1

ADL 06 Computers in Management V2 Explain information system? Discuss various information systems available in any organization.

1.

A.1 In a very broad sense, the term information system is frequently used to refer to the interaction between people, processes, data and technology. In this sense, the term is used to refer not only to the information and communication technology (ICT) an organization uses, but also to the way in which people interact with this technology in support of business processes. Some make a clear distinction between information systems, ICT and business processes. Information systems are distinct from information technology in that an information system is typically seen as having an ICT component. Information systems are also different from business processes. Information systems help to control the performance of business processes. Alter argues for an information system as a special type of work system. A work system is a system in which humans and/or machines perform work using resources (including ICT) to produce specific products and/or services for customers. An information system is a work system whose activities are devoted to processing (capturing, transmitting, storing, retrieving, manipulating and displaying)information[. Part of the difficulty in defining the term information system is due to vagueness in the definition of related terms such as system and information. Beynon-Davies argues for a clearer terminology based in systemics and semiotics. He defines an information system as an example of a system concerned with the manipulation of signs. An information system is a type of socio-technical system. An information system is a mediating construct between actions and technology. As such, information systems inter-relate with data systems on the one hand and activity systems on the other. An information system is a form of communication system in which data represent and are processed as a form of social memory. An information system can also be considered a semi-formal language which supports human decision making and action. Information systems are the primary focus of study for the information systems discipline and for organisational informatics. However, as new information technologies have been developed, new categories of information systems have emerged, some of which no longer fit easily into the original pyramid model. Some examples of such systems are: Various Information system in an organistaion: Data warehouses : Data warehouse is a repository of an organization's electronically stored data. Data warehouses are designed to facilitate reporting and analysis. A data warehouse houses a standardized, consistent, clean and integrated form of data sourced from various operational systems in use in the organization, structured in a way to specifically address the reporting and analytic requirements. Enterprise Resource Planning (ERP) is a term usually used in conjunction with ERP software or an ERP system which is intended to manage all the information and functions of a business or company from shared data stores. An ERP system typically has modular hardware and software units and "services" that communicate on a local area network. The modular design allows a business to add or reconfigure modules (perhaps from different vendors) while preserving data integrity in one shared database that may be centralized or distributed Enterprise systems (ES) are large-scale, integrated application-software packages that use the computational, data storage, and data transmission power of modern information technology (IT) to support processes, information flows, reporting, and data analytics within and between complex organizations. In short, ES are packaged enterprise application software (PEAS) systems, where all three adjectives, "packaged", "enterprise", and "application", in combination, restrict the set of things that can be called ES An expert system is software that attempts to provide an answer to a problem, or clarify uncertainties where normally one or more human experts would need to be consulted. Expert systems are most common in a specific problem domain, and is a traditional application and/or subfield of artificial intelligence. A wide variety of methods can be used to simulate the performance of the expert however common to most or all are 1) the creation of a so-called "knowledgebase" which uses some knowledge representation formalism to capture the Subject Matter Expert's (SME) knowledge and 2) a process of gathering that knowledge from the SME and codifying it according to the formalism, which is called knowledge engineering. There is a variety of definitions and understandings of a Global Information System (GIS, GLIS), such as

2 A global information system (GLIS) is an information system which is developed and / or used in a global
context. [1]

A global information system (GLIS) is any information system which attempts to deliver the totality of
measurable data worldwide within a defined context. (USF) The term Global Information System has the same acronym is the same, the meaning is different from the term Geographic Information Systems. Office automation refers to the varied computer machinery and software used to digitally create, collect, store, manipulate, and relay office information needed for accomplishing basic tasks and goals. Raw data storage, electronic transfer, and the management of electronic business information comprise the basic activities of an office automation system.[1] Office automation helps in optimizing or automating existing office procedures. The backbone of office automation is a LAN, which allows users to transmit data, mail and even voice across the network. All office functions, including dictation, typing, filing, copying, fax, Telex, microfilm and records management, telephone and telephone switchboard operations, fall into this category. Office automation was a popular term in the 1970s and 1980s as the desktop computer exploded onto the scene.[2]

2.

Explain the concept behind Batch processing and transaction processing system.

