REVISION PAPER 5
QUESTION ONE
Describe the following pairs of terms, stating any similarities or differences between them.
- Computer Hardware and Software (5 marks)
- Broadband and Baseband transmission (5 marks)
- CDROM and Floppy Disk (5 marks)
- Microprocessor and ROM (5 marks)
(Total: 20 marks)
REVISION PAPER 5
QUESTION ONE
- Hardware is the physical or tangible parts of a computer system. This encompassesmotherboard, CPU, expansion cards, peripherals such as monitor etc. The hardware is the parts of a computer that carry electrical (or optical etc) signals between the input, output, processor and storage devices. Hardware is generally made by professional manufacturers. Software is the digital instructions or data that a computer needs to operate. It is thesoftware that supplies the instructions for the hardware to operate. These instructions and data are held on hard disks, floppy disks, CDROM, pen drives etc.
Software may be held temporarily in RAM during the operation of a program. Any user may write software. Software can be system software, application software and data.
Similarities and Differences: Software supplies the information required by thehardware for the computer to operate. Both software and hardware are needed for a computer to operate.
- Broadband uses analogue signaling and is more expensive than baseband. Its strength isits capacity. It can carry a wide variety of traffic on many channels simultaneously using FDM. This technology is more complex than baseband and needs fine-tuning to operate at optimum performance. Broadband systems use modems at each end of the channel which
are more expensive than the digital transceivers of baseband systems.
Baseband uses digital signaling which by its nature uses the entire frequency spectrum ofthe cable. Each node’s signal is applied directly to the medium. Only one transmission can be handled at any one time. TDM is used in baseband signaling. It is cheaper than
broadband and much simpler to implement and get running.
Similarities and Differences: Both can carry several users‘ traffic across one medium. Baseband is cheaper than broadband.
- CD-ROM is a plastic platter containing concentric circles of information that have beenformed into the surface of the disk by a moulding technique. It is written once and cannot be altered. Its capacity is around 650 Mbytes although higher capacities up to 800 MB are available. These disks are commonly used for data or music. The information is stored optically, bits being represented by reflective pits formed on the reflective surface
of the disk. CDRW disks are also available that can be written to many times.
Floppy disk is a magnetic disk protected within a plastic sleeve. The information is heldin concentric circles known as tracks. It may be read to and written from many times. Its capacity is 1.44 Mb, although 720 K byte disks are still in use. It is commonly used to store small files such as word-processed files. The information is stored magnetically in the form
of dots on the disk surface.
Similarities & differences: These are both used for data storage although the datacapacity of the floppy disk is much smaller than that of a CDROM. A floppy disk may be written to but a CDROM cannot once it has been created.
- A CPU is the Central Processing Unit that forms a computer. This microprocessor is a microchip that is at the heart of a microcomputer system. It takes instructions from memory (the program) one at a time and performs the actions specified by the instructions on the data that has been supplied/ defined. Microprocessors are often measured in MHz which refers to the clock speed of the processor. It describes the number of cycles per second that the CPU is capable of performing. It has temporary storage areas known as registers to hold
intermediate results.
ROM is Read Only Memory. It is a non-volatile storage space used to store boot commandsfor a computer. It has much smaller storage area than RAM. It is a microchip held on the motherboard. Its contents cannot easily be altered. It is used at system boot but not once the system is booted.
Similarities and Differences: CPU carries out mathematical and logical operations. ROMstores data for boot purposes. Both are microchips held on the motherboard.
QUESTION TWO
Increasingly in systems development, use is being made of CASE tools.
- Briefly describe what is a CASE tool. (4 marks)
- Additionally, in systems development, the following issues are considered to be important:
–
Producing and maintaining documentation Adhering to development standards Maintaining a logical data dictionary Prototyping
With reference to the above four issues, explain what advantages a CASE tool offers the system developer compared to systems development using manually produced and
maintained diagrams, standards and documents. (16 marks)
(Total 20 marks)
QUESTION TWO
- CASE stands for computer aided software/system engineering. A CASE tool is a software package that supports the construction and maintenance of logical system specification models. Many CASE tools are designed for a specific methodology and so support the rules and interaction of the models defined in that methodology. More sophisticated tools permit s/w prototyping and code generation.
- Documentation-the graphical editing facilities provided by all CASE tools means thathigh quality, easily read documents can be produced. Furthermore changes to those documents can easily be made and charts and models re-printed. Such editing is particularly useful with diagrammatic models, such as DFDs and entity relationship models. It is very difficult to maintain manually produced versions of these diagrams.
