Register now to access 7 million high quality study materials (What's Course Hero?) Course Hero is the premier provider of high quality online educational resources. With millions of study documents, online tutors, digital flashcards and free courseware, Course Hero is helping students learn more efficiently and effectively. Whether you're interested in exploring new subjects or mastering key topics for your next exam, Course Hero has the tools you need to achieve your goals.
80 Pages
Information systems - Foundations of e-business - Volume 2
Course: COMPUTING 2910108, Spring 2011School: Goldsmiths
Rating:
Word Count: 28445
Document Preview
and BSc Diploma in Computing and Related Subjects Information systems: foundations of e-business Volume 2 R. Shipsey 2010 2910108 CIS 108_Volume 1_2010_COVER & IFC.indd 1 03/09/2010 11:23:08 The material in this subject guide was prepared for the University of London International Programmes by: Dr Rachel Shipsey Ph.D. Department of Computing, Goldsmiths College, University of London. This is one of a...
Unformatted Document Excerpt
Coursehero >> United Kingdom >> Goldsmiths >> COMPUTING 2910108Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.
Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.
and BSc Diploma in
Computing and Related Subjects
Information systems:
foundations of e-business
Volume 2
R. Shipsey
2010
2910108
CIS 108_Volume 1_2010_COVER & IFC.indd 1
03/09/2010 11:23:08
The material in this subject guide was prepared for the University of London
International Programmes by:
Dr Rachel Shipsey Ph.D.
Department of Computing, Goldsmiths College, University of London.
This is one of a series of subject guides published by the University.
This subject guide is for the use of University of London International
Programmes students registered for programmes in the field of Computing.
The programmes currently available in these subject areas are:
BSc (Honours) in Computing and Information Systems
BSc (Honours) in Creative Computing
Diploma in Computing and Information Systems
Diploma in Creative Computing
First published 2004
This edition published 2010
Publications Office
University of London International Programmes
Stewart House
32 Russell Square
London
WC1B 5DN
www.londoninternational.ac.uk
All rights reserved. No part of this work may be reproduced in any form, or
by any means, without permission in writing from the publisher. This material
is not licensed for resale.
Published by: University of London Press
University of London 2010
Printed by: Central Printing Service, University of London, England
CIS 108_Volume 1_2010_COVER & IFC.indd 2
03/09/2010 11:23:08
BSc and Diploma in
Computing and Related Subjects
Information systems:
foundations of e-business
Volume 2
R. Shipsey
2010
2910108
CIS 108_Volume 1_2010_COVER & IFC.indd 1
03/09/2010 11:23:08
The material in this subject guide was prepared for the University of London
International Programmes by:
Dr Rachel Shipsey Ph.D.
Department of Computing, Goldsmiths College, University of London.
This is one of a series of subject guides published by the University.
This subject guide is for the use of University of London International
Programmes students registered for programmes in the field of Computing.
The programmes currently available in these subject areas are:
BSc (Honours) in Computing and Information Systems
BSc (Honours) in Creative Computing
Diploma in Computing and Information Systems
Diploma in Creative Computing
First published 2004
This edition published 2010
Publications Office
University of London International Programmes
Stewart House
32 Russell Square
London
WC1B 5DN
www.londoninternational.ac.uk
All rights reserved. No part of this work may be reproduced in any form, or
by any means, without permission in writing from the publisher. This material
is not licensed for resale.
Published by: University of London Press
University of London 2010
Printed by: Central Printing Service, University of London, England
CIS 108_Volume 1_2010_COVER & IFC.indd 2
03/09/2010 11:23:08
Contents
6 IT Infrastructure
6.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . .
6.2 Learning outcomes . . . . . . . . . . . . . . . . . . . .
6.3 What is an infrastructure? . . . . . . . . . . . . . . . .
6.4 How IT infrastructure has evolved . . . . . . . . . . .
6.4.1 What is driving the change in IT infrastructure?
6.5 Components of an IT infrastructure . . . . . . . . . . .
6.6 Hardware and software development . . . . . . . . . .
6.6.1 New Hardware . . . . . . . . . . . . . . . . . .
6.6.2 New software . . . . . . . . . . . . . . . . . . .
6.7 Management issues . . . . . . . . . . . . . . . . . . . .
6.7.1 Who should manage what? . . . . . . . . . . .
6.7.2 What IT infrastructure should we invest in? . .
6.8 Summary . . . . . . . . . . . . . . . . . . . . . . . . .
6.9 A reminder of your learning outcomes . . . . . . . . .
6.10 Chapter questions . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
1
1
1
2
2
3
6
7
8
9
11
11
12
13
13
14
7 Managing information
7.1 Introduction . . . . . . . . . . . . . . . . . . .
7.2 Learning outcomes . . . . . . . . . . . . . . .
7.3 Organising data . . . . . . . . . . . . . . . . .
7.3.1 Storing data on a computer . . . . . .
7.3.2 Problems with traditional data storage
7.4 Databases . . . . . . . . . . . . . . . . . . . .
7.4.1 Database management systems . . . .
7.4.2 Relational databases . . . . . . . . . .
7.4.3 Tools that a DBMS should provide . .
7.5 Designing a database . . . . . . . . . . . . . .
7.5.1 Data modelling . . . . . . . . . . . . .
7.5.2 Distributed databases . . . . . . . . .
7.6 Improving business using databases . . . . . .
7.6.1 Data warehouses . . . . . . . . . . . .
7.6.2 Data mining . . . . . . . . . . . . . . .
7.6.3 Databases and the Internet . . . . . .
7.7 Data management policies . . . . . . . . . . .
7.7.1 Data quality . . . . . . . . . . . . . . .
7.8 Summary . . . . . . . . . . . . . . . . . . . .
7.9 A reminder of your learning outcomes . . . .
7.10 Chapter questions . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
15
15
15
16
16
17
19
19
20
22
23
23
26
26
26
27
28
29
29
30
30
30
8 Telecommunications
8.1 Introduction . . . . . . . . . . . . . . . .
8.2 Learning outcomes . . . . . . . . . . . .
8.3 Evolution of telecommunications . . . .
8.4 Computer networks . . . . . . . . . . . .
8.4.1 LANs and WANs . . . . . . . . .
8.4.2 Computer network technologies .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
33
33
33
34
35
36
38
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
i
CIS 108_Volume 2_2010_BOOK.pdf 1
08/09/2010 12:56:47
Information systems:
Foundations of e-business
Volume 2
8.5 Telecommunication media . . . . . . . . . . . . . . . .
8.5.1 Wired networks . . . . . . . . . . . . . . . . . .
8.5.2 Wireless networks . . . . . . . . . . . . . . . .
8.5.3 Wireless networking generations and standards
8.6 The Internet . . . . . . . . . . . . . . . . . . . . . . . .
8.6.1 Connecting to the Internet . . . . . . . . . . . .
8.6.2 Internet addresses . . . . . . . . . . . . . . . .
8.6.3 Internet services . . . . . . . . . . . . . . . . .
8.6.4 The world wide web . . . . . . . . . . . . . . .
8.7 Summary . . . . . . . . . . . . . . . . . . . . . . . . .
8.8 A reminder of your learning outcomes . . . . . . . . .
8.9 Chapter questions . . . . . . . . . . . . . . . . . . . . .
9 Information security
9.1 Introduction . . . . . . . . . . . . . . . . .
9.2 Learning outcomes . . . . . . . . . . . . .
9.3 The importance of information security . .
9.3.1 Threats to information systems . .
9.4 Consequences of poor security . . . . . . .
9.4.1 Unauthorised access to information
9.4.2 Disruption of communication . . .
9.4.3 Identity theft . . . . . . . . . . . .
9.4.4 Cybervandalism . . . . . . . . . . .
9.4.5 Denial of service attacks . . . . . .
9.4.6 Cyberterrorism . . . . . . . . . . .
9.5 Keeping information secure . . . . . . . .
9.5.1 Access control . . . . . . . . . . . .
9.5.2 Encryption . . . . . . . . . . . . .
9.6 Security policies . . . . . . . . . . . . . .
9.6.1 Company security policies . . . . .
9.6.2 Government security policies . . .
9.7 Summary . . . . . . . . . . . . . . . . . .
9.8 A reminder of your learning outcomes . .
9.9 Chapter questions . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
39
40
41
42
43
44
44
45
46
48
48
49
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
51
51
51
52
52
54
55
56
57
58
58
59
59
59
62
65
66
68
68
68
69
10 Developing information systems
71
10.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
10.2 Learning outcomes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
10.3 New systems and organisational change . . . . . . . . . . . . . . . . . 72
10.3.1 Business process re-engineering and business process management 73
10.3.2 Quality management . . . . . . . . . . . . . . . . . . . . . . . . 73
10.4 The systems development process . . . . . . . . . . . . . . . . . . . . . 74
10.4.1 System analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
10.4.2 System design . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
10.4.3 Programming . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
10.4.4 Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
10.4.5 Conversion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
10.4.6 Production and maintenance . . . . . . . . . . . . . . . . . . . 77
10.5 Traditional and alternative methods for modelling and designing systems 77
10.5.1 Prototyping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
10.5.2 Object oriented development . . . . . . . . . . . . . . . . . . . 79
10.5.3 Computer aided software engineering (CASE) . . . . . . . . . . 80
10.5.4 End user development . . . . . . . . . . . . . . . . . . . . . . . 80
10.5.5 Rapid application development . . . . . . . . . . . . . . . . . . 81
10.5.6 Advantages and disadvantages of different development techniques 81
ii
CIS 108_Volume 2_2010_BOOK.pdf 2
08/09/2010 12:56:47
10.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10.7 A reminder of your learning outcomes . . . . . . . . . . . . . . . . . .
10.8 Chapter questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
83
83
83
A Sample examination paper
A.1 Sample examination paper . . . . . . . . . . . . . . . . . . . . . . . . .
A.2 Sample examination paper solutions . . . . . . . . . . . . . . . . . .
85
85
89
B Solutions
B.1 Solutions to Chapter 6 Questions .
B.2 Solutions to Chapter 7 Questions .
B.3 Solutions to Chapter 8 Questions .
B.4 Solutions to Chapter 9 Questions .
B.5 Solutions to Chapter 10 Questions
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
99
99
100
101
101
103
iii
CIS 108_Volume 2_2010_BOOK.pdf 3
08/09/2010 12:56:47
Information systems:
Foundations of e-business
Volume 2
Introduction
The second volume of this subject guide is a continuation of the rst volume. You
will need to make sure that you have nished working through Volume 1 before you
start work on these chapters. You may also like to read the Introduction to Volume 1
again for general information, for example, relating to the examination. The
essential and additional reading lists are the same and are reproduced below.
In Volume 1, we studied the role that information systems play in organisations and
in particular e-commerce companies today. We discussed business processes and
how different types of information system can be used to aid different types of
business processes. We discussed organisations in terms of the environment in which
they operate and how information systems can be used to provide a competitive
advantage. We considered the moral and ethical issues raised by the increased use of
technology. We looked at the growth of e-commerce and considered the advantages
and disadvantages of e-commerce compared to traditional businesses.
In this volume of the guide, we will discuss in detail the individual components that
make up an IT infrastructure. We will look at the issue of information management
and databases. We will discuss the evolution of telecommunications from dial up
modems to wireless networks. We will consider the importance of information
security and the steps that can be taken to achieve this. Finally we will discuss
traditional and alternative methods for developing information systems. Outlines of
the ve chapters in this volume are given below.
As in Volume 1, each chapter includes learning activities and chapter questions
which can be used to test your understanding and give you the opportunity to nd
examples and illustrations to use when answering your coursework and examination
questions.
An examination paper (with example solutions) is included at the end of this guide
so that you can see the type and level of questions to expect in the examination.
Essential reading
The subject guide is based on following book:
Laudon, K. and J.Laudon Management Information Systems: Managing the Digital
Firm (Pearson, 2010) eleventh edition [ISBN-13: 978-0-13-609368-8](pbk)
Material in Laudon and Laudon is examinable. You should also be aware that rapid
developments in the world of technology mean that neither the subject guide nor the
recommended text can ever be completely up-to-date. You are therefore advised to
access further reading wherever possible to keep abreast of the current state of
technology available.
Following is a list of books that are recommended. By no means do you need to have
copies of all of these books but a selection of your choice would complement the
material covered in the subject. Some of these textbooks are very expensive and so I
have given Internet addresses for additional reading wherever possible. You should
also nd your own additional reading by using a search engine to nd appropriate
material when possible.
Additional reading
Oz, Effy, Management Information Systems (Course Technology, 2008) sixth edition
iv
CIS 108_Volume 2_2010_BOOK.pdf 4
08/09/2010 12:56:47
[ISBN-13 978-1323901785](hbk)
Turban, E. and L. Volonino Information Technology for Management Transforming
Organizations in the Digital Economy (Wiley, 2010) seventh edition [ISBN:
978-0-470-40032-6] (pbk). See also http://bcs.wiley.com/hebcs/Books?action=index&itemId=0470400323&bcsId=4953 for the student
companion site for this textbook which is free to access.
Schneier, Bruce, Secrets and Lies, Digital Security in a Networked World, ISBN-13:
978-0471453802 John Wiley & Sons (23 Jan 2004)
See Steven Alters website at www.stevenalter.com for some interesting articles and
links.
See Wikipedia for a great example of a wiki as well as lots of useful information.
Note however that material on Wikipedia is not guaranteed to be accurate and you
should double check references from here using another source.
http://en.wikipedia.org/wiki/
Guide to chapters
In Chapter 6 we describe the individual components (hardware, software and
services) that make up an IT infrastructure. We will see how, and why, these
components have evolved over the past 40 years, and look to the future to see
what might happen next.
In Chapter 7 we will look in more detail at how data can be stored and
managed effectively to produce meaningful information. We will consider some
of the problems that can occur with traditional data storage and discuss how
Database Management Systems can be used minimise these problems.
In Chapter 8 we will discuss the evolution of telecommunications technology
and the role that it plays in an e-commerce business. We will describe the
component parts and layout of different networks for use in business or personal
settings.
In Chapter 9 we discuss the security of computers, networks and the
information that is stored and transmitted by them. We will consider various
threats to information and computer security and the steps that companies and
individuals can take to make themselves less vulnerable to these threats.
In Chapter 10 we will look at the methods that companies can use to develop
new and existing information systems. We will compare the traditional
structured approach with alternative methods of development and discuss the
advantages and disadvantages of each method.