A.2 Batch processing is execution of a series of programs ("jobs") on a computer without manual intervention. Batch jobs are set up so they can be run to completion without manual intervention, so all input data is preselected through scripts or command-line parameters. This is in contrast to "online" or interactive programs which prompt the user for such input. A program takes a set of data files as input, process the data, and produces a set of output data files. This operating environment is termed as "batch processing" because the input data are collected into batches on files and are processed in batches by the program. Batch processing has these benefits:

It allows sharing of computer resources among many users and programs, It shifts the time of job processing to when the computing resources are less busy, It avoids idling the computing resources with minute-by-minute mannual intervention and supervision, By keeping high overall rate of utilization, it better amortizes the cost of a computer, especially an expensive one.
In computer science, transaction processing is information processing that is divided into individual, indivisible operations, called transactions. Each transaction must succeed or fail as a complete unit; it cannot remain in an intermediate state. Transaction processing is designed to maintain a computer system (typically, but not limited to, a database or some modern filesystems) in a known, consistent state, by ensuring that any operations carried out on the system that are interdependent are either all completed successfully or all canceled successfully. For example, consider a typical banking transaction that involves moving $700 from a customer's savings account to a customer's checking account. This transaction is a single operation in the eyes of the bank, but it involves at least two separate operations in computer terms: debiting the savings account by $700, and crediting the checking account by $700. If the debit operation succeeds but the credit does not (or vice versa), the books of the bank will not balance at the end of the day. There must therefore be a way to ensure that either both operations succeed or both fail, so that there is never any inconsistency in the bank's database as a whole. Transaction processing is designed to provide this. Transaction processing guards against hardware and software errors that might leave a transaction partially completed, with the system left in an unknown, inconsistent state. If the computer system crashes in the middle of a transaction, the transaction processing system guarantees that all operations in any uncommitted (i.e., not completely processed) transactions are cancelled. Transactions are processed in a strict chronological order. If transaction n+1 intends to touch the same portion of the database as transaction n, transaction n+1 does not begin until transaction n is committed. Before any transaction is committed, all other transactions affecting the same part of the system must also be committed; there can be no holes in the sequence of preceding transactions

3.

Show with reference block diagram the various components of a computer systems in detail.

3
A.3 Block Diagram of Computer: #< A computer can process data, pictures, sound and graphics. They can solve highly complicated problems quickly and accurately. Input Unit: Computers need to receive data and instruction in order to solve any problem. Therefore we need to input the data and instructions into the computers. The input unit consists of one or more input devices. Keyboard is the one of the most commonly used input device. Other commonly used input devices are the mouse, floppy disk drive, magnetic tape, etc. All the input devices perform the following functions. Accept the data and instructions from the outside world. Convert it to a form that the computer can understand. Supply the converted data to the computer system for further processing. Storage Unit: The storage unit of the computer holds data and instructions that are entered through the input unit, before they are processed. It preserves the intermediate and final results before these are sent to the output devices. It also saves the data for the later use. The various storage devices of a computer system are divided into two categories. 1. Primary Storage: Stores and provides very fast. This memory is generally used to hold the program being currently executed in the computer, the data being received from the input unit, the intermediate and final results of the program. The primary memory is temporary in nature. The data is lost, when the computer is switched off. In order to store the data permanently, the data has to be transferred to the secondary memory. The cost of the primary storage is more compared to the secondary storage. Therefore most computers have limited primary storage capacity. 2. Secondary Storage: Secondary storage is used like an archive. It stores several programs, documents, data bases etc. The programs that you run on the computer are first transferred to the primary memory before it is actually run. Whenever the results are saved, again they get stored in the secondary memory. The secondary memory is slower and cheaper than the primary memory. Some of the commonly used secondary memory devices are Hard disk, CD, etc., Memory Size: All digital computers use the binary system, i.e. 0s and 1s. Each character or a number is represented by an 8 bit code. The set of 8 bits is called a byte. A character occupies 1 byte space. A numeric occupies 2 byte space. Byte is the space occupied in the memory. The size of the primary storage is specified in KB (Kilobytes) or MB (Megabyte). One KB is equal to 1024 bytes and one MB is equal to 1000KB. The size of the primary storage in a typical PC usually starts at 16MB. PCs having 32 MB, 48MB, 128 MB, 256MB memory are quite common. Output Unit: The output unit of a computer provides the information and results of a computation to outside world. Printers, Visual Display Unit (VDU) are the commonly used output devices. Other commonly used output devices are floppy disk drive, hard disk drive, and magnetic tape drive. Arithmetic Logical Unit: All calculations are performed in the Arithmetic Logic Unit (ALU) of the computer. It also does comparison and takes decision. The ALU can perform basic operations such as addition, subtraction, multiplication, division, etc and does logic operations viz, >, <, =, etc. Whenever calculations are required, the control unit transfers the data from storage unit to ALU once the computations are done, the results are transferred to the storage unit by the control unit and then it is send to the output unit for displaying results. Control Unit: It controls all other units in the computer. The control unit instructs the input unit, where to store the data after receiving it from the user. It controls the flow of data and instructions from the storage unit to ALU. It also controls the flow of results from the ALU to the storage unit. The control unit is generally referred as the central nervous system of the computer that control and synchronizes its working.

