consumers

Examples

• Forums about specific products or services

• Auctions portals, such as eBay, which allows online real-time bidding on items being sold in the Web

• Hafeezcentre.pk

• Olx.com.pk

Advantages

• Cost and time saving

• Interaction with other consumers (especially before buying a new product)

• Opportunities for businesses due to greater audience

B2G

Business to Government E-Commerce covers all transactions between a Government and businesses through internet. _E.g._ fbr.gov.pk, secp.gov.pk

EFT

Electronic funds transfer describes a system whereby a computer user can use his computer system to transfer funds.

Electronic payment systems can be used to transfer funds between the bank accounts of a business and its suppliers, or from a customer to the business. In retail stores, wide area networks may connect POS terminals in retail stores to bank EFT systems. In most cases, an intermediary organization acts as an automated clearing house, which debits and credits the relevant accounts.

EPOS

Electronic Point of Sale technology enables an efficient recording of the sale of goods or services to the customer and uses hardware like bar code readers for source data automation.

Electronic Data Interchange (EDI)

EDI is a form of computer-to-computer data transfer. For instance instead of sending a customer a paper invoice through the post the data is sent over telecommunications links. This offers savings and benefits to organizations that use it.

BENEFITS OF EDI

• It reduces the delays caused by postal paper chains.

• It avoids the need to re-key data and therefore saves time and reduces errors.

• It provides the opportunity to reduce administrative costs _e.g._ the costs associated with the creation, recording and storage of paper documents.

• It facilitates shorter lead times and reduced stock holdings which allow reduction working capital requirements, (e.g. Just-In-Time policies).

• It provides the opportunity to improve customer service.

E-CASH

Electronic-Cash addresses circumstances in which the payer is not present at the point of sale or service, but has electronic communications facilities available.

_e.g._ is connected to the Internet, or to some other manifestation of the emergent global information infrastructure, such as a cable-TV installation with enhanced capabilities.

_E.g._ stored-value cards, e-shopping cards _etc._

SWIFT

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) provides a network that enables financial institutions worldwide to send and receive information about financial transactions in a secure, standardized and reliable environment.

The chairman of SWIFT is Yawar Shah, who is from Pakistan. The CEO is Gottfried Leibbrandt, who is from the Netherlands.

CHAPS

The Clearing House Automated Payment System or CHAPS is a British company established in London in 1984, which offers same-day sterling fund transfers.

A CHAPS transfer is initiated by the sender to move money to the recipient's account (at another banking institution) where the funds need to be available (cleared) the same working day.

ONLINE PUBLISHING

Online publishing is the process of using computer and specific types of software's to combine text and graphics to produce web-based documents such as newsletters, online magazines and database ,brochures and others promotional materials, books, and the like ,with the internet as medium for population.

SMART CARDS

A smart card, chip card, or integrated circuit card (ICC) is any pocket-sized card with embedded integrated circuits. Smart cards can provide identification, authentication, data storage and application processing. Smart cards may provide strong security authentication for single sign-on (SSO) within large organizations.

SINGLE SIGN-ON

Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. Conversely, Single sign-off is the property whereby a single action of signing out terminates access to multiple software systems.

MAGNETIC STRIP CARDS

A magnetic stripe card is a type of card capable of storing data by modifying the magnetism of tiny iron-based magnetic particles on a band of magnetic material on the card. The magnetic stripe, sometimes called swipe card or magstripe, is read by swiping past a magnetic reading head.

Magnetic recording on steel tape and wire was invented during World War II for recording audio. In the 1950s, magnetic recording of digital computer data on plastic tape coated with iron oxide was invented. In 1960 IBM used the magnetic tape idea to develop a reliable way of securing magnetic stripes to plastic cards, under a contract with the US government for a security system.

CREDIT CARD AUTHORIZATION PROCESS

CREDIT CARD PAYMENT PROCESS

THE PAYMENT PROCESSOR

The payment processor connects the merchant to the credit card company's network. Transactions are seamless. Merchants can accept cards with varying features and fees. The payment processor may also provide the equipment used at the checkout that allows merchants to accept different payment types (credit and debit cards).

THE CARD ISSUER

The card issuer is the bank, credit union, other financial institution or company that issued your credit card, sends your statements, offers you credit, and provides the card's rewards and benefits. The issuer is also responsible for card security, compensates customers for losses due to fraud, and absorbs losses when customers default.

CARD COMPANY

The major card companies (e.g., Visa, MasterCard) operate the worldwide networks that process credit card payments.

PKI

A public-key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.

CERTIFICATION AUTHORITY

In cryptography, certificate authority, or certification authority, (CA) is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or assertions made by the private key that corresponds to the public key that is certified. In this model of trust relationships, a CA is a trusted third party that is trusted by both the subject (owner) of the certificate and the party relying upon the certificate. CAs are characteristic of many public key infrastructure (PKI) schemes.

DIGITAL CERTIFICATE

An attachment to an electronic message used for security purposes. The most common use of a digital certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply.

An individual wishing to send an encrypted message applies for a digital certificate from a Certificate Authority (CA). The CA issues an encrypted digital certificate containing the applicant's public key and a variety of other identification information. The CA makes its own public key readily available through print publicity or perhaps on the Internet.

The recipient of an encrypted message uses the CA's public key to decode the digital certificate attached to the message, verifies it as issued by the CA and then obtains the sender's public key and identification information held within the certificate. With this information, the recipient can send an encrypted reply.

SSL

The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission on the Internet. SSL has recently been succeeded by Transport Layer Security (TLS), which is based on SSL. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers. SSL is included as part of both the Microsoft and Netscape browsers and most Web server products. Developed by Netscape, SSL also gained the support of Microsoft and other Internet client/server developers as well and became the de facto standard until evolving into Transport Layer Security. The "sockets" part of the term refers to the sockets method of passing data back and forth between a client and a server program in a network or between program layers in the same computer. SSL uses the public and private key encryption system from RSA, which also includes the use of a digital certificate.

PUBLIC-KEY CRYPTOGRAPHY

Public-key cryptography refers to a cryptographic system requiring two separate keys, one of which is secret and one of which is public. Although different, the two parts of the key pair are mathematically linked. One key locks or encrypts the plain text, and the other unlocks or decrypts the cipher text. Neither key can perform both functions by itself. The public key may be published without compromising security, while the private key must not be revealed to anyone not authorized to read the messages.

WEB HOSTING AND SURFING

WEBSITE HOSTING

A Website hosting services is a type of internet hosting service that allows individuals and organizations to host their own website, and users with online systems for storing information, images, video, or other content accessible via the World Wide Web.

TYPES OF WEB HOSTING

FREE WEB HOSTING

Is offered by different companies with limited services, sometimes supported by advertisements, and often limited when compared to paid hosting.

SHARED WEB HOSTING

One's website is placed on the same server as many other sites, ranging from a few to hundreds or thousands. Typically, all domains may share a common pool of server resources, such as RAM and the CPU.

RESELLER WEB HOSTING

Allows clients to become web hosts themselves. Resellers could function, for individual domains, under any combination of these listed types of hosting, depending on who they are affiliated with as a reseller.

VIRTUAL DEDICATED SERVER

Also known as a Virtual Private Server (VPS), divides server resources into virtual servers, where resources can be allocated in a way that does not directly reflect the underlying hardware. VPS will often be allocated resources based on a one server to many VPSs relationship, however virtualisation may be done for a number of reasons, including the ability to move a VPS container between servers.

DEDICATED HOSTING

The user gets his or her own Web server and gains full control over it (user has root access for Linux/administrator access for Windows); however, the user typically does not own the server. Another type of dedicated hosting is Self-Managed or Unmanaged. This is usually the least expensive for Dedicated plans. The user has full administrative access to the server, which means the client is responsible for the security and maintenance of his own dedicated server.

MANAGED HOSTING

The user gets his or her own Web server but is not allowed full control over it (user is denied root access for Linux/administrator access for Windows); however, they are allowed to manage their data via FTP or other remote management tools. The user is disallowed full control so that the provider can guarantee quality of service by not allowing the user to modify the server or potentially create configuration problems. The user typically does not own the server.

COLOCATION WEB HOSTING

Similar to the dedicated web hosting service, but the user owns the colo server; the hosting company provides physical space that the server takes up and takes care of the server. This is the most powerful and expensive type of web hosting service.

CLOUD HOSTING

Is a new type of hosting platform that allows customers powerful, scalable and reliable hosting based on clustered load balanced servers and utility billing. A cloud hosted website may be more reliable than alternatives since other computers in the cloud can compensate when a single piece of hardware goes down.

CLUSTERED HOSTING

Having multiple servers hosting the same content for better resource utilization. Clustered Servers are a perfect solution for high-availability dedicated hosting, or creating a scalable web hosting solution. A cluster may separate web serving from database hosting capability.

GRID HOSTING

This form of distributed hosting is when a server cluster acts like a grid and is composed of multiple nodes.

HOME SERVER

Usually a single machine placed in a private residence can be used to host one or more web sites from a usually consumer-grade broadband connection. These can be purpose-built machines or more commonly old PCs.

UPTIME

Hosting uptime refers to the percentage of time the host is accessible via the internet.

SEARCH ENGINE

A search engine or search service is a document retrieval system designed to help find information stored on a computer system, such as on the World Wide Web, inside a corporate or proprietary network, or in a personal computer.

HOW SEARCH ENGINES WORK

Web search engines work by storing information about many web pages, which they retrieve from the HTML itself. These pages are retrieved by a Web crawler (sometimes also known as a spider) — an automated Web browser which follows every link on the site. Exclusions can be made by the use of robots.txt. The contents of each page are then analyzed to determine how it should be indexed (for example, words can be extracted from the titles, page content, headings, or special fields called meta tags).

Data about web pages are stored in an index database for use in later queries. A query can be a single word. The index helps information be found as quickly as possible.

Some search engines, such as Google, store all or part of the source page (referred to as a cache) as well as information about the web pages, whereas others, such as AltaVista, store every word of every page they find.

HTML

Hypertext Markup Language (HTML) is the programming language used to create documents for the world wide web. Using HTML, you define a web document's structure by using such components as attributes and tags. Tags, provide links to other points of the documents, to other documents on the same site, or to documents on the other site.

XHTML

Extensible HTML (XHTML) is the newer version of HTML. It is very similar in all aspects to HTML. However, the rules are strict. HTML allows for very "loose" coding. XHTML requires that all items be "well formed".

FLASH

Macromedia's Flash is a development tool for creating very sophisticated web pages which can include moving graphics, animation, sound, and interactivities.

