Chapter 12 : Exploring Information System Development

• System development is a set of activities used to build an information system.
1. A system is a set of components that interact to achieve a common goal.
2. An information system (IS) is a collection of hardware, software, data, people, and procedures that work together to produce quality information.
3. System development activities are grouped into phases, collectively called the system development life cycle (SDLC).

Ongoing Activities :

1. Project management
2. Feasibility assessment
3. Documentation
4. Data/information gathering

Planning :

1. Review project requests
2. Prioritize project requests
3. Allocate resources
4. Form project development team

Analysis :

1. Conduct preliminary investigation
2. Perform detailed analysis activities:
3. Study current system
4. Determine user requirements
5. Recommend solution

Design :

1. Acquire hardware and software,if necessary
2. Develop details of system

Implementation :

1. Develop programs,if necessary
2. Install and test new necessry
3. Train users
4. Convert to new system

Operation,Support,and Security :

1. Perform maintenance activities
2. Monitor system performance
3. Assess system security 

• System development should follow three general guidelines:
1. Group activities or tasks into phases
2. Involve users
3. Define standards
• System development should representatives from each department in which the proposed system will be used.
• Project management is the process of planning, scheduling, and then controlling the activities during system development.
• To plan and schedule a project efficiently, the project leader identifies:
1. Projectscope
2. Required activities
3. Time estimates for each activity
4. Cost estimates for each activity
5. Order of activities
6. Activities that can take place at the same time
• Feasibility is a measure of how suitable the development of a system will be to the organization.
1. Operational feasibility
2. Schedule feasibility
3. Technical feasibility
4. Economic feasibility
• Documentation is the collection and summarization of data and information.
• A project notebook contains all documentation for a single project.
• Users and IT professionals refer to existing documentation when working with and modifying current systems.
• During system development,members of the project team gather data and information using several techniques.
1. Review documentation
2. Observe
3. Survey
4. Interview
5. JAD Sessions
6. Research

Who Initiates a System Development Project

1. A user may request a new or modified system
2. Organizations may want to improve hardware, software, or other technology
3. Situations beyond an organization's control might  require a change
4. Management might mandate a change
5. A user may request a new or modified information system using a request for system services or a project request.

Planning Phase :

• The planning phase for a project begins when the steering committee receives a project request.
• Four major activities are performed:
1. Review and approve the project requests
2. Prioritize the project requests
3. Allocate resources
4. Form a project development team 

Analysis Phase

• The analysis phase consists of two major activities:
• Conduct a preliminary investigation
1. Determines and defines the exact nature of the problem or improvement.
2. Interview the user who submitted the request
• Perform detailed analysis
1. Study how the current  system works
2. Determine the users' wants, needs, and requirement
3. Recommend a solution
• Process modeling( structured analysis and design) is an analysis and design techniquethat describes processes that transform inputs into outputs
1. Entity-relationship diagrams
2. Data flow diagrams
3. Project dictionary
• An entity-relationship diagram (ERD) is a tool that graphically shows the connections among entities in a system.
• Entities are objects in the system that have data.
• A data flow diagram (DFD) is a tool that graphically shows the flow of data in a system.
1. Data flow
2. Processes
3. Data stores
4. Sources
•  The project dictionary contains all the documentation and deliverables of a project.
• Structured English is a style of writing that describes the steps in a process.
• A decision table is a table that lists a variety of conditions and the actions that correspond to each condition.
• A decision tree also shows conditions and actions, but it shows them graphically.
• The  data dictionary stores the data item's name, description, and other details about each data item.
• Object modeling combines the data with the processes that act on that data into a single unit, called an object.
• UML (Unified Modeling Language) has been adopted as a standard ntation for object modelig and development
• UML includes 13 different diagrams
• Two diagrams include :
• Use case diagram
1. A use case diagram graphically shows how actors (users) interact with the information system.
2. Diagrams are considered easy to understand.
• Class diagram
1. A class diagram graphically shows classes and subclasses in a system.
2. Each class can have one or more subclasses.
3. Subclasses use inheritance methods and attributes of higher levels.
• The system proposal assesses the feasibility of each alternative solution.
• The steering committee discusses the system proposal and decides which alternative to purpyse
1. Packaged software
2. Custom software
3. Outsourcing

