ain1501 · information system •a system if a combination of 2 or more components that serve a...

AIN1501Summary and exam prep

1

Topic 1Information, Information Systems, Information Strategy and Information Systems Departments

2

Information

• Information is a set of facts and data organised and processed in such a way that it provides additional value beyond that of the facts themselves.

• Information is data that has been processed in such a away that it is meaningful to the receiver. Provides knowledge that leads to user of these information to make decisions.

Decision Making Knowledge Data/Facts Activity/Events Information

Creation of Information

3

Information System10 Characteristics of Information-

1. Accurate – information must be free of error

2. Up-to-date – include all latest information and recording time must be minimised

3. Relevant – must be relevant to user needs

4. Format of information – the information must be presented in required format

5. Reliable – free of bias or hearsay source of information must be reliable.

6. Accessible -easily available to users to meet needs

7. Detailed information – information must contain only as much information as needed by user

8. Flexible – multipurpose information

9. Cost effective-cost of information must be balanced with value of information

10. Timely- delivered when needed

4

Users of Information

Internal

• Marketing

• Production management

• Employees

• Financial managers

• Sales managers

• Managers

• Human resource

• Staff managers

External

• Government

• Financial institutions

• Investors

• Potential employees

• Community research

• Shareholders / stakeholders

• Suppliers

• Customers

5

Information System

• A system if a combination of 2 or more components that serve a common purpose and interact to achieve a common goal

• System Performance Management• Effectiveness- measures extent to which system meets it goal

• Efficiency-rate of output over input

• Performance Standard

Open system –Interacts with environment and it in turn affects its environment. most business systems are open e.g. purchasing system

Closed System- is isolated from environment not affected by its environment e.g. washing machine

ProcessingInput Output

Components of a system

6

Information System- an organised way of collecting, processing, managing and reporting information for informed decision making.

• Role of information systems in an organisations• Planning- long term strategic planning. As well as daily task management.

• Recording of transaction- to use as evidence

• Decision making- supports informed decision making

• Control and performance management – plans and objectives are put in place to allow management to measure performance output and to implement corrective measures if necessary.

• Accounting Information System – Collects, records, stores and processes financial data to supply information for decision making

7

Components of Computerised Information Systems

People Hardware Telecommunications Software Procedures Databases

6 stages of Computerised Information system Process

Activity Input Process

Storage

Output of Information

Making Decisions

8

Information Strategy – refers to decisions/ plans on how use

available information, how to collect more relevant ,useful information and how to use the information technology to manage the process.

• Elements of Information Strategy • Information technology - the processing

of data using electronic systems and all the communication links and software that go with it.

• Information technology strategy- the selecting operating and managing the technological elements of information system strategy

• Information System Strategy – the long term plan for the system in order to provide information to support business strategy.

• Information Management Strategy – the people involved with the information system and their roles.

Elements of Information

Strategy

Information technology

Strategy

Information System Strategy

Information management

Strategy

9

Information Strategy – refers to decisions/ plans on how use

available information, how to collect more relevant ,useful information and how to use the information technology to manage the process.

Elements of Information Strategy

• Information technology - the processing of data using electronic systems and all the communication links and software that go with it.

• Information technology strategy- the selecting operating and managing the technological elements of information system strategy

• Information System Strategy – the long term plan for the system in order to provide information to support business strategy.

• Information Management Strategy – the people involved with the information system and their roles.

Benefits of Information Strategy• Contributes to achievement of

business goal

• Ensures that required information is acquired, retained and shared with relevant stakeholders

• minimise development and maintenance costs.

• Organisation likely to create a sustainable competitive advantage.

• Ensures better quality of information thus better decision making.

10

Information System Department

• IS department- created to ensure that information system is operating efficiently on day to day basis and maintained or upgraded when needed.

• organisation of IS department• Centralised

• Decentralised

• Outsourcing

11

Centralised IS department- located in 1 single location

Advantages

• Reduced duplication of functions

• Files are more secure

• Economies of scale in procurement of equipment available.

• HO has better control on daily IS department

• Optimal utilisation of IS capital and more funds are available for IS expertise.

Disadvantages

• A single fault in the HO system affects all regional operations of the organisation.

• Regional offices are less self reliant.

• Time wasted at regional offices as they have to wait for IT services from head office.

12

Decentralised IS department- distributed throughout the

organisation with regional offices with own IS department.

Advantages

• IS staff more conscious of IS and business needs at regional level. needs of Reduced duplication of functions

• Every office is more independent

• Quicker access to IS assistance.

• IS cost/ overhead allocations are more.

Disadvantages

• Risk of duplication of tasks, functions and data exists.

• Harder to control the IS department.

• Lack of coordination between departments exists.

13

Topic 2Information technology Infrastructure

14

Information technology Components

• Hardware

• Software

Hardware Components

Input devicesProcessing

components

Secondary storage

componentsOutput devices

Other hardware devices

Types of computer systems

Computer system selection and upgrading

15

Hardware- physical parts of computer system

• Internal hardware components - motherboard, CPU, RAM, ROM, hard disk drive and BD/DVD/CD drive.

• External hardware devices- (peripheral devices)- Monitor, mouse, speaker, keyboard, printer, scanner

Input

Primary memory

OutputProcessing

Secondary Memory

Hardware Components16

Hardware-Input Devicesphysical peripheral devices used for data entry and provide control signals for user interface.

• Keyboard connected by• Port• Usb(universal Serial Bus)• Bluetooth- low power short range radio

technology • Wi-Fi- wireless networking technology (WLAN-

wireless local area network)

• Mouse

• Optical input devices • Imagining and video

• Scanner scans images and converts them to a digital format

• Touch sensitive screens(monitor)

• Audio input devices- Microphones captures sound and converts it into electrical signals

Input devices

Audio input-microphone

Keyboard

Touch sensitive devices(monitors

Optical devices-scanner, webcam

Mouse

17

Processing –CPU and Primary memory

• CPU- Central Processing Unit- the primary component of a computer that carries out the instructions of computer programs (brain of computer)

• 3 Components of CPU• ALU- arithmetic/logic-Unit: performs mathematical

calculations and other logic operations• Control Unit: fetches program instructions decodes

them and directs the instructions in and out of ALU, registers the primary and secondary storages and output devices

• Registers(primary memory ): temporary high speed storage areas used to hold program instructions before, during and after their execution by CPU.

CPU

ALU

Register Primary Memory

Control Unit

18

CPU• Executing Instructions – Machine Cycle-

• Step1#- Fetch instruction

• Step2#- Decode instruction

• Step3#- Execute instruction

• Step4#- Store results

• Clock speed –the speed at which the CPU executes instructions (megahertz (MHz) or gigahertz (GHz) the faster the speed the more instructions the CPU can perform persecond.