PAST PAPERS

Q.5 (S2012)

You are the Business Development Manager of Web Potent which deals in development, administration, maintenance/support and hosting of websites. Your clients differ on account of their size, nature of operations and administrative set-up.

Required:

Prepare a brief summary of any four web hosting solutions and their key characteristics for uploading on your website, for the benefit and guidance of your clients. (08 marks)

A.5

Four types of web hosting options are as follows:

(i) Shared Web Hosting

The website is placed on the same server as many other sites, ranging from a few to hundreds or thousands. All domains may share a common pool of server resources, such as RAM and the CPU. It is the most economical web hosting solution but offers the slowest speed as compared to other solutions.

(ii) Virtual Dedicated Server

It involves slicing up a server into virtual servers. Each user is given the rights similar to those given in case of dedicated server but they are actually sharing a server with many other users. It is a faster but relatively more expensive solution than shared web hosting solution.

(iii) Dedicated Hosting

The user gets his own web server and gains full administrative control over it. However, the user may or may not own the server. It is the fastest but more expensive as compared to shared and virtual dedicated web hosting solutions.

(iv) Co-location Web Hosting Service

The user has his/her own web server and has full administrative control over it. The hosting company provides the power supply, air conditioning, Internet access and storage facilities for the server. In most cases, the co-location provider may provide little or no support directly for their client's machine. It is the fastest but most expensive web hosting solution.

Q.7 (A2011)

Smart Products Limited (SPL) is engaged in the marketing of hand bags and similar products throughout Pakistan. It is planning to launch an e–business enabled website primarily for the purpose of online sales of its products. The management of SPL has hired you as a Consultant to assist them in this venture.

Required:

(a) What features would you consider necessary in such a website? (06 marks)

(b) Identify any four ways that may be used to market the website through Internet. (02 marks)

(c) Identify the limitations associated with the use of such a website. (02 marks)

A.7

(a) An e-business enabled website to be developed by Smart Products Limited should have the following features:

(i) It should have an eye-catching look.

(ii) The information should be arranged in such a way as to allow easy and quick access.

(iii) It should have the capacity to accommodate adequate number of users/customers.

(iv) The information on the website should be readily updated.

(v) It should be resilient enough to counter virus and hackers attacks and remain available.

(vi) It should have an easy to remember and relevant domain name.

(b)

The website could be marketed through Internet by:

(i) Getting it registered with leading search engines like Google and Yahoo _etc._

(ii) Placing banner ads on popular commercial websites like Geo and Yahoo.

(iii) Sending advertisement of the website through email marketing vendors.

(iv) Creating customers' relation pages on social networking sites like facebook.

(c)

Following limitations are associated with the use of such a website:

(i) The inability of shoppers to actually see and assess the product's quality at the time of placement of order may give way to dissatisfaction when the buyer actually receives the goods.

(ii) Fear of insecure financial transaction may keep the buyers away from online shopping.

Q.8 (A2011)

Vital Bank Limited (VBL) is a medium sized bank. To achieve quick growth VBL has been focusing on extending its online banking services. As part of this strategy, it intends to introduce mobile banking services.

Required:

(a) Identify the benefits which VBL could gain by initiating mobile banking services. (05 marks)

(b) Identify six types of services that can be offered through mobile banking. (03 marks)

(c) Briefly describe the challenges that VBL might have to face while developing the application of mobile banking. (02 marks)

A.8

(a) VBL could gain following benefits by initiating mobile banking services:

(i) Ability to carry out transactions quickly.

(ii) Ability to keep all customers updated in a short period of time.

(iii) Ability to expand the business to customers in far off areas.

(iv) Increasing or maintaining customer loyalty.

(v) Reducing workload on branch employees.

(b)

Following services could be offered through mobile banking:

(i) Mini-statements and checking of account history.

(ii) Alerts on account activity or passing of set thresholds.

(iii) Status of cheques deposited / stop payment.

(iv) Ordering cheque books.

(v) Fund transfers.

(vi) Payment of utility bills.

(c)

VBL may face the following challenges while developing the application of mobile banking:

(i) Security: Security of financial transactions being executed from remote locations and transmission of financial information over the air, are the most complicated challenges that need to be addressed.

(ii) Scalability & Reliability: Selection/development of mobile banking services application which meets the future growing expectations of the bank's customers is a challenge. As customers will find mobile banking more and more useful, their expectations from the application increase. Banks unable to meet the performance and reliability expectations may lose customer confidence.

Q.2 (A2010)

A recent report from an international body has highlighted the rise in undocumented economy in Pakistan and its serious repercussions. In a recent seminar a senior government official has pointed out that the situation can be improved by promoting the use of e-commerce. He has requested the IT professionals to come forward and give their input on this issue.

Required:

Give recommendations (any eight) to the government which in your opinion would facilitate the growth of e-commerce in the country. (08 marks)

A.2

Recommendations:

(a) Availability of improved and robust Internet connectivity in all areas.

(b) Cost effective Internet connection should be provided.

(c) The availability and use of credit / debit cards should be promoted.

(d) Training and mass awareness schemes should be launched by the government to educate the masses about online businesses.

(e) Issues with network security should be given special attention. Both service providers and merchants should be given appropriate instructions in this regard.

(f) Suitable laws should be introduced in line with requirements of online businesses. These should be effective and implementable.

(g) Special attention should be given to resolve issues related to cross border data transfer and the applicable laws.

(h) Government should assist companies in making their websites; by providing technical knowhow and financing facilities.

(i) Special customer services areas should be managed by government to give quick support to businesses.

Q.3 (A2010)

Source data automation has gained significant popularity during the last decade and it is being used by a large number of organizations.

Required:

What do you understand by source data automation? Give two advantages of the use of source data

automation and identify any two types of businesses where it is more commonly used. (04 marks)

A.3

The use of automated methods of data entry is known as source data automation /Process of collecting data at their point of origin in digital form

Advantages of using source data automation are:

(a) It minimizes the time needed to record data input.

(b) It minimizes data entry errors.

It is commonly used in following businesses:

(a) Banks

(b) Departmental stores

(c) Airport checkin counters

Q.4 (A2010)

Forward Bank Limited is considering the use of smart cards which would replace the currently used magnetic stripe cards. The idea has been questioned by some of the board members as the initial costs are considerably high.

Required:

Identify any seven advantages of smart cards over magnetic stripe cards. (07 marks)

A.4

(a) Smart cards are more secure than magnetic cards.

(b) Smart cards can store more data than magnetic cards.

(c) Smart cards are more durable than magnetic card _i.e._ have a long life, _etc._

(d) They are microprocessor based cards so lot more processing can be done in it, rather than passive feature of magnetic cards.

(e) Smart cards don't need availability of other end network for basic authentication as much of the data is available on the card itself whereas magnetic stripe card requires dedicated dialup connection availability for all kind of transactions.

(f) Smart cards are not affected by magnetic interferences or other electrical interferences, while magnetic cards can lose data on account of high magnetic interference area.

(g) Smart cards can manage the mechanisms of authentication and non-repudiation in a better way due to more storage capacity.

(h) Smart cards can be used for multi purposes rather than single dedicated purpose, as a single card can be used for driver license, health information, immigration details and credit card.

Q.4 (S2010)

Vertical Heights Limited (VHL) makes a variety of children products and sells them directly in local market through its own stores. To counter the impact of the recent recession, VHL wants to promote the use of e-commerce technology to promote its business interests.

Required:

(a) Identify any six common uses of e–commerce technology. (03)

(b) Discuss what benefits can VHL obtain by use of e–commerce. (04)

A.4

(a)

Common uses of E–commerce

 E-Marketing

 Business Services

 Online trading

 Communication Services

 Online banking

 Information Services

(b)

VHL can obtain following benefits by using e–commerce:

(i) More business partners can be reached and hence more sales can be made.

(ii) More geographical dispersed customers can be contacted.

(iii) Decisions regarding inventory controls and management can be made.

(iv) Customer services can be improved.

(v) Cost savings especially in areas such as procurement and marketing can be achieved.

(vi) Less administrative hassle as less staff would be needed.

(vii) Extended trading hours allows business always free to open on the Internet without overtime and extra cost.

Q.2 (A2009)

Your company is planning to launch an interactive website. In the initial stages, various options have been discussed. The final proposal is now being drafted and you are required to write a note for inclusion therein, consisting of the following:

(a) Explanation of website hosting and types of services usually provided by web hosting companies. (04)

(b) Brief explanation of the following types of web hosting:

(i) Shared Web Hosting

(ii) Virtual Dedicated Server

(iii) Dedicated Hosting

(iv) Co-location Web Hosting (06)

Ans.2

(a)

A website hosting service is a type of Internet hosting service that allows individuals and organizations to host their own website, and users with online systems for storing information, images, video or other contents accessible via the World Wide Web.

Following services are usually offered by web hosting companies:

(i) Web Interface / Control Panel to manage the website.

(ii) Storage space.

(iii) Database service.

(iv) Application platforms to run various applications.

(v) Security services.

(vi) E-mail accounts.

(vii) Mailing lists.

(viii) Monitoring and statistics.

(ix) Bandwidth for accessing website.

(b)

(i) Shared Web Hosting

One's website is placed on the same server as many other sites, ranging from a few to hundreds or thousands. All domains may share a common pool of server resources, such as RAM and the CPU. It is the most economical web hosting solution which offers slowest speed as compared to other solutions.

(ii) Virtual Dedicated Server

It involves slicing up a server into virtual servers. Each user feels like they are on their own dedicated server but they are actually sharing a server with many other users. It is a faster but expensive solution than shared web hosting solution.

(iii) Dedicated Hosting

The user gets his own web server and gains full administrative control over it. However, the user typically does not own the server. It is the fastest but costly than shared and virtual dedicated web hosting solutions.

(iv) Co-location Web Hosting Service

The user has his/her own web server and has full administrative control over it. The hosting company provides physical space that the server takes up and takes care of the server. In most cases, the co-location provider may provide little to no support directly for their client's machine. It provides only the electrical, Internet access and storage facilities for the server. It is the fastest but most expensive web hosting solution.

Q.3 (A2009)

Unique Enterprises is a large scale manufacturer of mobile parts and accessories. It has acquired a new ERP to integrate different departments. It is also planning to connect with its customers and suppliers through extranet. Consequently the management is reassessing its alternative processing facilities.

(a) Compare the respective merits and demerits of having own alternative processing site or engaging a third party service provider. (06)

(b) Differentiate between a hot site, cold site and a warm site. Which type of facility would you prefer in the above situation and why? (06)

Ans.3

(a)

Comparative merits of having own alternative processing site than engaging third party service providers

(i) It will comprise of one time fixed cost rather than monthly variable cost over a long duration.