Volumes 1 and 2 of the subject guide each contain about half of the course material,
so you are now already half way through 2910108. Congratulations on getting this
far keep up the hard work and good luck with the examination.
v
CIS 108_Volume 2_2010_BOOK.pdf 5
08/09/2010 12:56:47
Information systems:
Foundations of e-business
Volume 2
vi
CIS 108_Volume 2_2010_BOOK.pdf 6
08/09/2010 12:56:47
Chapter 6
IT Infrastructure
6.1 Introduction
In this chapter, we describe the components of an IT infrastructure. We will see how
quickly and by how much technology has changed over the past few years. We will
consider what has driven this change, and the implications that it has for managers
who are trying to keep their organisations in line with ever changing technology
trends. We will describe some of the newest hardware and software applications and
discuss how they can be used to help organisations meet the growing demands of
their customers, employees, business partners and suppliers.
Essential reading
Laudon and Laudon, Management Information Systems Managing the Digital Firm, Chapter 5.
Additional reading
Turban and Volonino Technical Guides 1 (Hardware) and 2 (Software) from the student companion website for
Information Technology for Management. This can be found at http://bcs.wiley.com/hebcs/Books?action=resource&bcsId=4953&itemId=0470400323&resourceId=17218&chapterId=48688.
Moore, Gordon, Cramming more components onto integrated circuits. This paper can be found at
ftp://download.intel.com/research/silicon/moorespaper.pdf.
6.2 Learning outcomes
After studying this chapter and the recommended reading you should be able to:
describe the seven major components that make up an IT infrastructure
discuss the evolution of IT over the past 30 years since the rst commercial use
of mainstream computers to the present day
describe the factors, including Moores law and Meltcalfee law, that have driven
the rapid evolution of technology
outline the emerging hardware trends including mobile devices, grid computing,
cloud computing, autonomic computing, virtualisation and multi-core processors
outline the emerging software trends including Linux and other open-source
software, Java, Ajax, Web service and applications
1
CIS 108_Volume 2_2010_BOOK.pdf 7
08/09/2010 12:56:47
Information systems:
Foundations of e-business
Volume 2
understand the considerations that managers have to take into account when
deciding upon an IT infrastructure for their organisation
discuss the elements that make up the total cost of ownership of an IT
infrastructure.
6.3 What is an infrastructure?
An IT infrastructure can be viewed (incorrectly) as the hardware and software that
make up an organisations information system. The reality is more complex than
that. Over and above the hardware and software, there are a range of different
services needed to make an organisations IT systems come alive. So IT
infrastructure is really a combination of hardware, software and services.
The services that we are talking about include:
purchasing (procurement), setting up (installing) and supporting (when
problems occur) a networked IT system that meets the needs of the organisation
providing the relevant training and research facilities to ensure that the IT
system remains t for purpose and can be used effectively by employees
deciding on how the capacity of the systems (including data management
systems) can be used to an organisations advantage.
Learning activity
Think about a large multi-national organisation and a small local organisation. How do the IT services
provided/required by the IT infrastructure of the large organisation differ from the IT infrastructures of the
smaller organisation?
6.4 How IT infrastructure has evolved
The principal developments in IT infrastructure can be summarised as follows:
Mainframe computers (1959 to present day) the emergence of mainframe
computers marked the beginning of the widespread commercial use of
computers. IBM have always dominated this market. Mainframe computers
were under the control of professional programmers and systems operators and
were highly centralised. As they developed, mainframe computers become
powerful enough to support hundreds of online remote terminals connected to
the centralised mainframe. With the advent of the personal computer, many
people thought in the 1980s that mainframes would cease to exist. However,
their ability to store and process huge amounts of data means that mainframes
are still an important component of many IT infrastructures.
Personal computers (1981 to present day) people have gradually started to
have computers in their homes, to the extent that it is now quite unusual for
someone in the developed world not to have access to a computer. The rise of
the personal home computer has driven the need for employers to keep up and
provide personal computers in the work place too. Microsoft Windows has
2
CIS 108_Volume 2_2010_BOOK.pdf 8
08/09/2010 12:56:47
How IT infrastructure has evolved
dominated the personal computer but open source software such as Linux,
which is not only free but also good, is starting to challenge this domination.
Client/server networks (1983 to present day) as personal computers and
laptops become cheaper, organisations started to replace their mainframe
terminals with PCs linked together in a network. At the heart of the network of
PCs (clients) is a server (which might be a mainframe or a powerful PC) which
stores some of the data, applications software and other instructions that the
network users need in order to communicate and process transactions on the
network. There are different types of servers. A web server provides web pages
to users, an application server assigns specic tasks to other servers to enable a
faster more efcient response to client requests than a single mainframe trying
to do everything. Large organisations use a multi-tiered client/server
architecture that has several different levels of servers.
Enterprise Internet computing (1992 to present day) the rise of the
Internet has meant that the last 18 years have seen an explosive growth in the
functionality and popularity of computers. The Internet has developed into a
trusted communications tool and organisations use the Transmissions Control
Protocol/Internet Protocol (TCP/IP) networking standard to link their networks
together. Different types of hardware, software and services can be integrated to
provide an enterprise-wide network.
Cloud computing (2000 to present day) the concept of cloud computing
almost takes us back to the idea of the mainframe. Massive computing centres
are owned by companies such as Google, IBM and Microsoft. The Google cloud
for example contains thousands if not millions of cheap servers which store huge
amounts of data. This means that we can search for and nd the answer to a
question in seconds. When an individual server dies it can be replaced with the
latest model meaning that the whole system is continually being upgraded and
never ages.1
Learning activity
Write a paragraph discussing the similarities and the differences between the mainframe era and the cloud
computing era.
6.4.1 What is driving the change in IT infrastructure?
As you can see from the previous pages, IT infrastructure has evolved a great deal in
the last 20 years. Here are some of the reasons why this has happened:
Moores Law
Moores Law2 says that
1 See an article entitled Google and the Wisdom of Clouds by Stephen Baker at
http : //www.businessweek.com/magazine/content/0752/b4064048925836.htm for more information
on Google and the concept of cloud computing.
2 Moores Law is named after Dr Gordon E. Moore due to his paper entitled Cramming more components onto integrated circuits which was published in 1965. Download the original paper from
ftp://download.intel.com/research/silicon/moorespaper.pdf.
3
CIS 108_Volume 2_2010_BOOK.pdf 9
08/09/2010 12:56:47
Information systems:
Foundations of e-business
Volume 2
The number of transistors that can be placed inexpensively on an integrated circuit
has doubled approximately every two years.
There are variations on Moores Law (not actually stated by Moore himself) which
say that:
The power of microprocessors doubles every 18 months.
Computing power doubles every 18 months.
The price of computing halves every 18 months.
0
Number of transistors
1 billion
2 billion
Whichever variation of Moores law you look at, this is exponential growth (or in the
case of price decline) and means that if 2,000 transistors were possible in 1971 over
a billion are possible now. Figure 6.1 illustrates the exponential growth of
computing power over the years.
1970
Years
1980
1990
2000
2010
Figure 6.1: Moores law describes the growth in computing power over the years
Nanotechnology is promising to continue this trend into the future.
Learning activity
Do some research on the Internet to learn about Nanotechnology and write a short essay explaining what
this technology is and the changes to computing that it will bring about.
Digital storage
As it becomes possible to store more and more material (photos, video, music etc as
well as text les) digitally, so the demand to store more increases. However much
data storage is possible, users will always ll it and demand more.
4
CIS 108_Volume 2_2010_BOOK.pdf 10
08/09/2010 12:56:47
How IT infrastructure has evolved
Metcalfes Law
Metcalfes law says that
The value of a telecommunications network is proportional to the square of the
number of connected users of the system.
What this means is that if you have two telephones you have one connection, but if
you have ten telephones then you have 45 connections. This is illustrated in
gure 6.2
1
2
3
2
4
1
5
10
9
6
7
8
Figure 6.2: Two users = one connections; ten users = 45 connections
The same is true in terms of computer networks and the result is that if you add one
more computer to an existing network that is fairly inexpensive, but the resulting
benets (in terms of the number of new connections) is great.
Learning activity
Suppose an existing computer network has ten users and therefore 45 connections as in the diagram
above. An eleventh user is added and connected to all of the other ten users, how many connections
are there now?
Suppose two networks each consisting of ten users are merged so that the 20 users can all
communicate directly with each other. How many connections are there now?
5
CIS 108_Volume 2_2010_BOOK.pdf 11
08/09/2010 12:56:47
Information systems:
Foundations of e-business
Volume 2
Declining costs
It is getting cheaper every day for people to connect to the Internet because of
declining communication costs. As more and more users connect to the Internet,
organisations must nd ways to meet their expectations and demands. The Internet
is one of the biggest drivers in the exploding use of computers both in the workplace
and the home.
Improved standards
The Internet has been able to grow because technology has been developed which
allows products to work with each other. Users rely on the interoperability of
products.
6.5 Components of an IT infrastructure
There are seven major components of an IT infrastructure. The aim is to make these
components all work seamlessly together to make an enterprise system that works
anytime, anywhere.
1. Computer hardware
The physical components (a personal computer, server, laptop etc) perhaps
made by IBM, HP, Dell or Sun Microsystems, and containing a microprocessor,
the heart of any computing device, probably made by Intel, AMD or IBM.
2. Operating system
Computers need to know what, when and how to do things and it is the
operating system that tells them. Operations such as logging-on, le
management and network connectivity are controlled by the operating system.
Microsoft Windows, in one or other of its versions, is by far the most prolic
operating system. However Unix and Linux, which are often associated with
large networks because they require less application overheads and have faster
processing, are also available for PCs. Linux open-source software is becoming
the operating system of choice for organisations looking to reduce their costs
because it is free and reliable.3
3. Enterprise software
The aim of enterprise software applications is to integrate applications into
seamless processes across the organisation. Customer relationship management
and supply chain management systems (see volume 1, chapter 2) are the two
most popular applications in this category. Thanks to the proliferation of
networks, these applications are becoming popular and affordable for even
small- and medium-sized organisations.
4. Data management and storage
More and more data, on customers, employees and the business itself, is being
gathered by organisations. Storing and managing this data so that it is easily
accessible and provides meaningful information is extremely important. Storage
area networks (SANs) provide an economical way to consolidate data from
3 I am a big fan of Linux and would encourage you to look at the Linux website http
//www.linux.org/ and consider trying Linux for yourself.
:
6
CIS 108_Volume 2_2010_BOOK.pdf 12
08/09/2010 12:56:47
Hardware and software development
across all of the systems within an organisation. Online users want instant
access to data and SANs help organisations to provide it deliver this.
5. Networking/Telecommunications
As we progress towards the convergence of all things digital, networking and
telecommunications are merging into one. Instead of having one platform for
networking computing devices, and another for telecommunications, there are
now companies who provide a combination of telephone services, mobile phone
connectivity, computers and peripheral devices, handheld PDAs and wireless
services as one digital package.
Learning activity
Who is the main provider of networking and telecommunications in your country? What digital
packages do they provide?
6. Internet tools
The Internet continues to expand the services that organisations are able to
provide to their employees, customers, suppliers and business partners.
Intranets and extranets which are built using existing Internet technologies give
organisations an easy and inexpensive method of providing services that were
prohibited by cost only a few years ago.
Rather than buying all of the hardware necessary to support websites, intranets
and extranets, many smaller companies choose to use web hosting services
instead. These provide the hardware, software, expertise and security necessary
for a company to have a web presence without becoming a major distraction (in
terms of time and money) from the core business.
7. Consultancy and system integration
The systems used in many medium- and large-sized organisations are too
complex for the organisation to manage them on their own. Integration services
provided by companies such as IBM and Hewlett-Packard are necessary to keep
everything working and up to date. It makes sense for a company which, for
example, specialises in making clothes, to concentrate on making clothes and
allow a company which specialises in computers to keep their computer systems
in good shape.
As organisations gradually update their old computer systems, which might be
20 years old, with newer technology, the old and the new must work together.
Organisations generally cannot afford to simply throw out all of their old
technology and replace it. It is cheaper (and involves less staff training) to use
middleware and other technologies which integrate the old and the new.
6.6 Hardware and software development
IT infrastructure components such as storage and telecommunications are getting
cheaper and cheaper and yet organisations are spending more and more on
information technology. Why is that? The answer is that users are demanding better,
faster, easier ways to use computers and communicate with others.
In this section we will have a brief look at some of the newer hardware and software
technologies that are helping organisations to meet the growing demands of their
customers, employees, suppliers and business partners.
7
CIS 108_Volume 2_2010_BOOK.pdf 13
08/09/2010 12:56:47
Information systems:
Foundations of e-business
Volume 2
6.6.1 New Hardware
Most of these hardware components are at a comparatively early stage in their
development. As hardware technologies improve, it is likely that these developments
will play a big part in the the information systems of the future.
The mobile digital platform
Computer users now expect to be able to use their devices anytime anywhere, 24/7,
365 days of the year. Technology manufacturers are meeting this demand with new
communication devices such as mobile phones, smartphones and netbooks. A
netbook is built specically for wireless communications and Internet access. Small
in size, relatively inexpensive compared with laptops, and with decent processors,
memory and hard drives, analysts expect the popularity of netbooks to continue to
rise.
Grid computing
Grid computing means connecting computers into a single network to create a
virtual supercomputer. The individual computers dont have to be anywhere near
each other and can be used for other things when they are not part of the grid.4
Combing all the idle time of millions of computers into a continuous, connected,
computing capacity gives you a supercomputer with immense speed and exibility,
at a fraction of the cost of buying a supercomputer.
Cloud computing
Most organisations do not provide their own utilities such as water or electricity.
Instead they buy them in from a centralised source the water company or the
electricity company. They rely on the provider to increase supply whenever they
increase demand.
Cloud computing, also known as on-demand computing or utility computing is
similar to other utilities. They provide computing facilities to companies from a
centralised source and meet increased demand when necessary (for example
Internet shops require greater capacity over the run up to Christmas than at other
periods in the year). This is cheaper for the organisation as they do not have to own
as much IT technology as they would have to in order to meet the demand at their
busiest periods. It also enables organisations to expand and develop the services
they provide without rst having to buy all of the necessary hardware and software.
There are some disadvantages to cloud computing. What happens for instance if the
utility providers servers go down?
4 For example, the RSA challenge involved factorising a large composite number. This is a very hard
problem requiring a supercomputer. One method used was to allow individuals to sign up and let their
computer be used, when they werent using it themselves such as throughout the night, as part of a grid.
8
CIS 108_Volume 2_2010_BOOK.pdf 14
08/09/2010 12:56:48
Hardware and software development
Autonomic computing
As organisations rely more and more heavily on IT to meet the demands of their
customers, they cannot afford to have any system downtime it is too expensive.