Standards-these define how development will be carried out. Individual models havestandard rules of construction e.g. a data store cannot be linked directly to an external entity a DFD. However there is nothing to stop the designer making such a connection in a manually produced version and it will not be picked up until assessed in a quality review. A CASE tool cannot produce such a diagram because it is not allowed to and in this way the CASE tool ensures that standard construction rules are adhered to.
Data dictionary-this stores information about the constituent parts of the logical datasystems specification. There will be logical data dictionary entries for data flows, data stores etc.. A manually compiled example is difficult to maintain and analyze. A CASE tool will hold all this information in a computerised data dictionary. Reports and analysis will be available. The logical data dictionary will also support the consistency checks performed by the CASE tool, cross referencing, for instance, the logical data stores of the DFD to the entities of the entity relationship diagram.
Prototyping-this can be supported in one of two ways. , through developing screens andoutput prints for the input and output data flows. Each dataflow is defined in its logical content in the data dictionary. The CASE tool may allow these logical contents to be displayed on a demonstration screen and to link these screens together using menus and other dialogue structures. Thus the user sees a demonstration of the system through the CASE software. A second possibility is for the CASE tool to offer program and data generation. Such tools convert the process descriptions of the logical data dictionaries into programs and the data stores/entities into files/databases. The user can then experiment with the software. Any changes in requirements are made in the definition of the models and the system regenerated for further use. In this way the models and actual system are always in harmony.
QUESTION TWO
- CASE stands for computer aided software/system engineering. A CASE tool is a software package that supports the construction and maintenance of logical system specification models. Many CASE tools are designed for a specific methodology and so support the rules and interaction of the models defined in that methodology. More sophisticated tools permit s/w prototyping and code generation.
- Documentation-the graphical editing facilities provided by all CASE tools means thathigh quality, easily read documents can be produced. Furthermore changes to those documents can easily be made and charts and models re-printed. Such editing is particularly useful with diagrammatic models, such as DFDs and entity relationship models. It is very difficult to maintain manually produced versions of these diagrams.
Standards-these define how development will be carried out. Individual models havestandard rules of construction e.g. a data store cannot be linked directly to an external entity a DFD. However there is nothing to stop the designer making such a connection in a manually produced version and it will not be picked up until assessed in a quality review. A CASE tool cannot produce such a diagram because it is not allowed to and in this way the CASE tool ensures that standard construction rules are adhered to.
Data dictionary-this stores information about the constituent parts of the logical datasystems specification. There will be logical data dictionary entries for data flows, data stores etc.. A manually compiled example is difficult to maintain and analyze. A CASE tool will hold all this information in a computerised data dictionary. Reports and analysis will be available. The logical data dictionary will also support the consistency checks performed by the CASE tool, cross referencing, for instance, the logical data stores of the DFD to the entities of the entity relationship diagram.
Prototyping-this can be supported in one of two ways. , through developing screens andoutput prints for the input and output data flows. Each dataflow is defined in its logical content in the data dictionary. The CASE tool may allow these logical contents to be displayed on a demonstration screen and to link these screens together using menus and other dialogue structures. Thus the user sees a demonstration of the system through the CASE software. A second possibility is for the CASE tool to offer program and data generation. Such tools convert the process descriptions of the logical data dictionaries into programs and the data stores/entities into files/databases. The user can then experiment with the software. Any changes in requirements are made in the definition of the models and the system regenerated for further use. In this way the models and actual system are always in harmony.
QUESTION TWO
- CASE stands for computer aided software/system engineering. A CASE tool is a software package that supports the construction and maintenance of logical system specification models. Many CASE tools are designed for a specific methodology and so support the rules and interaction of the models defined in that methodology. More sophisticated tools permit s/w prototyping and code generation.
- Documentation-the graphical editing facilities provided by all CASE tools means thathigh quality, easily read documents can be produced. Furthermore changes to those documents can easily be made and charts and models re-printed. Such editing is particularly useful with diagrammatic models, such as DFDs and entity relationship models. It is very difficult to maintain manually produced versions of these diagrams.
Standards-these define how development will be carried out. Individual models havestandard rules of construction e.g. a data store cannot be linked directly to an external entity a DFD. However there is nothing to stop the designer making such a connection in a manually produced version and it will not be picked up until assessed in a quality review. A CASE tool cannot produce such a diagram because it is not allowed to and in this way the CASE tool ensures that standard construction rules are adhered to.