4
Central Processing Unit: The control unit and ALU of the computer are together known as the Central Processing Unit (CPU). The CPU is like brain performs the following functions: It performs all calculations. It takes all decisions. It controls all units of the computer. A PC may have CPU-IC such as Intel 8088, 80286, 80386, 80486, Celeron, Pentium, Pentium Pro, Pentium II, Pentium III, Pentium IV, Dual Core, and AMD etc.

4.

What do you understand by classification of computers? Describe with example.

A.4 Computers are available in different shapes, sizes and weights, due to these different shapes and sizes they perform different sorts of jobs from one another. They can also be classified in different ways. All the computers are designed by the qualified computer architectures that design these machines as their requirements. A computer that is used in a home differs in size and shape from the computer being used in a hospital. Computers act as a server in large buildings, while the computer also differs in size and shape performing its job as a weather forecaster. A student carrying a laptop with him to his college is different in shape and size from all the computers mentioned above. Here we are going to introduce different classifications of computers one by one. We will discuss what are in classifications and what job they perform. Super computer The biggest in size, the most expensive in price than any other is classified and known as super computer. It can process trillions of instructions in seconds. This computer is not used as a PC in a home neither by a student in a college. Governments specially use this type of computer for their different calculations and heavy jobs. Different industries also use this huge computer for designing their products. In most of the Hollywoods movies it is used for animation purposes. This kind of computer is also helpful for forecasting weather reports worldwide. Mainframes Another giant in computers after the super computer is Mainframe, which can also process millions of instruction per second and capable of accessing billions of data. This computer is commonly used in big hospitals, air line reservations companies, and many other huge companies prefer mainframe because of its capability of retrieving data on a huge basis. This is normally to expensive and out of reach from a salary-based person who wants a computer for his home. This kind of computer can cost up to thousands of dollars. Minicomputer This computer is next in he line but less offers less than mainframe in work and performance. These are the computers, which are mostly preferred by the small type of business personals, colleges, etc. Personal computers Almost all the computer users are familiar with the personal computers. They normally know what the personal computer is and what its functions are. This is the computer mostly preferred by the home users. These computers are lesser in cost than the computers given above and also, small in size; they are also called PCs in short for Personal computers. This computer is small in size and you can easily arrange it to fit in your single bedroom with its all accommodation. Today this is thought to be the most popular computer in all. Notebook computers Having a small size and low weight the notebook is easy to carry to anywhere. A student can take it with him/her to his/her

5
school in his/her bag with his/her book. This is easy to carry around and preferc.-red by students and business people to meet their assignments and other necessary tasks. The approach of this computer is also the same as the Personal computer. It can store the same amount of data and having a memory of the same size as that of a personal computer. One can say that it is the replacement of personal desktop computer.

5.

What do you mean by DBMS along with the facilities available? Also mention the role of database administrator.

A.5 Computer memory refers to devices that are used to store data or programs (sequences of instructions) on a temporary or permanent basis for use in an electronic digital computer. Computers represent information in binary code, written as sequences of 0s and 1s. Each binary digit (or "bit") may be stored by any physical system that can be in either of two stable states, to represent 0 and 1. Such a system is called bistable. This could be an on-off switch, an electrical capacitor that can store or lose a charge, a magnet with its polarity up or down, or a surface that can have a pit or not. Today, capacitors and transistors, functioning as tiny electrical switches, are used for temporary storage, and either disks or tape with a magnetic coating, or plastic discs with patterns of pits are used for long-term storage. Computer memory is usually meant to refer to the semiconductor technology that is used to store information in electronic devices. Current primary computer memory makes use of integrated circuits consisting of silicon-based transistors. There are two main types of memory: volatile and non-volatile. A.6 A Database Management System (DBMS) is a set of computer programs that controls the creation, maintenance, and the use of the database in a computer platform or of an organization and its end users. It allows organizations to place control of organization-wide database development in the hands of database administrators (DBAs) and other specialists. A DBMS is a system software package that helps the use of integrated collection of data records and files known as databases. It allows different user application programs to easily access the same database. DBMSs may use any of a variety of database models, such as the network model or relational model. In large systems, a DBMS allows users and other software to store and retrieve data in a structured way. Instead of having to write computer programs to extract information, user can ask simple questions in a query language. Thus, many DBMS packages provide Fourth-generation programming language (4GLs) and other application development features. It helps to specify the logical organization for a database and access and use the information within a database. It provides facilities for controlling data access, enforcing data integrity, managing concurrency controlled, restoring database. database administrator (DBA) is a person responsible for the design, implementation, maintenance and repair of an organization's database. They are also known by the titles Database Coordinator or Database Programmer, and is closely related to the Database Analyst, Database Modeler, Programmer Analyst, and Systems Manager The duties of a database administrator vary depending on job description, corporate and Information Technology (IT) policies and the technical features and capabilities of the DBMS being administered. They include disaster recovery (backups and testing of backups), performance analysis and tuning, data dictionary maintenance, and database design. Roles of the DBA include:

Installation of new software It is the job of the DBA to install new versions of DBMS software, application
software, and other software related to DBMS administration. It is important that the DBA or other IS staff members test new software before it is moved into a production environment.

