Вы находитесь на странице: 1из 125

UofZ

Computer Centre
IT @ UZ
Session -1
Module 1
Introduction to IT
WHAT IS A COMPUTER AND WHAT DOES IT DO?

• An electronic machine, operating under the


control of instructions stored in its own
memory
– accepts data
– manipulates the data according to specified rules
– produces results
– stores the results for future use
• It can execute a prerecorded list of
instructions (a program)
COMPUTER SYSTEMS

• Purpose: To convert data into information


• The Information Processing Cycle: Input-Process-Output and Storage
• Components of a Computer System
– Computer hardware
– Computer software
– People: users and IS professionals

Data vs. Information


Data:
Collection of raw unprocessed facts, figures, and
symbols

Information:
Data that is organized,
meaningful, and useful
The Information Processing Cycle

Process
Input Manipulate the
Any data or input (data) to
instructions you produce output
enter into a (information)
computer

Output
Communication Data that has
The capability of been processed
communicating into information
with other
computers
Hardware, Software
 Hardware:  Software:
The electric, electronic, and The series of instructions that
mechanical equipment that makes up a
computer
tells the hardware how to
People perform tasks
End user who is the ultimate user of a computer system usually implies an
individual with a relatively low level of computer expertise
Power user is someone who has considerable experience with computers
and utilizes the most advanced features of applications.
IS Professionals are people who develop and operate IS.

Who designs and writes software:


 Computer programmer
– uses a programming language to write software programs
 Systems Analyst
– works with both the user and the programmer to determine the desired output of
the program
The Components of Computer Hardware
PC camera system unit
speaker
printer
speaker

monitor

keyboard
modem
scanner
mouse

microphone
digital camera
Computer Hardware
any part of a computer system that you can see or touch
 Computer (or system unit): CPU and Main Memory
 Peripheral: any piece of hardware attached to a computer
– Input devices
– Output devices
– Secondary storage devices
– Communications devices
Input Devices
Any hardware component that allows a user to enter data
and instructions into a computer

microphone PC camera
microphone PC camera
keyboard
keyboard

scanner
scanner

digital
digital
camera
camera
Output Devices
Any hardware component that can convey information to a user

monitor speakers

printer
The Components of a Motherboard
 CPU or a Processor
– Electronic device that interprets and carries out the basic
instructions that operate the computer
 Memory
– Temporary holding place for data and instructions
Storage
 Holds data, instructions, and information for future use
 Storage Medium
– Physical material on which a computer keeps the data,
instructions and information
 Storage Device
– Records & retrieves items to and from a storage medium
– Devices often function as source of input because they
transfer items from storage into memory
Main-Memory Management
 Memory is a large array of words or bytes, each with its own
address. It is a repository of quickly accessible data shared by
the CPU and I/O devices.
 Main memory is a volatile storage device. It loses its contents
in the case of system failure.
 The operating system is responsible for the following activities
in connections with memory management:
– Keep track of which parts of memory are currently being
used and by whom.
– Decide which processes to load when memory space
becomes available.
– Allocate and deallocate memory space as needed.
Introduction to Software & Concepts
of Programming
Software
Software is a collection of programs whose objective is to enhance
the capabilities of a hardware machine.

Types of software
•System software
->Operating System
->Utility Programs
->Language Translators
•Application software
->Customs programming
->Pre-written Packages
System Software

Systems software consists of low-level programs that interact


with the computer at a very basic level. These programs
control the operations of the computer and its devices
 Operating System: Set of programs that coordinate all the
activities among computer hardware devices
 Utility program: performs a specific task, usually related
to managing a computer, its devices, or its programs
Application software
 Programs that do real work for users
 Suite - Collection of popular individual software
applications bundled together as a single unit
– Word processing
– Spreadsheet
– Database
– Presentation graphics
Benefits of Structured Programming
• Programs that meet the needs of the customer
• Though initially take longer time to generate code,
often result in code with runs with no bugs the first
time it’s run
• Easy to handle change in program specifications in the
future
Structured Programming
• A tool that becomes popular since the 70’s
• Should have been learnt by student that have taken
any programming course
• Absolutely essential for handling large programs that
involve a team of programmers and huge number of
man hours.
• The other popular philosophy is “object oriented
programming”, but many programmers prefers
structured programming
Seven Important Concepts of Structured
Programming: 1. Structured Walkthrough

• Before writing any program, the programming team must sit


down with the customer and find out the requirement
• Extremely important
• Customer’s requirement is often imprecise
• Iterative: several rounds of talks
• Must result in a specifications that is
– very precise
– Understandable by programmer in programming terms
2. Stepwise Refinement
• A “DIVIDE and CONQUER” strategy
• When given a large job, divide it into smaller jobs.
• Given any job, it is useful to divide it into
– Input
– Process
– Output
• Draw a tree
• Refine each job level by level (Breadth first)
• Use pseudo code to describe each job
• Decision on data structure is delayed as much as possible
Extremely
Complex
Job