Data dictionary-this stores information about the constituent parts of the logical datasystems specification. There will be logical data dictionary entries for data flows, data stores etc.. A manually compiled example is difficult to maintain and analyze. A CASE tool will hold all this information in a computerised data dictionary. Reports and analysis will be available. The logical data dictionary will also support the consistency checks performed by the CASE tool, cross referencing, for instance, the logical data stores of the DFD to the entities of the entity relationship diagram.
Prototyping-this can be supported in one of two ways. , through developing screens andoutput prints for the input and output data flows. Each dataflow is defined in its logical content in the data dictionary. The CASE tool may allow these logical contents to be displayed on a demonstration screen and to link these screens together using menus and other dialogue structures. Thus the user sees a demonstration of the system through the CASE software. A second possibility is for the CASE tool to offer program and data generation. Such tools convert the process descriptions of the logical data dictionaries into programs and the data stores/entities into files/databases. The user can then experiment with the software. Any changes in requirements are made in the definition of the models and the system regenerated for further use. In this way the models and actual system are always in harmony.
QUESTION TWO
- CASE stands for computer aided software/system engineering. A CASE tool is a software package that supports the construction and maintenance of logical system specification models. Many CASE tools are designed for a specific methodology and so support the rules and interaction of the models defined in that methodology. More sophisticated tools permit s/w prototyping and code generation.
- Documentation-the graphical editing facilities provided by all CASE tools means thathigh quality, easily read documents can be produced. Furthermore changes to those documents can easily be made and charts and models re-printed. Such editing is particularly useful with diagrammatic models, such as DFDs and entity relationship models. It is very difficult to maintain manually produced versions of these diagrams.
Standards-these define how development will be carried out. Individual models havestandard rules of construction e.g. a data store cannot be linked directly to an external entity a DFD. However there is nothing to stop the designer making such a connection in a manually produced version and it will not be picked up until assessed in a quality review. A CASE tool cannot produce such a diagram because it is not allowed to and in this way the CASE tool ensures that standard construction rules are adhered to.
Data dictionary-this stores information about the constituent parts of the logical datasystems specification. There will be logical data dictionary entries for data flows, data stores etc.. A manually compiled example is difficult to maintain and analyze. A CASE tool will hold all this information in a computerised data dictionary. Reports and analysis will be available. The logical data dictionary will also support the consistency checks performed by the CASE tool, cross referencing, for instance, the logical data stores of the DFD to the entities of the entity relationship diagram.
Prototyping-this can be supported in one of two ways. , through developing screens andoutput prints for the input and output data flows. Each dataflow is defined in its logical content in the data dictionary. The CASE tool may allow these logical contents to be displayed on a demonstration screen and to link these screens together using menus and other dialogue structures. Thus the user sees a demonstration of the system through the CASE software. A second possibility is for the CASE tool to offer program and data generation. Such tools convert the process descriptions of the logical data dictionaries into programs and the data stores/entities into files/databases. The user can then experiment with the software. Any changes in requirements are made in the definition of the models and the system regenerated for further use. In this way the models and actual system are always in harmony.
QUESTION TWO
- CASE stands for computer aided software/system engineering. A CASE tool is a software package that supports the construction and maintenance of logical system specification models. Many CASE tools are designed for a specific methodology and so support the rules and interaction of the models defined in that methodology. More sophisticated tools permit s/w prototyping and code generation.
- Documentation-the graphical editing facilities provided by all CASE tools means thathigh quality, easily read documents can be produced. Furthermore changes to those documents can easily be made and charts and models re-printed. Such editing is particularly useful with diagrammatic models, such as DFDs and entity relationship models. It is very difficult to maintain manually produced versions of these diagrams.
Standards-these define how development will be carried out. Individual models havestandard rules of construction e.g. a data store cannot be linked directly to an external entity a DFD. However there is nothing to stop the designer making such a connection in a manually produced version and it will not be picked up until assessed in a quality review. A CASE tool cannot produce such a diagram because it is not allowed to and in this way the CASE tool ensures that standard construction rules are adhered to.