(ii) Own alternative processing site can be made at a convenient location for the company rather than having to adjust when and where basis of third service provider.

(iii) No dependency on any organization, Unique Enterprises can test its alternative processing arrangement when it suits.

(iv) Standardizations can be managed. Own alternative processing site can have same level of controls as primary site.

(v) All hardware, software and other resources are readily available.

(vi) Same level of security as that of the original site may easily be observed at own alternative processing site. / In case of engaging third party for alternative processing arrangements, risk to confidentiality of data increases.

Comparative demerits

(i) Own alternative processing site will be very costly to manage.

(ii) As one is never sure when an alternative processing site might be required so a situation can arise when Unique Enterprise might not require its alternative processing site for years.

(iii) Own alternative processing site will be hard to manage and maintain, in terms of operations, human resource and hardware.

(iv) In case of own alternative processing site, all resources required might not be available and require sometime for implementation based on SLA signed with third party service provider.

(v) Third parties offering alternative processing arrangements have experts for handling disastrous situations and managing recovery/alternative processing sites. There is high risk that company's may not be able to manage the alternative processing site like third party experts due to their little or no exposure in this field.

CHAPTER 9: SYSTEM DEVELOPMENT LIFE CYCLE (SDLC)

STAGES The six stages of SDLC are :

• The feasibility study

• Systems investigation

• Systems analysis

• Systems design

• Systems implementation

• Review and maintenance.

SDLC RISKS

During the SDLC of an application system, various risks could be encountered, which include:

• Adoption of inappropriate SDLC for the application system

• Inadequate controls in the SDLC process

• User requirements and objectives not being met by the application system

• Lack of management support

• Inadequate project management

• Inappropriate technology and architecture

• Scope variations

• Time over-runs

• Cost over-runs

• Inadequate quality of the application system

• Insufficient attention to security and controls (including validations and audit trails) in the application system Performance criteria not being met

• Inappropriate resource/staff management

• Insufficient documentation

• Inadequate adherence to chosen SDLC and/or development methodologies

• Insufficient attention to interdependencies on other applications and processes

• Insufficient planning for data conversion/migration and cutover

• Post cutover disruption to business

FEASIBILITY STUDY

The feasibility study is a critical step to ensuring that the computer system will benefit the organization. During this stage a feasibility study team investigates the technical, economical, operational and social feasibility of the system and prepares a feasibility study report. This report recommends to the management whether the project should be undertaken or not and provides sufficient information to qualify the decision.

STAGES OF THE FEASIBILITY STUDY

• Terms of reference

• Problem definition

• The problems/ requirements list

• Project identification

• System justification

TERMS OF REFERENCE

'Terms of reference' of any project is a document that highlights all the areas that should be covered completely during that project. For example in case of the feasibility study, the steering committee hands over the terms of reference to the feasibility study team, on which the feasibility study team conducts the feasibility study and prepares its report. The final report must cover all

the points mentioned in the terms of reference thoroughly

THE PROBLEMS/ REQUIREMENTS LIST

The requirements, as defined in the feasibility study, must be technically achievable.

STAFFING

• The steering committee

• Feasibility study team

• Development Team: Analysts and Programmers

• Quality Assurance Engineers

• IT Auditors

• IT Support Staff

STEERING COMMITTEE

If the organization introduces new computer systems regularly, it might set up a steering committee. A steering committee might also be set up for a 'one-off' computer project.

STEERING COMMITTEE'S RESPONSIBILITIES

• Advising the board

• To establish company guidelines

• To set up feasibility study groups

• The coordination and control of the work

• The evaluation of the feasibility study reports and system specifications

• Monitoring and controlling individual development projects

• Ensuring that projects are worth their cost

• Possibly, giving approval to new projects at the feasibility study and system specification stages

• To authorize capital expenditure on new hardware or software packages

• To monitor and review each new system after implementation

FEASIBILITY STUDY TEAM

A feasibility study team should be appointed to carry out the study (although individuals might be given the task in the case of smaller projects).

PROJECT SELECTION

There are four key areas in which a project must be feasible if it is to be selected.

• Economical/Financial Feasibility

• Technical Feasibility

• Operational Feasibility

• Social Feasibility

COSTS

Different categories of costs involved in a project include:

• Equipment costs

• Installation costs

• Development costs

• Personnel costs

• Operating costs

BENEFITS

Different benefits can be realized by deploying a new system, and that may include:

• Savings because the old system will no longer be operated

 Old system's staff costs

 Old system's operating costs

• Extra savings or revenue benefits because of the improvements or enhancements that

the new system may bring:

 Increase in sales

 Better stock control

 Staff time savings

• Some intangible benefits may include:

 Greater customer satisfaction arising from a prompt service

 Improved staff morale from working with a better system

 Better decision-making which may result from the use of MIS, DSS or EIS

COST-BENEFIT ANALYSIS

There are three principal methods of evaluating a capital project

• Payback period

• Accounting rate of return

• Discounted cash flow (DCF)

 Net present value (NPV)

 Internal rate of return (IRR)

PAY BACK PERIOD

This method of investment appraisal calculates the length of time a project will to recoup the initial investment; in other words how long a project will take to pay for itself. The method is based on cash flows.

FEASIBILITY STUDY REPORT

A typical feasibility study report might include:

• Terms of reference

• Description of existing system

• System requirements

• Details of a proposed system

• Cost/benefit analysis

• Development and implementation plans

• Recommendations as to the preferred option

OBJECTIVES OF SYSTEMS INVESTIGATION

The stages involved in system investigation are:

• Fact Finding

 Questionnaires

 Interviews

 Observation

 Document review

 Organizational charts

 Knowledge and experience

• Fact Recording

 Flowcharts

 Dataflow diagrams

 Decision tables

 Narrative descriptions

 Organization and responsibility charts

• Evaluation

 Assessing the strengths and weaknesses of the existing system

QUESTIONNAIRES

Wherever a Limited amount of information is required from large number of individuals organization decentralized.

• Employees must be informed

• Questions designed to obtain exact information.

• Objectives should be met

• Input

• Activities

• Deliverables/ output

GOOD QUESTIONS

• Should not contain too many questions

• Should be organized to a logical sequence

• Occasional question, answers to which corroborate the answers to previous questions.

• 'Yes' or 'no' or Tick, type questions.

OBSERVATIONS

Time sampling

Event sampling

SELECTION OF APPROPRIATE INVESTIGATION TECHNIQUE

Best – interview

2nd – document analysis

3rd – queries

4th – observations

STRUCTURED SYSTEM ANALYSIS AND DESIGN METHODOLOGY (SSADM)

SSADM is a methodology/standard, which defines how to perform the System Analysis and System Design phases during the SDLC process.

SSADM documents the analysis and design phases extensively. Each stage requires a number of documents to be provided, as a sign that it has been completed, and to ensure that the outputs from one stage are used as inputs to the next.

SYSTEM ANALYSIS PHASE

In SSADM the system analysis phase is further divided into three stages:

• Analysis of system operations and current problems

• Specification of requirements

• Selection of technical options

Analysis of System Operations and Current Problems

• In this stage the current system is investigated, described and analyzed. Some of the work may have been done already during the feasibility study

• A major requirement of this phase is that the current system is properly documented in dataflow diagrams and the logical data structure (entity-relationship model) is described.

• A further product from this stage is a problems/requirements list (if there has been no feasibility study). Even if the feasibility study has been performed, the problems/requirements list from the feasibility study is enhanced so that now even the minute details are included.

Specification of Requirements

• At the specifications of requirements stage, the team takes the results of the previous stage, and produces a required system specifications document.The problem/requirements list produced in the earlier stage is reviewed, and discussed with the users to produce the final system requirements specifications document.

• A number of tasks are performed in this stage:

 The logical system is defined

 General requirements for audit, security and control are considered

 System requirements specification documents is finalized

Selection of Technical Options

At this stage all the technical aspects are considered that are required to implement the new system. Following areas are considered:

• What type of IT infrastructure is needed

• What type of hardware is needed

• Which technology is needed for the development of the system (i.e., programming language, operating system etc.)

• Which DBMS is needed for the system's data management

SYSTEM DESIGN PHASE

In SSADM the system design phase is further divided into three stages:

• Data design

• Process design

• Physical design

Data Design

• In this stage, the data and file structures for the entire new system are designed.

• The general ERD (Entity Relationship Diagrams/Models) produced in earlier stages are now more detailed.

Process Design

In this phase all the functions of the system are identified and specified. Different functions/modules are identified and flowcharts can be used to define their interrelationships.

Physical Design

The earlier two stages completed the logical design of the system. In this phase the logical design is converted into the physical design so that it can be implemented.

TASKS / STAGES OF PHYSICAL DESIGN

It involves the following tasks:

• Some database rules are applied on the data so that the data can be efficiently stored in a DBMS (this is technically called as normalization)

• Pseudo code/Algorithms are developed for each function/module

• System testing plan is drawn up

• Operating instructions (user manual/ documentation) are prepared

• An implementation plan is created

ANALYSIS OF SYSTEM OPERATION & CURRENT PROBLEMS Things done are :

• Detailed planning

• Current review of review of system

• Agreement project scope with users

OUTPUT / DELIVERABLES

• Current physical setup

• Elementary function descriptions

• Logical data stricter

• problems requirements list

FEATURES OF SSAD

• Describes how a system is a developed.

• Reduces improvement into phrases

• Self-checking

IF NO FEASIBILITY STUDY The project team will develop a number of operations :

• Six options are suggested, from which a shortlist is created

• Users are persuaded to make a choice

• The chosen option is defined more precisely

• Specifications for input and output from the chosen system are prepared

SYSTEMS IMPEMENTATION

MAIN STAGES IN THE INSTALLATION AND IMPLEMENTATION OF A DESIGNED SYSTEM • Installation of the hardware and software

• Staff training

• Testing

• Master file creation (conversion of the file )

• Changeover

• Review and system maintenance

INSTALLATION OF THE HARDWARE AND SOFTWARE

•Choice :

off the shelf - software house

• Financing decision

 Purchase

 Lease

 Rental

EVALUATION OF SOFTWARE OR HARDWARE

• Benchmark test ( Compare performance of soft ware or hard ware against preset criteria)

• Simulation test

• Other factors

• Cost

• Utility software

• Warranty

• Maintenance

• Software support

• Keeping the package up to date

• Computer configuration hits user's requirements

• Power of CPU

• Recoverability

• Simplicity

• Case of comment between hardware and software

• Feasibility

• Security

• Cost

• Whether be a smooth change over

• Networking capacity

• Hardware used as Quantity

BENCHMARK TESTS

One way of comparing power is to conduct benchmark tests. These test how long it takes a machine to run through a particular set of programs. More powerful machines will do the processing more quickly.