Input Process Output Level 1

… …
Input from
user Initialize Level 2


Initialize security Level 3
settings
3. Modular Design
• Each ellipse is a module
• A module is a self contained block:
– It only receives inputs from its immediate ancestor
– It only outputs to its immediate ancestor
– Its computation should only require calling functions that are its
immediate children and them only
• The input variables and output variables of each module
should be specified when defining the module
• Each module must be “programmable” – no majic block
should exist
4. Bottom Up Coding
• When the refinement has reached a simple function,
code the simple function
• You can test the simple function independently of the
rest of the program
• This gives you achievement and satisfaction,
sustaining you through the long project
• Project Manager exercises division of labour here,
ask a member to be responsible solely for that
function
5. Testing Using Stubs
• A structured Programming project can be field tested
before everything finishes
• Stubs - for unfinished modules, use a human being to
emulate it, act on the test inputs, she fits in the correct
output data by hand
• then other programmers can test their work
• Meanwhile she continues to program her own module
(according to MS Project timelines)
6. White Box and Black Box Testing

• For each module and whole program

• White Box
– Input something for which you know the desired result, it
should give your expected output
• Black Box
– Treat it as a black box, input some data, is the result
reasonable?
7. Structured Programming Documents
• A structured programming document is generated
along with the program
• When requirement of customer changes, go to the
document
• Does not need to rewrite the whole program, just find
which modules need to rewrite and rewrite the
module and the sub-tree under it
• Programmer usually forgets their code in 2 months;
the structured document helps her to refresh her work
quickly
OOPs

Objects, Classes, Attributes and


Methods
What is Object Oriented Programming?

• Object Oriented Programming is an approach that


provides a way of modularizing programs by
creating partitioned memory area for both data and
functions that can be used as templates for creating
copies of such modules on demand
Glossary
Object: Data accessed and manipulated through an
interface, such as the Imagine program

Class: A template for a new object design

Inheritance: New class created by the modification of an


existing class

Instantiation: Creating a new object from an existing


class
The new object is known as an instance of Class X
Advantages of OOPS
• Objects
• Classes
• Data Abstraction and Encapsulation
• Inheritance
• Dynamic Binding
• Message Communication (message passing)
• Reusability
• Creating New Data Types
• Polymorphism & Overloading
…..
What is an Operating System?

• A program that acts as an intermediary between a


user of a computer and the computer hardware.
• Operating system goals:
– Execute user programs and make solving user problems
easier.
– Make the computer system convenient to use.
• Use the computer hardware in an efficient manner.
Four Components of a Computer System
Operating System Definition

• OS is a resource allocator
– Manages all resources
– Decides between conflicting requests for efficient and fair
resource use
• OS is a control program
– Controls execution of programs to prevent errors and
improper use of the computer
Operating System Definition (Cont.)

• No universally accepted definition


• “Everything a vendor ships when you order an
operating system” is good approximation
– But varies wildly
• “The one program running at all times on the
computer” is the kernel. Everything else is either a
system program (ships with the operating system) or
an application program
Operating System Structure
Multiprogramming needed for efficiency
– Single user cannot keep CPU and I/O devices busy at all times
– Multiprogramming organizes jobs (code and data) so CPU always has
one to execute
– A subset of total jobs in system is kept in memory
– One job selected and run via job scheduling
– When it has to wait (for I/O for example), OS switches to another job
• Timesharing (multitasking) is logical extension in which CPU
switches jobs so frequently that users can interact with each job
while it is running, creating interactive computing
– Response time should be < 1 second
– Each user has at least one program executing in memory process
– If several jobs ready to run at the same time  CPU scheduling
– If processes don’t fit in memory, swapping moves them in and out to
run
– Virtual memory allows execution of processes not completely in
memory
Memory Layout for Multiprogrammed System
Computer Network
Overview of Networking
Network: interconnected collection of autonomous computers,
capable of exchanging information.
•A communications network is two or more computers connected to share
data and resources are “networked.” The simple idea behind computer
networking is to allow users to access more information and give them
access to devices not directly attached to their “local” system, such as
printers or storage devices.
Three of the main types of computer networks are:
• LAN - Local Area Network
• MAN – Metropolitan Area Network
• WAN - Wide Area Network
A LAN is comprised of computers located within
close proximity, such as in an office or building.
A WAN is a network of computers that are situated
further apart, but still connected. Such a network
might be of computers within a single state agency
or of a multi-national corporation worldwide.

