ain1501 · information system •a system if a combination of 2 or more components that serve a...
TRANSCRIPT
AIN1501Summary and exam prep
1
Topic 1Information, Information Systems, Information Strategy and Information Systems Departments
2
Information
• Information is a set of facts and data organised and processed in such a way that it provides additional value beyond that of the facts themselves.
• Information is data that has been processed in such a away that it is meaningful to the receiver. Provides knowledge that leads to user of these information to make decisions.
Decision Making Knowledge Data/Facts Activity/Events Information
Creation of Information
3
Information System10 Characteristics of Information-
1. Accurate – information must be free of error
2. Up-to-date – include all latest information and recording time must be minimised
3. Relevant – must be relevant to user needs
4. Format of information – the information must be presented in required format
5. Reliable – free of bias or hearsay source of information must be reliable.
6. Accessible -easily available to users to meet needs
7. Detailed information – information must contain only as much information as needed by user
8. Flexible – multipurpose information
9. Cost effective-cost of information must be balanced with value of information
10. Timely- delivered when needed
4
Users of Information
Internal
• Marketing
• Production management
• Employees
• Financial managers
• Sales managers
• Managers
• Human resource
• Staff managers
External
• Government
• Financial institutions
• Investors
• Potential employees
• Community research
• Shareholders / stakeholders
• Suppliers
• Customers
5
Information System
• A system if a combination of 2 or more components that serve a common purpose and interact to achieve a common goal
• System Performance Management• Effectiveness- measures extent to which system meets it goal
• Efficiency-rate of output over input
• Performance Standard
Open system –Interacts with environment and it in turn affects its environment. most business systems are open e.g. purchasing system
Closed System- is isolated from environment not affected by its environment e.g. washing machine
ProcessingInput Output
Components of a system
6
Information System- an organised way of collecting, processing, managing and reporting information for informed decision making.
• Role of information systems in an organisations• Planning- long term strategic planning. As well as daily task management.
• Recording of transaction- to use as evidence
• Decision making- supports informed decision making
• Control and performance management – plans and objectives are put in place to allow management to measure performance output and to implement corrective measures if necessary.
• Accounting Information System – Collects, records, stores and processes financial data to supply information for decision making
7
Components of Computerised Information Systems
People Hardware Telecommunications Software Procedures Databases
6 stages of Computerised Information system Process
Activity Input Process
Storage
Output of Information
Making Decisions
8
Information Strategy – refers to decisions/ plans on how use
available information, how to collect more relevant ,useful information and how to use the information technology to manage the process.
• Elements of Information Strategy • Information technology - the processing
of data using electronic systems and all the communication links and software that go with it.
• Information technology strategy- the selecting operating and managing the technological elements of information system strategy
• Information System Strategy – the long term plan for the system in order to provide information to support business strategy.
• Information Management Strategy – the people involved with the information system and their roles.
Elements of Information
Strategy
Information technology
Strategy
Information System Strategy
Information management
Strategy
9
Information Strategy – refers to decisions/ plans on how use
available information, how to collect more relevant ,useful information and how to use the information technology to manage the process.
Elements of Information Strategy
• Information technology - the processing of data using electronic systems and all the communication links and software that go with it.
• Information technology strategy- the selecting operating and managing the technological elements of information system strategy
• Information System Strategy – the long term plan for the system in order to provide information to support business strategy.
• Information Management Strategy – the people involved with the information system and their roles.
Benefits of Information Strategy• Contributes to achievement of
business goal
• Ensures that required information is acquired, retained and shared with relevant stakeholders
• minimise development and maintenance costs.
• Organisation likely to create a sustainable competitive advantage.
• Ensures better quality of information thus better decision making.
10
Information System Department
• IS department- created to ensure that information system is operating efficiently on day to day basis and maintained or upgraded when needed.
• organisation of IS department• Centralised
• Decentralised
• Outsourcing
11
Centralised IS department- located in 1 single location
Advantages
• Reduced duplication of functions
• Files are more secure
• Economies of scale in procurement of equipment available.
• HO has better control on daily IS department
• Optimal utilisation of IS capital and more funds are available for IS expertise.
Disadvantages
• A single fault in the HO system affects all regional operations of the organisation.
• Regional offices are less self reliant.
• Time wasted at regional offices as they have to wait for IT services from head office.
12
Decentralised IS department- distributed throughout the
organisation with regional offices with own IS department.
Advantages
• IS staff more conscious of IS and business needs at regional level. needs of Reduced duplication of functions
• Every office is more independent
• Quicker access to IS assistance.
• IS cost/ overhead allocations are more.
Disadvantages
• Risk of duplication of tasks, functions and data exists.
• Harder to control the IS department.
• Lack of coordination between departments exists.
13
Topic 2Information technology Infrastructure
14
Information technology Components
• Hardware
• Software
Hardware Components
Input devicesProcessing
components
Secondary storage
componentsOutput devices
Other hardware devices
Types of computer systems
Computer system selection and upgrading
15
Hardware- physical parts of computer system
• Internal hardware components - motherboard, CPU, RAM, ROM, hard disk drive and BD/DVD/CD drive.
• External hardware devices- (peripheral devices)- Monitor, mouse, speaker, keyboard, printer, scanner
Input
Primary memory
OutputProcessing
Secondary Memory
Hardware Components16
Hardware-Input Devicesphysical peripheral devices used for data entry and provide control signals for user interface.
• Keyboard connected by• Port• Usb(universal Serial Bus)• Bluetooth- low power short range radio
technology • Wi-Fi- wireless networking technology (WLAN-
wireless local area network)
• Mouse
• Optical input devices • Imagining and video
• Scanner scans images and converts them to a digital format
• Touch sensitive screens(monitor)
• Audio input devices- Microphones captures sound and converts it into electrical signals
Input devices
Audio input-microphone
Keyboard
Touch sensitive devices(monitors
Optical devices-scanner, webcam
Mouse
17
Processing –CPU and Primary memory
• CPU- Central Processing Unit- the primary component of a computer that carries out the instructions of computer programs (brain of computer)
• 3 Components of CPU• ALU- arithmetic/logic-Unit: performs mathematical
calculations and other logic operations• Control Unit: fetches program instructions decodes
them and directs the instructions in and out of ALU, registers the primary and secondary storages and output devices
• Registers(primary memory ): temporary high speed storage areas used to hold program instructions before, during and after their execution by CPU.
CPU
ALU
Register Primary Memory
Control Unit
18
CPU• Executing Instructions – Machine Cycle-
• Step1#- Fetch instruction
• Step2#- Decode instruction
• Step3#- Execute instruction
• Step4#- Store results
• Clock speed –the speed at which the CPU executes instructions (megahertz (MHz) or gigahertz (GHz) the faster the speed the more instructions the CPU can perform persecond.