Autonomic computing is a step towards creating an IT infrastructure that is able to
diagnose and x problems with very little human intervention.
This type of computing is still very new, but if autonomic computers can congure
themselves, optimise and tune themselves, x themselves when broken, and protect
themselves from intruders and self-destruction, then they promise to help many
organisations who are struggling to maintain complex IT infrastructures.
Virtualisation
As computers get cheaper, organisations tend to buy more and more rather than
optimising the use of their existing hardware. This can mean for example, that an
organisation has ten servers running ten different applications. The ten servers are
running all of the time, but each is being used for a small part of the time. It is much
more cost and energy efcient to run the ten applications on one server, choosing
which application is needed at any one time. This is what virtualisation is about. It
means running multiple operating systems and application programs on one
machine and increasing the overall utilisation rate of that machine.
It is now possible to get multicore processors which have two or more processors
rather than a single chip on a single processing core. This reduces the overall
number of servers or processors required, thereby reducing the total costs of
ownership and running costs such as electricity.
6.6.2 New software
You might have all of the hardware that money can buy, but without the right
software its not much use. Here we will look at existing and emerging software that
is trying to get the most out of hardware.
Linux and open-source software
Linux is a Unix-like operating system originally written by a Finnish post graduate
student called Linus Torvalds. Torvalds wanted to build an operating system that
anyone could download from the Internet, no one would own, and thousands of
people could develop.5 Linux has grown rapidly as its small size and low cost make
it ideal for information appliances. It is also less prone to crash than most other
operating systems and this makes it very attractive to companies running
e-commerce Internet businesses.
Other open-source software includes the Mozilla Firefox web browser and free ofce
software OpenOfce. Open-source software generally tends to be more secure than
other leading software programs because of the number of people who are involved
5 The latest free version of Linux, Ubuntu 9.10, was released in October 2009. You can download it from
http://www.ubuntu.com/.
9
CIS 108_Volume 2_2010_BOOK.pdf 15
08/09/2010 12:56:48
Information systems:
Foundations of e-business
Volume 2
in developing the programs because the software is open source anyone who is
interested can get involved, spot bugs and make improvements.
Software for the web: Java and Ajax
Java meets the need for interactive programming over the Internet. This
programming language is operating system and processor independent, there is no
need to worry about compatibility between Windows, Macintosh or UNIX. Previously
it has been almost impossible to share data between various hardware and software
platforms. Many large mainframes could not pass data to small PCs without special
programs, and data used in individual PCs could not be passed to larger information
systems.
Java solves many of these problems by creating Java applets. These are miniature
programs which perform very small, specialised tasks one at a time. When a user
wants to perform a task, the coding for it is moved from the server where it is
permanently stored and executed on the client (user) computer. When the task is
complete, the code is removed from the client computer. This reduces storage needs
on the client computer. This means that applications can be run on small computing
devices that do not have the capacity to hold large software programs.
Many websites require some form of interaction. For example, you might pay a bill,
renew your drivers licence or complete your tax return online. A new technique that
enables and improves these interactive processes is a combination of Asynchronous
Javascript and XML languages called Ajax. Ajax works in the background of
interactive web pages, exchanging small pieces of data that make web based
processes run smoothly.
Web services
Web services use Internet technology to link application programs together. As they
are web-based, they can be used across traditional organisational boundaries
extending to customers, suppliers and business partners. The main advantage of web
services is their reuseability one web service can be used by many different
organisations. Examples of web services include:
MySpace and Facebook social networking sites.
Flickr for photo sharing.
Winkball for video messaging.
Google for Internet searching.
As the Internet is used for more and more applications, computer languages are
evolving to keep up. HTML (HyperText Markup Language) works well for displaying
text and graphics, but current computing applications demand more than this. The
following software standards and communication protocols provide easy access to
data and information via Web services.
XML (eXtensible Markup Language) is designed to control the data on a web
page, making it more manageable.
XHTML (eXtensible HyperText Markup Language) combines HTML with XML to
create a powerful tool for building web pages.
10
CIS 108_Volume 2_2010_BOOK.pdf 16
08/09/2010 12:56:48
Management issues
SOAP (Simple Object Access Protocol) allows applications to exchange data and
instructions.
WSDL (Web Service Description Language) describes a web service so that other
applications can use it.
UDDI (Universal Description, Discovery and Integration) lists web services in a
directory so that users can nd them.
Mashups and widgets
Mashups combine separate applications into one. For example, combining a
mapping service with a store locator results in a map with stores locations shown on
it.
Widgets are small software programs that you can add to a website or even to your
own desktop to provide additional functionality. A widget might be useful (for
example allowing you to run a slide show on your web page) or simply for fun (for
example allowing you to send your friends a virtual drink).
Software outsourcing
Earlier we described how organisations can go to utility companies to meet their
hardware needs (see section 6.6.1). The same is true for software. Other than
developing their own software, organisations can meet their software needs by:
buying software packages from a vendor;
buying software as a service;
outsourcing their customised software development needs.
6.7 Management issues
Keeping up with all the changes in technological speed and ability, and making wise
decisions is a difcult task for the managers of an organisation. There are many
questions that need to be answered.
6.7.1 Who should manage what?
As users (and employees) become more familiar and comfortable with technology,
they usually see it as a helpful tool which aids their work. Sometimes this can lead
to conict in the organisation as there is disagreement about who should manage
the IT infrastructure. Should there be a highly centralised control that provides a
secure and cohesive computing environment, but potentially hinders the ability of
users to get the job done? Alternatively, should there be a decentralised governance
of IT that allows employees to set up their workstations however they like? This is
more exible but could lead to a stack of problems with compatibility issues,
problems providing support for different operating systems and so on. There is no
right or wrong answer managers have to decide what the right approach is for
their organisation.
11
CIS 108_Volume 2_2010_BOOK.pdf 17
08/09/2010 12:56:48
Information systems:
Foundations of e-business
Volume 2
6.7.2 What IT infrastructure should we invest in?
In order to meet the needs of their customers, employees, suppliers and business
partners, organisations are having to rethink their strategic models for creating,
processing, storing and delivering data. In particular, companies which interact with
their customers via the Internet, which is available 24/7, need a model incorporating
hardware, software and data that is also available 24/7. If a company fails to keep
up with trends and demands then they risk losing business and hence revenue. Easy
Internet access for customers and ease of entry into the Internet market by
competitors means that customers can simply go elsewhere if the company does not
adjust to meet current consumer demands.
Is it scalable?
It is hard for an organisation to know how much computing capacity they will
require in the future. Managers need to design scalability into their IT systems to
avoid under-building or over-building. The idea is to build the system to meet
capacity for what the organisation thinks it needs, but to allow in the design, for the
easy increasing of capacity if the system is more successful than was originally
thought. Similarly, it should be easy to decrease capacity if the system is not as
successful as intended so that the organisation is not left with a lot of unused and
expensive equipment.
Are we spending the correct amount on IT?
If the organisation spends too little on IT infrastructure they are in danger of missing
opportunities for improved products and services. On the other hand, if they spend
too much on their IT infrastructure, they may be wasting resources that could be
better used elsewhere. The following tasks can be carried out to help the company
see where it stands.
Make an inventory of the market demands for the companys products or
services.
Analyse the companys ve-year business strategy.
Examine the companys IT strategy, infrastructure and costs for the next ve
years.
Determine where the company ts between old technologies and brand new
ones.
Benchmark the service levels of the company against its competitors.
Benchmark the IT expenditure of the company against its competitors.
Are we spending efciently on IT?
As computer technology and networks grow, spending efciently on the IT
infrastructure becomes more and more important. The cost of IT is not just the
money spent on hardware and software. The Total cost of ownership must also
incorporate the human (i.e. training) and maintenance aspects of running an IT
system. Expenses which make up the total cost of ownership of an IT infrastructure
include:
12
CIS 108_Volume 2_2010_BOOK.pdf 18
08/09/2010 12:56:48
A reminder of your learning outcomes
hardware the cost of purchasing equipment including computers, monitors,
printers etc.
software the cost of purchasing or licensing software for each user
installation the cost of installing hardware and software
training the cost of providing training for both IT specialists and end users
support the cost of providing on-going technical support for employees and
customers
maintenance the cost of repairing and upgrading hardware and software
when necessary
infrastructure the cost of acquiring, maintaining and supporting related
infrastructure such as networks, storage and other specialised equipment
downtime the cost to the company of loss of productivity caused by failure of
any part of the IT infrastructure
space and energy the cost of housing and running all of the equipment that
makes up the IT infrastructure.
Managers need to bear all of these costs in mind when deciding what IT
infrastructure they should invest in for their organisation.
6.8 Summary
In this chapter we have seen that the evolution of technology has been fast and far
reaching. We have come in the space of a few years from massive expensive
mainframe computers to inexpensive, hand-held devices and it is not stopping
here. The seven major components of an IT infrastructure (hardware, operating
system, software applications, data management and storage,
networking/telecommunications, Internet platforms, consultancy and integration
services) have to be merged to work as a cohesive system and the components have
to keep up with new trends in technology and each other. We have looked at some of
the reasons why technology is changing so much so quickly and we have discussed
some of the newest hardware and software. We have seen what a difcult job it is
for managers to keep their organisations in line with current trends without
overspending on IT or causing meltdown amongst their employees by continually
changing and upgrading their IT systems.
6.9 A reminder of your learning outcomes
After studying this chapter and the recommended reading you should be able to:
describe the seven major components that make up an IT infrastructure;
discuss the evolution of IT over the past 30 years since the rst commercial use
of mainstream computers to the present day;
discuss the factors, including Moores law and Metcalfes law, that have driven
the rapid evolution of technology;
outline the emerging hardware trends including mobile devices, grid computing,
cloud computing, autonomic computing, virtualisation and multi-core
processors;
13
CIS 108_Volume 2_2010_BOOK.pdf 19
08/09/2010 12:56:48
Information systems:
Foundations of e-business
Volume 2
outline the emerging software trends including Linux and other open-source
software, Java, Ajax, Web service and applications;
discuss the considerations that managers have to take into account when
deciding upon an IT infrastructure for their organisation;
describe the elements that make up the total cost of ownership of an IT
infrastructure.
6.10 Chapter questions
1. Estimate the total cost of ownership of the technology in your own workplace or
college. Do not forget to include each of the components listed in section 6.7.2
in your calculation.
2. Describe the ve technology drivers of the IT infrastructure evolution. Which do
you think has been the most inuential?
3. Discuss how cloud computing can provide value to an organisation.
4. What is Java and how it is changing the computing environment?
5. Discuss the business value of open-source software.
14
CIS 108_Volume 2_2010_BOOK.pdf 20
08/09/2010 12:56:48
Chapter 7
Managing information
7.1 Introduction
We have already seen in Chapter 1 that there is a difference between data and
information. In this chapter we will look in more detail at how data can be stored
and managed effectively to produce meaningful information. We will consider some
of the problems that can occur with traditional data storage and management
solutions and see how Database Management Systems (DBMS) can be used to
minimise these problems and get the best out of stored data. We will see how data
modelling is used to designed a database and that data policies need to be applied to
ensure that the database is maintained correctly.
Essential reading
Laudon and Laudon, Management Information Systems Managing the Digital Firm, Chapter 6.
Additional reading
Turban and Volonino Technical Guide 3 from the student companion website for Information Technology for
Management. This can be found at http://bcs.wiley.com/hebcs/Books?action=resource&bcsId=4953&itemId=0470400323&resourceId=17218&chapterId=48688.
7.2 Learning outcomes
After studying this chapter and the recommended reading you should be able to:
outline the benets of having a centralised database which is accessible to all
users and how database management systems can be used to help achieve this
explain how information is stored on a computer and be familiar with the terms
bit, byte, eld, record, le and attribute
discuss the terms entity and attribute and be able to suggest or identity
appropriate entities and attributes in a given situation
discuss the problems that can occur with traditional data storage solutions and
explain how DBMS can overcome these problems;
explain how a relational database stores data in tables and how these tables can
be linked and merged to answer queries
15
CIS 108_Volume 2_2010_BOOK.pdf 21
08/09/2010 12:56:48
Information systems:
Foundations of e-business
Volume 2
explain the importance of keeping a data dictionary which denes the data
denition language used to specify the contents of the database
discuss the terms normalisation and entity relationship diagram and explain how
these techniques are used when data modelling prior to the construction of a
new database
discuss how using data warehouses and data mining can help companies improve
their business
explain the importance of having a data management policy.
7.3 Organising data
Data is an important business resource, but even though a company may compile
millions of pieces of data, this does not mean that it can produce information that its
customers, employees and suppliers can use. A competitive advantage can be gained
by turning data into useful information.
7.3.1 Storing data on a computer
No matter how powerful it is, all a computer really stores is a string of 0s and 1s
each of which is called a bit.
A string of eight bits is called a byte. One byte can be used to represent a character
such as a letter, number or any miscellaneous character in ASCII. For example the
ASCII code for the letter R is the byte 01010010.
By grouping together bytes, a computer can thus store names, numbers and so on. A
group of bytes which represents a piece of information such as a name, is called a
eld.
A group of related elds form a record. For example the record Student maybe made
up of the elds rstname, surname, SRN, age.
A group of records of the same type is called a le. Thus a le called
students personal would contain all of the student records for the students who are
currently enrolled.
A group of related les is a database.
The hierarchy from bits and bytes up to les and databases is illustrated in gure 7.1.
Two other important terms are entity and attribute. An entity is the thing about
which you are collating information. Thus an entity is likely to be a person, a place
or an event. An attribute is a single piece of information about the entity. For
example, in table 7.1 each column of the table describes an attribute (in this case
rstname, surname, SRN, age, house no, street, city, postcode, country), each row is
for a different entity (in this case the two students RACHEL BASSETT and FRED
FLINTSTONE).
16
CIS 108_Volume 2_2010_BOOK.pdf 22
08/09/2010 12:56:48
Organising data
bit:
0
byte:
01010010
eld:
rstname=RACHEL
record:
student=
le:
rstname
RACHEL
students personal=
ElIZA
FRED
database:
student
student
student
student
rstname
RACHEL
surname
BASSETT
SRN
079011010
surname
BASSETT
DOLITTLE
FLINTSTONE
age
24
SRN
079011010
089328023
074837283
age
24
28
45
personal le
nancial le
marks le
courses le
Figure 7.1: bitbyteeldrecordledatabase
rstname
RACHEL
FRED
surname
BASSETT
FLINTSTONE
SRN
079011010
074837283
attributes
age house no street
24
96
The Avenue
45
32
Rockville
city
York
Stones
postcode
YO7 3RW
12345
country
UK
USA
Table 7.1: Entities and attributes
Learning activity
Suppose that you decide to create a database for a newspaper delivery business. You need to keep
accurate information on all of your customers. You create a record for each customer.