Design Phase

• The design phase consists of two major activities
1. Acquire hardware and software
2. Develop all of the details of the new or modified information system
• To acquire the necessary hardware and software:
• Identify technical specifications
• Use research techniques such as e-zines
• Solicit vendor proposals
• RFQ,RFP. or RFI is sent to potential vendors VARs
• Test and evaluate vendor proposals
• Various techniques are used to determine the best proposal
• Make a decision
• System analyst makes recommendation to steering committee
• The next step is to develop detailed design specifications
• Sometimes called a physical design
1. Database design
2. Input and output design
3. Program design
• Systems analyst typically develop two types of designs fr each input and output.
• A prototype (proof of concept) is a working model of the proposed system 
1. Prototypes have inadequate or missing documentation
2. Users tend to embrace the prototype as a final system
3. Should not eliminate or replace activities
• Computer-aided software engineering (CASE) tools are designed to support one or more activities of system development.
• CASE  tools sometimes contain the following tools:
1. Project repository
2. Graphically
3. Prototyping
4. Quality assurance
5. Code generator
6. Housekeeping
• Many people should review the detailed design specifications.
• An inspection is a formal review of any system development deliverable
• A team examines the deliverables to identify errors

Implementation Phase

• The purpose of the implementation phase is to construct the new or modified system and then deliver it
• Develop programs
• Install and test the new system 
• Train users
• Convert to the new system
• The program development life cycle follows these steps:
1. Analyze the requirements
2. Design the solution
3. Validate the design
4. Implement the design
5. Test the solution
6. Document the solution
• Various tests should be performed on the new system

              1.Unit test

• Verifies that each individual program or object works by itself

              2.System test

• Verifies that all programs in an application work together properly

              3.Integration test

• Verifies that an application work with other applications

              4.Acceptance test

•  Checks the new system to ensure that it works with actual data
• Training involves showing users exactly hoe they will use the new hardware and software in the system.
1. One on one sessions
2. Classroom style lectures
3. Web based training
•  One or more f four conversion strategies can be used to change from the old system to the new system.

Operation, Support, and Security Phase

• The purpose of the operation, support, and security phase is to provide ongoing assistance for an information system and its users after the system is implemented.
1. Perform maintenance activities
2. Monitor system performance
3. Assess system security
•  A computer security plan should do the following:
1. Identify all information assets of an organization
2. Identify all security risks that may cause an information asset loss
3. For each risk, identify the safeguard that exist to detect, prevent, and recover from a loss

Chapter 11 : Manage Computing Securely, Safely And Ethically

Computer Security Risks

• A computer security risk is any event or action that could cause a loss of or damage to computer hardware,software,data,information,or processing capability.
• A cybercrime is an online or Internet-based illegal act
1. Hackers
2. Crackers
3. Script Kiddlies
4. Corporate Spies
5. Unethical Employees
6. Cyberextorrtionists
7. Cyberterrorists

Internet and Network Attacks

1. Information transmitted over networks has a higher degree of security risk than information kept on an organization's premises.
2. An online security service is a Web site that evaluates your computer to check for Internet and e-mail vulnerabilities.
3. Computer Virus

• Affects a computer negatively by altering the way the computer works

       4. Worm

• Copies itself repeatedly,using up resources and possibly shutting down the computer or network.

       5. Trojan Horse

• A malicious program that hides within or looks like a legitimate program

       6. Rootkit

• Program that hides in a computer and allows someone from a remote location to take full control.

       7. An infected computer has one or more of the following symptoms:

• Operating system runs much slower than usual
• Available memory is less than expected 
• File become corrupted
• Screen displays unusual message or image
• Music or unusual sound plays randomly
• Existing programs and files disappear
• Programs or files do not work properly
• Unknown programs or files mystereriously appear
• System properties change
• Operating system does not start up
• Operating system shuts down unexpectedly

       8. Users can take several precautions to protect their home and work computers and mobile devices from               these malicious infections.
     
       9. A botnet is a group of compromised computers connected to a network.

• A compromised computer is known as a zombie.

      10. A denial of service attack (DoS attack) disrupts computer access to Internet services.

• Distributed DoS (DDoS)

      11. A back door is a program or set of instructions in a program that allow users to bypass security                        controls.
      
      12. Spoofing is a technique intruders use to make their network or Internet transmission appear legitimate.
     
      13. A firewall is hardware and/or software that protects a network's resources from intrusion.
      
      14. Intrusion detection software

• Analyzes all network traffic
• Assesses system vulnerabilities
• Identifies any unauthorized intrusions
• Notifies network administrators of suspicious behavior patterns or system breaches.

      15. Honeypot

• Vulnerable computer that is set up to entice an intruder to break into it.