A MAN is a communication infrastructures that have been


developed in and around large cities
Computer Networks
Local Area Networks are configured in 3 basic
topologies. These are either the logical or
physical way the computers are connected. Each
connection on the network is known as a node.

These topologies are:


• Star
• Bus
• Ring
Server

A Star topology connects all the nodes directly to the


server or to a connecting device such as a hub.
Server

All nodes on a Bus topology are connected to a


central line or backbone.
Server

Nodes on a Ring topology are connected in a closed


loop. This means that each node has two connections,
one in and another out. Using this type of topology
the data must travel through all the nodes.
INTERNET TECHNOLOGIES

•INTRODUCTION TO INTERNET
•INTRODUCTION TO INRANET AND EXTRANET
•BASIC CONCEPTS OF INTERNET AND IP ADDRESS
•DHCP
•DNS
•PROTOCOLS
•SERVICES OF INTERNET
INTRODUCTION TO INTERNET

In 1969, the Advanced Research Projects Agency


(ARPA) of the U.S. Department of Defense created
the Internet when it connected the computers at
universities and defense contractors. This system
was called ARPANET.
Internet
Internet is a world wide system accessible through computers.
•The Internet is not just one computer,it is a coordinated union of
multitude of networks all over the world.
•It is a network consisting of millions of machines
•.Network of networks.
•Millions of computers all over the world are connected through the
Internet.
•Not a Government Organization
•Authority of the Internet is the Internet Society, a Voluntary
membership organization whose purpose is to promote global
information exchange.
The Internet Today
The Internet today is a cooperative community of over
100 million computer users connected worldwide.
INTRODUCTION TO INTRANET

INTRANET

•Intranet is an in-house network

•Intranet allows internal circulation of


information within the company

•Intranet in an office,allows access of


information to its offices and personnel
Basic Concepts of Internet And
IP Address
Internet Address
Just like every house, every office, every location has an
address, every page on the Internet has a unique address.
This address is used get the web page for user from
Internet.
the address on the Internet is known as URL (Uniform
Resource Locator).
A typical Internet address or URL would look like;
http://www.nos.org/computers/internet/url.htm
The URL contains the components that specify the
protocol, server, and pathname of an item
(http://www.nos.org/computers/internet/url.htm).

The protocol is followed by a colon


(http:),

the server is preceded by two slashes


(//www.nos.org), and
each segment of the pathname is
preceded by a single slash
(/computers/internet/url.htm).

A protocol is set of rules that tells the


computer know how to interpret the
information at that address.
What are protocols ?
 Networking software is organized as protocols
 Eg: Human protocol vs network protocol:

Hi TCP connection
req.
Hi
TCP connection
Got the reply.
time? Get http://www.rpi.edu/index.htm
2:00
<file>
time
IP Address:
IP Address is a numeric identifier assigned to
each machine on an IP network.It designates the
location of the device that is assigned to it on the
network.It is a software address.
Each host should have a logically unique IP
address.
IP ADDRESS CONSIST OF TWO
PARTS
 Network ID  HOST ID
 Identifies the system  Identifies a
located on the same server,workstation,rou
physical network ter within a network
 All systems have
 All systems have same unique ID in the
Network ID in the network
same network
PROTOCOLS
The first component, the protocol, defines the
manner for interpreting computer information.
Many Internet pages use HTTP (Hyper Text
Transfer Protocol).

Other common Internet protocols:


FTP (File Transfer Protocol), and
GOPHER (an alternative transfer protocol). Gopher
protocol is mostly out of date now.
DHCP
Dynamic host configuration Protocol
Centralizes and manages the allocation of TCP/IP
configuration information by automatically assigning IP
addresses to computers configured to use DHCP.
DHCP is a simple process by which a host system
obtains an IP address,which is must for communication
with rest of the network.
DHCP uses 4-phase process to configure

•A DHCP client
•A request for an IP address by a client
•An offer made to the client by DHCP server
•The client selecting an offer and asking for a lease
•The DHCP server sending an acknowledgement.
DNS
DNS : Domain Naming System
Translate the Fully-Qualified Domain Name of a
computer into its corresponding IP Number.
People find names easier to remember than numbers
A fully qualified domain name such as www.npr.org
is converted to correct IP number 205.153.39.182 by
the Domain Name Server and the IP number is used
to establish connection.
IP address also uses country codes comprising of two
letters
This lettering system is called DNS i.e. country codes
for India is in,ca for canada,au for Australiaetc.
Services of Internet - E-mail, FTP, Telnet, WWW

E-Mail:
E-mail or Electronic mail is a paperless method of sending
messages, notes or letters from one person to another
through Internet .