SIMULATION TESTS

Simulation testing uses synthetic programs. These programs are written specifically for testing purposes and incorporate routines designed to test a variety of situations.

STANDBY EQUIPMENT

If a mainframe or minicomputer installation is to be successful it must be carefully planned.

DELIVERY

In addition to the computer equipment, all the ancillary equipment (desks, trolleys etc) must also be delivered and allocated to the appropriate work areas and stores.

TRAINING

Staff training policies should cover the more technological skills needed and the social skills. If the job is to become more customer oriented.

SYSTEMS TESTING A system must be thoroughly tested before implementation; otherwise there is a danger that the new system will go live with faults that might prove costly. The scope of test and trials will vary with the size of the system.

Various personnel involved in systems testing are :

• The IS project manager

• The systems analysts

• Programmers

• The computer operations manager

• The user department managers

ACCEPTANCE TESTING

Acceptance testing is testing of a system by the user department, after the system has passed its systems test.

FILE CREATION AND FILE CONVERSION File creation or file conversion, means converting existing master file records and reference file records on to a file suitable for the new system.

PROTOTYPING

A prototype is a mock-up or model of a system for review purposes.

CHANGEOVER

Once the new system has been fully and satisfactory tested the changeover can be made. This may be according to one of four approaches :

• Direct changeover

• Parallel running

• Pilot tests

• Phased or 'staged' implementation

DIRECT CHANGEOVER

Direct changeover means abruptly discontinuing the old system and implementing the new system.

PARALLEL RUNNING

During parallel changeover, a new system and an existing system run side by side. To input the same data and perform the same processes, compare their output and prove the reliability of the new system. If the new system is accepted, the existing system will stop running and will be replaced by the new one.

PHASED IMPLEMENTATION

Phased implementation is a changeover process that takes place in stages.

PILOT OPERATION Testing a system in "real life" prior to full-scale deployment.

There are two types of pilot operation:

• Retrospective parallel running

• Restricted data running

SYSTEMS EVALUATION AND POST IMPLEMETATION REVIEW

EVALUATION

In appraising the operation of the new immediately after the changeover, comparison should be made between actual and predicted performance. Include :

• Time between input and output.

• Use of computer storage

• The number and type or errors/queries

• Cost of processing

THE POST-IMPLEMENTATION REVIEW REPORT

The finding of a post-implementation review team should be formalized in a report.

• A summary of their findings should be provided,

• A review of system performance should be provided.

• A cost-benefit review

• Recommendations should be made

EVALUATE

• SRS

• Performance criteria

 Response time

 Theory input time

 Turn round time

• Cost benefit analysis

EVALUATION OF SYSTEM VALUE

To achieve some approximation to a complete evaluation, therefore, certain indirect measures must be used.

• Significant task relevance attempts

• The willingness to pay users

• Voluntary use system

• User information satisfaction

CRITERIA FOR EVALUATION A technical evaluation might ask the following questions.

• Is the throughput rate form data capture to receipt of output acceptable?

• Turn round time.

• Are response times acceptable for given processing volumes?

COMPUTER BASED MONITORING

• Hardware monitors

• Software monitors

• System logs

PERFORMANCE REVIEWS

Performance reviews check the following:

• The growth rates in file sizes and transactions

• Clerical manpower needs for the system

• The Identification of any delays in processing

• An assessment of the efficiency of security procedures.

• A check of the error rates for input data.

• Determining whether any amendments to the system are needed.

• Investigating external factors to decide whether any unforeseen circumstances have affected system performance.

• An examination of whether output from the computer is being used to good purpose.

• Checking that the system documentation is adequate and comprehensive.

• Carrying out cost-benefit review of the system.

• Users' comments on the system.

• Operational running costs, examined to discover any inefficient programs.

• The preparation of a report of the review making appropriate recommendations, for submission to senior management.

WATERFALL MODEL

The waterfall model provides a clear idea of the relationship of every stage with its next stage which is roughly similar to a waterfall since the output obtained from one stage is considered as the initial inputs for the next stage. Every stage in this model has a well-defined starting and ending points along with outputs to be used as inputs for its next phase. Waterfall model is also called as the linear se¬quential model and is considered to be the first process model which was most widely followed in Software Engineering for ensuring a project's success. In the Waterfall approach, the entire software development process is divided into spe¬cific phases—Requirement Specifications, Software Design, Implementation and Testing and Maintenance. These phases are cascaded with one another in order to enable the second phase to start immediately after the goals defined for the first are achieved and it signs off. Hence, this is known as a "Waterfall Model"

RAD

Rapid Application Development (RAD) /Prototyping Lifecycle

RAD is a "try before you buy" approach. It is based on the theory that end users have the capability of producing better feedback on examining a system which is active, instead of working on the documentation strickly.

PAST PAPERS

Q.7 (S2012)

A well developed system may fail to achieve its desired objectives if appropriate system changeover approach is not adopted. Sometimes a hybrid changeover approach is to be adopted depending upon the nature, resources and constraints of the organisation.

Required:

(a) Discuss the comparative advantages of Direct changeover approach and Parallel changeover approach. (04 marks)

(b) Identify and briefly explain two other changeover approaches. (04 marks)

(c) Which changeover approach would you prefer to follow in the following cases? Give brief reason to support your point of view.

(i) Replacing manual attendance system of a local FM radio station with an automated biometric based solution.

(ii) Online ticket reservation system for domestic railway service. (02 marks)

A.7

(a)

Direct Changeover

It is risky as the oIt is a safe method as new and old system run in parallel for some time enabling cross checking of resultsld system is completely replaced by new system in one move.

It is less costly than parallel as additional resources are not needed.

It is the most time efficient approach, since at a pre decided time, the old system is discontinued and new system starts working immediately.

Parallel Changeover

It is a safe method as new and old system run in parallel for some time enabling cross checking of results

It involves higher cost as the related efforts have to be duplicated which requires additional manpower, facilities and hardware resources.

It is a time consuming approach and takes at least one system cycle time to implement.

(b)

Two other changeover approaches are explained as follows:

Pilot Operations:

There are two types of pilot operations:

(i) Retrospective parallel running: In this method the new system runs on data that has already been processed by the old system. Existing results are available for cross checking and system can be tested without problems of staffing and disruption caused by parallel running.

(ii) Restricted data running: In this method a complete logical part of the whole system file being chosen and run as a unit on the new system. If that is shown to be working well the remaining parts are then transferred one by one.

This method contains the advantages of safe parallel run but at the same time avoiding high costs of duplicating all processes.

Phased/Staged Implementation:

This is the best solution when there is a large system or when distinct parts of the system are geographically dispersed.

This method resembles the parallel run with a difference that rather than whole system a part of new system is run in parallel. This method also resembles the direct changeover with a difference that rather than whole system changeover a part / module is changed.

The different phases may be used in different locations. Experience gained in initial phases can be used to avoid risk and costs in the subsequent phases.

(c)

(i)

Replacing manual attendance system of a local FM radio station with an automated biometric based solution In this case Parallel changeover approach is recommended because manual attendance system could easily be continued with the automated attendance system. After cross checking the results for a few months, say for three months, old system may be discontinued. Other changeover approaches may prove either risky or costly or time consuming in this case.

(ii)

Online ticket reservation system of domestic railway service In this case Pilot changeover approach using Retrospective parallel running is recommended because in case of Direct approach the risk of error and system failure would be very high whereas in case of simple Parallel approach extensive resources would be needed. Even in Phased changeover approach the risk is relatively high.

Q.8 (S2012)

Post Implementation Review (PIR) is an important step in the long run success of any system. It is necessary to conduct the PIR at an appropriate time to get the desired results.

Required:

List down the important steps that should be performed during a PIR. (10 marks)

A.8

Key steps that should be performed during a PIR are as follows:

(i) Determine whether the system's objectives and requirements were achieved.

(ii) Determine whether the procedures were properly documented, published and communicated to the concerned users.

(iii) Assess if the system is able to process transactions at an adequate speed.

(iv) Assess whether the system has the capacity to deal with actual peak loadings as are encountered or foreseen.

(v) Determine if the cost and benefits identified in the feasibility study are being measured, analyzed and accurately reported to management.

(vi) Review program change requests as these may indicate problems in the design, programming or interpretation of user requirements.

(vii) Determine whether the identified faults had been handled at an acceptable speed and with satisfactory results.

(viii) Review whether the controls built into the system are operating according to design.

(xi) Determine whether users received adequate training and coaching to take advantage of the new system.

(xiii) Assess whether third parties such as customers and suppliers are satisfied.

Q.3 (A2011)

Nihal Industries Limited is considering to replace its present information processing and reporting system with a real time system. In this regard, a team has been appointed to carry out a feasibility study.

Required:

(a) Specify any ten points which in your opinion, may form part of the terms of reference of the above team. (10 marks)

A.3

(a)

The terms of reference of the team carrying out the feasibility study of Nihal Industries Limited (NIL) may consist of the following points:

(i) To investigate and report on the existing system of NIL, its procedures and costs.

(ii) To define the systems requirements.

(iii) To establish whether the newly defined requirements are being met by the existing system.

(iv) To establish whether the newly defined requirements could be met by an alternative system (other than the proposed system).

(v) To specify performance criteria for the new system.

(vi) To recommend the most suitable system to meet the system's objectives.

(vii) To prepare a detailed cost budget, within a specified budget limit.

(viii) To compare the detailed budget with the costs of the current system.

(ix) To prepare a draft plan for implementation within a specified timescale.

(x) To set the date by which the feasibility study team must report back.

Q.1 (S2011)

Faisal (Private) Limited (FPL) is a large company with global presence and deals in a variety of businesses. It has recently acquired an ERP solution and is planning to implement it globally.

Required:

As a representative of the ERP solution provider:

(a) Identify four generally used system changeover methodologies.

(b) Briefly discuss the suitability of each methodology in the case of FPL. (10 marks)

A.1

(a)

Generally following four system changeover methodologies are used:

(i) Direct Changeover:

In this methodology the old system is completely replaced by new system in one move.

(ii) Parallel Running:

In this method new and old system run in parallel for some time enabling cross checking of results.

(iii) Pilot Operations:

There are two types of Pilot Operations:

(a) Retrospective parallel running: In this method the new system runs on data that has already been processed by the old system. Existing results are available for cross checking.