Data dictionary-this stores information about the constituent parts of the logical datasystems specification. There will be logical data dictionary entries for data flows, data stores etc.. A manually compiled example is difficult to maintain and analyze. A CASE tool will hold all this information in a computerised data dictionary. Reports and analysis will be available. The logical data dictionary will also support the consistency checks performed by the CASE tool, cross referencing, for instance, the logical data stores of the DFD to the entities of the entity relationship diagram.
Prototyping-this can be supported in one of two ways. , through developing screens andoutput prints for the input and output data flows. Each dataflow is defined in its logical content in the data dictionary. The CASE tool may allow these logical contents to be displayed on a demonstration screen and to link these screens together using menus and other dialogue structures. Thus the user sees a demonstration of the system through the CASE software. A second possibility is for the CASE tool to offer program and data generation. Such tools convert the process descriptions of the logical data dictionaries into programs and the data stores/entities into files/databases. The user can then experiment with the software. Any changes in requirements are made in the definition of the models and the system regenerated for further use. In this way the models and actual system are always in harmony.
QUESTION TWO
- CASE stands for computer aided software/system engineering. A CASE tool is a software package that supports the construction and maintenance of logical system specification models. Many CASE tools are designed for a specific methodology and so support the rules and interaction of the models defined in that methodology. More sophisticated tools permit s/w prototyping and code generation.
- Documentation-the graphical editing facilities provided by all CASE tools means thathigh quality, easily read documents can be produced. Furthermore changes to those documents can easily be made and charts and models re-printed. Such editing is particularly useful with diagrammatic models, such as DFDs and entity relationship models. It is very difficult to maintain manually produced versions of these diagrams.
Standards-these define how development will be carried out. Individual models havestandard rules of construction e.g. a data store cannot be linked directly to an external entity a DFD. However there is nothing to stop the designer making such a connection in a manually produced version and it will not be picked up until assessed in a quality review. A CASE tool cannot produce such a diagram because it is not allowed to and in this way the CASE tool ensures that standard construction rules are adhered to.
Data dictionary-this stores information about the constituent parts of the logical datasystems specification. There will be logical data dictionary entries for data flows, data stores etc.. A manually compiled example is difficult to maintain and analyze. A CASE tool will hold all this information in a computerised data dictionary. Reports and analysis will be available. The logical data dictionary will also support the consistency checks performed by the CASE tool, cross referencing, for instance, the logical data stores of the DFD to the entities of the entity relationship diagram.
Prototyping-this can be supported in one of two ways. , through developing screens andoutput prints for the input and output data flows. Each dataflow is defined in its logical content in the data dictionary. The CASE tool may allow these logical contents to be displayed on a demonstration screen and to link these screens together using menus and other dialogue structures. Thus the user sees a demonstration of the system through the CASE software. A second possibility is for the CASE tool to offer program and data generation. Such tools convert the process descriptions of the logical data dictionaries into programs and the data stores/entities into files/databases. The user can then experiment with the software. Any changes in requirements are made in the definition of the models and the system regenerated for further use. In this way the models and actual system are always in harmony.
QUESTION TWO
- CASE stands for computer aided software/system engineering. A CASE tool is a software package that supports the construction and maintenance of logical system specification models. Many CASE tools are designed for a specific methodology and so support the rules and interaction of the models defined in that methodology. More sophisticated tools permit s/w prototyping and code generation.
- Documentation-the graphical editing facilities provided by all CASE tools means thathigh quality, easily read documents can be produced. Furthermore changes to those documents can easily be made and charts and models re-printed. Such editing is particularly useful with diagrammatic models, such as DFDs and entity relationship models. It is very difficult to maintain manually produced versions of these diagrams.
Standards-these define how development will be carried out. Individual models havestandard rules of construction e.g. a data store cannot be linked directly to an external entity a DFD. However there is nothing to stop the designer making such a connection in a manually produced version and it will not be picked up until assessed in a quality review. A CASE tool cannot produce such a diagram because it is not allowed to and in this way the CASE tool ensures that standard construction rules are adhered to.
Data dictionary-this stores information about the constituent parts of the logical datasystems specification. There will be logical data dictionary entries for data flows, data stores etc.. A manually compiled example is difficult to maintain and analyze. A CASE tool will hold all this information in a computerised data dictionary. Reports and analysis will be available. The logical data dictionary will also support the consistency checks performed by the CASE tool, cross referencing, for instance, the logical data stores of the DFD to the entities of the entity relationship diagram.