What attributes do you need for each customer?
What are the entities in this case?
Give an example eld, record and le from the database.
What other les might you need in this database?
7.3.2 Problems with traditional data storage
In chapter 2 we discussed the problems caused by different departments in an
organisation not sharing their information with each other and thus making islands
of information. This is often caused by different departments in a company each
setting up their own le system. As gure 6.2 on page 238 of Laudon and Laudon
shows, in a traditional set-up, the accounting and nance, human resources, sales
and marketing and manufacturing departments all use separate applications. These
applications require data from the master data le. Often the different departments
17
CIS 108_Volume 2_2010_BOOK.pdf 23
08/09/2010 12:56:48
Information systems:
Foundations of e-business
Volume 2
will require the same data for example accounting and nance and human
resources will both need to have access to all the employees personal details such as
full name, address, date of birth, etc. If the two different departments each keep
their own records of this information this is not only inefcient but can lead to
problems including data redundancy and inconsistency, program-data dependence,
lack of exibility, poor security, lack of data share and availability. We will describe
each of these problems in turn.
Data redundancy occurs when the same piece of information is entered into the
same database twice. Perhaps there is one le called customer details and
another called enquirer details. If you rst registered with a company, for
example on a website, but did not buy any goods, your details may have been
stored in the enquirer details le. If at a later date you bought something from
the company, then your details may also have been added to the
customer details le. This is data redundancy. If the company sends out
Christmas cards, it is likely that you will get two not because you are
particularly popular but because you occur as two different entities in the
database. Furthermore, if you later move house and inform the company of your
new address, it may be updated in the customer details le but not in the
enquirer details le. Next Christmas you will get a card at your new address and
a second one sent to your old address. This is data inconsistency the same
entity has different attributes according to the database.
Program-data dependence occurs because some computer software programs,
in particular those written for large mainframes, require data to be constructed
in a particular way. Data that is constructed for one program cannot be used in
another which requires a different conguration. If a company wants to use the
same data in a different program, it will have to reconstruct it accordingly. It is a
waste of time and money to have to maintain the same data in different formats
due to program-data dependence.
Lack of exibility can occur if different people require different information
from the same entities. For example, the Sales and Marketing department might
need information about the companys new production schedule, but they do
not need as much detail as the Production department, and their priorities are
different so they would like the information presented in a different order.
Traditional le systems may not be able to oblige the Sales and Marketing
department will have to put up with the data in whatever format it appears.
Poor security can be a problem as traditional le environments typically have
little or no security controls over who has access to what data. In the modern
world where data control and data privacy are often legal requirements, this is
unacceptable. Furthermore, if data is held in several separate le systems, then
all of these need to be secure.
Lack of data share and availability can occur if someone wants information
about something and the attributes are stored in different databases in different
departments. Suppose for example that the Chief Executive wants to compare
the sales of Part A with the production schedule for Part A. If the attributes
regarding production are held in one le system in one format in the Production
department, and the attributes regarding sales are held in another le system in
a different format in the Sales department then it could be hard for the Chief
Executive to get the information they require in a usable format.
18
CIS 108_Volume 2_2010_BOOK.pdf 24
08/09/2010 12:56:48
Databases
7.4 Databases
Database technology can be used to minimise many of the problems described above
that can occur with traditional le storage. As we said before, a database is a group
of related les. This is a basic denition and does not take into account the fact that
the database should be in some ordered and useful form. A better denition is as
follows.
A database is a collection of data which is organised
so as to be able to serve many applications efciently.
In an effective database this is done by centralising the data and removing data
redundancy. Instead of storing separate les for each application, the data is stored
in one location and used by each of the separate applications. This can be achieved
by using a database management system or DBMS.
7.4.1 Database management systems
A database management system (DBMS) is basically a piece of software that
enables a company to centralise its data, manage it effectively and provide access to
the stored data by application programs. The DBMS removes the onus from the data
user to know where the information that they require is and what format it is in.
For example, if the company accountant is using an application that requires the
gross pay for all employees then the DBMS will obtain this data from the database
and present it to the application program in the correct format, without the
accountant having to know exactly where, or in what format, that data is stored in
the database.
In general, the end users of the database are unaware of what the database looks
like, where anything is stored and how the information is organised. To someone
working in Personnel, it might seem that the logical way to store employee records is
in alphabetical order by name. In actual fact, the employee records are probably
stored in the database ordered by a unique identifying number. However, if the
Personnel department request a list of employees in alphabetical order from the
database then this is what the DBMS will deliver.
Figure 7.2 shows that two different departments (Academic and Finance) can get
different views of the data held in the Student database.
The benets of using a DBMS
Using a DBMS can solve or minimise some of the traditional problems described in
section 7.3.2 associated with data storage in a large organisation.
There is just one database serving the entire organisation. This eliminates the
problem of having islands of information with one department having
information which others do not have access to.
There should be only one instance of each entity in the database. This eliminates
19
CIS 108_Volume 2_2010_BOOK.pdf 25
08/09/2010 12:56:48
Information systems:
Foundations of e-business
Volume 2
Academic view
SRN
rstname
surname
date of birth
year enrolled
address
country
institution
programme
fees due
fees paid
Student Database
SRN
rstname
surname
institution
programme
Database
Management
System
Finance view
SRN
rstname
surname
address
fees due
fees paid
Figure 7.2: Different departments can get different views of data from the same database using DBMS
the problem of data redundancy, and reduces the problem of data
inconsistency when changes occur only one record needs to be updated and
thus it is much easier to maintain information that is correct, consistent and up
to date.
The data is constructed in the centralised database separately from the programs
that will use it. The DBMS arranges the data into the correct format for the
application that is requesting it at the time of the request. This eliminates the
problem of program data dependence.
The problems of lack of exibility and lack of data share and availability are
resolved as the DBMS can present whatever data is required by whichever
application in the appropriate format. Now the Chief Executive can request data
on sales and production and these can be delivered in a usable format. The Sales
and Marketing department can get information about the new production
schedule without being bogged down in details that they do not require.
It is much easier to secure and provide access control for one centralised
database than it is to control access to multiple databases or le systems. Thus
the problem of lack of security is minimised (although proper security and
access controls still need to be maintained see Chapter 9).
7.4.2 Relational databases
A relational database stores data in tables. The data is then extracted and merged
into whatever format the user (or application) requires. The tables are sometimes
referred to as les but this is confusing since it is possible to have multiple tables
within a le.
The data in each table is broken down into elds. Each column of the table
20
CIS 108_Volume 2_2010_BOOK.pdf 26
08/09/2010 12:56:48
Databases
represents a eld and contains a single attribute1 .
A group of elds (a row in the table) is a record.
Table 7.2 is an example of a relational database table. Each column represents a
eld and contains a single attribute. Each row holds a record.
rstname
RACHEL
FRED
surname
BASSETT
FLINTSTONE
SRN (key eld)
079011010
074837283
age
24
45
house no & street
96 The Avenue
32 Rockville
city
York
Stones
postcode
YO7 3RW
12345
country
UK
USA
Table 7.2: A relational database table
Each table in a relational database must have a key eld which is a eld of unique
identiers. In table 7.2 the key eld is the SRN (student registration number). This
is a number that is unique to the student and does not change throughout their
enrolment with the University. There could be two students called FRED
FLINTSTONE but each will have a unique SRN and this can be used to distinguish
between the two students. In other instances, the key eld might be your social
security or national insurance number or your house number combined with your
postcode and initials.
The key eld contains the primary key for each record. When tables are used in
relation to each other, the primary key from one table is stored as the foreign key in
the other and vice versa. In this way the two tables have a direct relationship. For
example, consider the simplied Customer and Order tables in gure 7.3.
Customer Table
Customer Name
Joe Bloggs
Order Table
Primary Key
Order Number
78642193
Customer Address
27 West Street
Order Item
blue jeans
Primary Key
Customer ID
JB27090427
Quantity
2
Figure 7.3: Simple tables with primary keys in a relational database
Details about orders are not stored in the customer table and details about
customers are not stored in the order table. It is important that only attributes for a
particular entity are stored with that entity. However it is also important that the
order that Joe Bloggs placed can be tracked and related to him. The Order Number
which is the primary key in the Order Table is stored as the foreign key in the
Customer Table. Likewise the Customer ID which is the primary key in the Customer
Table is stored as the foreign key in the Order Table. This is shown in gure 7.4.
Now starting with the Customer ID we can look Joe Bloggs up in the Customer Table
and nd the Order Number which is stored there as the foreign key. Now we can use
the Order Number to look up the relevant order in the Order Table. The foreign key
in the Order Table is that of Joe Bloggs Customer ID so we know that we are looking
1 Note that the smallest possible elds should be used for each record. For example it is much better to
have separate attributes for rstname and surname rather than a single attribute for name. This makes it
much easier to sort and manipulate the records.
21
CIS 108_Volume 2_2010_BOOK.pdf 27
08/09/2010 12:56:48
Information systems:
Foundations of e-business
Volume 2
Customer Table
Customer Name
Joe Bloggs
Order Table
Primary Key
Order Number
78642193
Customer Address
27 West Street
Order Item
blue jeans
Primary Key
Customer ID
JB27090427
Quantity
2
Foreign Key
Order Number
78642193
Foreign Key
Customer ID
JB27090427
Figure 7.4: Simple tables with primary and foreign keys in a relational database
at the correct record.
Similarly we could start with an Order Number and nd out details about the
customer who placed the order by using the Customer Number that is stored as the
foreign key in the Order Table and looking it up in the Customer Table.
Operations used to manipulate a relational database
Any two tables in a relational database can be combined so long as they share a
common data element. There are three basic operations.
Select create a subset of records that meet your criteria.
Join combine related tables to provide more information than is available in
an individual table.
Project create a new table from subsets of previous tables.
Using these operations it is possible to manipulate the data available in all of the
different database tables to provide whatever information is requested in the desired
format.
Figure 6.5 on page 244 of Laudon and Laudon illustrates how these operations are
used to combine information from the PART table and the SUPPLIER table to
construct a new table with only specied attributes about suppliers for particular
parts. First the relevant parts are selected by Part number from the PART table. The
two tables have a common data element, namely Supplier Number. This information
is used to join the two tables so that information about the suppliers for the relevant
parts is captured. Finally the data is projected into a new table showing only the
parts and information about the suppliers that are of interest for this particular
query.
7.4.3 Tools that a DBMS should provide
A DBMS should provide tools for organising, managing and accessing the data in the
database. These include:
A data denition language which is used to specify the contents of the
database. This is required to create database tables and to dene the
22
CIS 108_Volume 2_2010_BOOK.pdf 28
08/09/2010 12:56:49
Designing a database
characteristics of the elds in each table. This makes sure that all users of the
database are talking the same language.
A data dictionary is used to store each data denition in the data denition
language. For each data element or eld in the database the characteristics of
that element should be stored in the data dictionary, and this should be available
to all users. This is especially important in case the person or people who
initially designed the database move on what might have been obvious to
them might not be so to the next database programmer. Users and programmers
can also consult the data dictionary to check what data elements are already
available before creating unnecessary new ones. This can help to eliminate data
redundancy and inconsistency.
A data manipulation language is a formal language used to manipulate the
data in the database and make sure that it is formatted and presented as useful
information. The language should make it easy for users to build their own
queries and reports. SQL (Structured Query Language) is the most well-known
data manipulation language and is now embedded in some desktop applications
such as Microsoft Access.
7.5 Designing a database
7.5.1 Data modelling
Before creating a database, it is important that you think hard about the information
it is going to be used for and how the different parts of that information are related
to each other. How should the information be stored, organised and used? Data
modelling is the process of dening the data that is going to be used or produced
within an information system and how it is organised. The basic tool used for data
modelling is an Entity Relationship Diagram
Entity Relationship Diagrams
An entity relationship diagram (ERD) is a technique used to identify the entity types
in a particular situation and diagram the relationships between them. Figure 7.5
shows an entity relationship diagram for part of a university registration system. The
diagram identies ve entity types (Department, Course, Professor, Programme and
Student) and the relationships between them.
The symbols, ||, < and o < used on the relationship lines signify whether the
relationship is one-to-one, many-to-one, or many-to-many. A || symbol signies a
-to-one relationship. A < or > symbol signies a -to-many relationship. A o < or > o
symbol signies that there may be zero, one or more.
For example the relationship between Department and Programme is one-to-many.
The Department offers many programmes, but each programme is only offered by
one department.
Department ||
offers
is offered by
Programme
23
CIS 108_Volume 2_2010_BOOK.pdf 29
08/09/2010 12:56:49
Information systems:
Foundations of e-business
Volume 2
Department ||
employs =
offers
is offered by
is employed by
Professor ||
teaches
Programme
contains
is part of
o Course
is taught by
is taught to
is registered on
Student
Figure 7.5: An ERD for part of a university registration system
Similarly, each Professor is employed by only one Department, but each Department
employs many Professors.
A Professor may teach zero or more Courses, but each Course is taught by only one
Professor.
A Course is taught to many Students and many Students are registered on each
Course.
A Course may be part of many Programmes and a Programme may contain many
Courses.
Identifying the data in a database
After identifying the entity types and the relationships between them, the next step
is to identify the data that should be in the system. For each entity, this data consists
of the signicant attributes. For example, the entity Course may have attributes
course number, department, professor, level, description. As the analysis of the
system continues, these attributes might be re-named or modied and other
attributes may be added. It is important to keep asking yourself the following
questions until the answer to them all is No.
Is any data missing about each entity type?
Is there any ambiguity in what the various attributes mean?
Does the same attribute appear in two places?
Analysing the data to be included in a database requires a great deal of thought and
attention to detail. Several versions of the set of entity types, attributes and
relationships may need to be produced.
24
CIS 108_Volume 2_2010_BOOK.pdf 30
08/09/2010 12:56:49
Designing a database
Learning activity
Consider the entity relationship diagram shown in Figure 7.5.
1. Add a new entity called University given that the University has many Departments but each
Department belongs to only one University.
2. For each of the entity types in Figure 7.5 list the attributes that you think should be stored for that entity.
Normalisation
It is important to avoid redundancy between tables and not to allow a relationship to
contain repeating data groups. For example do not allow two tables both to store a
customers name. That makes it hard to keep data properly organised and updated.
Minimising redundancy and increasing the stability and exibility of databases by
reducing data in the tables to its simplest form is called normalisation.
See gures 6.9 and 6.10 on pages 247 and 248 of Laudon and Laudon for an
example of the normalisation process.