(b) Restricted data running: In this method a complete logical part of the whole system file being chosen and run as a unit on the new system. If that is shown to be working well the remaining parts are then transferred in piece meal fashion.

(iv) Phased Implementation:

This is best solution when there is a large system or when the system parts are distinctly and geographically placed. New system is introduced in stages either by functions or by organizational units.

This method resembles the parallel run with a difference that rather than whole system a part of new system is run in parallel. This method also resembles with direct changeover with a difference that rather than whole system changeover a part / module is changed.

(b)

(i) Direct Changeover:

In the case of FPL it would not be advisable as it would involve high risk of failure on account of the complex environment.

(ii) Parallel Running:

This is a safe method but involves a high cost as the related efforts have to be duplicated.

(iii) Pilot Operations:

System can be tested without problems of staffing and disruption caused by parallel running. This method can be used as it contains the advantages of safe parallel run but at the same time avoiding high costs of duplicating all processes.

(iv) Phased Implementation:

As different phases may be used in different locations, this seems to be a good option in the case of FPL because the experience gained in initial phases can be used to avoid risk and costs in the subsequent phases.

Q.5 (S2011)

Salsa Software Solutions Limited (SSSL) witnessed quite a few setbacks in some of the major projects which it undertook during the last year. Your study has revealed that the company has suffered on a number of fronts but the primary failure has been at the project selection level.

Required:

Write a memo to the management of SSSL explaining about the areas in which a project must be feasible if it is to be undertaken. (10 marks)

A.5

A project, if it is to be undertaken, must be feasible in the areas described below:

Technically Feasible:

The requirements as defined in feasibility study must be technically achievable. Solution must be implementable with available hardware, software and other equipment. For evaluation matters such as volume of transactions, response time required number of users etc must be considered.

Operationally Feasible:

The chosen solution must not conflict with the way an organization works or does business. Further, it should be analyzed that to what degree the proposed solution is expected fulfill users' requirements? Will it change the users' work environment?

Any project which conflicts or tries to change management responsibilities, or chains of command or regional reporting structures must not be undertaken.

Socially Feasible:

Before undertaking a major project the management must assess its impact, if any, on the following:

• Adherence to Personnel Policies

• Redrawing of job specifications

• Threats to industrial relations

• Ethical requirements

• Expected skills requirements

• Impact on Motivation of the employees

Economically Feasible :

A project must be economically feasible; it must be a good investment. It must have a clear return on investment. For this purpose all the resources required and cost of their deployment should be assessed carefully. There should always be sufficient flexibility in budgeting the costs and a cushion for reasonable cost over-runs should be incorporated.

Q.5 (A2010)

The System Development Life Cycle (SDLC) approach has helped standardize the process of system development by devising a set of activities which could be applied to the development of almost all types of systems. SDLC approach has been used successfully over a long period of time, however, it has its own limitations and drawbacks.

Required:

Briefly describe the drawbacks (any seven) of SDLC. (07 marks)

A.5

Drawbacks of System Development Life Cycle (SDLC) Approach

(a) High cost of correcting errors

Due to sequential nature of SDLC, high cost is associated with incorporating changes related to previous stages.

(b) Late detection of errors

Misunderstandings /omissions may not come to light until user acceptance test stage and by that time it may be too late to make significant changes. As a result, changes may be needed even after sign off by user.

(c) Change in users' requirement

Quiet often the users' requirements change while the system is being developed and it leads to high cost and time over run and therefore sometimes the system becomes inflexible and users have to accept it.

(d) Strategic/tactical management level issues

Systems developed with this approach are mainly operational processing systems such as payroll and invoicing etc i.e., which deal with low level operational tasks. Quite often the information needs of the tactical and top management are not given due importance in the development stage which leads to serious problems later.

(e) Increased Development Time

SDLC approach has many phases with sub phases. It may take many weeks to complete a phase, thus the overall development time of a single project may be quite high.

(f) Problems with documentation

Under this approach, most of the system documentation is written for programmers and is highly technical which is not easy for the users to understand.

Q.5 (S2010)

Many organizations prefer in-house development of computer applications in order to achieve cost effectiveness and ensure that deadlines are met.

Required:

Explain the following, assuming you are the Project Manager responsible for in-house development of an application and you are using SDLC approach:

(a) The key strategies that would help in achieving the objectives of cost efficiency and timely completion of assignment; (05)

(b) Responsibilities of the users in successful completion of the project;(05)

A.5

(a)

Key strategies to achieve the objectives of cost efficiency and timely completion of assignment

(i)Monitor the project plan – continuously monitoring and managing the project plan helps in ensuring that the project remains on track and all major project milestones are met.

(ii)Find errors early – the sooner errors are found; the less costly it is to correct them.

(iii)Determine future requirements – establishing requirements for current as well as future needs will help ensure that system will not outgrow.

(iv)Take advantage of changing technology – technology changes quickly and one must take advantage of any new technologies to make the project successful.

(v)Complete the testing phase – it is critical to perform all phases in the SDLC. Try not to sacrifice testing time as it may be disastrous in the long term.

(vi)Chose the right implementation method –that best suits the organization, project and employees.

(vii)Work together – it is important to have coordination between the users and IT specialists. Without such coordination, it would not be possible to achieve the desired results.

(b)

Responsibilities of Users

(i) Defining the system to be developed.

(ii) Helping project manager in defining the activities of each phase of the SDLC.

(iii) Performing a detailed review of each business requirement and approving the analysis by signing off on the business requirements.

(iv) Analyzing solution developed by IT specialists and making recommendations.

(v) Reviewing the test conditions and ensuring that all aspects of the system functionality are tested, as far as possible, under live environment.

(vi) Attend training session and try to make best utilization of the available training facility.

(vii) Timely availability of required data.

## CHAPTER 10: CONTROL OF INFORMATION SYSTEMS

WHEN CONTROLS SHOULD BE THERE When a computer system is developed from scratch, either by an in-house DP department or by a software house, there should be controls over the system design, development and testing.

PHYSICAL SECURITY

Physical security comprises two sorts of controls.

• Protection against natural and man-made disasters, such as fire, flood or sabotage.

• Protection against intruders making physical access to the system.

BACKUP

Files should be backed up regularly. Procedures should not be allowed to slacken whereby office staff does not bother to create back up files because it takes them too much time.

DATA BASE MANAGEMENT SYSTEMS

DBMS

A Database Management System is a complex set of software programs that controls the organization, storage and retrieval of data in a database

DBMS FEATURES

Data structures optimized to deal with very large amounts of data stored on a permanent data storage device

• Interactively interrogate the database

• It also controls the security of the database

• Data security prevents unauthorized users from viewing or updating the database

• A transaction mechanism, that ideally would guarantee the ACID properties

• It also maintains the integrity of the data in the database

• The DBMS can maintain the integrity of database by not allowing more than one user to update record at the same time

ATTRIBUTES

Attributes are small chunks of information that describe something

FEATURES OF ATTRIBUTE MANAGEMENT

• Persistence

• Query Ability

• Concurrency

• Backup and Replication

• Rule Enforcement

• Security

• Computation

• Change and Access Logging

• Automated optimization

• Meta – data Repository

• Modeling Tool

ORACLE RDBMS

Oracle has released several related suites of tools and applications:

• Oracle Application Server

• Oracle Collaboration Suite

• Oracle E-Business Suite

• Oracle Enterprise Manager (OEM)

INFORMATION SYSTEM CONTROL ACTIVITIES

DUTIES OF SYSTEM ANALYST

The systems analyst should build controls into the system, based on the following guidelines:

• All data due for processing should in fact be processed

• Circumstances which may give rise to the possibility of error should be avoided

• Errors which do occur should be detected, located and corrected as soon as possible

• Control must be simple and, whenever possible, should not interrupt the flow of data through the system

• Controls must not be excessively costly to apply

• The controls should be part of a general strategy

GENERAL CONTROLS

Environment

• Recruitment

• Segregation of duties

• Training

• Physical security

Development

• Authorization

• Justification in cost

• control over actual process in project management

• Regular review of work

• methodology

• test before implementation

• Control over changes to systems

• Review of performance

• authorization procedures

• Physical security

• Back-up

• Access

• Hardware

• Segregation of program

• Measures to prevent unauthorized access

• Controls to ensure that the computing resources

PREVENTIVE CONTROLS

Are intended to prevent an incident from occurring _e.g._ by locking out unauthorized intruders.

DETECTIVE CONTROLS

Are intended to identify and characterize an incident in progress _e.g._ by sounding the intruder alarm and alerting the security guards or police.

CORRECTIVE CONTROLS

Are intended to limit the extent of any damage caused by the incident _e.g._ by recovering the organization to normal working status as efficiently as possible.

WHY AUDIT IS PERFORMED

The Intention:

• Identify errors

• Detect fraud

Errors that they have discovered in more detail Ideally the audit trail should make it possible to trace all the reports and other information items that have been affected by the error, and to trace the cause of the error.

Audit trail is difficult but some attempt should nevertheless be made to prove one. Typical contents, perhaps gathered from several sources. Include the following items:

• A transaction number and type.

• Full transaction details such as net and gross amount, customer ID and so on.

• The date and perhaps the time of the entry.

• Reference to related transactions such as journal entries, reversals, credit notes and then like

ROUND THE COMPUTER/ BLACKBOX TESTING

Round the computer, Ignoring the procedures which take place within the computer programs and concentrating solely on the input and corresponding output. Audit procedures would include checking authorization, coding and control totals of input and checking the output with complete and correct processing of all data

CONTROL OF INFORMATION SYSTEMS

PHYSICAL SECURITY

Physical security comprises two sorts of controls.

• Protection against natural and man-made disaster, such as fire, flood or sabotage.

• Protection against intruders making physical access to the system

Environment is secure

• Administrative controls are designed to support the smooth continuing operation of systems.

• Systems development controls are designed to ensure that any new system does not present new risks to the environment.

Application controls, or operational controls, are built to systems operations, and ensure that processed information is accurate, complete and valid

OBJECTIVES OF SYSTEMS DEVELOPMENT CONTROLS

• To ensure that new computer systems are developed

• To ensure that each system under development

• To control the scheduling of development work

• To ensure that suitable operational and administrative controls

• To ensure that system is properly tested

• To establish a basis for management

• To ensure that proper and complete documentation

PROJECT MANAGEMENT REPORTING STAGES

There are several formal reporting stages, which you might like to compare with the stages of the system development lifecycle:

• Initial project selection.

• Feasibility study report.

• Analysis and design.

• Completion of system tests and acceptance tests.

• Post-implementation review

CONTROL OF COSTS

• Control of costs can be achieved in following ways, all of which should be used.