Prototyping-this can be supported in one of two ways. , through developing screens andoutput prints for the input and output data flows. Each dataflow is defined in its logical content in the data dictionary. The CASE tool may allow these logical contents to be displayed on a demonstration screen and to link these screens together using menus and other dialogue structures. Thus the user sees a demonstration of the system through the CASE software. A second possibility is for the CASE tool to offer program and data generation. Such tools convert the process descriptions of the logical data dictionaries into programs and the data stores/entities into files/databases. The user can then experiment with the software. Any changes in requirements are made in the definition of the models and the system regenerated for further use. In this way the models and actual system are always in harmony.
QUESTION THREE
- A major commercial organization has a policy of developing and using computer-based systems to give it commercial advantage. One consequence of this approach is that new systems need to be‚ developed on time, within budgeted cost and to quality™.
Describe what quality means in this context. (10 marks) b. It is often said that the use of structured methods improves the quality of the developed system. Bearing in mind your understanding of ‚quality™, explain how structured methods can contribute towards this and discuss two techniques used in achieving quality.
(10 marks)
(Total 20 marks)
QUESTION THREE
- Quality is a term meaning different things to different people e.g. making sure it is correct, doing it right first time. In this context it is likely that the best definition of the term is ‚conforming to the customer‘s requirements where the customer can be either an external customer a client) or an internal customer (a colleague) and, requirements relate to both the product and service delivered. Here too the application developers will take on the role of supplier. In both internal and external customer-supplier relationships the supplier must first talk to the customer to ensure they understand fully the requirements if a quality product or service is to be delivered. The requirement will include details of:
- what is required;
- the most appropriate way of delivering it;
- the involvement and contribution expected from each party during the process
Revision Question and Answers
According to the above definition, what the customer thinks about the quality of the product is all that counts. One can only speak of better product quality only if the customer perceives the product to be better, regardless of objective factual improvements.
- Utilizing a structured approach to system development, completion of each stage of a project would represent a ‗milestone‘, the deliverables of which has to be signed off by the developer and customer before the next stage begins. This ensures that not only does the system work when it finally goes live but also that the client is in full agreement with the interpretation of the requirements from earliest stage through to final implementation.
Documentation techniques such as DFDs (Data flow diagrams), LDSs (Logical data structures), or ELH (Entity life histories) can also be of benefit in clarifying processes and data.
Two techniques used could be:
- Structured walkthrough–This is a review of products at the end of a stage in
thedevelopment of a system. The prime objective of the walkthrough is to identify problems and initiate the necessary corrective action. o Inspections–This is a formal examination of an item, against a previouslyproduced item, by a group of people led by an independent chairperson, with the objectives of finding and recording defects using standardized checklists and techniques, initiating rework as necessary, monitoring the rework accepting the work, based on stated exit criteria, and adding to and utilizing a base of historical data.
QUESTION FOUR
To enable a user to perform tasks, such as payroll, on a computer special application software has to be purchased.
- a) In addition to the application software list SIX other items that may be included as part of the software package. (3 marks) b) From the six items listed choose FOUR and explain in depth why they are required. (17 marks)
(Total: 20 marks)
QUESTION FOUR
- The purchaser of software usually pays for some or all of the following: o A license
- An installation guide o The installation of the software
- Maintenance and updates o A support contract o User guides
- A reference manual o A quick reference guide o Training
- Membership of a user group
- A license.
The purchaser pays a license fee, which gives the right to use the software on a particular computer or a specified number of computers on a particular site. Alternatively, a site license may be paid for which entitles the purchaser to use the software on any computer at a particular place.
An installation guide.
The guide starts by providing information about what hardware is needed to enable the programs to run satisfactorily. It then goes on to describe the procedures to be followed in order to set up the software so that it can be used satisfactorily and efficiently on a particular kind of computer.
The installation of the software.
A purchaser may not have the necessary expertise to set up the software, or may find it too time consuming or trouble- some to carry out. In such cases the purchaser may be able to pay an additional fee to have the software installed.
Maintenance and updates.
It is unfortunately not uncommon for programs to be supplied which may be faulty in some way. Sometimes these faults do not come to light until some time after the software has been delivered and put to use and will issue “bug fixes”. Licensed purchasers may get some of these changes provided free of charge, perhaps during the first year of use. Subsequently the purchaser may be able to pay an annual fee for maintenance and updates.
A support contract.