Referential integrity
Referential integrity rules should be applied to relational database systems to ensure
that the relationship remains consistent. This means that if you create a table that
points to another table, you can only add a new record to one of the tables if you
also add a corresponding record to the second table. For example, consider the
Customer and Order tables of gure 7.4. If we want to add a new order to the Order
Table then we must also add a corresponding Customer to the Customer Table
(assuming that this customer does not already exist in the customer table). Similarly,
we cannot add a new customer in the Customer Table without adding a
corresponding order in the Order Table. This is shown in gure 7.6
Customer Table
Customer Name
Joe Bloggs
David Cameron
Order Table
Primary Key
Order Number
78642193
78642194
Customer Address
27 West Street
10 Downing Street
Order Item
blue jeans
blue tie
Primary Key
Customer ID
JB27090427
DC10141138
Quantity
2
1
Foreign Key
Order Number
78642193
78642194
Foreign Key
Customer ID
JB27090427
DC10141138
Figure 7.6: Adding corresponding records in related tables
25
CIS 108_Volume 2_2010_BOOK.pdf 31
08/09/2010 12:56:49
Information systems:
Foundations of e-business
Volume 2
7.5.2 Distributed databases
When designing a database, it is also important to consider how the data is to be
distributed. Information systems can be designed with a centralised database that is
used by a single central processor or by multiple processors in a client/server
network. However, in very large organisations that require immediate fast access to
data at multiple sites a distributed database will be required. There are two ways
to structure a distributed database.
Partition the database some parts of the database are stored and maintained
at one location and other parts are stored and maintained at other locations.
Each remote processor has the data that it needs to serve its local area. Changes
to the local databases are implemented on a central database at regular
intervals, for example every night.
Replicate the database the entire central database can be duplicated at all the
required remote locations. Generally changes made to the master database are
also made in the duplicate versions. As with a partitioned database these
changes would be made automatically at regular intervals such as every night.
Learning activity
Discuss the advantages and disadvantages of using:
1. A distributed database rather than a centralised database.
2. A partitioned database rather than a replicated database.
7.6 Improving business using databases
Companies and organisations use databases to keep track of day-to-day transactions
such as paying employees and suppliers, processing orders, storing customer
information, keeping an inventory of stock and so on. However, databases can also
be used to provide information that will help the company run more smoothly and
get (or keep) its competitive advantage. In a large company, special tools are needed
to be able to effectively analyse the vast amounts of data that is stored. These tools
include data warehousing, data mining, and application servers that enable the
access of databases through the Internet. We will look at each of these in turn.
7.6.1 Data warehouses
A data warehouse is basically a set of huge computer les that store old and new
data about everything that a company wants to maintain information on. The data
may come from different information systems throughout the company and as such
may be in different formats. The data warehouse uses software to consolidate and
standardise the information that is gathered so that it can be used across the entire
organisation for management analysis and decision making.
The process of creating and maintaining a data warehouse involves the following
steps.
26
CIS 108_Volume 2_2010_BOOK.pdf 32
08/09/2010 12:56:49
Improving business using databases
Extraction regularly downloading new data from different internal data
sources (for example Manufacturing Data and Customer Data) and external data
sources.
Consolidation combining the data from the different data sources.
Filtering removing any data that is not needed for analysis purposes.
Cleansing identifying any errors or duplications and correcting them.
Transformation modifying the data so that it is consistent with the data
denition language.
Aggregation summarising the data for analysis.
Updating keeping the data warehouse up to date by adding new data.
The data in the data warehouse should be widely available across the organisation,
but it cannot be altered by people using the information. Many companies use an
Intranet portal to give their employees access to the data warehouse information. An
information directory provides users with information about the data available in the
data warehouse. Query tools, analytical tools and graphical reporting tools are used
to enable users to get the information that they require in a useful format.
Learning activity
The case study on pages 252-253 of Laudon and Laudon describes how the American Internal
Revenue Service is using a data warehouse to improve its ability to manage and make use of the data it has
collected. As a result the agency has recovered many billions of dollars in tax revenue that was lost under
the old system.
Read the case study and answer the questions on page 253.
Data marts
A data warehouse can be daunting because of its size and the huge amounts of data
it stores. A company can break the information down into smaller groups called data
marts. These are generally focused on a particular subject or line of business such as
Sales and Marketing. It is easier and cheaper to sort through a data mart than the
entire data warehouse.
7.6.2 Data mining
Organisations collect millions of pieces of data. Using the right tools, the
organisation can use this data to develop effective competitive advantages as
discussed in previous chapters. Instead of guessing about which products or services
are the best sellers, business intelligence tools which consolidate, analyse and
provide access to data, provide concrete methods for analysing exactly what
customers want and how to supply it to them.
Online analytical processing (OLAP) supports multidimensional data analysis,
enabling users to view the same information in different ways. A good analogy is a
Rubiks Cube. The six coloured faces represent six different aspects of information
27
CIS 108_Volume 2_2010_BOOK.pdf 33
08/09/2010 12:56:49
Information systems:
Foundations of e-business
Volume 2
sales, pricing, cost, region, period and product for example. The cube can be
jumbled up so that different faces are adjacent. Thus any aspects can be compared
with each other rearranging the cube gives a different view.
Three benets of using business intelligence tools include:
the capability to amass information
the development of knowledge about customers, competitors and internal
operations
the ability to change decision-making behaviour to achieve higher prots.
Data mining goes one step further than Business Intelligence or OLAP tools. Data
mining technology attempts to nd hidden patterns and relationships in large
databases and hence predict future behaviour. The types of information which can
be obtained by data mining include:
associations determining which occurrences are linked to a single event
sequences determining which events are linked over a period of time
classications discovering characteristics of customers and making
predictions about their behaviour
clustering discovering groups within data
forecasting using existing values to forecast what other values will be.
Learning activity
One problem with data mining is that it can produce information that seems useful but actually is not
meaningful in the context of the company. For example, suppose that data mining tells a retail company that
on a hot summers day more bottled water is sold in convenience stores rather than in supermarkets. Data
mining also reveals that when customers purchased white socks they also purchased bottled water 60% of
the time and when they purchased black socks they also purchased bottled water 57% of the time.
Which pieces of information do you think are useful when the company is making decisions about where to
send its stocks of bottled water and socks?
Text mining and web mining tools are also available. These can be used to discover
patterns and relationships from text documents and web pages.
7.6.3 Databases and the Internet
Web browsers are generally much easier to use than query languages. It is often
easier for companies to provide their employees, customers and suppliers with
web-based access to their database(s) rather than creating proprietary systems. It is
also cheaper to create front end browser applications that can link information from
different systems rather than trying to combine all of the systems at the back end.
Internal databases can be linked to the web using software programmes that provide
a connection to the database without the need for a major reconguration. A
database server is a special dedicated computer that maintains the DBMS. A
software program called an application server processes the transactions and offers
data access. A user making an enquiry through the web server can connect to the
companys database and receive information in the form of a web page.
28
CIS 108_Volume 2_2010_BOOK.pdf 34
08/09/2010 12:56:49
Data management policies
The benets of using a web browser to access a database include:
ease of use
less training required for users
no changes required to the internal database
the company can keep its old legacy system instead of having to replace it
cheaper than building a new system
creates new efciencies and opportunities
provides employees with an integrated company-wide view of information.
7.7 Data management policies
Setting up the company database is only the beginning. In order to ensure that the
database remains accurate, reliable and accessible, the company will need to
establish policies and procedures for data management.
No single part of the organisation should feel that it has exclusive ownership of any
of the information in the database. Although a particular department may have the
responsibility for updating and maintaining the data, or part of the data, that
department still has to share the information across the whole organisation. An
information policy should be written which outlines rules which govern how the
information in the database will be shared, maintained, distributed and updated.
Someone (possibly a whole team of people) needs to be responsible for data
administration. They will be responsible for:
developing information policies
planning for data
overseeing logical database design
developing the data dictionary
monitoring use of data.
Data governance is concerned with the policies that govern the security, integrity,
privacy and access controls of the information.
7.7.1 Data quality
If a database and information policy is properly designed then the company should
be able to gather the information that it requires. Furthermore duplications and
inconsistent data should be minimal. However, it is still important that data quality
is maintained. Errors in the database should be identied and corrected. This can be
done using a data quality audit which might:
survey the les of the entire database
survey a sample of les from the database
survey end users about their perceptions of the data quality.
If data quality is poor than the information obtained from that data will also be of
poor quality.
29
CIS 108_Volume 2_2010_BOOK.pdf 35
08/09/2010 12:56:49
Information systems:
Foundations of e-business
Volume 2
7.8 Summary
In this chapter we have looked at ways of turning data into information. We have
seen how the problem of creating islands of information within an organisation can
be avoided by having a centralised database which is accessible by everyone. We
have seen how database management systems can be used to help organisations get
the most benet from their database. We have discussed relational databases and
how separate tables of information can be merged so that queries regarding different
aspects of a product for example can be answered. We have seen how data
modelling and entity relationship diagrams are used to help design an effective and
efcient database. We have considered the problem of distributed databases and
discussed partitioning and replicating the central database as possible solutions. We
have seen how data warehouses, data mining techniques and the Internet can be
used to help organisations use the data that they have gathered to improve their
competitive advantage. Finally we have discussed data management policies and
seen that an information policy is necessary in order for the database to be correctly
used and maintained.
7.9 A reminder of your learning outcomes
After studying this chapter and the recommended reading you should be able to:
outline the benets of having a centralised database which is accessible to all
users and how database management systems can be used to help achieve this;
explain how information is stored on a computer and be familiar with the terms
bit, byte, eld, record, le and attribute;
discuss the terms entity and attribute and be able to suggest or identity
appropriate entities and attributes in a given situation;
discuss the problems that can occur with traditional data storage solutions and
explain how DBMS can overcome these problems;
explain how a relational database stores data in tables and how these tables can
be linked and merged to answer queries;
explain the importance of keeping a data dictionary which denes the data
denition language used to specify the contents of the database;
discuss the terms normalisation and entity relationship diagram and explain how
these techniques are used when data modelling prior to the construction of a
new database.
discuss how using data warehouses and data mining can help companies improve
their business;
explain the importance of having a data management policy.
7.10 Chapter questions
1. What are the problems associated with managing data in a traditional le
environment and how can they be resolved by using a database management
system?
30
CIS 108_Volume 2_2010_BOOK.pdf 36
08/09/2010 12:56:49
Chapter questions
2. Describe how a relational DBMS works and explain why it is a powerful tool in
terms of turning data into information.
3. What do you think are the benets of using a web-like browser to access
information from a database?
4. To what extent do you think that end-users should be involved in the selection of
a database management system and database design?
5. Describe three technologies or tools that can be used to access information from
databases to improve business performance and decision-making.
31
CIS 108_Volume 2_2010_BOOK.pdf 37
08/09/2010 12:56:49
Information systems:
Foundations of e-business
Volume 2
32
CIS 108_Volume 2_2010_BOOK.pdf 38
08/09/2010 12:56:49
Chapter 8
Telecommunications
8.1 Introduction
In this chapter, we will describe the role that networks and telecommunications play
in an e-commerce business. We will see how traditionally separate computing and
communications systems are merging into universal systems which perform both
functions. We will describe the layout of different networks for use in personal and
business settings. We will examine the different components of a
telecommunications network and describe how they are used to generate, transmit
and receive data. Finally, we will look at the biggest network of all the Internet.
Essential reading
Laudon and Laudon, Management Information Systems Managing the Digital Firm, Chapter 7.
Additional reading
Turban and Volonino Technical Guide 4 from the student companion website for Information Technology for
Management. This can be found at http://bcs.wiley.com/hebcs/Books?action=resource&bcsId=4953&itemId=0470400323&resourceId=17218&chapterId=48688.
Grulke, Wolfgang E, In Search of Simplicity (Beyond the Search for Excellence) Information Management Tools: Their
Future and Their Potential Impact on the Corporation. This paper can be found at
www.futureworld.ord/Archives/tlksimpl.html Find out how Google works at
http://www.googleguide.com/google works.html
8.2 Learning outcomes
After studying this chapter and the recommended reading you should be able to:
describe how telecommunications technology has evolved over the past 20 years
describe the component parts of a computer network and draw a simple local
area network (LAN)
describe a LAN in terms of its topology and discuss the advantages and
disadvantages of different topologies
describe the three computer network technologies client/server computing,
packet switching and TCP/IP and understand how important these technologies
are in enabling the development of telecommunications
33
CIS 108_Volume 2_2010_BOOK.pdf 39
08/09/2010 12:56:49
Information systems:
Foundations of e-business
Volume 2
explain the difference between digital and analogue signals and why a modem is
necessary to transfer between the two different types of signal
describe the different types of communication channels that can be used for a
wired network and discuss the advantages and disadvantages of each
describe the different types of communication channels that can be used for
wireless networks and discuss the advantages and disadvantages of each
understand that the Internet is an example of a wide area network (WAN) and
describe briey how the Internet works and the services that it offers including
the web.
8.3 Evolution of telecommunications
Telecommunications is the transmission of data between computing devices on a
network. Such computing devices may be desktop computers, laptops, mobile
phones, blackberries etc. Data comes in many forms and might be spoken, written,
pictorial, video and so on.
Until recently, different types of data were transmitted by different networks by each
operated a different service provider. For example, in Britain twenty years ago if
you wanted to speak to someone you would use the telephone and this service
would be provided by the telephone company British Telecom. If you wanted to
write to someone, you would post a letter using the Royal Mail. If you wanted to
watch television you would pay your TV licence and watch BBC1, BBC2 or ITV. To
send an email you would connect your computer to your telephone line (thereby
making it unavailable for telephone calls) and download rates were very slow.
Gradually these services started to merge and new service providers such as Sky and
Virgin came into the picture. Now it is possible to buy a package of services all from
one provider and this will include your xed line phone, mobile phone, satellite or
cable television, and broadband Internet access.
In his paper In Search of Simplicity published in 1987, Wolfgang Grulke made the
following predictions regarding the future of telecommunications:
Telecommunications standards and architectures are beginning to be much more
consistent across these types of data and increasingly across different vendors. Both
vendor-initiated architectures (such as IBMs Systems Network Architecture, and the
equivalent ofce information architectures) and industry initiatives such as open
systems interconnect are seeing to that.
It is now possible to connect personal computers to a wide variety of information
networks and data bases. Financial institutions are co-operating in sharing
networks and automated teller machines. We owe it to the future to begin to get
ready now.
All these initiatives make any given computer much more powerful and useful, and
a far better return on investment. That can only lead to new phenomenal growth in
the long-term, which will continue to be fuelled by a host of new possibilities, some
as yet unseen. Already the electronics revolution has started the convergence of the
publishing, broadcasting and entertainment industries.