• Control over system development costs.

• Monitoring changes in the expected future costs

• The post-implementation review or a project should study.

• Whether the original decision to develop.

• By how much actual costs and benefits differed from expectation

PHYSICAL THREATS AND ACCESS CONTROLS

• Fire is the most serious hazard to computer systems

• Site preparation

• Detection

• Extinguishing

• Training for staff

• Water is serious hazard

• The weather may be threat

• Lightning and electrical storms pose an additional threat

MAINTENANCE

• The user can decide to do nothing until the computer has a breakdown or other fault, and then ask a third-party computer repair company to come in and do the repair work

• Repair companies give priority

• One-off repair charges

• Instead, the user can arrange a maintenance contract.

• A third option is breakdown insurance.

• The other main issue of physical security

• Personal

• Electronic identification devices

• Guidelines for data security which should be applied within the office are as follow:

• Fireproof cabinets should be used to store files.

• Access to the data should be made difficult

• The password systems should not be operated in lax way.

• If computer printout is likely to include confidential data.

• Disks should not be left lying around an office.

• The computer's environment

ADMINISTRATIVE CONTROLS

They should include the following:

• Controls over the selection of personnel

• Cost control

• Division of responsibility within the organization structure

Controls related to personal, which were developed the advent of computer, include the following;

Personnel Selection:

• Checks and balances

• Segregation of duties

• Job rotation

• Access to information

• Careful selection of personnel

Division of responsibilities:

• To assign the responsibility

• To prevent deliberate error

• Data capture and the authorization

• Computer operations work

• Systems analysis and programming work

Staff who are responsible for:

• For data capture and data entry should not be allowed to do any computer operations work or systems analysis and programming work

• Computer operations should not be allowed to do any data capture or systems analysis and programming work

• Systems analysis and programming should not be allowed to do any data capture or computer operations work

DESIGNING CONTROLS INTO SYSTEM The system analyst should build controls into systems, based on the following guidelines;

• All data due for processing should in fact be processed

• Circumstances which may give rise to the possibility

• Errors which do occur should be detected

• Controls must be simple

• Controls must not be excessively costly to apply

• The controls should be part of a general strategy

However, during the systems design process as a whole we can identify the following security issues;

• In the feasibility study

• Systems analysis and designers should be aware of common security procedures

• When the software is designed in detail

• Testing the system could involve simulating a fraud

CONTROLS OVER CONVERSION

• Full planning of file conversion

• A control group may be established

• Master file should be printed out

• Accounting records should be reconciled

• Responsibilities should be divided between the conversion staff

• New master files be tested using the pre-prepared test data.

PROCEDURES FOR AMENDING PROGRAMS

Program maintenance should observe certain minimum standards

• Program changes must be authorized by the user department, in writing, and at the appropriate management level

• The extent of the changes required should be assessed by a systems analyst, and the amendment specified in sufficient detail to enable a programmer to make the change

• The amendment should be written by the programmer, who bought to refer to the existing documentation on the program and the original source program. Having rewritten the program, he or she should test the new version. The amendments should be documented.

• The systems analyst should carry out any further tests that seem necessary before authorizing the implementation of the new program version for 'live' program.

• The new program version should be monitored carefully when it 'goes live'; in case any new errors appear in the program.

PAST PAPERS

Q.1 (A2012)

Classify the following controls into Input, Processing and Output Controls.

(i) Limit checks on calculated amounts.

(ii) Signature on source documents.

(iii) Use of bar codes.

(iv) Marking a file as read only.

(v) Audit trail.

(vi) Run-to-run totals.

(vii) Exception report showing data that does not conform to specified criteria.

(viii) Initial data should be within a predetermined range of values.

(ix) Checkpoint and recovery procedures.

(x) Unique login and password.

(xi) Restriction on printing of confidential reports.

(xii) Sequential checks. (06 marks)

A.1

Input Control: ii, iii, viii, x, xii

Processing Control: i, iv, vi, ix

Output Control: v, vii, xi

Q.6 (S2012)

The internal auditor of Crest Securities Limited has highlighted the following issues in his report:

(i) Most of the users have weak passwords.

(ii) There is no password expiry policy.

(iii) Locked user accounts are unlocked automatically after 24 hours

(iv) Users are allowed to use their smart phones, tablets and laptops for sending and receiving official emails/documents.

(v) Firewall is installed with its default policy.

Required:

Suggest appropriate controls to address the above issues. (10 marks)

A.6

(i)

 A minimum length of passwords should be specified. The longer the password, the greater would be the security.

 It should contain alphanumeric as well as special characters.

(ii)

 Periodic password change policy should be implemented. For example, the system should enforce the users to change their passwords after ninety days.

 There should be a minimum password life. For example, users should not be allowed to change their password before five days.

(iii)

 Locked users' should only be unlocked by administrator on written request from concerned user.

 Reason for account lockout should be investigated and documented.

(iv)

 Users should not be allowed to use their personal electronic gadgets for official work.

 Use of smart phones should be prohibited in the sensitive data storage premises.

(v)

 Default policy of firewall should be replaced with company's approved policy.

 The firewall policy should be reviewed and updated periodically.

Q.6 (S2011)

The management of Opal Bank Limited (OBL) is planning to implement biometric access system for the customers using the bank's lockers. A number of biometric solutions are available in the market. The management has asked you to assist in the process of selecting the most appropriate solution.

Required:

Briefly explain what aspects the management of OBL should consider while finalizing the selection of biometric solution. (06 marks)

A.6

While finalizing selection of biometric solution, the management of OBL should consider the following aspects:

(i) Universality - how commonly a biometric is found in each individual. People who are mute or without a fingerprint will need to be accommodated in some way.

(ii) Uniqueness - how well the biometric separates one individual from another.

(iii) Permanence - how well a biometric resists affects of aging of an individual

(iv) Collectability - how easy it is to acquire a biometric data for measurement.

(v) Performance - the accuracy, speed and robustness of the system capturing the biometric.

(vi) Acceptability - the degree of approval of a technology by the public in everyday life.

(vii) Circumvention - how easy it is to fool the authentication system

(viii) Costs – how much cost is involved in purchasing the system.

(ix) Storage and retrieval of data – how data is stored and retrieved from the system.

How the data could be analyzed for MIS purposes.

Q.6 (A2010)

Kotri Enterprises (KE) is a supplier of computer and electronic hardware. Its management has recently decided to use e-commerce to boost its sales. In this regard, the CEO of the company held a meeting with the heads of IT and Finance in which he emphasized upon the following:

(i) Continuous availability of the website

(ii) Confidentiality of the customers' information

(iii) Controls over e-payment transactions

Required:

List the important measures that should be taken to address the above issues. (05 marks)

A.6

Following measures should be taken to address the issues highlighted by the CEO:

(i) Continuous availability of website

(a) Incorporation of appropriate detective controls to be aware of a security breach as soon as it happens.

(b) Incorporation of preventive controls such as Intrusion prevention system (IPS) to stop any attack.

(c) Appropriate disaster recovery plan to ensure availability of website.

(ii) Confidentiality of the customers' information

(a) Encryption of customers' data.

(b) Use of SSL, for protection of information on browser based transactions.

(c) As a rule, storing the most necessary information only and avoidance of storage of critical information such as credit card numbers, PIN _etc._

(iii) Controls over e-payment transactions

(a) Incorporation of atomicity of transactions so that either the whole transaction is processed or rolled back in case of failure.

(b) Regular auditing and monitoring of controls.

Q.7 (A2010)

Sualeh Enterprises is engaged in a variety of businesses. It relies heavily on its IT systems for conducting its operations. An investigation report on a recent incident of information security breach has highlighted strong deficiencies in preventive and detective controls over the company's IT systems. An emergency meeting has been called to discuss the issue. The head of IT believes that some of the controls could not be implemented due to constraints related to high costs and availability of human resources.

Required:

For the purpose of presentation in the meeting, briefly describe the purpose of preventive and detective controls. Identify any three preventive and three detective controls which could not be implemented due to the constraints specified by the head of IT. (06 marks)

A.7

Preventive Controls: They are intended to deter problems before it arises.

(a) Engaging qualified professionals, requires high cost.

(b) Segregation of duties, requires additional human resources and cost as well.

(c) Installation of Intrusion Prevention System, requires cost.

(d) Disaster recovery measures, requires cost to implement.

Detective Controls: These are meant to discover control problems as soon as they arise

(a) Duplicate checking of invoices or other documents, requires additional human resources.

(b) Installation of network monitoring systems / Intrusion detection system, requires additional cost.

(c) CCTV cameras requires additional cost and the review of recording also requires a lot of man hours.

(d) Proper review of system log requires additional time of senior management personnel.

Q.8 (A2010)

Password is an effective tool in avoiding unauthorized access. However, it may provide a false sense of security and could be easily bypassed if not managed properly.

Required:

List the best practices (any six) that should be part of an effective password policy. (06 marks)

A.8

(a) The minimum password length should be specified.

(b) Characters should contain alpha, numeric as well as special characters.

(c) Password should be changed periodically.

(d) Passwords should not be based on or include dictionary words.

(e) Passwords should not be written down anywhere.

(f) Password should not be revealed to anyone.

(g) Passwords should not be based on characters which can be guessed, like names in family, initial characters of names in family, date of birth _etc._

(h) Remember password option should not be used in browsers and applications.

Q.4 (A2009)

World Technologies is in the process of implementing electronic physical access controls. The IT department has identified the following options:

 Password

 Access cards / tokens

 Biometric system

You are required to write a note giving brief comparison of the above with respect to ease of use and level of security. (06)

Ans.4

Password

Password is an authentication control in which entry into any physical environment is based on something you know. Generally a keypad entry system is used for entering password which is verified by a suitable program to allow physical access to a facility.

Passwords are easy to use but need to be memorized. In comparison to other electronic controls it is weak as it can be guessed and/or stolen.

Access Cards/Tokens

This is an authentication control in which entry into any physical environment is based on something you have. Generally a swap card terminal or show card terminal is used for authenticating access cards and gaining physical access to a facility.

It is easier to use than password as one does need to memorize it. However, it has to be kept in custody at all times. It is a weak control as compared to a biometric control and can be compromised if stolen.

Biometric System

This is an authentication control in which entry into any physical environment is based on something you are. Generally finger print, hand and retina scanners are used for authenticating users and gaining physical access to a facility.

It is easier to use than other electronic controls as one does not need to memorize or to keep as an article all the time. It is strongest control than other electronic controls. Authentication by this control guarantees user's identity as a user cannot share this control like a password or access card.