A purchaser experiencing problems with software will want to be able to turn to the supplier for help. It is very common for businesses to have support contracts that provide telephone assistance during the working day.
User guides.
A user guide is usually a manual provided for an end-user to enable them to learn how to use the software. Such guides usually use suitable examples to take the user through the stages of carrying out various tasks with the software.
A reference manual.
A reference manual is normally intended to be used by a user who already knows how to use the software but who needs to be reminded about a particular point or who wants to obtain more detailed information about a particular feature.
A quick reference guide.
These are single sheets or cards, small enough to fit into a pocket, which the user may keep handy for help with common tasks carried out with the software.
Training.
In addition to providing user guides the software supplier may provide training courses on how to use the software.
Membership of a user group.
A user group is a club for individuals or organizations that use a particular hardware or software product. The club is often run and partly sponsored by the supplier. Members of user groups may have meetings or receive newsletters which enable them to find out more about the product and how to use it.
QUESTION FIVE
When data is stored in a computer the term ―file‖ comes straight to mind.
- a) With the use of an example explain the term file. (2 marks) b)
Distinguish between a master file and a transaction (or movement) file and using an example explain the relationship between them. (4 marks) c) List and explain FIVE factors to be considered in determining how a master file should be organized.(14marks)
(Total: 20 marks)
QUESTION FIVE
- The term “file” is used to describe a collection of related data records.
- Master file.
These are files of a fairly permanent nature, e.g. customer ledger, payroll, inventory, etc. with regular updating of these files to show a current position. For example customer’s orders will be processed, increasing the “balance owing” figure on a customer ledger record. These records will contain both data of a static nature, e.g. a customer name and address, and data that which will change each time a transaction occurs, e.g. the “balance” figure.
Movement/transaction file.
This is made up of the various transactions created from the source documents. In a sales ledger application the file will contain all the orders received at a particular time. This file will then be used to update the master file. As soon as it has been used for this purpose it is no longer required (except perhaps as a backup). It has a very short life because a new file containing the next set of orders will replace it.
- Factors that should be considered: Access to files
Key fields: When files of data are created the user will need a means of access toparticular records within those files. This is done by giving each record a “key” field by which the record will be recognized or identified (accessed), and is normally a unique identifier of a
record (primary key). Examples of key fields are:
- Customer number in a customer ledger record.
- Stock code number in a stock record. o Employee clock number in a payroll record.
Storage Devices
The type of storage device used is very important.
- Magnetic or optical disk. These are direct access media and are for storing files on
- Magnetic tape. This medium has significant limitations because it is a serial access For example, batch or backups.
Processing Activities
Access to particular records in order to process them. For example: o Updating. How often, in what order, and hit rate o Referencing. When access is made to a particular record, e.g. reference is made to
a “prices” file during an invoicing run o File maintenance. Records can be added and deleted. Also prices and customers’ addresses change and have to be ―inserted‖ to bring the file up to date
- How often will records be added/deleted?
Fixed -Length and Variable-Length Records
The problem of fixed or variable length records is one that does not have to be considered in manual systems.
- Every record in the file will be of the same fixed number of fields and
characters and will never vary in size.
- This means that records in the file may not be of the same size. This could be for two reasons:
Ø
Some records could have more fields than others. With invoicing a new field could be added to a customer record for each invoice. So a customer’s record would vary in size according to the number of invoices he had been sent.
Ø
Fields themselves could vary in size. A simple example is “the na me and address” field because it varies widely in size.
HIT RATE
This is the term used to describe the rate of processing of master files in terms of active records. For example, if 1,000 transactions are processed each day against a master file of 10,000 records, then the hit rate is said to be 10% hit rate is a measure of the “activity” of the file.
OTHER FILE CHARACTERISTICS
Apart from activity, which is measured by hit rate, there are other characteristics of the file that need to be considered. These are; o Volatility. This is the frequency with which records are added to the file ordeleted from it. o Size.This is the amount of data stored in the file.
o Growth. Files often grow steadily in size as new records are added. Growth mustbe allowed for when planning how to store a file.