19
CPU- Primary Storage – the CPU stores and retrieves memory from this memory in a random manner
• RAM- Random Access Memory can be read and written into –volatile-needs steady flow of electricity –as soon as no power the data on RAM is lost
• ROM Read Only Memory- holds instructions to start up computer- non volatile does not need steady flow of electricity.
• PROM Programmable Read Only Memory- a memory chip used to store a program
• EPROM Erasable programmable read-only memory – can be erased by exposing it to ultraviolet light.
• EEPROM Electrically Erasable programmable read-only memory- can be erased by exposing it toe electric charge
20
Secondary Storage- storage devices or media able to store large
amounts of data, instructions and information permanently unless erased. Non-volatile used for Back up- Archive purposes.
• Magnetic hard disk drives- removable or non removable media connects to computer by means of integrated USB interface. • Hard Disk Drive (HDD) non volatile, random access device for digital data. Made
up of spindle magnetic rotating disks called platters which store and record data magnetically.
• Optical Disks- Removable media (DVD/CD &BD(blue ray disks))• Optical Disk Drive- uses laser light or electromagnetic waves to read or write data
to or from an optical disk.
• Flash Memory – memory chip (EEPROM- MP3,memory cards, USB flash drives and SSD) non volatile removable media.
21
Tertiary Storage –
• involves robotic mechanisms that insert and remove removable mass storage media in a storage devices e.g. Tape libraries, jukeboxes.
• Used for archiving rarely accessed information and extremely large data stores.
• relatively very slow access time
22
Output devices- physical peripheral devices to communicate results of processed data by computer to user
• Devices used to provide human readable data processed from machine readable data• Printers
• Monitor- electronic visual display
• Speakers – converts electrical impulses to sound waves to produces audio output.
23
Other Hardware components
• Motherboard-most important component that connects CPU, ansprimary memory, secondary storage devices and any other peripheral devices also has expansion ports e.g. sound card, graphic cards or network cards can be added to computer.
• Computer cases: a case where all internal components of a computer are stored.
• Power Supply
• Video card
• Sound Card
• Network card (network adaptor)
24
Types of Computer Systems
• Mobile devices• Laptops • PDA and Smartphones• Tablet PCs• Netbooks
• Desktop Computers
• Workstations- specialised hardware enhancements (powerful processors- e.g. for 3D modelling )
• Servers• Database server• File server• Transaction server• Web server
• Mainframe computers
• Supercomputers e.g. weather forecasting25
Computer hardware selection and upgrading
• Processor Speed (Mhz, GHz)(microprocessor speed)
• Primary or main memory ( typical pc 2GB of RAM)
• Secondary Memory
• Output Devices.
• Network Devices/Internet connectivity
26
Software- intangible lines of codes written by computer programmers using programming language.
User
Application software
System Software
Hardware
• Computer software consists of computer programs and related data that give instructions to computer hardware thus controlling computer hardware
• 2 categories of computer software• System software- manage and control activities and
functions of hardware as well as give platform for Application programs to run
• Application software
27
Software
System Software
Operating SystemNetwork operating
system and management system
Database management
softwareUtility Software
Application Software
Software trends and issues
Software development (programming language, process and purposes)28
System software_ manage and control the activities and functions of
hardware and provides platform for application programs to run on the computer system
• Operating Software
• Utility Software
• Network operating system and management software
• Database management software
29
Operating System software- consist of software that enables the various parts of a computer system to work together
• The Kernel is the central component of an operating system and controls the most critical processes. It enables hardware-software interaction
• Tasks of an operating system• Processor task management- assigns tasks to CPU• Memory management• Device management• File management• API-application program interface• User interface• Network capabilities
30
Operating System software-Types of OS• Single user, multi
tasking(personal computers
• Single user, single task
• Multiuser- Microsoft windows server2008, unix
• Embedded- works on limited resources compact and efficient PDA smartphones google android
• Factors to consider when choosing an OS
• Speed and realibility, Security and user interactive environment• Ease of use• The intended use• Level of security• Hardware compatibility• Software compatibility• Technical support
31
Utility Software- helps analyse, configure, maintain and optimise a computer system
Type Tasks/Uses Examples
Anti-virus & Anti-spam Used to prevent, detect and remove malware
Norton Anti-virus, McAfee, AVG Anti-virus
Backup- utilities Create exact copy of all information stored on Disk . Able to restore
Norton Ghost, Acronis true Image and Symantec NetBackup
Data compression Compresses or reduces file size
Win-Zip, 7-Zip or Win-RAR
Disk compression Compresses or uncompresscontents of disk
Microsoft windows compression utility
Disk Utilities Disk checkers ,cleaners, space analyser to improve efficiency.
Microsoft windows error checking and defragmentation tools
File manager File system interface Microsoft Windows Explorer
Network utilities Monitor hardware & network performance and log events. 32
Database management software DBMS
• Program or collection of programs that enable user to store, modify and extract information from a database e.g. Microsoft Access, SAP, Oracle using SQL (structured query language)
33
Network operating system and management software• NOS network operating system – allows computer devices connected
to network to communicate with one another. Examples are Microsoft windows Server 2008,Unix
• Tasks and functions of NOS for a network• Processer task management
• Memory management
• Device management
34
Application software- used to accomplish specific tasks other that running the computer system
Type Tasks/uses Example
Word Processing Create and edit Documents MS word, Notepad
Spreadsheet Crate and edit documents and perform simple and complex calculations
MS excel, Lotus
Database Collection & management of data Oracle , MS Access
Presentation Slide show presentation of information
MS power point
Multimedia Create & play audio & video media Media Player, iTtunes
Web browser Allows access to world wide web Mozilla Firefox, Windows Internet Explorer, Google
35
Application Software
• Factors to consider when choosing application software
• Intended use
• Minimum hardware requirements.
36
Software Trends and Issues
• Software bugs – errors and faults are called bugs.
• Software update- available by web downloads and provides bug fixes and minor software upgrades
• Software upgrades are purchased newer versions of the software.
• Copyright and licences• Shareware: trial software demo versions e.g. Norton antivirus
• Freeware: software available at no cost e.g. 7Zip AVG antivirus
• Public domain software: publicly placed no intellectual property ownership
• Open-source software: freely available program source code.
37
Topic 3Computer Networks
38
Purpose of Communication Network
• Facilitation of communication
• Sharing hardware
• Sharing of data, information and files
• Sharing of software
• Information preservation- back up of information on multiple locations.