Configuration of hardware and software with the system administrator In many cases the system software can
only be accessed by the system administrator. In this case, the DBA works closely with the system administrator to perform software installations, and to configure hardware and software so that it functions optimally with the DBMS.

Security administration One of the main duties of the DBA is to monitor and administer DBMS security. This
involves adding and removing users, administering quotas, auditing, and checking for security problems.

Data analysis The DBA analyzes data stored in the database and makes recommendations relating to
performance and efficiency of that data storage. This includes the effective use of indexes, enabling "Parallel Query" execution, or other DBMS specific features.

6 Database design (preliminary) The DBA can be involved at the preliminary database-design stages, eliminating
many problems that might occur. The DBA knows the DBMS and system, can point out potential problems, and can help the development team with special performance considerations.

Data modeling and optimization By modeling the data, it is possible to optimize the system layouts to take the
most advantage of the I/O subsystem. Assignment B Q1. What is meant by Network topology along with different network models?

A.1 Network topology is the physical interconnections of the elements (links, nodes, etc.) of a computer network. A local area network (LAN) is one example of a network that exhibits both a physical topology and a logical topology. Any given node in the LAN has one or more links to one or more other nodes in the network and the mapping of these links and nodes in a graph results in a geometrical shape that may be used to describe the physical topology of the network. Likewise, the mapping of the data flows between the nodes in the network determines the logical topology of the network. The physical and logical topologies may or may not be identical in any particular network. Any particular network topology is determined only by the graphical mapping of the configuration of physical and/or logical connections between nodes. The study of network topology uses graph theory. Distances between nodes, physical interconnections, transmission rates, and/or signal types may differ in two networks and yet their topologies may be identical. The study of network topology recognizes four basic topologies:

Bus topology Star topology Ring topology Tree topology

There are also three basic categories of network topologies:

physical topologies signal topologies logical topologies

The terms signal topology and logical topology are often used interchangeably, though there is a subtle difference between the two

Bus

Bus network topology In local area networks where bus technology is used, each machine is connected to a single cable. Each computer or server is connected to the single bus cable through some kind of connector. A terminator is required at each end of the bus cable to prevent the signal from bouncing back and forth on the bus cable. A signal from the source travels in both directions to all machines connected on the bus cable until it finds the MAC address or IP address on the network that is the intended recipient. If the machine address does not match the intended address for the data, the machine ignores the data. Alternatively, if the data does match the machine address, the data is accepted. Since the bus topology consists of only one wire, it is rather inexpensive to

7
implement when compared to other topologies. However, the low cost of implementing the technology is offset by the high cost of managing the network. Additionally, since only one cable is utilized, it can be the single point of failure. If the network cable breaks, the entire network will be down Star

Star network topology In local area networks where the star topology is used, each machine is connected to a central hub. In contrast to the bus topology, the star topology allows each machine on the network to have a point to point connection to the central hub. All of the traffic which transverses the network passes through the central hub. The hub acts as a signal booster or repeater which in turn allows the signal to travel greater distances. As a result of each machine connecting directly to the hub, the star topology is considered the easiest topology to design and implement. An advantage of the star topology is the simplicity of adding other machines. The primary disadvantage of the star topology is the hub is a single point of failure. If the hub were to fail the entire network would fail as a result of the hub being connected to every machine on the network.

Ring

Ring network topology In local area networks where the ring topology is used, each computer is connected to the network in a closed loop or ring. Each machine or computer has a unique address that is used for identification purposes. The signal passes through each machine or computer connected to the ring in one direction. Ring topologies typically utilize a token passing scheme, used to control access to the network. By utilizing this scheme, only one machine can transmit on the network at a time. The machines or computers connected to the ring act as signal boosters or repeaters which strengthen the signals that transverse the network. The primary disadvantage of ring topology is the failure of one machine will cause the entire network to fail.