 Unauthorized Access and Use

• Unauthorized access is the use of a computer or network without permission.
• Unauthorized use is the use of a computer or its data for unapproved or possibly illegal activities.
• Organizations take several measures to help prevent unauthorized access and use
1. Acceptable use policy
2. Disable file and printer sharing
3. Firewalls
4. Intrusion detection software
• Access controls define who can access a computer,when they can access it,and what actions they can take
1. Two-phase processes called identification and authentication
2. User name
3. Password
4. Passphrase
5. CAPTCHA
• A possessed object is any item that you must carry to gain access to a computer or computer facility.
• Often are used in combination with a personal identification number(PIN)
• A biometric devices authenticates a person's identify by  translating a personal characteristic into a digital code that is compared with a digital code in a computer.
• Digital forensics is the discovery,collection,and analysis of evidence found on computers an network.
• Many areas use digital forensics
1. Law enforcement
2. Criminal prosecutors
3. Military intelligence
4. Insurance agencies
5. Information security department

Hardware Theft and Vandalism :

• Hardware theft is the act of stealing computer equipment.
• Hardware vandalism is the act of defacing or destroying computer equipment.
• To help reduce the of chances of theft,companies and schools use a variety of security measures
• Physical access controls :
1. Alarm systems
2. Cables to lock equipment
3. Real time location system
4. Passwords,possessed objects,and biometrics

Software Theft

• Software theft occurs when someone:
1. Steals software media 
2. Intentionally erases programs
3. Illegally copies a program
4. Illegally registers and/or activates a program
• A single-user license agreement typically contains the following conditions:
• Permitted to：
1. Install the software on one computer
2. Make one copy of the software
3. Remove the software from your computer before giving it away or selling it
• Not permitted to:
1. Install the software on a network
2. Give copies to friends or colleagues while continuing to use the software
3. Export the software
4. Rent or lease the software
• Copying,loaning,borrowing,renting,or distributing software can be a violation of copyright law.
• Some software requires product activation to function fully.

Information Theft

• Information theft occurs when someone steals personal or confidential information.
• Encryption is a process of converting readable data into unreadable characters to prevent unauthorized access.

An example of Public Key Encryption :

1. Step 1: The sender creates a document to be e-mailed to the receiver.
2. Step 2: The sender uses the receiver's public key to encrypt a message.
3. Step 3: The receiver uses his of her private key to decrypt the message.
4. Step 4: The receiver can read or print the decrypted message.

• A digital signature is an encrypted code that a person,Web site,or organization attaches to an electronic message to verify the identity of the sender.
• Often used to ensure that an impostor is not participating in an Internet transaction.
• Web browsers and Web sites use encryption techniques.
• Popular security techniques include
1. Digital certificates
2. Transport Layer Security(TLS)
3. Secure HTTP
4. VPN

System Failure

• A system failure is the prolonged malfunction of a computer.
• A variety of factors can lead to system failure,including:
1. Aging hardware
2. Natural disasters
3. Electrical power problems
4. Noise,undervoltages,and overvoltages
5. Errors in computer programs
• Two ways to protect from system failures caused by electrical power variations include surge protectors and uninterruptable power supplies (UPS) .

Backing Up-The Ultimate Safeguard

1. A backup is a duplicate of a file,program,or disk that can be used if the original is lost,damaged, or destroyed.
• to back up a file means to make a copy of it
2. Offsite backups are stored in a location separated from the computer site.
3. Two categories of backups:

• Full backup
• Selective backup

      4. Three-generation backup policy

• Grandparent
• Parent
• Child

Wireless Security

1. Wireless access poses additional security risks

• About 80 percent of wireless networks have no security protection.

1. War driving allows individuals to detect wireless network while driving a vehicle through the area.
2. In additional to using firewalls,some safeguards improve security of wireless networks:

• A wireless access point should not broadcast an SSID.
• Change the default SSID
• Configure a WAP so that only certain devices can access it
  Use WPA or WPA2 security standards

Ethics and Society

• Computer ethics are the moral guidelines that govern the use of computers and information systems.
• Information accuracy is a concern
• Not all information on the Web is correct
• Intellectual property rights are the rights to which creators are entitled for their work.
• An IT code of conduct is a written guideline that helps determine whether a specific computer action is ethical or unethical. 
• Green computing involves reducing the electricity and environmental waste while using a computer.
• Information privacy refers to the right of individuals and companies to deny or restrict the collection and use of information about them.
• Huge databases store data online.
• It is important to safeguard your information
• When you fill out a form,the merchant that receives the form usually enters it into a database.
• Many companies today allow people to specify whether they want their personal information distributed.
• A cookie is a small text file that a Web server stores on your computer.
• Web sites use cookies for a variety of reasons:
1. Allow for personalization
2. Store user's passwords
3. Assist with online shopping
4. Track how often users visit a site
5. Target advertisements
• Spam is an unsolicited e-mail message or newsgroup posting.
• E-mail filtering blocks e-mail messages from designated sources.
• Anti-spam programs attempt remove spam before it reaches your inbox.
• Phishing is a scam in which a perpetrator sends an official looking e-mail message that attempts to obtain your personal and financial information.
• Pharming is a scam where a perpetrator attempts to obtain your personal and financial information via spoofing.
• Social engineering is defined as gaining unauthorized access or obtaining confidential information by taking advantage of trust and naivety.
• Employee monitoring involves the use of computers to observe,record,and review an employee's use of a computer.
• Content filtering is the process of restricting access to certain material on the Web.
• Many businesses use content filtering.
• Internet Content Rating Association (ICRA).
• Web filtering software restricts access to specified Web sites.