• A computer network is two or more computers or devices linked to one another by communication media which facilitates the communication amongst these devices.
39
Co
mp
on
en
ts o
f a
Co
mm
un
icat
ion
net
wo
rkCommunication Medium
Wired
Twisted pair wire
Coaxial cable
Fibre Optic
Wireless
Microwave
Radio
Infrared
Satellite
Specific Hardware
Route
Modem
Network Adapter
Communication Medium
Switch/Hub
Firewalls
Specific Software Network Operating System
Communication Protocol
LAYERS of Comm Protocol
Physical
Date Link
Network
Transport
Sessions
Presentation
Application
40
Components of computer networks
• These include hardware and software needed to enable computer systems to communicate with one another.
• A node is a connection point in a communication network. • a physical network node is an active electronic device that is connected to the
network capable of sending receiving or forwarding information over a communication medium.
41
Communication Medium/ Channel- Enables the signals to move from one point to another
• Wired transmission – wires and cable are media through which information moves from one network device to another
• Twisted pair wire
• Coaxial cable
• Fibre optics
42
Communication Medium/ Channel- Enables the signals to move from one point to another
• Wireless transmission • Signals are broadcast as the electromagnetic waves through free air space.
Wireless are transmitted by a transmitter and received by a receiver.• Microwave- high frequency signal sent through the air using earth based
transmitters and receivers • Satellite transmission – use microwave radio to transmit information
(voice, data and TV) • Radio – are signals of electromagnetic waves which can travel through
certain obstructions • Infrared – signals in the form of light waves are transmitted through air
between devices requiring line of sight for transmitting within short distances of less than a few hundred meters.
43
Hardware needed for communication
• Network hardware including network interface cards, network cables or communication mediums
• Network Interface Card/ Network Adapter a physical connection point
• Communication medium channel allows signals to move between locations
• Switch or hub a central connection point
• Router –translates information allows communication from one network to another.
• Modem- modulates and demodulates data (modulation is translation of data from digital to analogue demodulation is from analogue to digital signal.
• Firewalls –Security can be hardware or software, an automated processes to reject access requests from unsafe sources to allow actions from recognised sources.
44
Communication Protocol-rules governing info and communication exchange between computers and devices on a network
• OSI- Open Systems Interconnection Framework (7 layers)
1. Physical- transmit bit stream
2. Data link- data packets are encode and decode into bits
3. Network-logical paths created for transmitting data
4. Transport- complete data transfer
5. Session – Connections are established managed & terminated between application
6. Presentation – transforms data into form that application layer can accept and formats
7. Application- Supports applications and end user process
45
Layer 1• Physical- transmit the bit stream through the network at the electrical or mechanical level.
Layer2• Data links- data packets are encoded and decoded into bits
Layer3
• Network- logical paths are created for transmitting data from node to node by switching and routing technologies.
Layer 4
• Transport- ensure complete data transfer by providing the transparent transfer of data between end system or host and is responsible for end to end error recovery and flow control
Layer 5• Sessions- Connections are established , managed and terminated between applications
Layer6
• Presentation-Transforms data into a form that the applications layer can accept and formats and encrypts data to be set across a network, providing freedom from compatibility problems
Layer7 • Application – Supports application and end user processes
46
Software needed for communication
• Networking Operating System (NOS)- allows computers and devices to communicate with one another
• Networking management software includes software tools and utilities fro manging networks – these tools enable the network manager to scan for viruses on the network , monitor the shared hardware and manage the validity of software.
47
Network configuration
• Network topologies – shape or layout of connected devices ( the physical layout or virtual shape or structure)
• Bus topology
• Ring topology
• Star topology
• Tree topology
• Mesh topology
48
Geographical scope
• PAN Personal Area Network
• LAN Local Area Network
• WLAN wireless local area network
• MAN Metropolitan Area Network
• WAN Wide Area Network ( e.g. Internet)
• VPN- Virtual Private Network ( uses public networks to connect nodes)
49
Selecting a Suitable Network Configuration
• Area or coverage/ Distance between nodes
• Data communication volume and speed
• Security
• Hardware and software compatibilityClient Server systems -
Powerful computer systems are dedicated to
providing a specific services or performing a
specific task Servers
Distributed Processing –Multiple remote computer systems linked together where
processing is distributed to more than 1 of these computers for efficient and faster task
processing. 50
The Internet, Intranet, and Extranet.
• Internet a global network of computer networks which supports the communication and the sharing of data and offers vast amounts of information through a variety of applications
• Internet service provider (ISP) Co providing access to Internet e.g. MWEB, @lantic, Telkom, Vodacom
• The internet uses standard Internet Protocol (IP) technology to link different networks together
• IP Rules that govern the way computers communicate and exchange data and enables two networks to connect
• IP address is a unique number used to identify computers on the network
51
Domain Name System(DNS) are an easier way of locating computers in the network instead of IP addresses
• Domain names consist of 2 parts
• 1st part is the host computer/organisation (2nd level domain SLD)• Example Microsoft, Co. name
• 2nd part identifies the type of organisation(Top Level Domain TLD) • .com commercial organisation
• .gov governments
• .org non profit organisations
• .ac or .edu academic or educational instructions
• .net networking organisation
• .int international organisations
Country TLD to the right of TLD.za South Africa.au Australia.uk the United Kingdom.us the United States
52
Internet
• URL: Uniform Resource Locator – a unique address assigned to each computer connected to the internet which identifies the computer to other hosts.
• http: hypertext transmission protocol
• HTML- hypertext Markup Language standard page description language for webpages
• the URL consist of the scheme name http: then domain name or IP address follows
53
Internet
• Internet is a packet switching network TCP/IP as its core protocol
• Packet switching involves systems that transmit data in small packets using the best path to their destination thus enabling users to transfer large amount of data over the internet.
• TCP/IP is a suite of protocols that govern network addresses and the organisation and packaging of information to be sent over the internet and allows computers to communicate with each other
• TCP transmission Control protocol
54
Internet applications
1. www a service run on the internet- it is a collection of documents and other resources linked by hyperlinks and URLs • www is a menu based system using a client/server model. Web browser is used to
view websites. A home page is a cover page that links pages using HTML(Hyper Text Markup Language) a standard page description language for web pages
• XML- Extendable Markup Language.
2. Email and IM-instant massaging
3. FTP- File transfer Protocol- used to copy files across computers over the network
4. E- Commerce
5. Research tool
55
Intranet and Extranet
• Intranet is an internal or private network that uses IP standards and tools such a web browser an file transfer applications .
• Extranet is network that links intranet to the internet. The intranet is behind a firewall that allows only authorised users to view files.