Tree

Tree network topology Also known as a hierarchical network. The type of network topology in which a central 'root' node (the top level of the hierarchy) is connected to one or more other nodes that are one level lower in the hierarchy (i.e., the second level) with a point-to-point link between each of the second level nodes and the top level central 'root' node, while each of the second level nodes that are connected to the top level central 'root' node will also have one or more other nodes that are one level lower in the hierarchy (i.e., the third level) connected to it, also with a point-to-point link, the top level central 'root' node being the only node that has no other node above it in the hierarchy (The hierarchy of the tree is symmetrical.) Each node in the network having a specific fixed number, of nodes connected to it at the next lower level in the hierarchy, the number, being referred to as the 'branching factor' of the hierarchical tree.

8
A.2 Data transmission, is the physical transfer of data (a digital bit stream) over a point-to-point or point-to-multipoint transmission medium. Examples of such media are copper wires, optical fibers, wireless communication media, and storage media. The data is often represented as an electro-magnetic signal, such as an electrical voltage signal, a radiowave or microwave signal or an infra-red signal. While analog communications represents a continuously varying signal, a digital transmission can be broken down into discrete messages. The messages are either represented by a sequence of pulses by means of a line code (baseband transmission), or by a limited set of analogue wave forms (passband transmission), using a digital modulation method. According to the most common definition of digital signal, both baseband and passband signals representing bit-streams are considered as digital transmission, while an alternative definition only considers the baseband signal as digital, and the passband transmission as a form of digital-to-analog conversion. Transmission media are the physical pathways that connect computers, other devices, and people on a networkthe highways and byways that comprise the information superhighway. Each transmission medium requires specialized network hardware that has to be compatible with that medium. You have probably heard terms such as Layer 1, Layer 2, and so on. These refer to the OSI reference model, which defines network hardware and services in terms of the functions they perform. (The OSI reference model is discussed in detail in Chapter 5, "Data Communications Basics.") Transmission media operate at Layer 1 of the OSI model: They encompass the physical entity and describe the types of highways on which voice and data can travel. It would be convenient to construct a network of only one medium. But that is impractical for anything but an extremely small network. In general, networks use combinations of media types. There are three main categories of media types:

Copper cableTypes of cable include unshielded twisted-pair (UTP), shielded twisted-pair (STP), and coaxial cable.
Copper-based cables are inexpensive and easy to work with compared to fiber-optic cables, but as you'll learn when we get into the specifics, a major disadvantage of cable is that it offers a rather limited spectrum that cannot handle the advanced applications of the future, such as teleimmersion and virtual reality.

WirelessWireless media include radio frequencies, microwave, satellite, and infrared. Deployment of wireless
media is faster and less costly than deployment of cable, particularly where there is little or no existing infrastructure (e.g., Africa, Asia-Pacific, Latin America, eastern and central Europe). Wireless is also useful where environmental circumstances make it impossible or cost-prohibitive to use cable (e.g., in the Amazon, in the Empty Quarter in Saudi Arabia, on oil rigs).

There are a few disadvantages associated with wireless, however. Historically, wireless solutions support much lower
data rates than do wired solutions, although with new developments in wireless broadband, that is becoming less of an issue (see Part IV, "Wireless Communications"). Wireless is also greatly affected by external impairments, such as the impact of adverse weather, so reliability can be difficult to guarantee. However, new developments in laser-based communicationssuch as virtual fibercan improve this situation. (Virtual fiber is discussed in Chapter 15, "WMANs, WLANs, and WPANs.") Of course, one of the biggest concerns with wireless is security: Data must be secured in order to ensure privacy.

9 Fiber opticsFiber offers enormous bandwidth, immunity to many types of interference and noise, and improved
security. Therefore, fiber provides very clear communications and a relatively noise-free environment. The downside of fiber is that it is costly to purchase and deploy because it requires specialized equipment and techniques.

A.3 In computing, a Uniform Resource Locator (URL) is a subset of the Uniform Resource Identifier (URI) that specifies where an identified resource is available and the mechanism for retrieving it. In popular usage and in many technical documents and verbal discussions it is often incorrectly used as a synonym for URI.[1] In popular language, a URI is also referred to as a Web address. The components of a URL A URL (Uniform Resource Locator) is a specific type of URI (Universal Resource Identifier). A URL normally locates an existing resource on the Internet. A URL is used when a Web client makes a request to a server for a resource. The concepts of the URI and the URL are defined by the Internet Society and IETF (Internet Engineering Task Force) Request for Comments document RFC 2396, Uniform Resource Identifiers (URI): Generic Syntax (http://www.ietf.org/rfc/rfc2396.txt). Briefly, a URI is defined as any character string that identifies a resource. A URL is defined as those URIs that identify a resource by its location or by the means used to access it, rather than by a name or other attribute of the resource. A URL for HTTP (or HTTPS) is normally made up of three or four components:

1. A scheme. The scheme identifies the protocol to be used to access the resource on the Internet. It can be HTTP
(without SSL) or HTTPS (with SSL).