CHAPTER 11: DATA ORGANIZATION AND ACCESS METHODS

DATA HIERARCHY

• Bit

• Byte

• Word

• Field

• Record

• File

• Database

BIT

Binary digits are known as bit.

Represented as 0's and 1's. This is called a two-state system.

BYTE

Usually bytes are grouped in sets of eight known as bytes.

WORD

Word or instruction is a collection of bytes or bits representing the maximum number of bits the CPU can process at one time.

FIELD

A related group of characters is referred to as field.

T

ypes of field:

• Alpha fields

• Numeric fields

• Alphanumeric fields

ALPHA FIELDS

Alpha fields consist of only alphabets A-Z and spaces. _e.g._ Name is alpha field

NUMERIC FIELDS

Numeric data fields can have only numbers in them.

_e.g._ student's Roll No is Numeric field

ALPHANUMERIC FIELDS

Alphanumeric data fields can contain any kind of data-numbers, letters or special symbol.

_e.g._ Number in street address.

RECORD

A related group of known fields is known as record.

FILE

A related group of known records is known as file.

DATABASE

The database itself is made up of a connection of master files that are related in some way;

_e.g._ A company's database

DATA STRUCTURES AND MODELS

Three different models are used in database are:

• The hierarchical model.

• The network model.

• The relational model.

THE HIERARCHICAL MODEL Many relationships are one-to-many or many-to-one relationships. Such relationships can be expressed conveniently in a hierarchy. Each data item is related to only one item above it in hierarchy, but to any number of data items below it. Hierarchies are sometimes referred to as parent-child structures.

Drawbacks :

• The biggest drawback to a file organized in hierarchical data structure in that the user is limited in the number of ways he or she can look for record.

• This asymmetrical character of the hierarchical model makes it unsuitable for many applications, especially where there is not a true hierarchical relationship between the data.

• No many-to-many relationship.

THE NETWORK MODEL

Life becomes more complicated when we try to express many-to-many relationships. There are two ways of expressing many-to-many relationships. One way of doing so is in a network structure.

Drawbacks :

• Because of pointer based system the enquiry has to navigate for long time to get the result.

• Because of pointer based this lacks flexibility.

• Data structure is dependent on data.

THE RELATIONAL MODEL

Another way of expressing many-to-many and one-to-many relationships is the relational data structure. A row represents a record, and columns represent part of a record. A row is sometimes called a tuple and a column is sometimes called a domain.

Characteristics:

• Because of the tabular form, the above problem is recovered.

• Easy to maintain

• Need more storage space

• Searching fast

• Data structure not dependant on data

FILE ORGANIZATION

File organization might be:

• Unordered

• Sequential

• Random

• Index

• Index sequential

UNORDERED FILE ORGANIZATION/SERIAL FILES

Records are in no particular order or sequence on the file. (Transaction files may have an unordered organization).

This is not same as random organization.

SEQUENTIAL FILE ORGANIZATION

• A file organization is sequential if the records on the file are in a logical sequence according to their key field, For Example in Alphabetical order, or in numerical order.

• Sequential Files must be maintained in Sequence.

• New records must be placed into their correct position in the file.

• Records which follow pushed back to make room for the now records.

RANDOM FILE ORGANIZATION

• It doesn't mean that the records are held anywhere on file, as the term "random" might lead you to suppose. With random organization, records are put on file in one of two ways.

a. Either in some way that corresponds to a key value, which is calculated from data on the record when it is field.

b. Or by means of an index.

INDEX FILES

• The index file organization is the most commonly used for storing records on disk. It uses an index based on key field and the disk location of that record. The records may be randomly placed in the file, but they can be quickly located by referencing index.

• The index itself consists of two matching lists; the key field for each record and the disk address of that record.

INDEX SEQUENTIAL FILES In index sequential files records are stored sequentially by record key selected records without requiring a search of the entire file. Index sequential files are often used to store data on disk.

FILE ACCESS METHODS

• Serial access

• Sequential access

• Direct access

SERIAL ACCESS

• With transaction files, serial access of an unordered file will often be suitable, because every record on the file has to be processed.

• With master files, serial access to locate records would be very time consuming and so very inefficient. (Master files should never have an unordered file organization).

SEQUENTIAL ACCESS

Sequential access is the access of data in accordance with the order of a particular key _e.g._ Audio Cassette.

DIRECT ACCESS

Direct access may be defined as access to backing storage (normally disk) or memory locations the access time for which apparently constant irrespective of the previous location addressed.

_e.g._ H.D

• The term index sequential access is used to describe direct access to records that are held in a key field order in file.

• Random access refers to the retrieval of data from a randomly organized file.

FILE MAINTENANCE

File maintenance is the process of keeping standing data on master file or reference file up-to-date.

T

YPES OF DATA FILES

TRANSACTION FILES

A transaction file is a file containing records that relate to individual transactions that occur from day to day.

MASTER FILES

A master file in such system is a file containing: reference data, which is normally altered (updated) infrequently and also transactions data which is built up over time.

This is a file consisting of :

• Standing' reference data for each supplier, itemizing purchase, purchase returns and payments to the supplier.

• This transaction data is built up over time

R

EFERENCE FILES

A reference file or index file is a file containing reference data, which is normally altered (updated) infrequently.

KEY FIELDS

Records on file should contain at least one key field. This is an item of data within the record by which it can be uniquely identified.

• The key field in a transaction record is the item of data will be used to identify master file record with which it should be associated.

• The key field in a master file record is the item of data by which the record in the file.

DATA BASE MANAGEMENT SYSTEMS (DBMS)

DBMS

A DBMS is a complex set of software programs that controls the organization, storage and retrieval of data in a database.

A DBMS includes :

1) A modeling language to define the schema of each database hosted in the DBMS according to the DBMS data model.

a) The three most common organizations are her hierarchal, network and relational models.

b) The dominant model in use today is the ad hoc one embedded in SQL, a corruption of the relational model by violating several of its fundamental principles.

2) Data structures (fields, records and files) optimized to deal with very large amounts of data stored on a permanent data storage device (which implies very slow access compared to volatile main memory)

3) A database query language and report writer to allow user to interactively interrogate the database, analyze its data and update it according to the user's privileges on data.

a) Control the security

b) Data security prevents unauthorized users from viewing or uploading the database.

c) Database provides a way to interactively enter and update the database, as well as interrogate it.

4) Concurrency control and faults tolerance.

a) It also maintains the integrity of the data in the database.

b) The DBMS can maintain the integrity of the database by not allowing more than one user to update the same record at the same time.

FEATURES AND ABILITIES Features of attribute management :

• Persistence

• Query Ability

• Concurrency

• Backup and Replication

• Rule Enforcement

• Security

• Computation

• Change and Access Logging

• Automated optimization

• Meta-data Repository

• Modeling Tool.

ORACLE DBMS/ RDBMS

An Oracle database consists of a collection of data managed by an Oracle database management system. Popular generic usage also uses the term to refer to the Oracle DBMS management software, but not necessarily to a specific under its control.

One can refer to the Oracle database management system unambiguously as Oracle DBMS or (since it manages database which have relational characteristics) as Oracle RDBMS.

Oracle Corporation itself blurs the very useful distinction :

• Data managed by an Oracle RDBMS;

• An Oracle database, and

• The Oracle RDBMS software itself.

ORACLE SUITES

Oracle has released several related suites of tools and applications:

• Oracle Application Server.

• Oracle Collaboration Suite.

• Oracle E-Business Suite.

• Oracle Enterprise Manager (OEM).

CONTROL OVER DATA INTEGRITY, PRIVACY AND SECURITY

DATA INTEGRITY Integrity if it is complete not corrupted. This means that:

• The original capture of the data must be controlled in such a way as to ensure that the results are complete and correct.

• Any processing and storage of data must maintain the completeness and correctness of the data captured.

• That reports or other output should be set up so that they, too are complete and correct.

DATA INTEGRITY AND CONTROLS

Controls must therefore be put in place to ensure that:

• Problems are identified and put right when they occur.

• Errors are recognized and eliminated.

• There is a record of all processing that occurs.

• All the data that should be processed is processed, at the correct time and in the correct order.

• The system is capable of recovery may be simple manual clerical checks. Other can be performed by the software.

CONTROL OVER INPUT

• Verification

• Source data automation

• Turn around doc.

_e.g._ MICR _etc._

CONTROLS OVER TRANSCRIBING DATA

• Training

• Proper designed of documents

• Screen designed

CONTROL OVER PROCESSING

• File id check

• Check points & procedures

(e.g. restart program)

• Control totals

CONTROL TOTALS

It is the sum of specified fields. It might be any of the following.

• The number of records on a file.

• The total of the value of a particular field in all the records on a file – _e.g._ the total of debts outstanding in all the customer record on a sales ledger file.

• A hash total, which is a control total that has no meaning, except as a control check, for example, the total of supplier code numbers on a purchase ledger file.

VERIFICATION

It is the process of ensuring that the data that has been input is the same as the data on the source documents.

VALIDATION

It is the process of ensuring that the data that has been input has a value that is possible for that kind of data, for example that a number is not more than a certain amount.

RANGE CHECKS

A method of checking the validity of input data by determining whether the values fall within an expected range.

LIMIT CHECKS

A check to determine if a value entered into a computer system is within acceptable minimum and maximum values.

EXISTENCE CHECKS

The existence data rule definition logic checks whether anything exists in the source data.

CONSISTENCY CHECKS

Check whether the data entered is consistent or not.

CHECK DIGITS

A check digit is a form of redundancy check used for error detection, the decimal equivalent of a binary checksum. It consists of a single digit computed from the other digits in the message.

With a check digit, one can detect simple errors in the input of a series of digits, such as a single mistyped digit or some permutations of two successive digits.

OUTPUT CONTROLS

Controls over output from computer processing:

• In a batch processing system, where data is sent off to a computer center, there update checks to make sure that all batches have been processed and returned.

• All input records that have been rejected by data validation checks and master file update checks must be looked at to find out the cause of the error.

• Output should be correctly distributed, and a record kept of the distributions that have been made.

• Output on to tape, and CDs should be properly labeled and stored.

PASSWORDS/ LOGICAL ACCESS CONTROLS

Passwords are a set of characters which may be allocated to a person, a terminal or a facility which is required to be keyed into the system before further access is permitted.

Passwords can be applied to data files

• Passwords can be applied to data files, program files and to parts of a program.

• The terminal user can be restricted to the use of certain files and programs. (eg in a banking system, junior grades of staff are only allowed to access certain routine programs.)