56
Topic 4Threats in a computerised environment
57
Vulnerability
Threats
Natural
Environmental
Human
Errors
Waste
Computer Crime
Exposure
Risks
58
Threats to Computerised Information System
• Vulnerability is the security weakness or flaw in IS that a creates an opportunity for an attack on CIA confidentiality integrity and availability of information
• Threat – potential that vulnerability might be exploited either internationally or accidentally.
• Exposure existence of the vulnerability exposes the organisation to financial loss.
• A risk is the probability of a vulnerability being exploited.
59
Common threats to IS
1. Natural threats- natural and external vulnerabilities such as natural disasters including floods, fires, winds or thunderstorms
2. Environmental threats- environmental and internal vulnerabilities such as liquid leakages, chemical waste, power surges.
3. Human threats1. Errors- e.g. installation errors or users making data capturing or processing
errors.
2. Waste- inappropriate use of computer equipment resulting from poor computer resource management. E.g social media during working hours unnecessary printing and Spamming
60
Common IS Threats3.3 Computer Crime
1. IP Spoofing- forging an IP address concealing real identity to appear as if its and Ip Dress of a trusted source
2. Computer forgery – forgery of documents using letterheads to forge fake documentation.
3. Computer fraud- using computers to commit fraud e.g. altering the algorithm to calculate interest incorrectly to benefit the fraudster
4. Computer related scams subset of computer fraud where too-good to be true deals
5. Malware- malicious software1. Computer virus- self replicating programs attached to emails and downloaded files.2. Worm- self replicating program that enters through the network3. Trojan horse-a destructive program disguised as a valuable program(worm, virus or logic
bomb)4. Logic bomb- an intentionally inserted program set to corrupt/delete data or files.
61
Common Is Threats3.3 Computer Crime cont..
6. Rootkit – grants an attacker continuous full access while hiding their presence.
7. Spyware- secretly transmits personal information to a cyber criminal.
8. Adware- popup adds used to generate traffic and obtain email addresses
9. Blended threat – combinations of different malware to exploit the vulnerabilities of a system.
10. Identity theft
11. Shoulder surfing shadowing the target to accidentally see or hear passwords.
12. Social engineering – studied target on social media to determining what might be their password.
13. Phishing- fishing for sensitive information by misleading the victim into thinking that correspondence is with a trusted source while it’s a spoofed website.
14. Pharming- redirects traffic from the actual website to a fraudulent one.
62
Common Is Threats3.3 Computer Crime cont..
15. Cyber terrorism – acts of terrorism using computers or computer networks
16. Cyber Extortion- similar to cyber terrorism but is conducted for personal gain by extorting money using DoS (denial of service – flooding the target website with phony data, messages or requests resulting in extremely slow website response or crashing the site.
• Information systems as targets of crime
1. Software piracy- illegally copying software copyright infringement.
2. Theft of data resulting in loss of trade secrets.
3. Theft or destruction of computer equipment
4. Theft of computer time by organisations staff.
63
Topic 5Controls in a computerised environment
64
Information System Security Policy
Definition Guidelines for
Information system security Policy
CobiTframework
The King IV Report
Information Security
Framework (ISF)
65
Computer and accounting information system controls• Information System Security Policy- a formal written document
describing procedures to be followed by the organisation when addressing threats to an information system, the policy provides a framework for measures taken to ensure sufficient protection of the information system.
• 1st do a risk assessment the quantification of the likelihood of these threats resulting in IS being attacked.
• Documentations with guidelines for information system policy 1. The CobiTframework (CobiT)
• The Control objectives for information and related Technologies
2. The King IV report
3. Information Security Framework (ISF)
66
The CobiTframeworkThe Control Objectives for the information and related Technologies (CobiT) is a framework with the main objectives of assisting management to find a balance between risks and control investments in a fickle information system environment by implementing an Information technology governance system.
IT governance refers to structures and process in place to ensure that IT benefits are delivered to help the organisation achieve and sustain success in the end.
CobiT follows a top down approach to information system • High level control objectives are defines for every information system
process• Information system processes are linked to specific detailed control
objectives• Auditing guidelines support the control in order to determine how these
objectives can be monitored. 67
The King IV Report Released to address reduced investor confidence resulting from business
failures and dubious accounting restatements Provides guidelines on restoring and maintaining investor confidence
through good corporate governance. Influences risk management, assurance and reporting frameworks IT governance is the responsibility of the board of directors and should be
taken into account when compiling a information system security policyo Align IT objectives with performance and sustainability objectives of the company.o Delegate responsibility to implementing IT governance framework to management.
CEO to appoint appropriate CIO and establish a IS steering committee.o Monitor and evaluate significant IT investment.o Comply with relevant IT lawso Appoint risk committeeo Appoint audit committeeo Manage information assets
68
Information Security Framework (ISF) An independent non- profit organisation established in1989. Provides authoritative opinion and guidance on all aspects of information
security Overs valuable services to members including a library full of research
relating to information security and information risk management and related topics.
69
Control Concept
Control Classification
Type
General Control
Application Control
Function
Preventative Control
Detective Control
Corrective Control
Controls specific for
communication System Controls
70
Controls Classified by Type
• General Controls • overall controls affecting all transaction processing.
• Implemented to ensure effective operation of the organisations accounting information system.
• Applications Controls-• Specific to the functioning of individual applications
71
Control by Type-General Controls
• Organisational Controlo Segregation od duties
• Operational Controlo Procedure manuals fro each tasko Competent staff for processing of transactions
• Protection of IT environment controls- restriction access to computer of informationo Controls against human access- fences, locks, keys, badges, access reports
and biometric accesso Access to computer and information – user authorisation such login IDs,
Passwords and PIN personal identification keys o Firewalls o Encryption
72
Control by Type-General Controls
• Protection of IT environment controls- restriction access to computer of informationo Backup powero Smoke detectorso Raised floor- to prevent waters damage in floodingo Insuranceo Maintenance
• IT asset accountability Controlso To be performed by staff not directly involved in processing capturing of transactionso details of control accounts in the general ledger should be documented in subsidiary
accountso reconciliations and review by independent senior staff.
73
Control by Type-Application Controls
• Input Controls-
to detect and prevent errors when entering information to information system to ensure validity , timeliness and accuracy.
o Input Edit
oData transcription ( batch control logs and batch serial numbers)
oData observation and recording – record counts and control totals to balance input totals with source documents.
o Transmission of transaction data- read backs to sender of data for comparison and approval.