19

CPU- Primary Storage – the CPU stores and retrieves memory from this memory in a random manner

• RAM- Random Access Memory can be read and written into –volatile-needs steady flow of electricity –as soon as no power the data on RAM is lost

• ROM Read Only Memory- holds instructions to start up computer- non volatile does not need steady flow of electricity.

• PROM Programmable Read Only Memory- a memory chip used to store a program

• EPROM Erasable programmable read-only memory – can be erased by exposing it to ultraviolet light.

• EEPROM Electrically Erasable programmable read-only memory- can be erased by exposing it toe electric charge

20

Secondary Storage- storage devices or media able to store large

amounts of data, instructions and information permanently unless erased. Non-volatile used for Back up- Archive purposes.

• Magnetic hard disk drives- removable or non removable media connects to computer by means of integrated USB interface. • Hard Disk Drive (HDD) non volatile, random access device for digital data. Made

up of spindle magnetic rotating disks called platters which store and record data magnetically.

• Optical Disks- Removable media (DVD/CD &BD(blue ray disks))• Optical Disk Drive- uses laser light or electromagnetic waves to read or write data

to or from an optical disk.

• Flash Memory – memory chip (EEPROM- MP3,memory cards, USB flash drives and SSD) non volatile removable media.

21

Tertiary Storage –

• involves robotic mechanisms that insert and remove removable mass storage media in a storage devices e.g. Tape libraries, jukeboxes.

• Used for archiving rarely accessed information and extremely large data stores.

• relatively very slow access time

22

Output devicesphysical peripheral devices to communicate results of processed data by computer to user

• Devices used to provide human readable data processed from machine readable data• Printers

• Monitor- electronic visual display

• Speakers – converts electrical impulses to sound waves to produces audio output.

23

Other Hardware components

• Motherboard-most important component that connects CPU, ansprimary memory, secondary storage devices and any other peripheral devices also has expansion ports e.g. sound card, graphic cards or network cards can be added to computer.

• Computer cases: a case where all internal components of a computer are stored.

• Power Supply

• Video card

• Sound Card

• Network card (network adaptor)

24

Types of Computer Systems

• Mobile devices• Laptops • PDA and Smartphones• Tablet PCs• Netbooks

• Desktop Computers

• Workstations- specialised hardware enhancements (powerful processors- e.g. for 3D modelling )

• Servers• Database server• File server• Transaction server• Web server

• Mainframe computers

• Supercomputers e.g. weather forecasting25

Computer hardware selection and upgrading

• Processor Speed (Mhz, GHz)(microprocessor speed)

• Primary or main memory ( typical pc 2GB of RAM)

• Secondary Memory

• Output Devices.

• Network Devices/Internet connectivity

26

Software- intangible lines of codes written by computer programmers using programming language.

User

Application software

System Software

Hardware

• Computer software consists of computer programs and related data that give instructions to computer hardware thus controlling computer hardware

• 2 categories of computer software• System software- manage and control activities and

functions of hardware as well as give platform for Application programs to run

• Application software

27

Software

System Software

Operating SystemNetwork operating

system and management system

Database management

softwareUtility Software

Application Software

Software trends and issues

Software development (programming language, process and purposes)28

System software_ manage and control the activities and functions of

hardware and provides platform for application programs to run on the computer system

• Operating Software

• Utility Software

• Network operating system and management software

• Database management software

29

Operating System software- consist of software that enables the various parts of a computer system to work together

• The Kernel is the central component of an operating system and controls the most critical processes. It enables hardware-software interaction

• Tasks of an operating system• Processor task management- assigns tasks to CPU• Memory management• Device management• File management• API-application program interface• User interface• Network capabilities

30

Operating System software-Types of OS• Single user, multi

tasking(personal computers

• Single user, single task

• Multiuser- Microsoft windows server2008, unix

• Embedded- works on limited resources compact and efficient PDA smartphones google android

• Factors to consider when choosing an OS

• Speed and realibility, Security and user interactive environment• Ease of use• The intended use• Level of security• Hardware compatibility• Software compatibility• Technical support

31

Utility Software- helps analyse, configure, maintain and optimise a computer system

Type Tasks/Uses Examples

Anti-virus & Anti-spam Used to prevent, detect and remove malware

Norton Anti-virus, McAfee, AVG Anti-virus

Backup- utilities Create exact copy of all information stored on Disk . Able to restore

Norton Ghost, Acronis true Image and Symantec NetBackup

Data compression Compresses or reduces file size

Win-Zip, 7-Zip or Win-RAR

Disk compression Compresses or uncompresscontents of disk

Microsoft windows compression utility

Disk Utilities Disk checkers ,cleaners, space analyser to improve efficiency.

Microsoft windows error checking and defragmentation tools

File manager File system interface Microsoft Windows Explorer

Network utilities Monitor hardware & network performance and log events. 32

Database management software DBMS

• Program or collection of programs that enable user to store, modify and extract information from a database e.g. Microsoft Access, SAP, Oracle using SQL (structured query language)

33

Network operating system and management software• NOS network operating system – allows computer devices connected

to network to communicate with one another. Examples are Microsoft windows Server 2008,Unix

• Tasks and functions of NOS for a network• Processer task management

• Memory management

• Device management

34

Application software- used to accomplish specific tasks other that running the computer system

Type Tasks/uses Example

Word Processing Create and edit Documents MS word, Notepad

Spreadsheet Crate and edit documents and perform simple and complex calculations

MS excel, Lotus

Database Collection & management of data Oracle , MS Access

Presentation Slide show presentation of information

MS power point

Multimedia Create & play audio & video media Media Player, iTtunes

Web browser Allows access to world wide web Mozilla Firefox, Windows Internet Explorer, Google

35

Application Software

• Factors to consider when choosing application software

• Intended use

• Minimum hardware requirements.

36

Software Trends and Issues

• Software bugs – errors and faults are called bugs.

• Software update- available by web downloads and provides bug fixes and minor software upgrades

• Software upgrades are purchased newer versions of the software.

• Copyright and licences• Shareware: trial software demo versions e.g. Norton antivirus

• Freeware: software available at no cost e.g. 7Zip AVG antivirus

• Public domain software: publicly placed no intellectual property ownership

• Open-source software: freely available program source code.

37

Topic 3Computer Networks

38

Purpose of Communication Network

• Facilitation of communication

• Sharing hardware

• Sharing of data, information and files

• Sharing of software

• Information preservation- back up of information on multiple locations.