2. A host. The host name identifies the host that holds the resource. For example, www.example.com. A server
provides services in the name of the host, but there is not a one-to-one mapping between hosts and servers. Host names explains more about host names. Host names can also be followed by a port number. Port numbers explains more about these. Well-known port numbers for a service are normally omitted from the URL. Most servers use the well-known port numbers for HTTP and HTTPS, so most HTTP URLs omit the port number.

3. A path. The path identifies the specific resource within the host that the Web client wants to access. For example, /software/htp/cics/index.html. 4. A query string. If a query string is used, it follows the path component, and provides a string of information that
the resource can use for some purpose (for example, as parameters for a search or as data to be processed). The query string is usually a string of name and value pairs, for example, q=bluebird. The scheme and host components of a URL are not defined as case-sensitive, but the path and query string are casesensitive. Usually, the whole URL is specified in lower case. The components of the URL are combined and delimited as follows: scheme://host:port/path?query

WaIf a query string is specified, it is preceded by a question mark. Syntax of an HTTP URL .-:80-----. >>-http://--+-host name--+--+---------+--/--path component------> '-IP address-' '-:--port-' >--+-----------------+-----------------------------------------><

The scheme is followed by a colon and two forward slashes. If a port number is specified, that number follows the host name, separated by a colon. The path name begins with a single forward slash.

10
'-?--query string-' qr This is an example of an HTTP URL: http://www.research.ibm.com/software/htp/cics/index.html If a port number was specified, the URL would be: http://www.research.ibm.com:1030/software/htp/cics/index.html

A.4 Threats to Computer Security Source: aawqyaaiaqoqfQdsaaqrqttqpqoqoqAtqqAaqpaqqqaayqiAquhAoqoAqapqQaqqOQaqwatqqqa aqqgaaaAAqapaqiaqqaAQQaqaqAqpawqarqaqapAa fqqqgqyqoq qlqwaqqqAfqrqawq qawqqaqwafaqaqeqqaywqQqwq qaqhqqgqOaaQQAw aqWaqQqsqaqQwAqrQGqAuAqA An Introduction to Computer Security: The NIST Handbook National Institute of Standards and Technology Technology Administration U.S. Department of Commerce Special Publication 800-12 Computer systems are vulnerable to many threats that can inflict various types of damage resulting in significant losses. This damage can range from errors harming database integrity to fires destroying entire computer centers. Losses can stem, for example, from the actions of supposedly trusted employees defrauding a system, from outside hackers, or from careless data entry clerks. Precision in estimating computer security-related losses is not possible because many losses are never discovered, and others are "swept under the carpet" to avoid unfavorable publicity. The effects of various threats varies considerably: some affect the confidentiality or integrity of data while others affect the availability of a system. 1. Errors and Omissions Errors and omissions are an important threat to data and system integrity. These errors are caused not only by data entry clerks processing hundreds of transactions per day, but also by all types of users who create and edit data. Many programs, especially those designed by users for personal computers, lack quality control measures. However, even the most sophisticated programs cannot detect all types of input errors or omissions. A sound awareness and training program can help an organization reduce the number and severity of errors and omissions. Users, data entry clerks, system operators, and programmers frequently make errors that contribute directly or indirectly to security problems. In some cases, the error is the threat, such as a data entry error or a programming error that crashes a system. In other cases, the errors create vulnerabilities. Errors can occur during all phases of the systems life cycle. 2. Fraud and Theft Computer systems can be exploited for both fraud and theft both by "automating" traditional methods of fraud and by using new methods. For example, individuals may use a computer to skim small amounts of money from a large number of financial accounts, assuming that small discrepancies may not be investigated. Financial systems are not the only ones at risk. Systems that control access to any resource are targets (e.g., time and attendance systems, inventory systems, school grading systems, and long-distance telephone systems). Computer fraud and theft can be committed by insiders or outsiders. Insiders (i.e., authorized users of a system) are responsible for the majority of fraud. Since insiders have both access to and familiarity with the victim computer system (including what resources it controls and its flaws), authorized system users are in a better position to commit crimes. Insiders can be both general users (such as clerks) or technical staff members. An organization's former employees, with their knowledge of an organization's operations, may also pose a threat, particularly if their access is not terminated promptly.