74
Control by Type- Application Controls
• Processing Controls
To ensure all data is processed accurately and in time . Ensure nodate is lost altered or added during processing.
oPhysical inspection and checks – includes reconciliation peer review by other co workers
o Logic checks
oRun- to run totals- ensure that batched data are complete
75
Control by Type- Application Controls
• Output Controls
Ensure the reliability and integrity of output information after input and processing stage.
oDiscrepancy reports should be generated and investigated
oReconciliation of output information to input data based of documented procedures
o Files should be verified and audited on a surprise bases.
76
Controls by Function-Preventative1st layer of Internal control Shield- prevent and discourage adverse events
• Preventative Controls• Backup of data and
documentation
• Antivirus software
• Antispyware
• Spam management software
• Training of staff
• Software change and implementation controls
• Adequate disposals of used/ redundant equipment
• Firewalls
• Encryption
• Biometric access control
• Raise flooring and temperature control in server room
• Physical access controls such as locks, fences, alarms and security guards
77
Controls by Function-Detective2st layer of Internal control Shield- search for uncover and identify adverse events after they have occurred
• Programmed edit tests
• Check digit
• Mathematical accuracy checks
• Alpha/numeric checks
• Limit checks
• Activity logs
• Intrusion detection system (IDS)
• Hash totals
• Other examples
• Run-to-run totals
• Audit trails
• Smoke detectors
78
Controls by Function-Corrective
• Preventative Controls 3rd and last layer of Internal control Shield-commence as soon as detective controls have identified an adverse event . Their function is to limit and repair the damage caused.• Backup data restoration
• Backup power
• Fire extinguishers
• Insurance
79
Disaster Planning
• Elements of disaster planning • Controls- anticipate or prevent possible disasters
• Disaster recovery / Contingency planning after the event
• Steps in implementing disaster recovery• Step1 - analysis of organisational need
• Step2- list of priorities for recovery compiled based on need
• Step3- formation of planning committee to design a recovery strategy.
80
Contingency Controls
• Training of staff
• Fire safety plan
• Water proofing of ceilings and floors
• Sufficient drainage
• Maintenance
• Standby procedures
• Recovery procedures
• Backup arrangements
• Hot site
• Cold site
• Incremental backup
81
System Controls
• Staff controls-
• Sign-on procedure
• Database controls
• Input controls
• Output control
• Processing controls
• Telecommunication controls
• Interactive processing
• Help facilities
• Look up tables
• Restart procedures
82
Topic 6Privacy and Ethics matters in a computerised environment
83
Ethics
Ethics & the Information
Privacy & the Individual
Ethics & the organisation
Privacy
Privacy & the Individual
Privacy & the organisation
84
Privacy and the Individuals
• Respecting an individuals privacy involves valuing the confidence of the personal information, by using it appropriately and protecting the information
• Each individual is responsibility to be proactive in protecting your personal information.• Be alert do not share personal information unless it is absolutely necessary.
• be informed about the latest scams so u don’t fall victim
• Care when conducting online transactions
• Be aware of POPI- Protection Of personal Information Act.
85
Privacy and the Organisation
• Privacy in the case of the Organisation refers to information considered confidential and the need for protection from public disclosure.
• one has to respect the value and ownership of information they receive and should only disclose it when they have authority to do so unless the is a legal or professional obligation to do so.
• All organisations have a right to privacy
86
How Organisations can protect their Privacy
1. Computer Monitoring – should be used as last resort as it has ethical concerns as the employer can keep an eye on everything that the employees does on the computers
2. Email and Voice mail
3. Video Monitoring – security
4. Firewalls
87
Ethical Issues
• Ethics – doing what is right based on a set of moral principles.
Ethics & the Individual
• Individuals should ask themselves “What is the right thing to do in any situation?”
• Ethics and Information
• Ethics and the development and applications of information technologies Principles Integrity , Objectivity , Confidentiality and Proffesionals
88
Principles to Ethical treatment of Information
• Integrity- information should be communicated with honesty and integrity- it should neither be falsified nor presented in misleading manner.
• Objectivity- as far as possible information should be collected analysed and communicated to the intended party fairly without prejudice or undue influence or self interest.
• Confidentiality- in accordance to privacy regulation information should not be disclosed unless there are professionally and legal reasons exist.
• Professionalism- Information must be handles ina professional manner.
89
Ethics and the Organisation• Code of Conduct – set an ethical tone in the organisation.
• Code of Conduct-includes the organisational values and its responsibilities towards all its stakeholders.• (IFAC 2007:5)- International Federation of Accountants – code of conduct for
Accountants-• “Principles, values, standards or rules of behaviour that guide procedures and system of an
organisation in a way that it contributes to the welfare of its key stakeholders and respects the rights of all its constituents affected by its operations.”
• Corporate governance – KingIV report
90
Topic 7System Development
Lifecycles-development and review & maintenance
91
System development
System Development:
Prototyping
RAD
End-user developed
Traditional SDLC
Outsourcing development
• System development is the creation od a new information system or the modification of an existing one using computer technology
• Re-Engineering: this is the process of re-thinking and re-designing the business process, structures and information system in order to achieve a breakthrough in solution to a problem or improved innovative performance.
92
System development- Factors that results in the need for system development
1. Changes in Technology
2. Changes in needs of user and other stakeholders
3. Changes in business environment
4. Changes in the nature of the operations / business
5. Changes to maintain or improve competitiveness
6. Changes to improve performance and production
7. Change in the decision making policy
8. Depending on the extend of the changes or problem this may be a maintenance or a complete overhaul to creating a new information system
93
System development- Factors that determine the success of system development.
1. Selection of developers involved in process
2. The use of project management tools
3. The planning of the project
4. The extent of changes in the information system
5. The involvement of users in the development process
6. The change management achieved by the new system
94
Preliminary System
Investigation • Define the Problem
System Analysis• Analysis of the needs of the end- user and
plan the solution
System Design • Describe the desires features and the
working in detail
System Implementation
System review & maintenance
The design face is put into action the system is build or bought and put to use
Evaluation of the system and what happens with the rest of the system’s life.
Overview of traditional SDLC
95
Traditional SDLC-creating an experimental scaled down system on which
users can test and select what the do not want.
• Advantages
• Less experienced staff can be used ( detailed guidelines and clearly defined stages)
• Easy to manage. Revision at end of each stage ensures effective control of project.
• Good documentation at all stages simplifies maintenance and to track system requirements.
• Reduced cost as staff can be transferred across projects .Consistent.
• Progress can be measured and controlled.
• Disadvantages
• Users are not involved in planning stage and cannot determine if their needs are being meet.
• A stage cannot start before a previous stage has been completed.
• Expensive and time consuming creation of document and keeping them current.