Grulke was right. The publishing, broadcasting and entertainment industries have
indeed merged and as high-speed broadband network connections continue to
expand and service providers continue to develop products it is becoming harder to
34
CIS 108_Volume 2_2010_BOOK.pdf 40
08/09/2010 12:56:50
Computer networks
tell where one ends and the next begins. Gradually computers are becoming
communication devices and communication devices are becoming computers.
Learning activity
Twenty or so years ago Grulke predicted where we would be now in terms of telecommunications. Where
do you think we will be in another 20 years time?
8.4 Computer networks
Any two or more computers which are connected form a computer network.
Figure 8.1 shows the components used in a simple network structure. These include:
client computers
a dedicated server computer
a hub or switch
a network operating system (NOS)
network interface cards (NIC).
Server
with
NOS
and
NIC
Printer
Switch
Router
PC
with
NIC
PC
with
NIC
The Internet and
other networks
PC
with
NIC
Figure 8.1: A simple client/server LAN
It is possible to keep on adding components to this type of network and expand it to
meet requirements. By putting a Network Interface Card (NIC) into a personal
computer (most PCs have a built in NIC these days) you can incorporate it into an
existing network. To share network resources such as printers, you need special
software called an Network Operating System (NOS). The NOS might be installed on
35
CIS 108_Volume 2_2010_BOOK.pdf 41
08/09/2010 12:56:50
Information systems:
Foundations of e-business
Volume 2
every computer in the system, or it might be on a dedicated server. In this case the
server computer performs network functions for the client computers such as
delivering web pages and storing data. Examples of the most widely used Network
Operating Systems are Microsoft Windows Server, Linux and Novell Netware. Hubs
and switches are used to help route trafc on the network to the right computing
device. If you want to communicate with another network such as the Internet then
you also need a router which is a communication processor used to ensure that data
transmissions get sent to the correct address. A very large network may require
multiple routers to make transmissions ow more quickly.
8.4.1 LANs and WANs
The computer network described above is a Local Area Network (LAN) which
connects personal computers and other devices in a local area such as an ofce oor
or a building. This is suitable for small company. The LAN shown in gure 8.1 is an
example of a client/server architecture with the network operating system residing
on a single le server. Alternatively, the LAN may have a peer-to-peer architecture
whereby all the computers are treated equally (there is no dedicated server
computer in a peer-to-peer network).
LANs may be described in terms of their topology the way in which they are
connected together. Examples of LAN topologies are star, bus and ring, mesh and
hierarchical.
Star in a star topology all of the devices are connected to a single hub through
which ows all network trafc.
Bus in a bus topology there is a single transmission segment along which all
messages are sent in both directions. All of the machines on the network receive
the same signals, but each client computer has software installed which allows it
to listen out for messages addressed to it. The bus topology is the most common
Ethernet1 topology.
Ring in a ring topology the network components are connected in a closed
loop. Messages pass from one computer to the next moving in one direction only
around the loop. Typically only older LANs use a ring topology.
1 Ethernet is a standard computer networking technology for LANs. It denes wiring and signalling
standards formalised as IEEE 802.3
36
CIS 108_Volume 2_2010_BOOK.pdf 42
08/09/2010 12:56:50
Computer networks
Mesh in a mesh topology every component is connected to every other
component. The advantage of this is that if one component fails the rest of the
network is not effected. The disadvantage is the cost of installing all of the
connections and the relative difculty of adding a new component to the
network since it has to be connected to every other component.
Hierarchical in a hierarchical network the components are arranged like an
upside-down tree with the root being the mainframe computer at the top level
and the leaves being the computer terminals at the bottom level. This type of
network is relatively inexpensive to set up, and it is easy to scale the size of the
network up and down. A disadvantage is that trafc jams can occur at the top
level.
Learning activity
Suppose that you are asked to design a local area network (LAN) for a public library. There will be eight
computers which library customers can use to log onto the Internet, search the library records and print
using a single printer. What equipment would the library need and what topology would you recommend for
this LAN and why? Draw a diagram of your proposed LAN.
The network for a large company with employees in many different locations is not
that different. It is a collection of many LANs connected together in a company-wide
infrastructure. There are more computing devices and servers, but the basic network
infrastructure is the same as for a LAN. This type of network is called a Wide Area
Network (WAN).
The Internet is an example of a WAN that connects many personal computers to
Internet service providers (ISP) who in turn are connected to form a network. Once
a user connects their PC to their ISP, a connection is made to a name server so that
the content requested by the user can be retrieved. The name server will contain a
list describing how and where to nd this content. Requests are then made for this
content and these are routed to the web server that contains them.
37
CIS 108_Volume 2_2010_BOOK.pdf 43
08/09/2010 12:56:50
Information systems:
Foundations of e-business
Volume 2
8.4.2 Computer network technologies
Three key technologies form the basis of modern computer networks and the
Internet. These are client/server computing, packet switching and TCP/IP. We will
look at each of these in turn.
Client/server computing
We talked about client/server networks in section 6.4. Instead of having a huge
mainframe with user terminals, many companies now use a client/server network
with each client computer being a powerful (although relatively inexpensive due to
Moores Law) piece of equipment in its own right. All of these client computers are
linked together in a network that is controlled by the network server computer(s).
This type of network is ideal for a company that is continually adding to and
upgrading its hardware.
Packet switching
Before packet switching technology was developed communications channels such
as telephone lines had to be dedicated to a particular job (connecting two remote
LANs for example) and remained unused at periods when no data was being sent.
This was an expensive and wasteful use of resources. With the development of
packet switching, much more efcient use is made of the communication channels
available.
In packet switching, the data to be transmitted is split up into small chucks called
packets. Each packet includes details about the address the packet is going to and
transmission error checking information. Each packet travels independently over the
network, being directed by the routers over the most efcient and economical
available route. When they arrive at their destination, having travelled over many
different routes through the network, the packets will be checked for transmission
errors and reassembled into the original message. This all happens so quickly that
you would not know that the message/web page/music download etc. has been split
up and reassembled between leaving its source and arriving at your computer.
TCP/IP
In a telecommunications network, different hardware and software components
need to work together. Fortunately, these different components can communicate
with each other easily due to the Transmission Control Protocol and Internet Protocol
(TCP/IP). These protocols are a set of rules and procedures which govern how
information is to be transmitted between two points in a network. We said in
Chapter 6 that one of the driving factors in the increase and evolution of IT
infrastructure is the existence of protocols which mean that components work
together. I can sit in the UK and request a web page that might be stored on a server
on the other side of the world safe in the knowledge that my computer, the computer
storing the page I am requesting, and all of the computers in-between that link us,
whatever hardware and software they comprise, can all communicate together using
the same language.
38
CIS 108_Volume 2_2010_BOOK.pdf 44
08/09/2010 12:56:50
Telecommunication media
TCP handles the movement of data between computers and IP is responsible for the
delivery, reassembly and acknowledgement of packets. TCP/IP was originally
created for the Internet, but it is easily transferred to networks of all sizes. Using
TCP/IP models, companies can create web-based interfaces for different databases,
for data input/output and for accessing information without having to physically
combine all of the data in one huge computer.
There are four layers in the TCP/IP reference model for communication.
Application the application layer enables the client computer to access the
other layers. It denes the protocols that applications use to exchange data such
as the Hypertext Transfer Protocol (HTTP) which is used to transfer web pages.
Transport the transport layer provides the application layer with
communication and packet services including TCP.
Internet the Internet layer addresses, routes and packages the data packets
called IP data-grams using protocols including IP.
Network interface the network interface layer places packets on, and receives
packets from, any networked technology.
Data sent from one computer to another passes down through the four layers:
Application Transport Internet Network interface
and is then reassembled at the recipient computer by passing up through the four
levels:
Network interface Internet Transport Application.
8.5 Telecommunication media
A computer only understands digital signals, that are basically a stream of bits (1s
and 0s represented by an electrical pulse being on and off respectively). However
most data in a network is transmitted over telephone lines, and these lines only
understand analogue signals which are continuous waveforms. In order to change
the signals between digital and analogue you need a modem as shown in gure 8.2.
digital
signal
Computer A
analogue
signal
Modem
digital
signal
Modem
Computer B
Figure 8.2: A modem converts digital to analogue signals and vice versa
A modem (short for modulator-demodulator) is a communications device that
translates digital signals from a computer into an analogue signal that can be
transmitted over a telephone line. The modem also translates analogue signals that
have been transmitted over a telephone line back into a digital signal that the
computer can understand. Most computers have built in modems these days.
39
CIS 108_Volume 2_2010_BOOK.pdf 45
08/09/2010 12:56:50
Information systems:
Foundations of e-business
Volume 2
8.5.1 Wired networks
A wired networks can use different kinds of physical wires and cables to transmit
data. These include:
Twisted wire strands of copper wire twisted together in pairs in order to
reduce the effect of electrical noise. Many buildings already have twisted wire
installed for their telephone systems and these can be used for digital
communication as well.
Coaxial cable insulated copper wire surrounded by a metallic shield and
wrapped in a plastic cover. Coaxial cable is much less susceptible to interference
than twisted wire and can carry a much greater amount of data. However it
costs more and is less exible than twisted wire, making it more expensive to
install. Data transmission over coaxial cable can be divided into two types
Baseband and Broadband.
Baseband transmission is analogue with each wire carrying only one signal
at a time.
Broadband transmission is digital with each wire carrying multiple signals
at the same time. This makes broadband faster and better for high volume
use than baseband transmission and hence broadband is currently the most
popular choice for Internet access.
Fibre-optic cable strands of clear glass bre though which pulses of light
(instead of electronic pulses) are transmitted. Fibre-optic cables are gradually
being used to replace copper cables as they are much faster and have a larger
bandwidth. They can also carry signals for a longer distance and are cheaper to
maintain than copper cables. They are ideal for high denition television
broadcasts due to their high bandwidth.
The advantages and disadvantages of these three types of wired channel are
summarised in table 8.1.
Type of channel
Twisted wire
Advantages
Inexpensive
Already in place
Flexible
Coaxial cable
Faster than twisted pair
Higher bandwidth
Less subject to interference
Very high bandwidth
Relatively inexpensive
Hard to tap
i.e. more secure
Fibre-optic cable
Disadvantages
Relatively slow
Low bandwidth
Subject to interference
(both electrical and)
phone tapping)
More expensive
Less exible
Hard to work with
Table 8.1: The advantages and disadvantages of wired communications media
40
CIS 108_Volume 2_2010_BOOK.pdf 46
08/09/2010 12:56:50
Telecommunication media
8.5.2 Wireless networks
The alternative to wired networks is wireless communications. Wireless
communication devices, including mobile phones, communication satellites, wireless
broadband, personal digital assistants (PDAs) and so on, are becoming increasingly
popular.
Wireless communication is based on radio signals of various frequencies and can
make use of microwave signals, satellites, radio signals, infrared signals and cellular
radio technology.
Microwave systems transmit high frequency radio signals at the speed of light.
The signals only travel in a straight line and so they must be bounced around
corners (such as around the curve of the earths surface) by relay stations placed
approximately 35 miles apart. Microwaves can carry approximately 10 times the
amount of data as a cable and a microwave transmission system can be set up
much more quickly than covering the same distance with a cable transmission
system.
Satellites are space stations that receive microwave signals from Earth, amplify
the signals and bounce them back over a wide area. The advantage of satellites
is the huge coverage they provide. Although the microwaves can still only travel
in a straight line, the satellite is so far above the earth that it can send the
microwaves to a huge area. For example, a network of three satellites placed
22,241 miles above the equator can provide global coverage for the whole of
planet Earth.
Radio communications do not have to depend on microwaves or satellites for
short range transmissions. Radio signals can be used to broadcast wireless
transmissions through the air to connect LANs. The radio signals can usually
travel through ofce walls and there is no need to install any wiring.
Infrared signals are light signals which are not visible to the human eye but
which can be used to transmit a pulsating data signal. These are most commonly
used for remote controls most television remote controls use infrared signal for
example. In computing infrared transmitters and receivers can be used to
connect computers and equipment at short range.
Cellular radio technology is used for mobile phones. A geographical area is
divided up into cells and in each cell there is a radio antenna (this might be
placed on top of a tall building or mountain peak or it might be a purpose built
tower). Communications from a mobile phone (or cell phone) are transmitted
from antenna to antenna until they reach their destination. As well as cell
phones, we now also have smart phones which can send video and can be used
to connect to the Internet. People want to be able to use their PDAs and
netbooks wherever they are without being physically connected to a network.
Many ofce buildings and public buildings now offer wireless connectivity so
that people can access the Internet whilst they are travelling (for example some
train companies provide wireless connections for their passengers) or eating (for
example in the UK many MacDonalds restaurants are now wireless Hotspots).
We will discuss the evolution of wireless networking in section 8.5.3.
Learning activity
More and more people now have a global positioning system or GPS in their car. Write a paragraph
describing how GPSs use satellites to determine their position anywhere on Earth.
41
CIS 108_Volume 2_2010_BOOK.pdf 47
08/09/2010 12:56:50
Information systems:
Foundations of e-business
Volume 2
8.5.3 Wireless networking generations and standards
We have already discussed the Transmission Control Protocol and Internet Protocol
(TCP/IP) which enables different networks to communicate with each other. In order
for wireless networks to work together another set of standards and protocols are
required. Unfortunately different standards for wireless networks have been adopted
in different parts of the world. There are two main standards and they usually do
not allow for cross transmissions from one system to the other.
Global System for Mobile Communication (GSM) used in Europe, China,
Asia and some regions of the United States.
Code Division Multiple Access (CDMA) used mostly in the United States.
There are also several generations of wireless cell technology. When cellular radio
technology was rst developed it was designed primarily for transmitting voice and
short text messages. Nowadays people want to transmit videos, photos, connect to
the Internet and generally do much more than just speak or text on their mobile
phones. We are now on, or moving towards, third generation or 3G wireless
networks. The transmission speeds that these networks offer mean that video,
graphics and other media can be sent over the network. Mobile phones, netbooks
and PDAs using a 3G network are also able to connect to the Internet.
3G networks are most commonly available in South Korea, Japan and many
European countries. Although 3G is not widely available in the United States,
providers there have upgraded their networks to a so-called 2.5G standard so that,
although transmission speeds and capabilities are not as good as for 3G, users of a
2.5G network can still access the Internet and so on.
The next generation, 4G is being developed and likely to be available in the next
decade. 4G networks will be even faster and provide high quality and high security
transmissions.