PROBLEMS WITH PASSWORDS Passwords ought to be effective in keeping out unauthorized users, but they are by no mean foolproof.

• By experimenting with possible password, an unauthorized person can gain access to program or file by the correct password.

• Someone who is authorized to access a data or program file may tell an unauthorized person what the password is, perhaps through carelessness, or because it seems convenient on a particular occasion.

• An unauthorized person may simply observe someone else keying in their password. Most systems display asterisks instead of the actual characters typed, to try to prevent this, although this may not help if the password is a short simple one and the user type very slowly.

• Many password systems come with standard passwords as part of the systems, such as LET-ME-IN. It is essential for these to be removed if the system is to be at all secure. Such common passwords become widely known to people in the industry using similar packages.

• Password system they rely upon users to use them conscientiously.

• A good password, in a form such as fl14PQzH7364 (numbers and letters, upper and lower case)

BEST PASSWORD PRACTICES

• Keep your password secret.

• Do not write it down.

• Change your password regularly.

• Be discreet when you change and use.

• Do not use an obvious password.

• Change your password immediately if you suspect that anyone knows it.

• Password should not be predictable

• An ideal password should be a combination of alphanumeric characters

PAST PAPERS

Q.2 (A2012)

(a) Briefly describe "Transaction files" and "Master files" with the help of two examples in each case. (06 marks)

(b) The sales day book of Paw Limited contains the following fields:

• Date • Customer ID • Address

• Invoice Number • Customer Name • Email Address

• Phone Number • Amount

Required:

(i) Which of the above fields could be set as primary key? Give brief justification to support your opinion. (02 marks)

(ii) Identify the fields that must be used by a program for generating customer-wise daily sales report. (02 marks)

A.2

(a)

TRANSACTION FILES

A transaction file is a file containing records of individual transactions that occur from day to day, just like all sales transactions are recorded in a sales day book.

Examples:

(i) The sales day book entries are examples of transaction records in a transactions file.

(ii) All receipts and payments of cash are recorded in the cash book, and so the cash book is a sort of a transaction file if maintained in a computer.

MASTER FILES

A master file contains relatively permanent (reference) data i.e., it is not required to be changed frequently.

Examples:

(i) A master file of suppliers may include their name, address, reference number and agreed terms _etc._

(ii) A customers' master file contains name, address, reference number, credit limit, type of organisation, date of first transaction _etc._

(b)

(i)

Invoice number in a sales day book is a primary key because duplicate values are possible in all the given fields except the Invoice Number.

(ii)

To calculate the daily sales to each customer following combination of fields must be selected: Date, Customer ID, Customer Name and Amount.

Q.6 (S2010)

Horizontal Ltd has realized the importance of data recovery after a recent disaster where they lost some very important data. On the advise of a director the management is inclined to implement the Grandfather, Father and Son methodology for data backup.

Required:

(a) Briefly discuss the above methodology. (03)

(b) Explain the risk which would persist even after implementing the above system and suggest measures to minimize that risk further. (02)

(b)

if the above strategy is well planned and implemented, there is still a risk that data loss of up to eight hours may occur. Moreover, the backup may also be destroyed in case of a disaster.

We may take the following measures to minimize the above risks:

(i) Record the backup simultaneously.

(ii)Select such a place for backup storage that does not have same threats as that of the original site. i.e., which may be far away from the original site.

Q.7 (S2010)

Briefly explain the following features of a Database Management System with a suitable example in each case:

(a) Data sharing

(b) Query ability

(c) Rule enforcement

(d) Change and access logging (06)

A.7

(a) Data Sharing

The data sharing feature enables multiple applications and users to read (pull and use) from and write to the same database concurrently.

Example

An airline database of passengers' booking is shared between its booking offices and airport checkin counter.

(b)

Query Ability

A database query language allows users to interactively interrogate the database i.e., obtain and update the data/information, according to the privileges allowed.

Example

Retrieving customers' records whose average monthly balance is greater than Rs. 500,000 and adding 4% profit in their balances.

(c) Rule Enforcement

Generally, a DBMS has the capability to enforce rules related to the following:

(i) viewing data.

(ii) inserting, updating/editing and validating data.

(iii) data deletion.

Example

Allow data entry operators to enter new records, but restrict them from editing existing records.

(d) Change and Access Logging

The database access logging service allows to keep a record of the following:

(i) Who accessed the data?

(ii) When was it accessed?

(iii) What changes were made?

Example

List of changes made between May 1, 2009 and May 7, 2009 by a particular user can be printed using 'change and access log'.

## CHAPTER 12: DISASTER RECOVERY PLANNING

DISASTER

A disaster occurs where the system for some reason breaks down, leading to potential losses of equipment, data or funds. The victim, however, cannot simply wait before continuing operations. The system must recover as soon as possible so that further losses are not incurred, and current losses can be rectified.

WHY CONTINGENCY PLAN IS NECESSARY

The preparation of contingency plan is one of the stages in the development of an organization - wide security policy. A contingency plan is necessary in case of some terrible disaster occurring to the system, or if some of the security measures discussed elsewhere fail.

RISK MANAGEMENT

Risk management involves three stages :

Stage 1 : Risk assessment

• Identification of risks.

• Quantification of risks.

• Placing risks in order of potential loss.

Stage 2 : Risk minimization:

• Identification of counter-measure.

• Costing of counter-measures.

• Selection of counter-measures. Insignificant risks may not justify the cost of setting up and operating controls.

• Implementation of counter-measures.

• Draw up contingency plans in case all counter-measures are ineffective.

Stage 3 : Risk transfer (insurance)

It is impossible to eliminate all risk. Risks that cannot be covered by security measures should be insured against, so that at least the financial consequences are not too server.

CONTINGENCY PLANNING

A contingency is an unscheduled interruption of computing services that requires measures outside the day-to-day routine operating procedure.

DATA BACKUP

"Back-up means to make a copy in anticipation of future or corruption. A back-up copy of a file is a duplicate copy kept separately from the main system and only used if the original fails".

The purpose of backing up data is to ensure that the most recent usable copy of the data can be recovered and restored in the event of loss or corruption on the primary storage media.

ARCHIVING DATA

Archiving data is the process of moving (by copying) data from primary storage, such as hard disk, to tape or portable media for long-term storage.

A WELL PLANNED BACKUP AND ARCHIVE STRATEGY A well planned backup and archive strategy should include:

• A plan and schedule for the regular back-up of critical data.

• Archive plans.

• A disaster recovery plan that includes off-site storage.

• Undertake to verify that data backed up can be successfully restored.

• The intervals at which backups are performed must be decided. Most organizations back up their data daily, but backups may be performed more frequently, depending on the nature of the data and of the organization.

• A rotation scheme that provides an appropriate data history must be selected. The Grandfather, Father, Son scheme uses twelve tapes or other portable media - allowing recovery of three months data.

ALTERNATIVE PROCESSING FACILITY ARRANGEMENTS

Standby facilities which can be used for disaster recovery include the following :

• Computer bureaus can agree to make their own system available in the event of an emergency.

• Cooperating with other organization in locality, through a mutual aid agreement, may be way of pooling resources.

• Disaster standby companies offer office premises with desks.

• Hardware duplication.

DISASTER RECOVERY PROCEDURAL PLAN (CONTINGENCY PLAN)

A disaster occurs where the system for some reason breaks down, leading to potential losses of equipment, data or funds. The victim, however, cannot simply before continue operations. The system must recover as soon as possible so that further losses are not incurred, and current losses can be rectified.

Any contingency plan must therefore provide for:

a. Standby procedures so that some operations can be performed while normal services are disrupted.

b. Recovery procedure once the cause of the breakdown has been discovered or corrected.

c. The personnel management policies to ensure that (a) and (b) above are implemented properly.

CONTENTS OF A CONTINGENCY PLAN

1. Definition of responsibilities

It is important that somebody (a manager or coordinator) is designated to take control in a crisis. This individual can then delegate specific tasks or responsibilities to other designated personnel.

2. Priorities

Limited resources may be available for processing. Some tasks are more important than others. These must be established in advance. Similarly, the recovery program may indicate that certain areas must be tackled first.

3. Backup and standby arrangements

These may be with other installations, with a company (e.g. a computer bureau) that provides such services, or manual procedures.

4. Communication with staff

The problems of a disaster can be confounded by poor communication between members of staff.

5. Public relation

If the disaster has a public impact, the recovery team may come under pressure from the public or from the media.

6. Risk assessment

Some way must be found of assessing the requirements of the problem, if it is contained, with the continued operation of the organization as a whole.

ACTIONS OR EVENTS THAT LEAD TO A SYSTEMS BREAKDOWN

• Fire destroying data files and equipment

• Flooding (so it is best not site the computer room in basement)

• A computer virus completely destroying a data or program file.

• A technical destruction of telecommunication links (e.g. builders severing a cable)

• Terrorist attack.

• System failure caused by software bugs which were not discovered at the design stage.

• Internal sabotage (e.g. logic bobs built into the software)

SYSTEM RISK RANKING

• Critical system [Need to be replaced by identical capabilities]

• Vital systems [Can be performed manually for a brief period of time at high cost]

• Sensitive system [Can be performed manually for extended time period at tolerable cost]

• Non critical system [Can be performed manually for extended time period at little or no extra cost.]

TYPES OF STRATEGIES /RECOVERY ALTERNATIVES

RECIPROCAL AGREEMENT WITH OTHER COMPANIES

Agreement with two or more organizations with similar equipment or applications (it is inexpensive but difficult to reinforce)

IPF

Duplicate information processing facilities. Dedicated self developed recovery sites that can backup critical applications.

HOT SITES

Fully configured and ready to operate within several hours. Installed with low power processor to take care of critical applications. Additional needs are staff, programs, data files and documentation

WARM SITES

Partially configured usually with network connections and selected peripheral equipments such taps and disk drives.

OLD SITES

Equipped with basic facilities only like electrical wiring, air conditioning and flooring.

PAST PAPERS

Q.5 (A2011)

Briefly explain the key contents of a disaster recovery plan. (05 marks)

A.5

Key contents of a disaster recovery plan are as follows:

(a) Definition of responsibilities

Responsibilities of key individuals who would take control and lead in the crisis are clearly defined.

(b) Priorities

Important and vital tasks and areas are clearly mentioned in the order of priority.

(c) Backup and standby arrangements

Location of latest backups is clearly mentioned. Agreement briefs and identification of standby arrangements with third parties or other similar arrangements is specified.

(d) Communication with staff

Contact details of key staff members are mentioned. Appropriate means to communicate the disaster to the staff may be specified.

(e) Public relations

Name of officer appointed for dealing with media and public.