The biggest advantage to using e-mail is that it is cheap,


especially when sending messages to other states or
countries .
Features of E-mail:

One-to-one or one-to-many communications


Instant communications.
Physical presence of recipient is not required
Most inexpensive mail service, 24-hours a day and seven
days a week
Encourages informal communication
Components of an E-mail
Address

As in the case of normal mail system, e-mail is also based


upon the concept of a recipient address.
John@hotmail.com
john: name of a mailbox on the destination
computer, where finally the mail will be
delivered.
hotmail: the mail server where the mailbox
"john" exists.
.com: the type of organization on net, which is
hosting the mail server.
Types of Organizations
There are six main categories;

com Commercial institutions or organization


edu Educational institutions
gov Government site
mil Military site
net Gateways and administrative hosts
org Private organizations
FTP (File Transfer Protocol)

An Internet utility software used to upload and download files.

It gives access to directories or folders on remote computers and


allows software, data and text files to be transferred between
different kinds of computers.
The basic objectives of FTP are:
To give flexibility and promote sharing of computer
programs, files and data

To transfer data reliably and more efficiently over


network

To encourage implicit or indirect use of remote


computers using Internet

To shield a user from variations in file storage systems


among hosts.
WORLD WIDE WEB (WWW)
also commonly known as ‘The Web’.

The WWW is hypertext based information retrieval tool.


One can easily surf the Web by jumping from one
document to another using the links in those documents.

These documents can be in many formats, such as text,


graphics, animation, sound and latest is video.
Web Pages
All the information on Internet are presented to the
user as a document or more popularly known as
Web Page.

All these Web Pages are link to each other or even


to section within a Web Page. And these links are
known as Hyper Links.

tool used to view these Web Pages on Internet is


known as Internet browser or simply browser.
Introduction to DBMS
File Organization
• Sequential Organization
Sequential organization simply means storing and sorting in physical,
contiguous blocks within files on tape or disk.
• Indexed Sequential Organization
Use an index to locate records. Indexed sequential organization reduces the
magnitude of the sequential search and provides quick access for sequential
and direct processing.
• Inverted List Organization
In indexed sequential method has a multiple index for s given, where as the
inverted list method has a single for each key type
• Direct Access Organization
File Organization Method-A Summary
Method Advantage Disadvantage

Sequential Simple to design Records cannot be added to


Easy to program the middle of file
Variable length and blocked
records available
Best use of storage

Indexed-sequential Records can be inserted or Unique keys required


updated in the middle of file Processing occasionally slow
Processing may be carried Periodic reorganization of
out sequential or randomly file required
File Organization Method-A Summary

Method Advantage Disadvantage

Inverted List Used in application


requesting specific data on
multiple keys

Random Records can be inserted or Calculating address


updated in the middle of file required for processing
Better control over record Variable length records
allocation nearly impossible to process
Objectives of Data Base

1.Controlled redundancy
2.Ease of Learning and use
3.Data independence
4.More information at low cost
5.Accuracy and integrity
6.Recovery from Failure
7.Privacy & Security
8.Performance
Data Base Design
1.Key Terms (entities, attributes, DDL, DML etc…)
2.Logical & Physical Views of Data (Schemas and
subschema)

3.Data Structure
 Types of Relationship (1:1, 1:M M:M)
 Types of Data structure
 Hierarchical structuring
 Networking Structuring
 Relational structuring
 Entities & Attributes

4. Normalization
Refining of data structure
1NF
2NF
3NF
ERP Defined
Enterprise resource planning (ERP) software is a set
of applications that automate finance and human
resources departments as well as handle jobs such as
order processing and production scheduling. ERP
vendors have expanded into applications such as
Manufacturing, supply-chain management, customer
relationship management, and industry verticals.
An ERP system is based on a common database and a
modular software design
Finance Human Resources e-Business

-General Ledger -HR/Benefits -eProcurement


-Accounts Receivable Administration - Employee Self Service
-Accounts Payable -Payroll - e-Recruiting/e-Hiring
-Procurement -Self-service HR - e-Filing
-Fixed Assets - Citizen Access
-Treasury Mgmt - Web-enabled transactions
-Cost Control - e-Commerce
-Grant Management

Transaction Engine
Core software that manages
transaction flow among
applications and handles tasks
like security and data integrity

Customer Relationship Mgt


Data Analysis
Supply Chain Mgmt
Decision support software that lets -Consistent user experience
senior executives and other users - Personalization of services
Planning, scheduling and fulfillment - Realtime access- enterprise info
analyze transaction data to track
applications that address all
business performance
procurement requirements across
the enterprise
Characteristics of an ERP System
 Includes business management software that enables finance and
human resources in a completely integrated fashion
 Enables high levels of integration across business functions and
units