• A computer network is two or more computers or devices linked to one another by communication media which facilitates the communication amongst these devices.

39

Co

mp

on

en

ts o

f a

Co

mm

un

icat

ion

net

wo

rkCommunication Medium

Wired

Twisted pair wire

Coaxial cable

Fibre Optic

Wireless

Microwave

Radio

Infrared

Satellite

Specific Hardware

Route

Modem

Network Adapter

Communication Medium

Switch/Hub

Firewalls

Specific Software Network Operating System

Communication Protocol

LAYERS of Comm Protocol

Physical

Date Link

Network

Transport

Sessions

Presentation

Application

40

Components of computer networks

• These include hardware and software needed to enable computer systems to communicate with one another.

• A node is a connection point in a communication network. • a physical network node is an active electronic device that is connected to the

network capable of sending receiving or forwarding information over a communication medium.

41

Communication Medium/ Channel- Enables the signals to move from one point to another

• Wired transmission – wires and cable are media through which information moves from one network device to another

• Twisted pair wire

• Coaxial cable

• Fibre optics

42

Communication Medium/ Channel- Enables the signals to move from one point to another

• Wireless transmission • Signals are broadcast as the electromagnetic waves through free air space.

Wireless are transmitted by a transmitter and received by a receiver.• Microwave- high frequency signal sent through the air using earth based

transmitters and receivers • Satellite transmission – use microwave radio to transmit information

(voice, data and TV) • Radio – are signals of electromagnetic waves which can travel through

certain obstructions • Infrared – signals in the form of light waves are transmitted through air

between devices requiring line of sight for transmitting within short distances of less than a few hundred meters.

43

Hardware needed for communication

• Network hardware including network interface cards, network cables or communication mediums

• Network Interface Card/ Network Adapter a physical connection point

• Communication medium channel allows signals to move between locations

• Switch or hub a central connection point

• Router –translates information allows communication from one network to another.

• Modem- modulates and demodulates data (modulation is translation of data from digital to analogue demodulation is from analogue to digital signal.

• Firewalls –Security can be hardware or software, an automated processes to reject access requests from unsafe sources to allow actions from recognised sources.

44

Communication Protocol-rules governing info and communication exchange between computers and devices on a network

• OSI- Open Systems Interconnection Framework (7 layers)

1. Physical- transmit bit stream

2. Data link- data packets are encode and decode into bits

3. Network-logical paths created for transmitting data

4. Transport- complete data transfer

5. Session – Connections are established managed & terminated between application

6. Presentation – transforms data into form that application layer can accept and formats

7. Application- Supports applications and end user process

45

Layer 1• Physical- transmit the bit stream through the network at the electrical or mechanical level.

Layer2• Data links- data packets are encoded and decoded into bits

Layer3

• Network- logical paths are created for transmitting data from node to node by switching and routing technologies.

Layer 4

• Transport- ensure complete data transfer by providing the transparent transfer of data between end system or host and is responsible for end to end error recovery and flow control

Layer 5• Sessions- Connections are established , managed and terminated between applications

Layer6

• Presentation-Transforms data into a form that the applications layer can accept and formats and encrypts data to be set across a network, providing freedom from compatibility problems

Layer7 • Application – Supports application and end user processes

46

Software needed for communication

• Networking Operating System (NOS)- allows computers and devices to communicate with one another

• Networking management software includes software tools and utilities fro manging networks – these tools enable the network manager to scan for viruses on the network , monitor the shared hardware and manage the validity of software.

47

Network configuration

• Network topologies – shape or layout of connected devices ( the physical layout or virtual shape or structure)

• Bus topology

• Ring topology

• Star topology

• Tree topology

• Mesh topology

48

Geographical scope

• PAN Personal Area Network

• LAN Local Area Network

• WLAN wireless local area network

• MAN Metropolitan Area Network

• WAN Wide Area Network ( e.g. Internet)

• VPN- Virtual Private Network ( uses public networks to connect nodes)

49

Selecting a Suitable Network Configuration

• Area or coverage/ Distance between nodes

• Data communication volume and speed

• Security

• Hardware and software compatibilityClient Server systems -

Powerful computer systems are dedicated to

providing a specific services or performing a

specific task Servers

Distributed Processing –Multiple remote computer systems linked together where

processing is distributed to more than 1 of these computers for efficient and faster task

processing. 50

The Internet, Intranet, and Extranet.

• Internet a global network of computer networks which supports the communication and the sharing of data and offers vast amounts of information through a variety of applications

• Internet service provider (ISP) Co providing access to Internet e.g. MWEB, @lantic, Telkom, Vodacom

• The internet uses standard Internet Protocol (IP) technology to link different networks together

• IP Rules that govern the way computers communicate and exchange data and enables two networks to connect

• IP address is a unique number used to identify computers on the network

51

Domain Name System(DNS) are an easier way of locating computers in the network instead of IP addresses

• Domain names consist of 2 parts

• 1st part is the host computer/organisation (2nd level domain SLD)• Example Microsoft, Co. name

• 2nd part identifies the type of organisation(Top Level Domain TLD) • .com commercial organisation

• .gov governments

• .org non profit organisations

• .ac or .edu academic or educational instructions

• .net networking organisation

• .int international organisations

Country TLD to the right of TLD.za South Africa.au Australia.uk the United Kingdom.us the United States

52

Internet

• URL: Uniform Resource Locator – a unique address assigned to each computer connected to the internet which identifies the computer to other hosts.

• http: hypertext transmission protocol

• HTML- hypertext Markup Language standard page description language for webpages

• the URL consist of the scheme name http: then domain name or IP address follows

53

Internet

• Internet is a packet switching network TCP/IP as its core protocol

• Packet switching involves systems that transmit data in small packets using the best path to their destination thus enabling users to transfer large amount of data over the internet.

• TCP/IP is a suite of protocols that govern network addresses and the organisation and packaging of information to be sent over the internet and allows computers to communicate with each other

• TCP transmission Control protocol

54

Internet applications

1. www a service run on the internet- it is a collection of documents and other resources linked by hyperlinks and URLs • www is a menu based system using a client/server model. Web browser is used to

view websites. A home page is a cover page that links pages using HTML(Hyper Text Markup Language) a standard page description language for web pages

• XML- Extendable Markup Language.

2. Email and IM-instant massaging

3. FTP- File transfer Protocol- used to copy files across computers over the network

4. E- Commerce

5. Research tool

55

Intranet and Extranet

• Intranet is an internal or private network that uses IP standards and tools such a web browser an file transfer applications .

• Extranet is network that links intranet to the internet. The intranet is behind a firewall that allows only authorised users to view files.