QUESTION SIX
A major problem facing any organization using extensive computer based information systems is the security of these systems. Security risks can be broadly classified as follows: – a. Accidental damage;
- Accidental errors;
- Dishonesty;
- Sabotage and Espionage;
- Mischief;
Choose any FOUR of the above aspects, describing the risk and counter-measures that may be taken to protect the integrity of the information system in each case. Use examples to support your answer. (5 marks for each heading)
(Total 20 marks)
QUESTION SIX
Classification of Security risks
- Accidental damage is due to causes such as rain (damages electrical equipment due to short circuits), dust (causes disk crashes), earthquake (may result in destruction of data processing infrastructure), lightning (may cause fires at sites), humidity, temperature (may cause equipment components to burn out due to overheating), fire, magnetic storm, as well as water, explosion, damage to H/W and S/W by mishandling etc. Possible counter-
measures:
- Duplication of site- to protect from the risk of data destruction due to earthquakes,floods, and fires.
- Contract backup organizations- they have necessary expertise and facilities to implement effective backup procedures. o Inert gas flooding of mainframe computer room- to kill fires.
- Air conditioning- to reduce dust and high temperatures.
- Careful siting of equipment-to avoid locating the organization‘s data processing sites in flood prone areas and earthquake prone areas.
- These consist of unintentional errors made by programmers during development, operators loading wrong storage media, etc. and users pressing incorrect keys, etc. Possible
counter-measures: o Program walk-throughs/reviews- to identify program errors and initiate
corrective action. o Software detection of loaded storage media.
- Confirmatory messages before acceptance of program-to confirm users‘ actions e.g. confirmation messages before deletion of files.
- This consists of intentional acts by personnel to steal hardware, software and storage media, withhold data, collect expense/wages by illegal use of input documentation etc. all for personal gain. Possible counter-measures:
- Access protection of storage media- to counter unauthorized modification of data.
- Read-only files- these cannot be modified thus enabling the data content to remain unaltered.
- Software librarian- to control the movement of software CDs thus preventing theft or unauthorized usage of CDs.
- Hierarchical password protection on ‚ ‗need to know‘ basis- to limit access to sensitive data.
- Sabotage may be perpetrated by personnel who have a grudge against the organization of some form e.g. a grudge due to dismissal, who sabotage the computer system in some way, often by adding illegal routines in key software etc. Also removal of data, programs for sale to competitors.
Possible counter-measures:
- Access protection of storage media
- Read-only files
- Software librarian- acts as a control mechanism to prevent dismissed/unauthorized employees from accessing software CDs.
- Hierarchical password protection on, ‗ need to know‘ basis o Immediate removal of personnel if made redundant/resign. They should not beallowed back to their desks after they have collected their belongings. This prevents them from having a chance to sabotage the organization‘s information system from within.
- Mischief is usually perpetrated in the form of external attacks by ‗hackers‘ to try and
illegally by-pass security measures in computer systems and leave some form of notice that they had succeeded. The attack is often just an ‗ego trip‘ as data not damaged. Possible counter-measures:
- Password protection o Call-back before access considered Firewall protection systems
- A virus is a self loading program that automatically spreads itself to every disk in the personal computers that it comes into contact with. They may block the computer, damage the data and operation systems and be very difficult to remove. With the advent of the WWW and email traffic they have caused irritation and damage throughout the world
of personal computers. Possible counter-measures:
- Firewall protection systems- to filter external traffic coming into an organization‘s
- Anti-virus software- to detect and clean out viruses from the organization‘s
computers
- Removal of local A- Drive and CD_R/RW- drives for Desktops- to protect systems from the risk of viruses being introduced through floppy disks and compact disks.
- Immediate dismissal of employees if found loading private disks in desktops
-
- QUESTION SEVENA Travel company decides that part of its business strategy is to be able to deal directly with its customers by selling holidays over the Internet.
Describe the business and technical issues which would need to be considered in developing the IT and Business functionality that it would need to support this strategy
- Business Issues (10 marks)
- Technical Issues (10 marks)
(Total: 20 marks)
QUESTION SEVEN
( a) Business Issues: to be considered
The most important aspect is to validate the business strategy and create a viable business model to support this strategy. This includes positioning the company in the competitive marketplace.
The company needs to decide if it is going for the mass market as a low cost supplier, concentrate on the differentiated higher perceived quality/higher priced mass market or
focus on a narrower more specialized market.
What type of customer is the company going to seek to attract?
What type of holiday is it going to offer, what is the price bracket?
Is it going to compete on price or differentiation? Destinations offered /activity or beach?
Likely age range of customers?Is customer segment that it is seeking to attract likely to have access to the Internet or be keen to use to book holidays?
If it is not, then the strategy is not likely to be successful! Also you need to be aware of your competitors in the marketplace, how do you compete? What is your unique selling point (USP)?