 Provides for widespread sharing of data from a single information


repository

 Drives extensive business transformation and change management


efforts

 Requires high levels of implementation effort and support


ERP Implementation Benefits

 Streamlines or eliminates inefficient manual


processes
 Eliminates disparate stand-alone systems
 Provides integrated, enterprise-wide common tools,
processes and systems
 Establishes a backbone structure that can be leveraged
to handle all operational processes
 Integrates and increases control of budgeting,
planning and financial management processes
ERP Implementation Benefits
(continued)
 Provides enterprise-wide reporting and decision
support
 Presents opportunity for re-engineering with industry
best practices and templates
 Presents opportunity to lever vendors’ future
investment in enhanced functionality
 Incorporates new functionality and technology -
provides a springboard to e-Business
ERP Implementation Activities

Manage It... Change It... Implement It.. Operate It... Service It... Teach It..
• Prime Contractor • Change Mgment
• Business Vision
• Package Integration • Data Center • Platforms & • Training Needs
Project Management
• Detailed Project and Goals (SAP,PeopleSoft, JDE, Operations Technology Assessment
planning and • Process Analysis Oracle...) • Application Services • Custom
Tracking • Package Select . • Software Environment Development • Installation/ Curriculum and
• Communications • Business Case Builds & Maintenance Customization & Material
Plan • Bus. Process • Enterprise-wide • Network Station Maintenance Development
• Subcontractor Reengineering Infrastructure Management • Performance and • CBT Developme
management • Industry Best Planning/Design & • Network Tuning • End User Traini
• Project Scope Practices Roll-out Operations & • Software Services Classes
Control • As Is /To Be • Interfaces and Support • Planning/Design/ • Train-the-
• Financial Control Process Install Trainers
Conversions
• Project Oversight and Modeling • Migration • Roll-out of
• Data Warehouse Management Training
Quality Assurance • Fit-Gap Analysis
• Policy Design
Integration • Problem Mgmt.
Reviews
and Procedure • E-Business • Systems Mgmt.
Dev. • Business Intelligence • Internet Enablement
• Readiness • Networking • Web Site Design
Assessment • Design • Help Desk
• Organizational • Implementation • Disaster Recovery
Design • Tuning • Business
• Communications Resumption
Plan Services
Disadvantage
• Customization of the ERP software is limited.
• Re-engineering of business processes to fit the
"industry standard" prescribed by the ERP system
may lead to a loss of competitive advantage.
• ERP systems can be very expensive leading to a new
category of "ERP light" solutions
 The system may be too complex measured against the
actual needs of the customer.
Electronic Commerce Systems
Electronic Commerce (E-Commerce)
• Commerce refers to all the activities the
purchase and sales of goods or services.
– Marketing, sales, payment, fulfillment, customer
service

• Electronic commerce is doing commerce with


the use of computers, networks and commerce-
enabled software (more than just online
shopping)
Brief History
• 1970s: Electronic Funds Transfer (EFT)
– Used by the banking industry to exchange account information over
secured networks
• Late 1970s and early 1980s: Electronic Data Interchange
(EDI) for e-commerce within companies
– Used by businesses to transmit data from one business to another
• 1990s: the World Wide Web on the Internet provides easy-to-
use technology for information publishing and dissemination
– Cheaper to do business (economies of scale)
– Enable diverse business activities (economies of scope)
E-commerce applications
• Supply chain management
• Video on demand
• Remote banking
• Procurement and purchasing
• Online marketing and advertisement
• Home shopping
• Auctions
Ecommerce infrastructure
• Information superhighway infrastructure
– Internet, LAN, WAN, routers, etc.
– telecom, cable TV, wireless, etc.
• Messaging and information distribution
infrastructure
– HTML, XML, e-mail, HTTP, etc.
• Common business infrastructure
– Security, authentication, electronic payment,
directories, catalogs, etc.
The Main Elements of E-commerce
• Consumer shopping on the Web, called B2C
(business to consumer)
• Transactions conducted between businesses on the
Web, call B2B (business to business)
• Transactions and business processes that support
selling and purchasing activities on the Web
– Supplier, inventory, distribution, payment management
– Financial management, purchasing products and
information
Advantages of Electronic Commerce
• Increased sales
– Reach narrow market segments in geographically
dispersed locations
– Create virtual communities
• Decreased costs
– Handling of sales inquiries
– Providing price quotes
– Determining product availability
• Being in the space
Disadvantages of Electronic Commerce
• Loss of ability to inspect products from remote
locations
• Rapid developing pace of underlying
technologies
• Difficult to calculate return on investment
• Cultural and legal impediments
The process of e-commerce
1. Attract customers
– Advertising, marketing
2. Interact with customers
– Catalog, negotiation
3. Handle and manage orders
– Order capture
– Payment
– Transaction
– Fulfillment (physical good, service good, digital good)
4. React to customer inquiries
– Customer service
– Order tracking
Web-based E-commerce Architecture