• Going back ½ steps is very expensive
96
Prototyping-creating an experimental scaled-down system (prototype)on
which users can test and select what the do and do not want.
• Advantages
• Allows for early testing and early detection of errors
• Users are involved in the evaluation leading to positive outlook on progress and results
• Users are able use the product without training as they already used prototype
• Faster development
• Better understanding of user requirements
• Users provide useful feed back during development
• More Flexible
• Disadvantages
• Difficult to contain the extend of prototype and scope screep
• Each iteration builds on a previous one and the final product may only be incrementally better than the initial system.
• System backup and recovery , security and performance can easily be disregarded.
• Documentation may be partial or absent.
97
RAD- Rapid Application Development- workshops and focus groups
gather end user requirements where different developers have canvased what user needs
• Advantages
1. Quick delivery
2. Changing requirements can be accommodated
3. Progress can be measured
4. Short cycle time due to powerful RAD tools
5. Productivity with fewer people
6. Use tools and frame works
• Disadvantages
1. Management Complexity increased
2. Increased resource requirements
3. Suitable for a systems that are component based and scalable
4. User involvement is required through out the life cycle
5. Suitable for projects requiring short development times.
98
End-User development-users develop their own applications system
using existing application software to solve their own information needs.
• Advantages
1. Encourage innovation and creative solutions
2. Faster design and development cycle
3. Users more involved in review and maintenance
4. Better productivity of users work
5. Reduced communication problems between users and is and they understand the system better
6. More acceptable to users and they take ownership of system
• Disadvantages
1. Loss of control over data
2. System is not tested for errors and bugs
3. Duplication of effort and waste of resources likely
4. Poor documentation
5. users are not trained as programmers
6. Loss of control of quality in both programs and data
99
Outsourcing-obtaining some or all activities of IS from an external service
provider to handle all or parts of data capturing and processing and an annual
• Advantages
• Organisation can concentrate of their core business
• Client gets access to latest technology
• Reduces cost
• Insulate organisations from uncertainty about the levels of service they can expect
• Annual bidding reduces cost
• Supplier provides better expertise
• Quick delivery of benefits and change
• Disadvantages
• Risk to Confidentiality
• Supplier may fail to deliver
• Long contract may limit organisation
• Loss of control over information system
• May be difficult to find service provider able to handle complex processes
100
• System Investigation
• Development team
• Feasibility analysis
• System Investigation Report
System Analysis
Steps in system analysis
Different techniques
Stages in SDLC- System Development Life Cycle
#Stages 1 #Stages 2
101
System Investigation – the needs of the organisation is investigated and
potential problems and opportunities are identified
• What problems would the system need to be solves?
• What opportunities would the system provide?
• What hardware, software, databases or procedures are needed?
• What are the potential cost?
• What are the related risks?
102
Development team
• Project manager
• Upper level mangers
• Middle management
• Information system staff
• End users
• Other stakeholders
• Responsibilities of development team • Gather and analyse date
• Identify shortcoming
• Write a report justifying system development
103
Feasibility Analysis
Type Description
Technical feasibility Hardware, software and other system component needs
Economic feasibility Financial viability of the project
Legal feasibility Legal regulations that may limit or prevent project
Operational feasibility Measure if project has the ability to be put into action
Schedule feasibility Determines whether the project can be completed within a reasonable time
104
System Investigation Report
• Report on system investigation
• Recommendations • Continue with development of the new system, or
• Modify the existing system in some way , or
• Not change the current system
105
System Analysis- determines what to do to solve the identified problem. It
starts by clarifying the overall goals of the organisation and determining how the existing or proposed information system helps meet these goals.
• Steps involved in system analysis• Set up a committee (team)- consist of the development team users
stakeholders is staff and management
• Collect data and understand requirements
• Investigate the collected data
• Prepare a report on existing system, new system requirements and project priorities.
106
System Analysis
• Different techniques to gather information
• Interviews
• Joint application development workshop(JAD)
• Questionnaire
• Observations
• Document review
107
System Design Process
Logical & Physical System Design
Interface Design
System Security and Controls
Generating System Design Alternatives
Evaluating and Selecting a System Design
System Design Report108
System Design- a solution to a problem is planned and documented. It uses
information from the investigation and analysis of current methods and identifies methods to achieve better results
• System design process – this where the information from the investigation and analysis is taken to plan and document solutions the design can be split into smaller sections . They can decide to improve the current information system or build one from scratch . Think of the logical and physical system design the security and control and write up a report.
• Logical system design: the theoretical design of the structure of a new system . Describes the practical requirements of a system and conceptualises what the system will do to solve the problems identified
• Physical system design: the broad user oriented requirements of the logical design are translated into detailed specifications used to code and test computer programs
109
System Design- a solution to a problem is planned and documented. It uses
information from the investigation and analysis of current methods and identifies methods to achieve better results
• Interface Design : will it be menu-driven or command line interface?
• System Security and controls
• Generating alternative system designs
• Evaluating and selecting a system design
• Financial Options
110
Financial Options
Advantages Disadvantages
Renting (short- term)
No initial capital outlay Most expensive form of financing
Payments are predictable High monthly costs
No long term commitment liability No ownership
Rent payments are tax deductible Link with vendor limits freedom and independence
Maintenance on account of vendor May have to rely on maintenance
Leasing( long term )
No initial capital outlay Poor flexibility of upgrade
More flexible than purchasing Longer commitment than renting
No long term liability May have to rely on maintenance
Less expensive than renting No ownership
Tax benefits usually passed on by lessor High cost of cancelling agreement
111
Financial Options
Advantages Disadvantages
Purchasing
Cheap form of financing Highest initial capital outlay
Depreciation is tax deductible Maintenance at own account
Total control over equipment Other expenses include insurance
Can sell equipment aat any time May prevent investment in other profitableprojects.
Asset reflects on statements
• System design Report • Logical system design report
• Physical design report
112
System Implementation- finalise and install the system to make
everything including users ready for it operation. Puts the planes changes or new system into action.
• System implementation process
1. Hardware acquisition
2. Software acquisition or development
3. Preparation of current users
4. Hiring and training of new staff
5. Site preparation
6. Data preparation
7. Installation
8. Testing
9. Start-up
10.User acceptance
113
System Implementation Process
• #1 acquiring hardware- financing options Rent leasing and Purchase
• #2 acquiring or developing Software – make or buy decision • Off the shelf software- may not match need exactly , Cost is lower as initial
cost is spread over many users, time is less as its acquired immediately , usually quality is high, other competitors can access the exact same product and have the same advantage
• In house development – matches needs exactly, expensive, time consuming quality dependend on development team, may create a competitive
• #3 preparing current users
114
System Implementation Process
• #4 Hiring and training new staff if needed
• #5 Site preparation
• #6 Data preparation
• #7 Installation of new hardware
• #8 Testing
115
System Implementation Process• #9 Start- up
• Process of making the final tested information system operational • Direct conversion the old system stops and the new system starts on a
given date.