56

Topic 4Threats in a computerised environment

57

Vulnerability

Threats

Natural

Environmental

Human

Errors

Waste

Computer Crime

Exposure

Risks

58

Threats to Computerised Information System

• Vulnerability is the security weakness or flaw in IS that a creates an opportunity for an attack on CIA confidentiality integrity and availability of information

• Threat – potential that vulnerability might be exploited either internationally or accidentally.

• Exposure existence of the vulnerability exposes the organisation to financial loss.

• A risk is the probability of a vulnerability being exploited.

59

Common threats to IS

1. Natural threats- natural and external vulnerabilities such as natural disasters including floods, fires, winds or thunderstorms

2. Environmental threats- environmental and internal vulnerabilities such as liquid leakages, chemical waste, power surges.

3. Human threats1. Errors- e.g. installation errors or users making data capturing or processing

errors.

2. Waste- inappropriate use of computer equipment resulting from poor computer resource management. E.g social media during working hours unnecessary printing and Spamming

60

Common IS Threats3.3 Computer Crime

1. IP Spoofing- forging an IP address concealing real identity to appear as if its and Ip Dress of a trusted source

2. Computer forgery – forgery of documents using letterheads to forge fake documentation.

3. Computer fraud- using computers to commit fraud e.g. altering the algorithm to calculate interest incorrectly to benefit the fraudster

4. Computer related scams subset of computer fraud where too-good to be true deals

5. Malware- malicious software1. Computer virus- self replicating programs attached to emails and downloaded files.2. Worm- self replicating program that enters through the network3. Trojan horse-a destructive program disguised as a valuable program(worm, virus or logic

bomb)4. Logic bomb- an intentionally inserted program set to corrupt/delete data or files.

61

Common Is Threats3.3 Computer Crime cont..

6. Rootkit – grants an attacker continuous full access while hiding their presence.

7. Spyware- secretly transmits personal information to a cyber criminal.

8. Adware- popup adds used to generate traffic and obtain email addresses

9. Blended threat – combinations of different malware to exploit the vulnerabilities of a system.

10. Identity theft

11. Shoulder surfing shadowing the target to accidentally see or hear passwords.

12. Social engineering – studied target on social media to determining what might be their password.

13. Phishing- fishing for sensitive information by misleading the victim into thinking that correspondence is with a trusted source while it’s a spoofed website.

14. Pharming- redirects traffic from the actual website to a fraudulent one.

62

Common Is Threats3.3 Computer Crime cont..

15. Cyber terrorism – acts of terrorism using computers or computer networks

16. Cyber Extortion- similar to cyber terrorism but is conducted for personal gain by extorting money using DoS (denial of service – flooding the target website with phony data, messages or requests resulting in extremely slow website response or crashing the site.

• Information systems as targets of crime

1. Software piracy- illegally copying software copyright infringement.

2. Theft of data resulting in loss of trade secrets.

3. Theft or destruction of computer equipment

4. Theft of computer time by organisations staff.

63

Topic 5Controls in a computerised environment

64

Information System Security Policy

Definition Guidelines for

Information system security Policy

CobiTframework

The King IV Report

Information Security

Framework (ISF)

65

Computer and accounting information system controls• Information System Security Policy- a formal written document

describing procedures to be followed by the organisation when addressing threats to an information system, the policy provides a framework for measures taken to ensure sufficient protection of the information system.

• 1st do a risk assessment the quantification of the likelihood of these threats resulting in IS being attacked.

• Documentations with guidelines for information system policy 1. The CobiTframework (CobiT)

• The Control objectives for information and related Technologies

2. The King IV report

3. Information Security Framework (ISF)

66

The CobiTframeworkThe Control Objectives for the information and related Technologies (CobiT) is a framework with the main objectives of assisting management to find a balance between risks and control investments in a fickle information system environment by implementing an Information technology governance system.

IT governance refers to structures and process in place to ensure that IT benefits are delivered to help the organisation achieve and sustain success in the end.

CobiT follows a top down approach to information system • High level control objectives are defines for every information system

process• Information system processes are linked to specific detailed control

objectives• Auditing guidelines support the control in order to determine how these

objectives can be monitored. 67

The King IV Report Released to address reduced investor confidence resulting from business

failures and dubious accounting restatements Provides guidelines on restoring and maintaining investor confidence

through good corporate governance. Influences risk management, assurance and reporting frameworks IT governance is the responsibility of the board of directors and should be

taken into account when compiling a information system security policyo Align IT objectives with performance and sustainability objectives of the company.o Delegate responsibility to implementing IT governance framework to management.

CEO to appoint appropriate CIO and establish a IS steering committee.o Monitor and evaluate significant IT investment.o Comply with relevant IT lawso Appoint risk committeeo Appoint audit committeeo Manage information assets

68

Information Security Framework (ISF) An independent non- profit organisation established in1989. Provides authoritative opinion and guidance on all aspects of information

security Overs valuable services to members including a library full of research

relating to information security and information risk management and related topics.

69

Control Concept

Control Classification

Type

General Control

Application Control

Function

Preventative Control

Detective Control

Corrective Control

Controls specific for

communication System Controls

70

Controls Classified by Type

• General Controls • overall controls affecting all transaction processing.

• Implemented to ensure effective operation of the organisations accounting information system.

• Applications Controls-• Specific to the functioning of individual applications

71

Control by Type-General Controls

• Organisational Controlo Segregation od duties

• Operational Controlo Procedure manuals fro each tasko Competent staff for processing of transactions

• Protection of IT environment controls- restriction access to computer of informationo Controls against human access- fences, locks, keys, badges, access reports

and biometric accesso Access to computer and information – user authorisation such login IDs,

Passwords and PIN personal identification keys o Firewalls o Encryption

72

Control by Type-General Controls

• Protection of IT environment controls- restriction access to computer of informationo Backup powero Smoke detectorso Raised floor- to prevent waters damage in floodingo Insuranceo Maintenance

• IT asset accountability Controlso To be performed by staff not directly involved in processing capturing of transactionso details of control accounts in the general ledger should be documented in subsidiary

accountso reconciliations and review by independent senior staff.

73

Control by Type-Application Controls

• Input Controls-

to detect and prevent errors when entering information to information system to ensure validity , timeliness and accuracy.

o Input Edit

oData transcription ( batch control logs and batch serial numbers)

oData observation and recording – record counts and control totals to balance input totals with source documents.

o Transmission of transaction data- read backs to sender of data for comparison and approval.