Tier 1 Tier 2 Tier 3 Tier N

DMS

Client
Web Server Application Database
Server Server
E-commerce Technologies
• Internet • Access security
• Mobile technologies • Cryptographic security
• Web architecture • Watermarking
• Component • Payment systems
programming
• Data exchange
• Multimedia
• Search engines
• Data mining
• Intelligent agents
Infrastructure for E-commerce
• The Internet
– system of interconnected networks that spans the globe
– routers, TCP/IP, firewalls, network infrastructure, network
protocols
• The World Wide Web (WWW)
– part of the Internet and allows users to share information
with an easy-to-use interface
– Web browsers, web servers, HTTP, HTML
• Web architecture
– Client/server model
– N-tier architecture; e.g., web servers, application servers,
database servers, scalability
E-Commerce Software
• Content Transport
– pull, push, web-caching, MIME
• Server Components
– CGI, server-side scripting
• Programming Clients
• Sessions and Cookies
• Object Technology
– CORBA, COM, Java Beans/RMI
• Technology of Fulfillment of Digital Goods
– Secure and fail-safe delivery, rights management
System Design Issues
• Good architectural properties
– Functional separation
– Performance (load balancing, web caching)
– Secure
– Reliable
– Available
– Scalable
Creating and Managing Content
• What the customer see
• Static vs. dynamic content
• Different faces for different users
• Tools for creating content
• Multimedia presentation
• Integration with other media
• Data interchange
• HTML, XML (Extensible Markup Language)
Cryptography
• Keeping secrets
– Privacy: interceptor cannot use information
– Authentication: sender’s identity cannot be forged
– Integrity: data cannot be altered
– Non-repudiation: sender cannot deny sending
• How to evaluate cryptography
• Secret key (symmetric) cryptography; e.g., DES
• Public key (asymmetric) cryptosystems; e.g, RSA
• Digital signatures, digital certificates
• Key management; e.g., PKI
Security
• Concerns about security
• Client security issues
• Server security issues
• Security policy, risk assessment
• Authentication methods
– Something you know: passwords
– Something you have: smart card
– Something you are: biometrics
• Firewalls, proxy servers, intrusion detection
• Denial of service (DOS) attacks, viruses, worms
Payment Systems
• Role of payment
• Cash
– properties: wide accept, convenient, anonymity,
untraceability, no buyer transaction cost
• Online credit card payment, Smart Cards
– Secure protocols: SSL, SET
• Internet payment systems
– Electronic cash, digital wallets
• Micro-payments
• Wireless devices
Transactions Processing
• Transactions and e-commerce
• Overview of transaction processing
• Transaction processing in e-commerce
• Keeping business records, audit, backup
• High-availability systems
• Replication and scaling
• Implementation
Other System Components
• Taxes
• Shipping and handling
• Search engines
• Data mining
• Intelligent agents
• Inventory management, enterprise resource
planning (ERP)
• Customer relation management (CRM)
Business to Business E-Commerce
Most EDI was done over private networks but there
is a big push to establish common standards to use
it over the Internet:
Open Trading Protocol(OTP)-intended to standardize a
variety of payment-related activities, including purchase
agreements, receipts for purchases, and payments
Open Buying on the Internet (OBI)- standard created by
the Internet Purchasing Roundtable to ensure that all the
different e-commerce systems can talk to each other
These standards work in a similar fashion to the
ANSI X12, which you already learned about.
Business to Business E-Commerce
Example:
The automotive industry is investing in a new venture, the
Automotive Network Exchange (ANX). ANX is a
managed virtual private network (VPN) that runs over the
Internet and links manufacturers and suppliers worldwide.
This will electronically link those suppliers who still
communicate to manufacturers by traditional means
(phone,fax, e-mail). The network will electronically route
product shipment schedules, CAD files for product
designs, POs, payments and other business information.