• Phased in approach: components of the old system are phased out while components of the new system are phased in
• Pilot running : the new system is used by a small group of users first rather than all the users
• Parallel running : both old and new systems run fro a specific period.
Old system New system
Old system
New system
New system: Pilot 2
New system
New system: Pilot 1
New system: Pilot 3
Old system
Old system
116
System Implementation Process
• #10 User acceptance: user acceptance document formal agreement signed between user that states that the implementation of the system has been approved.
117
System Review and Maintenance
• System review is monitoring and evaluation of the system to determine the success of the system development process and to make sure it continues to satisfy the goals of the organisation.
• System maintenance a continuous system development stage that ensures that the system is checked and changed or modified to improve it and make it more useful in terms of meeting the goals of users and organisations.
• Approaches of system review and maintenance • Time Driven approach
• Periodic monitoring of the system at a specific time if problems are identified maintenance or new system development cycle may be initiated.
• Event Driven approach –• triggered by an event such as error , merger new market or new product
118
System Review Process
• Objectives
1. Is the system developed as intended (by review team consisting of development team).
2. Is the system fulfilling the needs of the user and organisation as envisaged.( by independent review team.)
• Factors to consider during the system review process
The mission of the organisation, the hardware, software and controls in place, cost of development and operation.
119
Aspects of System Review Process
• Post implementation review (1month – 1year )
• Resource management review • internal auditing team does this
• Review methods
1. Questionnaires
2. Focus groups
3. Survey
4. Performance measures
• System review report
120
System Maintenance Process
• The maintenance team may be different from the development team or it may be the development team
• responsibility of maintenance team
1. Ensure that changes are carried out quickly and effectively
2. Failed hardware is fixed
3. Existing software is fixed if needed
4. Existing software is updated regularly.
5. Existing software is modified when required.
121
Types of System Maintenance
• Slipstream upgrade- minor upgrade –typically software code adjustment or minor bug fix, which is not worth announcing to users.
• Patch- a minor change to correct a problem or small enhancement.
• Release – a significant program change that often requires changes to the documentation of the software.
• Version – a major program change , typically encompassing many new features.
122
System maintenance documentation
• Request for maintenance form
• the cost of maintenance forms a large part of the cost involved in the overall system development process.
123
Topic 8Business Functions
124
Business ApplicationsESS
&
specialised
Information systems
MIS/DSS
TPS/ERP
Strategic Level
Technical Level
Operational Level
125
TPS- collects the organisations daily buisness transactions processes it into useful
information , stores both data and processed information it also retrieves the data and information to provide records and documentation.
• Advantages of Transactional Processing System
• Excellent customer service
• Better supplier relations
• Better productivity of staff
• Competitive advantage
• Timely user response and reports.
• Accuracy is improved.
126
TPS- business functions
Purchasing
• Accounts payable
• Inventories
• Purchasing order processing
• Goods received
Accounting
• Asset management
• Payroll
• Budgeting
• General ledger
• Accounts receivable
Sales
– Accounts payable
– Inventories(finished goods)
– order processing
– Distribution planning and
distribution of goods
– Sales configuration
127
ERP- an integrates data gathering and data processing of organisational departments into one single integrated system.
Advantages• Implemented across the whole organisation
• Eliminates expensive and inflexible systems
• Due to restricted profiles authorised users have access to authorised modules and information/data
• Workflows are more efficient
• Familiar interface and menus across modules
• Tracking and forecasting improved
• Data is captures only once across all modules integrated.
• Upgrading is simpler for only one system
Disadvantages
• Expensive and time consuming to implement
• Risk of using only 1 vendor
• Risk that system may not live up to expectation
• Changes are difficult to implement
• If implementation fails all integrated departments are at risk.
128
MIS -Management Information System
• integrated system provides management with wide variety of decision oriented information in order to achieve organisational objectives
• Converts data from mainly internal sources into information to generate regular reports and online presentation of present and past performance of organisation.
129
MIS- 7 Characteristics1. Provide a fix and standard reporting format.
2. Provide a hard and soft copy
3. Provide potential for users to customise reports
4. Provide exception reports on variances from budget and allows for manages to feedback any changes necessary as result of variances.
5. Supports operational and management levels.
6. Uses mainly internal data from computer to make reports.
7. Main focus is internal and used by managers.
130
DSS-decision support system• helps management at strategic and technical level in making decisions by
providing tools and models to solve structured, semi structured and unstructured problems.
• Data driven
• Documentation driven
• Communication driven- targets internal teams
• Knowledge driven
• Model driven
131
DSS 9 Characteristics
1. Specially developed to help decision making that varies from highly structured problem to unstructured problems
2. Mainly focused on supporting decision making rather that automating it.
3. Uses advanced software and modelling techniques and performing complex analysis e.g. Microsoft Excel (what if analysis and goal seeking analysis)
4. Flexible allowing user to customise their reports
5. Reacts fast to changing needs of users.
6. Assists managers thought different stages of problem solving.
7. Users can drill down into information ,handle large amounts of data from different sources.
8. Decision process is streamlined i.e. at operational, tactical and strategic levels of organisation and on once off decisions and repetitive decisions.
9. Information is generated in timely manner, quick access to information.
132
DSS vs. MIS
• Solve unstructured problems
• Users are more involved in system development
• Specialised reports
• Focus on supporting creative and innovative decision making
• Reports are generated dependent on changing needs and factors of problem
• Reports are a result of interactive interface with user.
• reports generated with aid of software and complex modelling tools
• Solves structured problems
• Users may not be involved in system development
• Reports may be generic
• Reports are a function of collection of information from different functions in order to report as a unit.
• Reports are more a function of regular(periodic) repetitive processes.
• Settings on systems are pre-set
• Reports are generated from averages and basic calculations
133
Problem solving and Decision making system
Knowledge Management System (KMS) concepts
Applications
Customer relationship Management System
(CRM) concepts
Expert System (ES) concepts
Group Support System (GSS) concepts
Executive Support System (ESS) concepts
134
KMS- Supports the creation, capturing, storing and distribution of expert and
knowledge using software, people, procedures, databases and devises.
• Characteristics of Knowledge Management Systems(KMS)1. Capable of solving appropriate problems relatively accurately.