74

Control by Type- Application Controls

• Processing Controls

To ensure all data is processed accurately and in time . Ensure nodate is lost altered or added during processing.

oPhysical inspection and checks – includes reconciliation peer review by other co workers

o Logic checks

oRun- to run totals- ensure that batched data are complete

75

Control by Type- Application Controls

• Output Controls

Ensure the reliability and integrity of output information after input and processing stage.

oDiscrepancy reports should be generated and investigated

oReconciliation of output information to input data based of documented procedures

o Files should be verified and audited on a surprise bases.

76

Controls by Function-Preventative1st layer of Internal control Shield- prevent and discourage adverse events

• Preventative Controls• Backup of data and

documentation

• Antivirus software

• Antispyware

• Spam management software

• Training of staff

• Software change and implementation controls

• Adequate disposals of used/ redundant equipment

• Firewalls

• Encryption

• Biometric access control

• Raise flooring and temperature control in server room

• Physical access controls such as locks, fences, alarms and security guards

77

Controls by Function-Detective2st layer of Internal control Shield- search for uncover and identify adverse events after they have occurred

• Programmed edit tests

• Check digit

• Mathematical accuracy checks

• Alpha/numeric checks

• Limit checks

• Activity logs

• Intrusion detection system (IDS)

• Hash totals

• Other examples

• Run-to-run totals

• Audit trails

• Smoke detectors

78

Controls by Function-Corrective

• Preventative Controls 3rd and last layer of Internal control Shield-commence as soon as detective controls have identified an adverse event . Their function is to limit and repair the damage caused.• Backup data restoration

• Backup power

• Fire extinguishers

• Insurance

79

Disaster Planning

• Elements of disaster planning • Controls- anticipate or prevent possible disasters

• Disaster recovery / Contingency planning after the event

• Steps in implementing disaster recovery• Step1 - analysis of organisational need

• Step2- list of priorities for recovery compiled based on need

• Step3- formation of planning committee to design a recovery strategy.

80

Contingency Controls

• Training of staff

• Fire safety plan

• Water proofing of ceilings and floors

• Sufficient drainage

• Maintenance

• Standby procedures

• Recovery procedures

• Backup arrangements

• Hot site

• Cold site

• Incremental backup

81

System Controls

• Staff controls-

• Sign-on procedure

• Database controls

• Input controls

• Output control

• Processing controls

• Telecommunication controls

• Interactive processing

• Help facilities

• Look up tables

• Restart procedures

82

Topic 6Privacy and Ethics matters in a computerised environment

83

Ethics

Ethics & the Information

Privacy & the Individual

Ethics & the organisation

Privacy

Privacy & the Individual

Privacy & the organisation

84

Privacy and the Individuals

• Respecting an individuals privacy involves valuing the confidence of the personal information, by using it appropriately and protecting the information

• Each individual is responsibility to be proactive in protecting your personal information.• Be alert do not share personal information unless it is absolutely necessary.

• be informed about the latest scams so u don’t fall victim

• Care when conducting online transactions

• Be aware of POPI- Protection Of personal Information Act.

85

Privacy and the Organisation

• Privacy in the case of the Organisation refers to information considered confidential and the need for protection from public disclosure.

• one has to respect the value and ownership of information they receive and should only disclose it when they have authority to do so unless the is a legal or professional obligation to do so.

• All organisations have a right to privacy

86

How Organisations can protect their Privacy

1. Computer Monitoring – should be used as last resort as it has ethical concerns as the employer can keep an eye on everything that the employees does on the computers

2. Email and Voice mail

3. Video Monitoring – security

4. Firewalls

87

Ethical Issues

• Ethics – doing what is right based on a set of moral principles.

Ethics & the Individual

• Individuals should ask themselves “What is the right thing to do in any situation?”

• Ethics and Information

• Ethics and the development and applications of information technologies Principles Integrity , Objectivity , Confidentiality and Proffesionals

88

Principles to Ethical treatment of Information

• Integrity- information should be communicated with honesty and integrity- it should neither be falsified nor presented in misleading manner.

• Objectivity- as far as possible information should be collected analysed and communicated to the intended party fairly without prejudice or undue influence or self interest.

• Confidentiality- in accordance to privacy regulation information should not be disclosed unless there are professionally and legal reasons exist.

• Professionalism- Information must be handles ina professional manner.

89

Ethics and the Organisation• Code of Conduct – set an ethical tone in the organisation.

• Code of Conduct-includes the organisational values and its responsibilities towards all its stakeholders.• (IFAC 2007:5)- International Federation of Accountants – code of conduct for

Accountants-• “Principles, values, standards or rules of behaviour that guide procedures and system of an

organisation in a way that it contributes to the welfare of its key stakeholders and respects the rights of all its constituents affected by its operations.”

• Corporate governance – KingIV report

90

Topic 7System Development

Lifecycles-development and review & maintenance

91

System development

System Development:

Prototyping

RAD

End-user developed

Traditional SDLC

Outsourcing development

• System development is the creation od a new information system or the modification of an existing one using computer technology

• Re-Engineering: this is the process of re-thinking and re-designing the business process, structures and information system in order to achieve a breakthrough in solution to a problem or improved innovative performance.

92

System development- Factors that results in the need for system development

1. Changes in Technology

2. Changes in needs of user and other stakeholders

3. Changes in business environment

4. Changes in the nature of the operations / business

5. Changes to maintain or improve competitiveness

6. Changes to improve performance and production

7. Change in the decision making policy

8. Depending on the extend of the changes or problem this may be a maintenance or a complete overhaul to creating a new information system

93

System development- Factors that determine the success of system development.

1. Selection of developers involved in process

2. The use of project management tools

3. The planning of the project

4. The extent of changes in the information system

5. The involvement of users in the development process

6. The change management achieved by the new system

94

Preliminary System

Investigation • Define the Problem

System Analysis• Analysis of the needs of the end- user and

plan the solution

System Design • Describe the desires features and the

working in detail

System Implementation

System review & maintenance

The design face is put into action the system is build or bought and put to use

Evaluation of the system and what happens with the rest of the system’s life.

Overview of traditional SDLC

95

Traditional SDLC-creating an experimental scaled down system on which

users can test and select what the do not want.

• Advantages

• Less experienced staff can be used ( detailed guidelines and clearly defined stages)

• Easy to manage. Revision at end of each stage ensures effective control of project.

• Good documentation at all stages simplifies maintenance and to track system requirements.

• Reduced cost as staff can be transferred across projects .Consistent.

• Progress can be measured and controlled.

• Disadvantages

• Users are not involved in planning stage and cannot determine if their needs are being meet.

• A stage cannot start before a previous stage has been completed.

• Expensive and time consuming creation of document and keeping them current.