NOTE: VPN’s provide secure data transfer over the


net--think of them like a tunnel for data
Business to Business E-Commerce
Example:
The Great Plains e.Order demo that you just did is a great
example of B2B over the web. It is done in a client-server
environment with a Great Plains C/S+ back end
(sometimes called back office) and a front end developed
in Microsoft tools. Front end is simply the term used to
describe what you, the user, see. It is the GUI, the web
browser screen you view and/or interact with. Back end is
the term used to describe what is happening with the data
that the user doesn’t see. Typically, that data may be in an
application program or a relational database such as
Oracle, DB2, SQL server, Sybase SQL server.
Business to Business E-Commerce
Example:
Just in case you never got a good understanding of why
client/server (C/S) is such a big deal, here is an example.
A customer calls to change their number. Without C/S the
accounts receivable clerk would have to access the entire
A/R master file from the file server just to change one
record. Since this is probably thousands/millions of records
and takes up lots of bandwith on the network, it makes the
system crawl!!!! With C/S, the server selects out just the
one record and then sends only the one record to the A/R
clerk to be changed. By distributing processing in this way
the system is SIGNIFICANTLY faster!!!
Business to Business E-Commerce
At some point you are going to wonder how the back end and
the front end communicate. They often can’t since many
companies still have back ends that were not created to
interface with (display) over the web. The answer is
Middleware. Middleware is simply the “glue” or layer of
software that allows the front ends (often in Java, HTML,
XML, CGI scripts, ASP pages) to interact with the back
end. Just like you need a translator when someone who is
speaking Spanish is talking to someone who is speaking
French, you often need middleware for your front end to
communicate with your back end.
Business to Consumer E-Commerce
It’s a little different with B2C:
 The consumer moves through the internet to the
merchant’s website.
(i.e. Jay Crew, Amazon.com)
 Decides to purchase a product. He is connected to an
online transaction server. All the information in this server
is encrypted.
 After placing an order, the information moves through a
private gateway to a Processing Network.
 The Processing Network is where the issuing and acquiring

banks complete or deny the transaction.


 THIS ALL TAKES PLACE IN NO MORE THAN 5-7
SECONDS!
Business to Consumer E-Commerce
IT Enabled Service
Information Technology Enabled Services

India, China and Philippines - predominant IT


off shoring

Why?
In order to gain from a large talent pool and
low labor cost.
Information Technology Enabled Services

India has some 5-6 % share of the total


BPO Industry.

This constitutes about 63% share of the


offshore component.
This 63% is a drop from the 70% offshore
share that India enjoyed last year
Information Technology Enabled Services

• It is a form of outsourced service which has emerged


due to involvement of IT in various fields such as
banking and finance, telecommunications, insurance,
etc.

• Some of the examples of ITES are medical


transcription, back-office accounting, insurance
claim, credit card processing

Source: Wikipedia
ITES
Major aspects

– Services and Quality


– Organization and Policies
– Process Management

Source: For the next 5 slides ->Foundations of IT service Management; Van Haren Publishing, 2005;
Services and Quality
Providers of IT services

…………Not only to support the organization

……..…..but the expectation is to present options to


implement the objectives of the organization
(what are the objectives????:–)

Providers of IT services Providers of IT services

……..can no longer afford to ……..have to consider the quality


focus on technology and their of the services they provide and
internal organization. focus on the relationship with
customers.
Services and Quality
The quality of services depends on the way in
which these things are organized

Permanent quality
Demming’s Quality circle Quality management is
everybody’s responsibility
improvement
……..provides a simple and
Quality assurance is a policy
demands
effective a certain
model to control quality
matter within the organization.
(Plan, Do, Check, Act)
degree of maturity
Processes are divided into Quality system is the
of the organization
activities with their own plans organizational structure related to
and opportunities for checking. responsibilities, procedures and
resources for implementing quality
management
ISO 9000 series of standards is often used to develop, define, assess and
improve quality systems
Organization and policies
Vision – Business Model
 Why exist? And how? And the logic?

Does the organization (processes) fulfill the objectives.?


Most common method – the Balanced Scorecard

Objectives help define critical success factors

Key performance indicators (KPI) are parameters for measuring


progress relative to key critical success factors.
Processes
A process is a logically related series of activities
conducted toward a defined objective.

Select Examples:

IT Service Management is Service Delivery Processes:


primarily known as the
process and service- Capacity Management, Availability
focused approach to IT Management, IT Service Continuity
Management, Financial Management for
Management
IT services, Service Level Management