Now, how are you going to make customers aware of your web site? Newspaper, TV Advertising? Seeding your web-site details into the search-engines?
( b) Technical Issues to be considered:
Next, we come to web-site design and development. How do we make our web site attractive and easy to use?
What tools do we use to develop and maintain it? The issues on ease of use may include a trade-off on `attractiveness‘, i.e. good graphics and photographs and download times. One would expect photographs of locations and accommodation on a travel company web-site but we might have to be careful and separate indexes, pricing, availability and booking pages from the photographs to allow quick and easy navigation around the site, with the
slower downloading of photographs, cross-referenced to be accessed on demand.
Issues of security (integrity of booking data, security of payment data) need to be designed in to the system. For transmission of payment details (credit cards etc) encryption may need to be considered. When is a transaction and booking completed?
- QUESTION SEVENA Travel company decides that part of its business strategy is to be able to deal directly with its customers by selling holidays over the Internet.
- provisional bookings be made? Also, we may need to consider issues of back up; if there is a service disruption can we design in `graceful degradation‘, and provide a partial service?
We need to plan for operational issues, where is the web site to be hosted and how do we plan for the assurance of business continuity? We may also need to consider telephone call centre support or clerical answering of e-mail queries. Finally we need to monitor the business and operational effectiveness of the system and to plan for maintenance, updating and eventual replacement.
QUESTION EIGHT
How should a Travel company which intends to perform a lot of its business, both with customers and suppliers, over the Internet go about developing its IT security policy and designing its security procedures? (20 marks)
QUESTION EIGHT
Before embarking on designing security procedures a risk analysis would be required; this would require answering the following questions:
- What is the nature of the data being stored in the system?
- How will the data be used?
- Who will have access to the system?
- How much money will the organization lose if the data is lost, corrupted or
stolen?Risk assessment –in this scenario we have to take account that the system is central to thebusiness strategy and that access to the Internet requires an `open interface‘ which increases the risk of malicious intrusion and that the system would be at the core of the company‘s business:
- Identifying possible areas of risk; o Estimating the probability of their occurrence, and o Quantifying the impact if they should occur
- Estimating the cost of removing or minimizing the risk
This would enable decisions to be taken on each risk identified. The choices open to us are: o risk avoidance; o risk reduction; o risk acceptance;
- risk transfer.and the prioritization of investment in providing counter-measures or accepting the risk would be based upon an evaluation of the costs and benefits associated with each decision.
Security issues to be considered can be covered under the headings of Confidentiality; Integrity, and Availability and continuity of service.
Confidentiality.
Confidentiality is ensuring that information is made available only to those authorized to have access to it. In this case, with a travel agent, high risk is incurred because we want to give the general public easy entry to the system and to allow them to make a booking. But we need to ensure that personal data that we capture as part of the booking or marketing process is not accessed by unauthorized users. We would also not want to make it easy for our own staff to take copies of any customer details to pass on to third parties. So access to parts of our database would be limited by password or physical identifier. Measures adopted to protect personal data must conform to national Data Protection laws.
Integrity
Integrity is preserving the accuracy of the data that is held and keeping it secure from unauthorized amendment. Updating holiday availability, accurate and secure transmission and filing of payment and financial data – all need to be planned for, with the creation of updating and data validation policies, limitation of functions to certain users or terminals, creation of control totals, creation of audit trails.
Availability (continuity of service)
This means ensuring that continuity of service provision to external and internal customers is maintained. This means, starting at the design stage, looking at the areas of greatest vulnerability and least resilience, i.e. those most likely to fail. Then evaluating how best to improve the resilience within the bounds of value for money. This will involve designing some redundancy into the system by duplexing vulnerable pieces of equipment but also designing in `graceful degradation‘, the ability to continue to operate, albeit with a service of reduced functionality when there is a partial breakdown. We also need to design fallback procedures, possibly manual, in the case that this does not prove possible. Finally, we need to design in the back-up and recovery procedures. The daily copying of files and the remote storage of files and programs to effect recovery in the event of a (physical) disaster. We must not forget the need to plan to periodically test the effectiveness of these procedures.
A typical management security policy would cover the following aspects: o User awareness and education;
- Administrative controls; o Controls over system development and maintenance
- Operations controls; o Firewall to protect against intrusion from Internet o Physical protection of data
- Access control to the system and data;