• Going back ½ steps is very expensive

96

Prototyping-creating an experimental scaled-down system (prototype)on

which users can test and select what the do and do not want.

• Advantages

• Allows for early testing and early detection of errors

• Users are involved in the evaluation leading to positive outlook on progress and results

• Users are able use the product without training as they already used prototype

• Faster development

• Better understanding of user requirements

• Users provide useful feed back during development

• More Flexible

• Disadvantages

• Difficult to contain the extend of prototype and scope screep

• Each iteration builds on a previous one and the final product may only be incrementally better than the initial system.

• System backup and recovery , security and performance can easily be disregarded.

• Documentation may be partial or absent.

97

RAD- Rapid Application Development- workshops and focus groups

gather end user requirements where different developers have canvased what user needs

• Advantages

1. Quick delivery

2. Changing requirements can be accommodated

3. Progress can be measured

4. Short cycle time due to powerful RAD tools

5. Productivity with fewer people

6. Use tools and frame works

• Disadvantages

1. Management Complexity increased

2. Increased resource requirements

3. Suitable for a systems that are component based and scalable

4. User involvement is required through out the life cycle

5. Suitable for projects requiring short development times.

98

End-User development-users develop their own applications system

using existing application software to solve their own information needs.

• Advantages

1. Encourage innovation and creative solutions

2. Faster design and development cycle

3. Users more involved in review and maintenance

4. Better productivity of users work

5. Reduced communication problems between users and is and they understand the system better

6. More acceptable to users and they take ownership of system

• Disadvantages

1. Loss of control over data

2. System is not tested for errors and bugs

3. Duplication of effort and waste of resources likely

4. Poor documentation

5. users are not trained as programmers

6. Loss of control of quality in both programs and data

99

Outsourcing-obtaining some or all activities of IS from an external service

provider to handle all or parts of data capturing and processing and an annual

• Advantages

• Organisation can concentrate of their core business

• Client gets access to latest technology

• Reduces cost

• Insulate organisations from uncertainty about the levels of service they can expect

• Annual bidding reduces cost

• Supplier provides better expertise

• Quick delivery of benefits and change

• Disadvantages

• Risk to Confidentiality

• Supplier may fail to deliver

• Long contract may limit organisation

• Loss of control over information system

• May be difficult to find service provider able to handle complex processes

100

• System Investigation

• Development team

• Feasibility analysis

• System Investigation Report

System Analysis

Steps in system analysis

Different techniques

Stages in SDLC- System Development Life Cycle

#Stages 1 #Stages 2

101

System Investigation – the needs of the organisation is investigated and

potential problems and opportunities are identified

• What problems would the system need to be solves?

• What opportunities would the system provide?

• What hardware, software, databases or procedures are needed?

• What are the potential cost?

• What are the related risks?

102

Development team

• Project manager

• Upper level mangers

• Middle management

• Information system staff

• End users

• Other stakeholders

• Responsibilities of development team • Gather and analyse date

• Identify shortcoming

• Write a report justifying system development

103

Feasibility Analysis

Type Description

Technical feasibility Hardware, software and other system component needs

Economic feasibility Financial viability of the project

Legal feasibility Legal regulations that may limit or prevent project

Operational feasibility Measure if project has the ability to be put into action

Schedule feasibility Determines whether the project can be completed within a reasonable time

104

System Investigation Report

• Report on system investigation

• Recommendations • Continue with development of the new system, or

• Modify the existing system in some way , or

• Not change the current system

105

System Analysis- determines what to do to solve the identified problem. It

starts by clarifying the overall goals of the organisation and determining how the existing or proposed information system helps meet these goals.

• Steps involved in system analysis• Set up a committee (team)- consist of the development team users

stakeholders is staff and management

• Collect data and understand requirements

• Investigate the collected data

• Prepare a report on existing system, new system requirements and project priorities.

106

System Analysis

• Different techniques to gather information

• Interviews

• Joint application development workshop(JAD)

• Questionnaire

• Observations

• Document review

107

System Design Process

Logical & Physical System Design

Interface Design

System Security and Controls

Generating System Design Alternatives

Evaluating and Selecting a System Design

System Design Report108

System Design- a solution to a problem is planned and documented. It uses

information from the investigation and analysis of current methods and identifies methods to achieve better results

• System design process – this where the information from the investigation and analysis is taken to plan and document solutions the design can be split into smaller sections . They can decide to improve the current information system or build one from scratch . Think of the logical and physical system design the security and control and write up a report.

• Logical system design: the theoretical design of the structure of a new system . Describes the practical requirements of a system and conceptualises what the system will do to solve the problems identified

• Physical system design: the broad user oriented requirements of the logical design are translated into detailed specifications used to code and test computer programs

109

System Design- a solution to a problem is planned and documented. It uses

information from the investigation and analysis of current methods and identifies methods to achieve better results

• Interface Design : will it be menu-driven or command line interface?

• System Security and controls

• Generating alternative system designs

• Evaluating and selecting a system design

• Financial Options

110

Financial Options

Advantages Disadvantages

Renting (short- term)

No initial capital outlay Most expensive form of financing

Payments are predictable High monthly costs

No long term commitment liability No ownership

Rent payments are tax deductible Link with vendor limits freedom and independence

Maintenance on account of vendor May have to rely on maintenance

Leasing( long term )

No initial capital outlay Poor flexibility of upgrade

More flexible than purchasing Longer commitment than renting

No long term liability May have to rely on maintenance

Less expensive than renting No ownership

Tax benefits usually passed on by lessor High cost of cancelling agreement

111

Financial Options

Advantages Disadvantages

Purchasing

Cheap form of financing Highest initial capital outlay

Depreciation is tax deductible Maintenance at own account

Total control over equipment Other expenses include insurance

Can sell equipment aat any time May prevent investment in other profitableprojects.

Asset reflects on statements

• System design Report • Logical system design report

• Physical design report

112

System Implementation- finalise and install the system to make

everything including users ready for it operation. Puts the planes changes or new system into action.

• System implementation process

1. Hardware acquisition

2. Software acquisition or development

3. Preparation of current users

4. Hiring and training of new staff

5. Site preparation

6. Data preparation

7. Installation

8. Testing

9. Start-up

10.User acceptance

113

System Implementation Process

• #1 acquiring hardware- financing options Rent leasing and Purchase

• #2 acquiring or developing Software – make or buy decision • Off the shelf software- may not match need exactly , Cost is lower as initial

cost is spread over many users, time is less as its acquired immediately , usually quality is high, other competitors can access the exact same product and have the same advantage

• In house development – matches needs exactly, expensive, time consuming quality dependend on development team, may create a competitive

• #3 preparing current users

114


• #4 Hiring and training new staff if needed

• #5 Site preparation

• #6 Data preparation

• #7 Installation of new hardware

• #8 Testing

115

System Implementation Process• #9 Start- up

• Process of making the final tested information system operational • Direct conversion the old system stops and the new system starts on a

given date.