Bluetooth
Bluetooth is a wireless technology standard2 that now comes installed on many
computers and other devices. Bluetooth enabled devices can communicate with each
other easily. For example just pointing a bluetooth-enabled laptop at a
bluetooth-enabled printer makes them become part of a network. Bluetooth can
connect up to eight devices within a 10-metre area using a low-power radio based
communication signal. This makes it ideal for personal area networks (PANS) such as
home networks where a wireless mouse, wireless keyboard, computer and printer
might all be connected wirelessly using bluetooth.
Learning activity
Although it is ideal for small, personal networks, many large businesses have also found that bluetooth is a
very useful tool. Describe how a restaurant could utilise bluetooth technology to make the process of
getting orders from the customers to the kitchens more efcient.
2 bluetooth
is ofcially the 802.15 wireless networking standard
42
CIS 108_Volume 2_2010_BOOK.pdf 48
08/09/2010 12:56:50
The Internet
Wi-Fi
Wi-Fi(short for wireless delity) is the common name for the networking standards
for wireless LANs. 3 Wi-Fi connects computers wirelessly to a wired network via
access points. An access point is a radio receiver/transmitter that links to a wired
network, router or hub. Wi-Fi can be installed on existing computers and is often
pre-installed on new computers. A Wi-Fi enabled computer has a wireless NIC
(network interface card) that contains a built-in radio and antenna, thus it can send
and receive messages from the access point.
Access points to a Wi-Fi network are called hotspots. Libraries, stations and other
public places may be Wi-Fi hotspots. The advantage of Wi-Fi hotspots are obvious
they are very convenient and people want to be able to access the Internet and pick
up their emails etc. wherever they are. The disadvantage is that they are not that
secure (it is relatively easy to tap into a Wi-Fi communication) and that as more
people try to access the same hotspot the connection can suffer from interference.
Despite the disadvantages, more and more hotspots are appearing and it is likely
that sooner or later Wi-Fi will provide similar coverage to mobile phone networks.
8.6 The Internet
We have talked throughout this subject guide about the Internet and assumed that
everyone doing a course in computing has at least a basic understanding of what we
mean by the Internet.
More than one billion people now use the Internet that is about 15% of the global
population. People use the Internet for many different reasons, to email, shop, play
games, study, for business, for fun, for eduction, to communicate. Hopefully you are
one of them!
Who invented the Internet? is a difcult question to answer because no one person
did. A number of people made different breakthroughs and solved different
problems and as a result the Internet became possible. American textbooks are likely
to say that the Internet was invented in America in 1969 but British textbooks will
counter that this was only after the Internet had already been invented in England.
What is the Internet? is a bit easier to answer. Simply put, the Internet is a
worldwide system of interconnected computers and networks. It is a huge wide area
network (WAN) and is the largest implementation of a client/server network. No
one has overall control of the Internet and it has no owner.4
3 Wi-Fi is ofcially the 802.11 set of standards for wireless LANs comprising standards 802.11a, 802.11b
and 802.11g. Standard 802.11n for increasing the speed and capacity of wireless networks is under development.
4 Different parts of the Internet are owned by many different public and private bodies. In China for
instance, the government owns the backbone of the Internet infrastructure and tries to exercise control over
the Internet. In other countries the Internet infrastructure is generally privately owned.
43
CIS 108_Volume 2_2010_BOOK.pdf 49
08/09/2010 12:56:50
Information systems:
Foundations of e-business
Volume 2
Learning activity
By researching on the Internet or otherwise, see if you can answer the question Who invented the
Internet?.
8.6.1 Connecting to the Internet
Most small businesses and home users connect to the Internet through an Internet
Service Provider (ISP) such as Virgin or Sky. Larger businesses, universities and so
on may have their own designated Internet domain. Traditionally people connected
to the Internet using a telephone line and a modem, but for most people this method
is being replaced by broadband. Broadband connections can be provided via Digital
Subscriber Lines (DSL), Cable and Satellite connections, T1 and T3 lines.
Digital Subscriber Lines (DSL) uses ordinary telephone lines to carry voice
and data transmissions at high speeds.
Cable the telecommunications industry is making use of the coaxial cable that
is already used by television companies to provide their customers with cable
TV. This cable can also be used to provide an Internet connection. If too many
people are accessing the line at the same time all will suffer progressively slower
speeds, but cable is still much faster than dial-up modem.
Satellite in areas where DSL and Cable connections are not available, it is
possible to connect to the Internet via a satellite link. This is slower than other
other broadband connections.
T1 and T3 lines these are leased, dedicated lines which can be used by
businesses or governments who require a guaranteed high-speed level of service.
8.6.2 Internet addresses
Every computer that is connected to the Internet has a unique Internet Protocol
Address of IP which is a series of numbers such as 158.223.1.6. Since these IP
addresses are not that easy to remember, they are converted into domain names such
as www.londoninternational.ac.uk. Every unique domain name has a unique IP.
Domain names have a hierarchical structure and tell us a lot about the computer
they are linked to. For example from the domain name www.londonexternal.ac.uk we
can tell that this is a computer in an academic establishment in the UK. You can buy
a domain name that you like the sound of, www.topstudent.com maybe, so long as no
one else already owns it.
Learning activity
Find out the IP address and domain name of the computer that you use to access the Internet.
44
CIS 108_Volume 2_2010_BOOK.pdf 50
08/09/2010 12:56:50
The Internet
8.6.3 Internet services
As we have already said, the Internet is a client/server network. People using the
Internet use client applications such as web browser software that is installed on
their computers. Data, such as email messages and web pages are stored on servers.
A client computer uses the Internet to request information from a particular web
server on a distant computer. The server sends the requested information back to the
client computer over the Internet. Nowadays, the client computer may not be an
actual computer at all but could be a smart phone, netbook, laptop, television etc.
With so many new information and communications devices now available,
companies have found it necessary to upgrade their networks in order to incorporate
these new technologies and keep up with their competitors.
A client computer connecting to the Internet has access to a large number of services.
These include e-mail, instant messaging, newsgroups, telnet, FTP, virtual private
networks and voice over Internet protocol. Will we look briey at each of these in
turn and nally consider the greatest Internet service of all the world wide web.
Email
Email or electronic mail is the ability to send text messages and attachments which
might be written documents, graphics such as photographs, video etc. over a
network. Most email today is sent over the Internet. The advantage of email is that
it costs far less to send an email message than it does to send a hard copy of the
same message, and most email messages arrive within seconds of being sent
irrespective of geographical distance. Gmail, Yahoo and Hotmail are all examples of
email service providers.
Instant messaging
Some people prefer to use chat or instant messaging services instead of (or as well
as) email. Instant messaging is especially useful for personal messages and many
instant messaging services tell you when your friends are on-line so that you can
chat with them. Instant messaging is more informal than e-mail typically the
messages are not saved so you cannot revisit them later. They are also more
interactive you can only chat with someone when you are both on-line. MSN,
Yahoo, AOL/AIM, MySpace, Facebook and Google Talk are all examples of instant
messaging service providers.
Newsgroups and discussion forums
Internet newsgroups provide a place where people with the same interests can
log-on, read other peoples views and add their own messages to discussions. An
Internet newsgroup is analogous to a bulletin board where people can stick up
messages for others to read. Often anyone can read the messages that have posted in
a newsgroup or discussion forum, but you may have to register with the group in
order to be able to post your own messages. A newsgroup administrator keeps an
eye on the message content and decides how long messages will stay visible.
Freecycle.co.uk, which lets people advertise items that they want to give away rather
than throw away, is an example of a newsgroup.
45
CIS 108_Volume 2_2010_BOOK.pdf 51
08/09/2010 12:56:50
Information systems:
Foundations of e-business
Volume 2
Telnet and FTP
Telnet is a client/server protocol that allows you to log-on to a remote computer
system. For example, I can sit at home but use Telnet to log-on to the server at the
Department of Computing at Goldsmiths. Furthermore I can use the File Transfer
Protocol (FTP) to transfer les from one computer to the other. FireFTP is an example
of a free FTP service that can be downloaded as an add-on to Mozilla Firefox.
Virtual private networks (VPN)
A virtual private network uses Internet technology but, as the name suggests, is
private and accessible only to those who have access rights, for example those who
have been issued a username and password. A company might use a VPN to
communicate with its employees, suppliers and customers. Different access rights
might be issued to different user types. For instance customers would not be able to
access the staff information pages. The VLE (Virtual Learning Environment) for the
University of London
http://computing.elearning.london.ac.uk/login/custom login page.php is an example
of a VPN.
Voice over Internet protocol
Using the Internet instead of the telephone has become popular over recent years. If
you already have a broadband connection then there is no additional cost to send a
voice message over the Internet rather than paying for expensive long distance
telephone calls. Voice over Internet protocol (VoIP) technology allows voice
communications to be delivered in digital rather than analogue form using packet
switching. VoIP technology is basically changing the Internet into a global telephone
network. The computer that you are using will need a microphone and speakers. If
you also have a webcam then you can send video messages in a similar way. Skype
and Winkball are examples of VoIP service providers.
8.6.4 The world wide web
In 1989, an English scientist called Tim Berners-Lee (now Sir Tim Berners-Lee)
created a software program to help him keep track of information. This program
eventually became the world wide web or www or the web for short. The web uses a
client/server architecture to store, retrieve, format and display information. Web
pages are formatted using hypertext and contain hyperlinks that connect pages to
each other and to other objects such as sound, music or video les. The web is a
huge repository of data and information all connected to each other by hyperlinks. It
is amazing to think that just 20 years ago the web did not even exist.
We will briey describe the role that HTTP, web browsers, web servers and search
engines play in making the world wide web the incredible resource that it is.
46
CIS 108_Volume 2_2010_BOOK.pdf 52
08/09/2010 12:56:51
The Internet
HTTP
As mentioned above, web pages are formatted using hypertext. A web site is a
collection of web pages. A web site has a short domain name such as www.gold.ac.uk
and may be the central repository for many web pages. The URL (Uniform Resource
Leader) for these pages will start with the same domain name, followed by a / and
then a path such as www.gold.ac.uk/computing The Hypertext Transfer Protocol
(HTTP) is the communications standard that is used to transfer webpages.
When you request a webpage by typing a URL that starts with http://www 5 you are
requesting your web browser to transfer a webpage using http. For example if you
type the URL http://www.gold.ac.uk/computing/research/projects/ you are
requesting to use http to transfer a webpage to your screen. The domain name is
www.gold.ac.uk and the path computing/projects tells the browser exactly where to
look on the Goldsmiths domain web server.
A URL that begins with https indicates that this is a site which uses secure socket
layers and offers a more secure transmission protocol than http.
Web servers
All websites are stored on web server computers which store the data and have
software for locating and managing the web pages. Instead of maintaining their own
web server, many companies pay a web hosting service to maintain their website for
them. A freeware product called Apache HTTP Server is the most widely used web
server software.
Web browsers
A web browser is a software application that locates and presents web pages from
the web. Microsoft Internet Explorer and Mozilla Firefox are two well-known
examples of web browsers. Although primarily designed to work with the web, web
browsers can also be used in private networks.
Search engines
There is so much information on the web that we need some way of nding what we
are looking for. Search engines such as Google and Yahoo trawl through the les on
the web and suggest web pages that meet your search criteria almost instantly. Most
people only use one search engine but it can be worth trying different ones using the
same search criteria and comparing the results.
Web search engines were originally designed to search through text documents and
look for key indexed words. Nowadays, however, search engines can nd specic
pictures, videos and music les as well as text les and they work by indexing pages
and ranking them. See http://www.googleguide.com/google works.html for a
description of how Google works.
5 Most
web browsers automatically add the http for you now so you can simply type the domain name.
47
CIS 108_Volume 2_2010_BOOK.pdf 53
08/09/2010 12:56:51
Information systems:
Foundations of e-business
Volume 2
Search engines are basically computers that do not understand human language.
Many of the pages that a search engine offers you in response to a search request
may be inappropriate.6 The Semantic web is the name given to a collaborative effort
to make the web more meaningful and reduce the amount of human effort that is
currently required to sift through and process search results.
Learning activity
Do a web search to nd out about the Semantic web and write a paragraph discussing this evolution of the
world wide web.
8.7 Summary
In this chapter we have looked at the evolution of telecommunications from separate
telephone and computer network systems to a merged communications system that
can transmit both digital and analogue signals. We have looked at the components
and topology of local area networks (LANs) and seen that a wide area network
(WAN) is basically a collection of interconnected LANs. We have discussed computer
network technologies including client/server computing, packet switching and
TCP/IP without which the Internet the biggest WAN of all would not exist. We
have considered different telecommunications media for both wired and wireless
networks and discussed the advantages and disadvantages of these different media.
We have looked at the Internet, how we can connect to it, and the services, including
the web, that the Internet provides.
8.8 A reminder of your learning outcomes
After studying this chapter and the recommended reading you should be able to:
describe how telecommunications technology has evolved over the past 20 years
describe the component parts of a computer network and draw a simple local
area network (LAN)
describe a LAN in terms of its topology and discuss the advantages and
disadvantages of different topologies
describe the three computer network technologies client/server computing,
packet switching and TCP/IP and understand how important these technologies
are in enabling the development of telecommunications
explain the difference between digital and analogue signals and why a modem is
necessary to transfer between the two different types of signal
describe the different types of communication channels that can be used for a
wired network and discuss the advantages and disadvantages of each
6 Laudon and Laudon suggest that you type rst Paris Hilton and then Hilton in Paris into a search
engine and compare the results. They suggest that you will get pages on Paris Hilton the girl in both cases
because the search engine does not know that you are interested in hotels rather than the girl in the rst
case. Although this is true, when I tried this experiment using Google there were several pages about hotels
in Paris returned for the Hilton in Paris search. It seems that Google and other search engines are becoming
better at what they do.
48
CIS 108_Volume 2_2010_BOOK.pdf 54
08/09/2010 12:56:51
Chapter questions
describe the different types of communication channels that can be used for
wireless networks and discuss the advantages and disadvantages of each
understand that the Internet is an example of a wide area network (WAN) and
describe briey how the Internet works and the services that it offers including
the web.
8.9 Chapter questions
1. Describe the TCP/IP standard and discuss the advantages of a company using
these standards when building a network.
2. Describe some of the Internet services that are available to businesses and
explain how they can add value to the business.
3. Discuss the advantages that Voice over Internet Protocol (VoIP) technology may
bring to businesses.
4. Think about a work or learning environment that you know well. How could a
wireless network be used to improve communications and/or services. What
current processes would have to change in order to incorporate the new wireless
network and the uses that you have suggested for it? If you already have a
wireless network at your place of work or study describe how has this improved
communications and/or services.