Chapter 10 : Managing A Database

• Database
• Collection of data organized in a manner that allows access,retrieval,and use of that data.
• Data
• Collection of unprocessed items
1. Text
2. Numbers
3. Images
4. Audio
5. Video
• Information
• Processed data
1. Documents
2. Audio
3. Images
4. Video
• Database software,often called a database management system (DBMS),allows users to:
1. Create a computerized database
2. Add,modify,and delete data
3. Sort and retrieve data
4. Create forms and reports from the data
• Data integrity identifies the quality of the data.
• Garbage in,garbage out (GIGO) points out the accuracy of a computer's output depends on the accuracy of the input.
• Valuable information should have the following characteristics:
1. Accurate
2. Verifiable
3. Timely
4. Organized
5. Accessible
6. Useful
7. Cost-effective

The Hierarchy of Data

• Character
• A character is only byte
• Numbers,letters,space,punctuation marks,or other symbols.
• Field
• A field is a combination of one or more related characters
1. Field name
2. Field size
3. Data type
• Common data types include:
1. Text
2. Numeric
3. AutoNumber
4. Currency
5. Date
6. Memo
7. Yes/No
8. Hyperlink
9. Object
10. Attachment
• Record
• A record is a group of related fields
• a primary key uniquely identifies each record.
• Data File
• A data file is a collection of related recrds.

Maintaining Data

• File maintenance refers to the procedure that keep data current
1. Adding records
2. Modifying records
3. Deleting records
• Users add new records to a file when they obtain new data.
• Users modify a record to correct inaccurate data or update old data.
• When a record no longer is needed,a user deletes it from a file.
• Validation compares data with a set of rules or values to find out if the data is correct
1. Alphabetic/Numeric check
2. Range check
3. Consistency check
4. Completeness check
5. Check digit
6. Other checks

File Processing Versus Databases

• File processing system
1. Each department has its own set of files
2. Used for many years
3. Have data redundancy
4. Isolate data
• Database approach
1. Programs and users share data
2. Reduce data redundancy 
3. Improve data integrity
4. Share data
5. Allows easier
6. Reduces development time
7. Can be more vulnerable

Database Management Systems

• A data dictionary contains data about each file in the database and each field in those files.
• A DBMS provides several tools that allow users and programs to retrieve and maintain data in the database
• Query language
• consists of simple,English-like statements that allow users to specify the data to display,print,or store.
• Query by example (QBE)
• provides a GUI to assist users with retrieving data.
• Form
•  a window on the screen that provides areas foe entering or modifying data in a database.
• Report generator
• allows users to design a report on the screen,retrieve data into the report design, and then display or print the report.

How to Use the Simple Query Wizard

1. Step 1: Select the fields from the Available Fields list you want to be displayed in the resulting query.
2. Step 2: Assign a name to the query,so that you can open it later.
3. Step 3: View the query results on the screen.

• A DBMS provides means to ensure that only authorized users access data at permitted times.
1. Access privileges
2. Principle of least privilege
• A DBMS provides a variety of techniques to restore the database to usable form in case it is damaged or destroyed
1. Backup
2. Log
3. Recovery utility
4. Continuous backup

Relational,Object-Oriented,and Multidimensional Databases

• A data model consists of rules and standard that define how the database organizes data.
• A relational database stores data in tables that consists of rows and columns.
1. Each row has a primary key.
2. Each columns has a unique name.
• A relationship is a link within the data.
•  Structured Query Language (SQL) is a query language that allows users to manage,update,and retrieve data.
• An object-oriented database (OODB) stores data in object.
• Examples of applications appropriate for an object-oriented database include:
1. Multimedia database
2. Groupware database
3. Computer-aided design database
4. Hypertext database
• A multidimensional database can store data in more than two dimensional of data.
1. sometimes known as a hypercube
2. Can consolidate data much faster than a relational database
• A data warehouse is a huge database that stores and manages the data required to analyze historical and current transactions.

Web Databases

• Databases on the Web allow you to:
1. Shop for products or services
2. Buy or sell stocks
3. Search for a job
4. Make airline reservations
5. Register for college classes
6. Check semester grades

Database Administration

• It is important to have a carefully designed database.
• Database analysts and administrators are responsible for managing and coordinating all database activities.
• Database Analyst (DA)
1. Decides on proper field placement,defines data relationship,and identifies user's access privileges.
• Database Administrator (DBA)
1. Creates and maintains the data dictionary,manages security,monitors performance,and checks backup and recovery procedures
• Employees should learn how to use the data in the database effectively
1. Interact with database
2. Identify new data for the database
3. Maintain the database