• Phased in approach: components of the old system are phased out while components of the new system are phased in

• Pilot running : the new system is used by a small group of users first rather than all the users

• Parallel running : both old and new systems run fro a specific period.

Old system New system

Old system

New system

New system: Pilot 2

New system

New system: Pilot 1

New system: Pilot 3

Old system

Old system

116


• #10 User acceptance: user acceptance document formal agreement signed between user that states that the implementation of the system has been approved.

117

System Review and Maintenance

• System review is monitoring and evaluation of the system to determine the success of the system development process and to make sure it continues to satisfy the goals of the organisation.

• System maintenance a continuous system development stage that ensures that the system is checked and changed or modified to improve it and make it more useful in terms of meeting the goals of users and organisations.

• Approaches of system review and maintenance • Time Driven approach

• Periodic monitoring of the system at a specific time if problems are identified maintenance or new system development cycle may be initiated.

• Event Driven approach –• triggered by an event such as error , merger new market or new product

118

System Review Process

• Objectives

1. Is the system developed as intended (by review team consisting of development team).

2. Is the system fulfilling the needs of the user and organisation as envisaged.( by independent review team.)

• Factors to consider during the system review process

The mission of the organisation, the hardware, software and controls in place, cost of development and operation.

119

Aspects of System Review Process

• Post implementation review (1month – 1year )

• Resource management review • internal auditing team does this

• Review methods

1. Questionnaires

2. Focus groups

3. Survey

4. Performance measures

• System review report

120

System Maintenance Process

• The maintenance team may be different from the development team or it may be the development team

• responsibility of maintenance team

1. Ensure that changes are carried out quickly and effectively

2. Failed hardware is fixed

3. Existing software is fixed if needed

4. Existing software is updated regularly.

5. Existing software is modified when required.

121

Types of System Maintenance

• Slipstream upgrade- minor upgrade –typically software code adjustment or minor bug fix, which is not worth announcing to users.

• Patch- a minor change to correct a problem or small enhancement.

• Release – a significant program change that often requires changes to the documentation of the software.

• Version – a major program change , typically encompassing many new features.

122

System maintenance documentation

• Request for maintenance form

• the cost of maintenance forms a large part of the cost involved in the overall system development process.

123

Topic 8Business Functions

124

Business ApplicationsESS

&

specialised

Information systems

MIS/DSS

TPS/ERP

Strategic Level

Technical Level

Operational Level

125

TPS- collects the organisations daily buisness transactions processes it into useful

information , stores both data and processed information it also retrieves the data and information to provide records and documentation.

• Advantages of Transactional Processing System

• Excellent customer service

• Better supplier relations

• Better productivity of staff

• Competitive advantage

• Timely user response and reports.

• Accuracy is improved.

126

TPS- business functions

Purchasing

• Accounts payable

• Inventories

• Purchasing order processing

• Goods received

Accounting

• Asset management

• Payroll

• Budgeting

• General ledger

• Accounts receivable

Sales

– Accounts payable

– Inventories(finished goods)

– order processing

– Distribution planning and

distribution of goods

– Sales configuration

127

ERP- an integrates data gathering and data processing of organisational departments into one single integrated system.

Advantages• Implemented across the whole organisation

• Eliminates expensive and inflexible systems

• Due to restricted profiles authorised users have access to authorised modules and information/data

• Workflows are more efficient

• Familiar interface and menus across modules

• Tracking and forecasting improved

• Data is captures only once across all modules integrated.

• Upgrading is simpler for only one system

Disadvantages

• Expensive and time consuming to implement

• Risk of using only 1 vendor

• Risk that system may not live up to expectation

• Changes are difficult to implement

• If implementation fails all integrated departments are at risk.

128

MIS -Management Information System

• integrated system provides management with wide variety of decision oriented information in order to achieve organisational objectives

• Converts data from mainly internal sources into information to generate regular reports and online presentation of present and past performance of organisation.

129

MIS- 7 Characteristics1. Provide a fix and standard reporting format.

2. Provide a hard and soft copy

3. Provide potential for users to customise reports

4. Provide exception reports on variances from budget and allows for manages to feedback any changes necessary as result of variances.

5. Supports operational and management levels.

6. Uses mainly internal data from computer to make reports.

7. Main focus is internal and used by managers.

130

DSS-decision support system• helps management at strategic and technical level in making decisions by

providing tools and models to solve structured, semi structured and unstructured problems.

• Data driven

• Documentation driven

• Communication driven- targets internal teams

• Knowledge driven

• Model driven

131

DSS 9 Characteristics

1. Specially developed to help decision making that varies from highly structured problem to unstructured problems

2. Mainly focused on supporting decision making rather that automating it.

3. Uses advanced software and modelling techniques and performing complex analysis e.g. Microsoft Excel (what if analysis and goal seeking analysis)

4. Flexible allowing user to customise their reports

5. Reacts fast to changing needs of users.

6. Assists managers thought different stages of problem solving.

7. Users can drill down into information ,handle large amounts of data from different sources.

8. Decision process is streamlined i.e. at operational, tactical and strategic levels of organisation and on once off decisions and repetitive decisions.

9. Information is generated in timely manner, quick access to information.

132

DSS vs. MIS

• Solve unstructured problems

• Users are more involved in system development

• Specialised reports

• Focus on supporting creative and innovative decision making

• Reports are generated dependent on changing needs and factors of problem

• Reports are a result of interactive interface with user.

• reports generated with aid of software and complex modelling tools

• Solves structured problems

• Users may not be involved in system development

• Reports may be generic

• Reports are a function of collection of information from different functions in order to report as a unit.

• Reports are more a function of regular(periodic) repetitive processes.

• Settings on systems are pre-set

• Reports are generated from averages and basic calculations

133

Problem solving and Decision making system

Knowledge Management System (KMS) concepts

Applications

Customer relationship Management System

(CRM) concepts

Expert System (ES) concepts

Group Support System (GSS) concepts

Executive Support System (ESS) concepts

134

KMS- Supports the creation, capturing, storing and distribution of expert and

knowledge using software, people, procedures, databases and devises.

• Characteristics of Knowledge Management Systems(KMS)1. Capable of solving appropriate problems relatively accurately.