Service Support Processes

Incident Management, Problem


Management, Configuration
Management, Change Management,
Release Management
Information Systems Security
Information Systems Security provides essential information for managing the
security of a modern, evolving enterprise. It is written for information security
managers and other technical managers and staff who are the first-line support
responsible for the daily, efficient operation of security policies, procedures,
standards, and practices. It covers:
•Access control systems and methodologies
•Computer operations security
•Application and systems development
•Business continuity and disaster recovery planning
•Telecommunications and network security
•Security architecture and models
•Physical security
•Cryptography
•Security management practices
•Law, investigations, and ethics
Security Certification (of an IT system)
• The comprehensive evaluation of the management,
operational, and technical security controls in an
information system
• Evaluation supports the security accreditation process
• Evaluation performed by security expert (may be
contractor)
• Assesses the effectiveness of the implemented security
controls in a particular environment of operation
– Are the controls an acceptable set?
– Are the controls operating as intended?
• Determines remaining vulnerabilities in the information
system based on the assessment.
Security Accreditation (of an IT system)
• The official management decision to authorize
operation of an IT system
• Residual risk is one factor in decision
• Authorization:
– Is given by a senior agency official
– Is applicable to a particular environment of operation of
the IT system
– Explicitly accepts the level of residual risk to agency:
Operations (including mission, functions, image or reputation),
Assets, &
Individuals
that remain after the implementation of an agree upon
set of security controls in the IT system.
Terminology
• Certification & Accreditation are “loaded” terms
• Their use is confusing outside of US government
• Security certification: Assessing/verifying
effectiveness of implemented security controls
• Security accreditation: Approval/authorization to
operate IT system
• Above definitions more accurately reflect concepts
C = Certification C: Assess residual vulnerabilities; A: Assess residual risk
A = Accreditation Initiation Development/Acquisition
Disposal

Categorize System Security Planning


Risk Assessment
•Determine Security Requirements
•Select Security Controls

Configuration Management
and control Information Security
Activities Security Control
Development
Operation/ Maintenance

Continuous Monitoring of
Security
Control Effectiveness

Developmental Security
Test & Evaluation
Security Control •Develop Security Test Plan
Security
Integration •Test & Evaluate Security
Accreditation
Controls

Implementation
C: Determine control
A: Assess residual risk; Make effectiveness; Determine &
document residual
accreditation determination vulnerabilities;

System Security Activities (Inside) within the System


Development Life Cycle (Outside)
In Progress (FISMA Requirement for NIST)
FISMA-Related
Completed

In Progress (OMB/FISMA general requirement)


Guidance
SP 800-53 (Interim)
FIPS 199 SP 800-60

FIPS Security Control Categorization &


200 Selection and Mapping of Information
Implementation and Information System
Minimum management, operational, and technical
controls (i.e., safeguards and countermeasures) Defines categories of information and
planned or in place to protect information and information systems according to levels
information systems of risk for confidentiality, integrity, and
AGENCY INFORMATION availability; maps information types to
AND INFORMATION security categories

SP 800-30
SYSTEM
SP 800-37

Risk Assessment System


Authorization
Analyzes the threats to and vulnerabilities of
information systems and the potential impact or (Accreditation)
magnitude of harm that the loss of confidentiality,
integrity, or availability would have on an agency’s The authorization of information
SP 800-37 SP 800-53A
operations and assets systems to process, store, or transmit
information, granted by a senior
Verification of agency official, based on the
SP 800-18 effectiveness of security controls and
Security Control residual risk
Security Planning Effectiveness
(Certification)
Documents the security requirements and
security controls planned or in place for the Measures the effectiveness of the security controls associated with
protection of information and information systems information systems through security testing and evaluation
Assurance in Information Systems (IS)
Building more secure systems requires:
• Well defined system-level security requirements
and security specifications
• Well designed component products
• Sound systems security engineering practices
• Competent systems security engineers
• Appropriate metrics for product/system testing,
evaluation, and assessment
• Comprehensive system security planning and
life cycle management
Supporting Tools and Programs
Building more secure systems is enhanced by:
• Standardized Security Requirements and Specifications
– U.S. Common Criteria protection profile development project
– Private sector protection profile contributions
 BITS functional packages
 Smart Card Security Users Group (SCSUG)
 Process Control Security Requirements Forum (PCSRF)

• IT Component-level Product Testing and Evaluation


Programs
– Common Criteria Evaluation and Validation Schemes (CCRA)
– Cryptographic Module Validation Program (U.S. NIST/Canada CSE)
• Security Implementation Guidance
– Security Technical Implementation Guides
– Security Reference Guides
• System Certification and Accreditation
Supporting Tools and Programs

Laboratory Environment Operational Environment


Accreditation Authority
Protection
General IT Profiles
Products
Validated Products
Real World Threats and Vulnerabilities
CC Evaluations
System-level Protection Profiles
Products
CCEVS
Specific IT System

Technical Security
Accredited
Testing Profiles
Laboratories
Generic
Products
CMVP Systems

FIPS 140-2 Testing


Implementation Guidance
Evidence
 Risk Management  Personnel Security
 Security Policies  Procedural Security
Cryptographic • Security Targets  System Security Plan  Physical Security
Modules • Evaluation Reports
• Validation Reports
• Standards • Certification
• Guidelines • Accreditation
At uofz
…learning never ends
the journey of excellence
continues…

Thank You