11
3. Employee Sabotage Employees are most familiar with their employer's computers and applications, including knowing what actions might cause the most damage, mischief, or sabotage. The downsizing of organizations in both the public and private sectors has created a group of individuals with organizational knowledge, who may retain potential system access (e.g., if system accounts are not deleted in a timely manner). The number of incidents of employee sabotage is believed to be much smaller than the instances of theft, but the cost of such incidents can be quite high. Common examples of computer-related employee sabotage include: destroying hardware or facilities, planting logic bombs that destroy programs or data, entering data incorrectly, "crashing" systems, deleting data, holding data hostage, and changing data. 4. Loss of Physical and Infrastructure Support The loss of supporting infrastructure includes power failures (outages, spikes, and brownouts), loss of communications, water outages and leaks, sewer problems, lack of transportation services, fire, flood, civil unrest, and strikes. 5. Malicious Hackers The term malicious hackers, sometimes called crackers, refers to those who break into computers without authorization. They can include both outsiders and insiders. Much of the rise of hacker activity is often attributed to increases in connectivity in both government and industry. One 1992 study of a particular Internet site (i.e., one computer system) found that hackers attempted to break in at least once every other day. The hacker threat should be considered in terms of past and potential future damage. Although current losses due to hacker attacks are significantly smaller than losses due to insider theft and sabotage, the hacker problem is widespread and serious. 6. Industrial Espionage Industrial espionage is the act of gathering proprietary data from private companies or the government for the purpose of aiding another company(ies). Industrial espionage can be perpetrated either by companies seeking to improve their competitive advantage or by governments seeking to aid their domestic industries. Foreign industrial espionage carried out by a government is often referred to as economic espionage. Since information is processed and stored on computer systems, computer security can help protect against such threats; it can do little, however, to reduce the threat of authorized employees selling that information. 7. Malicious Code Malicious code refers to viruses, worms, Trojan horses, logic bombs, and other "uninvited" software. Sometimes mistakenly associated only with personal computers, malicious code can attack other platforms. Actual costs attributed to the presence of malicious code have resulted primarily from system outages and staff time involved in repairing the systems. Nonetheless, these costs can be significant. Malicious Software: A Few Key Terms Virus: A code segment that replicates by attaching copies of itself to existing executables. The new copy of the virus is executed when a user executes the new host program. The virus may include an additional "payload" that triggers when specific conditions are met. For example, some viruses display a text string on a particular date. There are many types of viruses, including variants, overwriting, resident, stealth, and polymorphic. Trojan Horse: A program that performs a desired task, but that also includes unexpected (and undesirable) functions. Consider as an example an editing program for a multiuser system. This program could be modified to randomly delete one of the users' files each time they perform a useful function (editing), but the deletions are unexpected and definitely undesired!

12
Worm: A self-replicating program that is self-contained and does not require a host program. The program creates a copy of itself and causes it to execute; no user intervention is required. Worms commonly use network services to propagate to other host systems. 8. Threats to Personal Privacy The accumulation of vast amounts of electronic information about individuals by governments, credit bureaus, and private companies, combined with the ability of computers to monitor, process, and aggregate large amounts of information about individuals have created a threat to individual privacy. The possibility that all of this information and technology may be able to be linked together has arisen as a specter of the modern information age. Firewalls Advantages

1. A feeling of increased security that your PC and contents are being protected. 2. Relatively inexpensive or free for personal use. 3. New releases are becoming user friendly. 4. You can monitor incoming and outgoing security alerts and the firewall company will record and track down an
intrusion attempt depending on the severity.

5. Some firewalls but not all can detect viruses, worms, Trojan horses, or data collectors. 6. All firewalls can be tested for effectiveness by using products that test for leaks or probe for open ports.
A.5 Electronic Data Interchange (EDI) refers to the structured transmission of data between organizations by electronic means. It is used to transfer electronic documents from one computer system to another, i.e. from one trading partner to another trading partner. It is more than mere E-mail; for instance, organizations might replace bills of lading and even checks with appropriate EDI messages. It also refers specifically to a family of standards, including the X12 series. However, EDI also exhibits its pre-Internet roots, and the standards tend to focus on ASCII (American Standard Code for Information Interchange)-formatted single messages rather than the whole sequence of conditions and exchanges that make up an inter-organization business process. ADVANTAGES OF EDI Companies use EDI to exchange information for a variety of different reasons, mainly increased efficiency and cost savings. For example, EDI allows business transactions to occur in less time and with fewer errors than do traditional, paper-based means. It reduces the amount of inventory companies must invest in by closely tying manufacturing to actual demand, allowing for just-in-time delivery. By doing away with paper forms, EDI also reduces postage costs and the expenses and space considerations involved in paper-based record storage. Some companies have seen dramatic improvements in their business processes, such as the shortening of delivery times from days to hours. However, other EDI users have continued to experience snags. In Planet IT, Procter & Gamble, a leading packaged goods manufacturer, reported that it found errors in more than 30 percent of its electronic orders, although these were mainly due to human mistakes.