2. Larger sets of pre-processed information needs to be submitted to the system.

3. Has a relatively high processing speed but this may decrease and the problems complexity increases.

4. Users need to be adequately trained as users need a high level of system knowledge.

135

ES: a system where expert knowledge is obtained and made available for users with less to benefit from this knowledge.

Characteristics1. Expert knowledge is made available

2. The Explanation facility explains how conclusions are arrived at.

3. Able to deal with uncertainty

4. Intelligent behaviour provides solutions to problems

5. Information sourced from different places used to draw conclusions from difficult relationships.

Applications1. Legal advice based on rules and

procedures

2. Hospitals & medical facilities use ES to assist with the variety of medical conditions

3. Organisations to plan budget & coordinate proto-testing programmes

4. Organisations can make predictions on market and customer behaviour.

5. Project management

6. Determine weakness and recommendations on improvements

136

CRM- a form of KMS, software that concentrates on providing information on an organisations customers and its products.

• Customer Relations Management (CRM) Applications 1. Collection of data on customer

2. Retain loyal customers

3. Contact customers

4. Advertise new products to customers

5. Sell to products and services to customers

6. Use customer order history

7. Handle customer enquiries and complaints

8. Respond quickly and appropriately to customer needs.

9. Obtain market feedback

137

GSS: allows supports users to work together on tasks, share and adjust same

documentation, plan appointments on each others calendars, share files and databases, have electronic meetings and develop ready made applications.

Characteristics1. Parallel participation

2. Special design

3. Flexible

4. User friendly

5. Anonymity

6. Availability of data

Applications1. Capture store and distribute memos

2. Microsoft -exchange allows access to linked servers indifferent locations

3. Video conferencing is possible

4. Microsoft Outlook provide for sharing of documents, e-mail massaging and scheduling of appointments.

5. Microsoft-net meeting software supports multiparty calls.

138

ESS-specialised decision oriented system put together to assist executives in order to make decisions. Executive support system

Characteristics1. Executives can drill down to information

to determine how reports were produces and for more information

2. ESS can be adjusted and designed to suit specific individual Executives

3. User-friendly so no particular training is required.

4. Makes tracking and accessing of information quick, filter data and deliver summary of company information.

Applications1. Analysis of possibilities of mergers

2. Assist in planning of acquisition of equipment

3. advantage of data mining from various sources which give a n overall view of situations for effective strategic planning.

4. Supports strategic organisation employment and control.

5. Informed top level decisions.

6. Large amounts of data may make the system slow and hard to manage.

139

Topic 9E-business, E-commerce, m-commerce

E-marketing & related threats and how these are mitigated

140

Definitions

• All business processes enabled by technology including research, development, marketing, financing, & HR

e-business

• Use of technology mediated exchange to sell, buy, deliver service and pay for products and services over computer networks

e-commerce

• Use of technology to generate leads create brand awareness & offer incentive of online purchases

e-market

• Use of mobile devices to sell, deliver, service and pay for products and services

m-commerce

141

Importance of e-business

Importance

1. A good knowledge is essential to knowing which departments need to be integrated, how they are integrated and why

2. Knowledge of what evidence needs to be kept , how to conduct audit and audit trails

3. What policies and regulations need to be selected and adhered to both internally domestic and international

4. To know what risks are the in e-commerce and how to mitigate against these

Categories of e-commerce

• B2B-wholesaler to retailer

• B2C vanschaick

• C2B

• C2C gumtree

• E-Government

142

E-Marketing technology to generate leads create brand awareness & offer incentive of online purchases

Advantages

1. Opens up global markets

2. It is more affordable

3. Real-time statistics

4. Can be personalised to the target market/customers

Disadvantages

1. E-marketing overloading

2. Online marketing material can be copied by competitors

3. Deliverability is not guaranteed

143

E-Commerce technology mediated exchange to sell, buy, deliver service and pay for products and services over computer networks

Advantages

1. Direct customer relations

2. Reduced costs

3. Always open for business

4. Accurate information as customers get to specify their needs

5. Increased competitive edge

6. Access to global market

7. Flow of information between organisation and customers

8. More choices available leads retailers not having to keep stock

Disadvantages

1. Limited to those with technology

2. Products once received may not live up to expectations

3. Technology costs and retaining of staff qualified to run the systems

4. Lag time in delivery may lead to buyers remorse and customers cancelling orders as opposed on site(in shop)purchases.

144

M-commerce mobile devices to sell, deliver, service and pay for products and services

Advantages

1. Personalised commerce

2. Location-GPS introduces a way for fro targeting customers geographically.

3. Real-time information

Disadvantages

1. Limited screen

• Restricted input

• Limited speed on some networks

145

Threats specific to e-commerce-Information

• Information threats related to threats to availability of data and the possible corruption of data and information on e-commerce.• Examples

• Data alteration

• Website vandalism

• Incorrect website information may lead to monetary loss.

• Copyright, patent or trade secret infringement.

146

Threats specific to e-commerce-Technology• Threads to the technology including hardware, software

telecommunication and telecommunication• Examples

• DoS-denial of service attack

• Pharming- redirecting of traffic from authentic sites to fraudulent sites

• An inadequately designed websites make it difficult for users to find information and may lead to them being frustrated and then going to competitors

• inappropriate hardware& or bandwidth which cannot handle the traffic would be slow which also lead to frustration.

• Flawed integration between organisations departments and systems may result in incorrect or I appropriate information being accessed and incorrect products being manufactured/ delivered.

• Most websites contain hyperlinks which lead customers to other organisations websites.

147

Threats specific to e-commerce-Business• This relates to the internet relationship between the organisation and

its customers • Examples

• Contracts concluded on e-commerce need to be enforceable and legal

• Global e-commerce internationally companies may be exposed to infringing or being in contravention of certain laws and regulations.

• 3rd parties and intermediaries between an organisation and its customers these are seen an extension or the organisation, any bad or improper conduct by these parties exposes the organisation.

• The organisations reputation may be destroyed by media or postings.

• Where organisations have chats/blogs and massaging boards they may be exposed by improper use of these sites by 3rd parties.

148

Mitigation of e-commerce threats• Install Firewalls Anti-virus, anti-spyware, and other anti-malicious software and

ensure that these are updated with the latest patches.

• Install reputational management

• E-commerce Disclaimers should be prominently displayed

• Establish an e-commerce business continuity plan fro all critical e-commerce components.

• Install strong authentication processes.

• Encryption (Public-key from sender and Private key for receiver)

• Ensure that transactions particularily if sensitive information is transmited, are done over secure sites these will have

• Digital certification(CA-certification authority) and

• SSL secure socket layer

149