2. Larger sets of pre-processed information needs to be submitted to the system.
3. Has a relatively high processing speed but this may decrease and the problems complexity increases.
4. Users need to be adequately trained as users need a high level of system knowledge.
135
ES: a system where expert knowledge is obtained and made available for users with less to benefit from this knowledge.
Characteristics1. Expert knowledge is made available
2. The Explanation facility explains how conclusions are arrived at.
3. Able to deal with uncertainty
4. Intelligent behaviour provides solutions to problems
5. Information sourced from different places used to draw conclusions from difficult relationships.
Applications1. Legal advice based on rules and
procedures
2. Hospitals & medical facilities use ES to assist with the variety of medical conditions
3. Organisations to plan budget & coordinate proto-testing programmes
4. Organisations can make predictions on market and customer behaviour.
5. Project management
6. Determine weakness and recommendations on improvements
136
CRM- a form of KMS, software that concentrates on providing information on an organisations customers and its products.
• Customer Relations Management (CRM) Applications 1. Collection of data on customer
2. Retain loyal customers
3. Contact customers
4. Advertise new products to customers
5. Sell to products and services to customers
6. Use customer order history
7. Handle customer enquiries and complaints
8. Respond quickly and appropriately to customer needs.
9. Obtain market feedback
137
GSS: allows supports users to work together on tasks, share and adjust same
documentation, plan appointments on each others calendars, share files and databases, have electronic meetings and develop ready made applications.
Characteristics1. Parallel participation
2. Special design
3. Flexible
4. User friendly
5. Anonymity
6. Availability of data
Applications1. Capture store and distribute memos
2. Microsoft -exchange allows access to linked servers indifferent locations
3. Video conferencing is possible
4. Microsoft Outlook provide for sharing of documents, e-mail massaging and scheduling of appointments.
5. Microsoft-net meeting software supports multiparty calls.
138
ESS-specialised decision oriented system put together to assist executives in order to make decisions. Executive support system
Characteristics1. Executives can drill down to information
to determine how reports were produces and for more information
2. ESS can be adjusted and designed to suit specific individual Executives
3. User-friendly so no particular training is required.
4. Makes tracking and accessing of information quick, filter data and deliver summary of company information.
Applications1. Analysis of possibilities of mergers
2. Assist in planning of acquisition of equipment
3. advantage of data mining from various sources which give a n overall view of situations for effective strategic planning.
4. Supports strategic organisation employment and control.
5. Informed top level decisions.
6. Large amounts of data may make the system slow and hard to manage.
139
Topic 9E-business, E-commerce, m-commerce
E-marketing & related threats and how these are mitigated
140
Definitions
• All business processes enabled by technology including research, development, marketing, financing, & HR
e-business
• Use of technology mediated exchange to sell, buy, deliver service and pay for products and services over computer networks
e-commerce
• Use of technology to generate leads create brand awareness & offer incentive of online purchases
e-market
• Use of mobile devices to sell, deliver, service and pay for products and services
m-commerce
141
Importance of e-business
Importance
1. A good knowledge is essential to knowing which departments need to be integrated, how they are integrated and why
2. Knowledge of what evidence needs to be kept , how to conduct audit and audit trails
3. What policies and regulations need to be selected and adhered to both internally domestic and international
4. To know what risks are the in e-commerce and how to mitigate against these
Categories of e-commerce
• B2B-wholesaler to retailer
• B2C vanschaick
• C2B
• C2C gumtree
• E-Government
142
E-Marketing technology to generate leads create brand awareness & offer incentive of online purchases
Advantages
1. Opens up global markets
2. It is more affordable
3. Real-time statistics
4. Can be personalised to the target market/customers
Disadvantages
1. E-marketing overloading
2. Online marketing material can be copied by competitors
3. Deliverability is not guaranteed
143
E-Commerce technology mediated exchange to sell, buy, deliver service and pay for products and services over computer networks
Advantages
1. Direct customer relations
2. Reduced costs
3. Always open for business
4. Accurate information as customers get to specify their needs
5. Increased competitive edge
6. Access to global market
7. Flow of information between organisation and customers
8. More choices available leads retailers not having to keep stock
Disadvantages
1. Limited to those with technology
2. Products once received may not live up to expectations
3. Technology costs and retaining of staff qualified to run the systems
4. Lag time in delivery may lead to buyers remorse and customers cancelling orders as opposed on site(in shop)purchases.
144
M-commerce mobile devices to sell, deliver, service and pay for products and services
Advantages
1. Personalised commerce
2. Location-GPS introduces a way for fro targeting customers geographically.
3. Real-time information
Disadvantages
1. Limited screen
• Restricted input
• Limited speed on some networks
145
Threats specific to e-commerce-Information
• Information threats related to threats to availability of data and the possible corruption of data and information on e-commerce.• Examples
• Data alteration
• Website vandalism
• Incorrect website information may lead to monetary loss.
• Copyright, patent or trade secret infringement.
146
Threats specific to e-commerce-Technology• Threads to the technology including hardware, software
telecommunication and telecommunication• Examples
• DoS-denial of service attack
• Pharming- redirecting of traffic from authentic sites to fraudulent sites
• An inadequately designed websites make it difficult for users to find information and may lead to them being frustrated and then going to competitors
• inappropriate hardware& or bandwidth which cannot handle the traffic would be slow which also lead to frustration.
• Flawed integration between organisations departments and systems may result in incorrect or I appropriate information being accessed and incorrect products being manufactured/ delivered.
• Most websites contain hyperlinks which lead customers to other organisations websites.
147
Threats specific to e-commerce-Business• This relates to the internet relationship between the organisation and
its customers • Examples
• Contracts concluded on e-commerce need to be enforceable and legal
• Global e-commerce internationally companies may be exposed to infringing or being in contravention of certain laws and regulations.
• 3rd parties and intermediaries between an organisation and its customers these are seen an extension or the organisation, any bad or improper conduct by these parties exposes the organisation.
• The organisations reputation may be destroyed by media or postings.
• Where organisations have chats/blogs and massaging boards they may be exposed by improper use of these sites by 3rd parties.
148
Mitigation of e-commerce threats• Install Firewalls Anti-virus, anti-spyware, and other anti-malicious software and
ensure that these are updated with the latest patches.
• Install reputational management
• E-commerce Disclaimers should be prominently displayed
• Establish an e-commerce business continuity plan fro all critical e-commerce components.
• Install strong authentication processes.
• Encryption (Public-key from sender and Private key for receiver)
• Ensure that transactions particularily if sensitive information is transmited, are done over secure sites these will have
• Digital certification(CA-certification authority) and
• SSL secure socket layer
149