Although many companies don't view EDI as a strategic weapon, it certainly can be used as one. Having the capability to engage in EDI is a marketing tool, because it makes suppliers attractive to retailers and other companies who buy goods and services. In a situation where several suppliers offer similar products, being EDI-enabled can be an important differential. EDI also can be used to form alliances between companies that provide advantages over competitors in several

13

ways, including the ability to offer the lowest market prices and the best customer service. Such alliances also can lead to newer or more innovative services. Disadvantages: There are a few barriers to adopting electronic data interchange. One of the most significant barriers is the accompanying business process change. Existing business processes built around slow paper handling may not be suited for EDI and would require changes to accommodate automated processing of business documents. For example, a business may receive the bulk of their goods by 1 or 2 day shipping and all of their invoices by mail. The existing process may therefore assume that goods are typically received before the invoice. With EDI, the invoice will typically be sent when the goods ship and will therefore require a process that handles large numbers of invoices whose corresponding goods have not yet been received. Another significant barrier is the cost in time and money in the initial set-up. The preliminary expenses and time that arise from the implementation, customization and training can be costly and therefore may discourage some businesses. The key is to determine what method of integration is right for your company which will determine the cost of implementation. For a business that only receives one P.O. per year from a client, fully integrated EDI may not make economic sense. In this case, businesses may implement inexpensive "rip and read" solutions or use outsourced EDI solutions provided by EDI "Service Bureaus". For other businesses, the implementation of an integrated EDI solution may be necessary as increases in trading volumes brought on by EDI force them to re-implement their order processing business processes. The key hindrance to a successful implementation of EDI is the perception many businesses have of the nature of EDI. Many view EDI from the technical perspective that EDI is a data format; it would be more accurate to take the business view that EDI is a system for exchanging business documents with external entities, and integrating the data from those documents into the company's internal systems. Successful implementations of EDI take into account the effect externally generated information will have on their internal systems and validate the business information received. For example, allowing a supplier to update a retailer's Accounts Payables system without appropriate. checks and balances would be a recipe for disaster. Businesses new to the implementation of EDI should take pains to avoid such pitfalls. Increased efficiency and cost savings drive the adoption of EDI for most trading partners. But even if a company would not choose to use EDI on their own, pressures from larger trading partners (called hubs) often force smaller trading partners to use EDI. An example of this is Wal-Mart`s insistence on using EDI with all of its trading partners; any partner not willing to use EDI with Wal-Mart will not be able to do business with the company. Components of EDI The following components and tools are necessary for performing EDI.

Trade Agreement - a legally binding trade agreement between you and your trading partner. Standard Document Format - the standard agreed upon format for the document to be electronically transmitted. EDI Translation Management Software - software used to convert the document your application's format into the
agreed upon standard format. For optimum performance the translation software should be on the same platform as your business application. application. It can be a module to the translator or a separate software application. baud rate, the faster the communications will be.

Communications Software - a programming tool that enables you to write communications protocols, or a separate Modem - a hardware device used to transmit electronic information between computer systems. The higher the VAN - stands for Value Added Network. A network to which you can connect to transmit data from one computer
systems to another. One network can act as a gateway to another.

Point-to-Point - a direct communication link from one computer to another. Some trading partners offer a direct
connection to their EDI computer. Trading partners may opt for this method of communication instead of using a VAN

14

Case study A.1 there are certain steps that company can take to reduce the cost. Company can use more internet facility for conferencing and getting details on the net because it is cheaper then the telephone cost which is coming out $ 150,000 per year. They can deploy some main employees at the sight only to reduce the other cost like counseling photocopies and telephone cost. From 35 overseas at least 20 can be placed to the sites to reduce the cost. A.2 The best way to sending the data is through the internet as discussed in earlier question as it is cheaper then the telephone. It is best as it can use for records and evidence in future. There will be no fear of data loss and wrong information. Company can use skype connection which gives free call as well as data transfer in this way they can save lots of money. A.3 they can use scanning machine to reduce the photocopy cost. They can scan the document and send it number of people through mail. In this way they can reduce photocopy cost.

15

Part C

1. B 2. A 3. C 4. C 5. B 6. A 7. A 8. C 9. A 10. D 11. A 12. C 13. D 14. A 15. B 16. C 17. D 18. D 19. A 20. A 21. B 22. A 23. B 24. D 25. B 26. A 27. D 28. D 29. A 30. D 31. A 32. B 33. B 34. B 35. D 36. C 37. D

16 38. C 39. B 40. D