5. What is the difference between the Internet and the world wide web?
49
CIS 108_Volume 2_2010_BOOK.pdf 55
08/09/2010 12:56:51
Information systems:
Foundations of e-business
Volume 2
50
CIS 108_Volume 2_2010_BOOK.pdf 56
08/09/2010 12:56:51
Chapter 9
Information security
9.1 Introduction
In this chapter, we will discuss the security of computers and networks and the
information stored and transmitted by them. We will consider the different types of
attack that hackers and fraudsters can attempt and the damage that they can inict.
On a more positive note, we will discuss the steps that we can take to detect and
prevent such attacks.
Essential reading
Laudon and Laudon, Management Information Systems Managing the Digital Firm, Chapter 8.
Additional reading
Bruce Schneier, Secrets and Lies, Digital Security in a Networked World, ISBN-13: 978-0471453802 John Wiley &
Sons (23 Jan 2004)
9.2 Learning outcomes
After studying this chapter and the recommended reading you should be able to:
describe why networked computers in general, and wireless networks in
particular are vulnerable to security threats
describe the damage that viruses, worms and trojan horses can do and how they
are spread. Give examples of each of these
describe the different methods that a hacker might use in order to try to gain
unauthorised access to a computer network
outline the consequences of a breach of security
describe computer crimes including modication of data, theft of data, identity
theft, cybervandalism, cyberterrorism and denial of service attacks and
understand the implications for a company that is the victim of such an attack in
terms of loss of nance and/or reputation
describe how access controls such as username/password systems, rewalls and
anti-virus software are used to control access to data and resources
51
CIS 108_Volume 2_2010_BOOK.pdf 57
08/09/2010 12:56:51
Information systems:
Foundations of e-business
Volume 2
outline the basic principles of encryption, what it is used for and the difference
between public and symmetric key encryption schemes
describe how private encryption keys can be used to digitally sign electronic
documents and produce certicates which verify public keys
explain the importance of security policies and why companies need to make
sure that their security systems provide accountability.
9.3 The importance of information security
We have talked throughout this subject guide about data and information and how
important it is for companies to use information systems to gather, analyse and store
data in order to gain and keep a competitive advantage. However, when data is
stored electronically it is open to all sorts of threats that did not apply before the
company went digital. As companies become more technology oriented they need
to be aware of the security and control issues that surround their information
systems and provide protection from unauthorised and malicious attacks on the data
that they store. There is also the need to protect data transmissions from attack,
whether over wired or wireless networks to prevent unauthorised access to
information.
9.3.1 Threats to information systems
Information systems are very vulnerable to attack at many levels. Any of the
components of the system can be attacked as can the communication channels
between them. An information system can be attacked from an external or an
internal source. It is a fact that most computer crime against companies is
committed by former or current employees of that company. After all, employees
know the computer system best and have easy access. Therefore whilst it is
imperative that companies have security measures in place to counter attacks from
external sources, they also need to be aware of what their own workforce is doing
and protect against attacks from within. Good access controls (see section 9.5.1) and
accountability (see page 67) can help the company keep track of who is doing what,
when on their computer systems. Educating the workforce in the importance of
information security is also paramount because many employees may unknowingly
weaken the security of the system by using easy to guess passwords or falling victim
to a spoong attack (see section 9.4.1).
Not only does the hardware and software within an organisation need to be
protected. All of the mobile computing devices such as smart phones, laptops and
netbooks that connect to the network are potential points of access to the network
and as such they add to the vulnerability of the network. Wireless networks are
particularly vulnerable because the idea behind them is to make access to the
Internet and other networks easy but this also makes it easier for hackers to access
user systems to steal data or spread malicious programs.
Specic reasons why wireless networks are vulnerable include:
Radio frequency bands are easy to scan meaning that both Bluetooth and Wi-Fi
networks are susceptible to hacking by eavesdroppers (someone listening in on
the line).
52
CIS 108_Volume 2_2010_BOOK.pdf 58
08/09/2010 12:56:51
The importance of information security
Using an external antennae, the range of Wi-Fi networks can be extended by up
to a quarter of a mile. Therefore armed with an external antennae and a laptop
equipped with a wireless card and hacking software, an attacker can gain access
to a local area network from some distance away.
The aim of Wi-Fi transmissions technology is to make it easy for Wi-Fi devices to
nd an access point. Therefore service set identiers (SSIDs) which identify the
access points in a Wi-Fi network are broadcast repeatedly and so are easy for
hackers to pick up whilst scanning the network. Once the hacker has identied
the correct SSID for an access point they can access other devices on the
network, determine which computers are connected to the network and access
their hard drives.
Hackers can also establish rogue access points called evil twins on different radio
channels and divert signals from authentic points. They can then capture the
usernames and passwords of genuine users. Public Wi-Fi hotspots are
particularly vulnerable to this kind of attack.
Although there is a security standard for Wi-Fi networks called Wired Equivalent
Privacy (WEP)and this is built into Wi-Fi enabled products, it is not compulsory
for users to use WEP. Those who do not leave their networks unprotected. Even
with WEP in use, the protection that it offers is not foolproof the 40 bit
encrypted password used can be decrypted by hackers who eavesdrop on
network transmissions.
As soon as you join a network to the Internet then every other computer or device on
the Internet becomes a potential point of access to your network and you have to
take steps to ensure that unwanted visitors are kept out. Such unwanted visitors
might include hackers, various kinds of computer viruses and spyware.
Hackers
Hackers are people who intentionally gain access to computer systems without
authorisation. Some hackers are simply computer geeks who break into systems just
to show that they can. They might not be malicious in intent but they can get into a
lot of trouble if they break into military or other high security systems.1 Other
hackers are malicious and they may introduce viruses, steal data or perform other
criminal activities usually for nancial gain or because they hold a grudge against
the organisation whose system they are hacking.
Computer viruses
A computer virus is a piece of software that attaches itself to other software
programs and is executed without the users knowledge. Computer viruses are
passed from computer to computer and so spread like a cold or u virus spreads
through the human population. Some computer viruses are harmless, for example
when executed they might just open a pop up window with a message in it. Others
are extremely destructive and can cause all of the data on the computers hard drive
to be destroyed. For example, the ILOVEYOU virus that was rst detected in 2000
was spread as an email attachment entitled I LOVE YOU. Opening the attachment
1 A Scottish man, Gary McKinnon, who has Aspergers syndrome managed to hack into military computers in the USA recently. He claimed to be looking for evidence that UFOs existed. The USA military
claimed that he deliberately took control of their computers and they are attempting to have McKinnon
extradited to America where he could be imprisoned for a very long time.
53
CIS 108_Volume 2_2010_BOOK.pdf 59
08/09/2010 12:56:51
Information systems:
Foundations of e-business
Volume 2
caused the virus to overwrite the music, image and other les on your computer
with copies of itself.
Worms
A worm is a malicious computer program that, unlike a virus, does not need to
attach itself to another le but can operate on its own. Worms can spread more
quickly than computer viruses because they do not need any human intervention to
spread from one computer to another. Like a virus, worms can destroy data or halt
the system by clogging it up with software generated electronic transmissions.
Trojan horses
Like the Greek Trojan Horse of history, a computer trojan horse looks like something
benign or even pleasant, and turns out to be hiding something not so nice inside. For
example, an electronic greetings card may conceal a virus. The Storm trojan horse,
rst detected in 2007, spread as a spam email with a fake attachment. Opening the
attachment causes the computer to become affected and join a network of
computers which were then used for criminal activities. At its peak up to 10 million
computers were infected by Storm.
Spyware
Not all spyware is malicious or damaging, some companies use spyware to gather
information on how users are navigating through their websites. On the other hand,
spyware can be used by hackers as a means of installing malicious code onto a
computer thereby allowing them to gain access to that computer and its associated
network. Key loggers are a type of spyware that records every keystroke made using
the computer keyboard. These can record passwords, credit card details etc making
them particularly dangerous. Whether they are malicious in intent or not, spyware
can cause computers to become very slow as they overload the memory.
Learning activity
Find an example of a computer virus (other than I LOVE YOU) and describe how it is spread, what damage
it does, how many computers are estimated to be (or have been) infected by this virus. What do you think
was the aim of the designers of your chosen virus?
9.4 Consequences of poor security
If poor computer security allows a hacker or a virus to gain access to your network,
then the consequences might include:
unauthorised access to, modication and theft of information
disruption of communication
54
CIS 108_Volume 2_2010_BOOK.pdf 60
08/09/2010 12:56:51
Consequences of poor security
identity theft
cybervandalism
denial of service.
Any of the above will have implications for the nances and reputation of the
company. It is therefore very important that the company does its utmost to prevent
such attacks. Below we discuss the various consequences of poor security in more
detail. In section 9.5 we will describe the measures that companies and individuals
can take in order to keep their information and networks secure.
9.4.1 Unauthorised access to information
A hacker might gain unauthorised access to an information system perhaps by using
spyware as described above to nd out the log-in details of an authorised user. The
hacker might set up a spoof website which looks almost exactly like the genuine
log-in screen for the network. The user, unaware that their computer has been
tampered with, enters their username and password. They are then given a message
to say that their log-in attempt was invalid and they should re-enter their details.
The user cannot be sure that they did not make a mistake when entering their details
so they re-enter them and gain access to the network. What the user does not realise
is that the rst time they tried to log-in, they were actually entering their details
onto a spoof site. These details have been captured by the hacker and then the real
site is loaded so that the user can log in as usual and will not suspect that anything
untoward has occurred. Spoof sites are also used to gather nancial information
such as bank account details.
Another form of spoong is called phishing. Fake emails, which look like legitimate
business emails, are sent to people asking for personal details such as name, address,
bank details etc. The user may think that the email is genuine and respond thereby
sending their personal information directly to an attacker. This attack will be
particularly effective if the attacker already knows some information about their
target. For example, suppose you place an order over the Internet with an
e-commerce company. A hacker has listened in to transmissions and guesses that you
have placed an order with the company but because the transmission was encrypted
they cannot get your bank account details from the information that they have
eavesdropped. However, they do know your email address and the time and date of
your order. The attacker might email you, pretending that the email comes from the
company. They tell you that the order that you placed at a specic time on a specic
date has not gone through because of a problem with their computer system and
that they therefore need you to resend your payment details by replying to the
email. You may be fooled into emailing your bank details straight to the attacker!
Hackers might also use Sniffer programs which pick up information as it is passed
over transmission channels, both wired and wireless. It is very hard to detect sniffer
programs. However the hackers can be thwarted if encryption (see section 9.5.2) is
used to make any information that the hackers get unreadable and therefore useless
to them.
Note that the easiest way for a hacker to get hold of someones password is usually to
ask them. Most people are badly educated about computer security and will willingly
tell other people their password. For example, imagine the following scenario. A
hacker phones someone at their work desk and says that he is from the computer
systems department. He tells them that there is a problem with the system and that
55
CIS 108_Volume 2_2010_BOOK.pdf 61
08/09/2010 12:56:51
Information systems:
Foundations of e-business
Volume 2
he needs to know their password in order to save all of their les before the system
goes down. Many people fall for this kind of trick and reveal their passwords.2
Educating the work force is probably the most important part of information security.
If the hacker is from inside rather than outside the company then they may simply
shoulder surf to try and nd out their colleagues log-in details by watching them type
them in. If an employee logs in to their own work system using someone elses log-in
details this means that not only will they gain access to their colleagues les but they
will also be able to make changes to the system without being held accountable all
audit trails and checks will point to the person whose log-in details have been used.
Once they have gained unauthorised access to an information system, what might
the hacker do?
Read information such as bank details which they can later use to steal money
from peoples bank accounts or purchase items using stolen credit card details.
Modify information for example changing the payee details on an order to
transfer money from one account to another so that the money is diverted into
their own account.
Delete information this might not directly cause a nancial gain to the hacker
but they might have a grudge against the company and wish to cause them
trouble.
Steal information in the case of computer crime stealing information is
basically the same as reading it. It can be hard to detect theft of information
because unlike stealing a physical item you can steal information whilst still
leaving it in place simply by reading or copying it. If a physical item such as a
car is stolen there is no problem in noticing the crime your car is missing. If
computer les are stolen by copying then there may be no evidence to indicate
that a theft has taken place. Furthermore, if a thief steals your car you at least
know where he was at the time of the theft wherever your car was. If a thief
steals your computer les he may be on the other side of the world whilst doing
it. This makes it hard to know who is responsible for catching a computer
criminal. Is it the police in the country where the computer is, or the police in
the country where the criminal is? We will discuss international security policies
that try to address this question in section 9.6.
9.4.2
Disruption of communication
An attacker can disrupt communications over a network in a number of ways.
Information can be interrupted, intercepted, modied, or fabricated as illustrated
below.
If everything is going as planned, information is transmitted from the source to the
destination.
Source
Destination
2 In 2004 an experiment was carried out at a London railway station. A small group of researchers asked
commuters to reveal one of the passwords that they used at work in exchange for a bar of chocolate. Over
70 percent of the commuters gave a password away. Some of these may have been false because there
were no checks done to verify that the passwords were genuine. However it is likely that a great many real
passwords were revealed.
56
CIS 108_Volume 2_2010_BOOK.pdf 62
08/09/2010 12:56:51
Consequences of poor security
Communication is interrupted if the attacker does not allow the information to reach
the destination.
Source
Destination
Attacker
Communication is intercepted if the attacker interrupts the communication and
receives the source information.
Source
Destination
Attacker
Modication occurs when the attacker intercepts the communication, alters it in
some way, and then sends it on to the destination. The attacker intends to deceive
the destination into thinking that the modied communication has come directly
from the source. This is also known as a Man-in-the-middle attack
Source
Destination
Attacker
An attacker may also make up a communication and send it to the destination
pretending that it has come from the source. This is called fabrication.
Source
Destination
Attacker
Learning activity
For each of the ways that an attacker might disrupt communications described above (interruption,
interception, modication, fabrication) think of an example of a reason why an attacker might want to
interrupt communications in this way. What does the attacker gain?
9.4.3
Identity theft
One of the fastest growing crimes is identity theft whereby someone gathers enough
information about you to pretend to be you. The information might include your
name and address, credit card details, social security or national insurance number,
drivers licence or any other information that they can use to prove that they are
you. Armed with this information, an identity thief can obtain credit, buy goods and
services, perhaps even travel or get a job illegally because they are acting as you.
57
CIS 108_Volume 2_2010_BOOK.pdf 63
08/09/2010 12:56:51
Information systems:
Foundations of e-business
Volume 2
Identity theft can occur off-line simply going through a dustbin is likely to yield
lots of information about the people who live in that house. Hence the thief has the
address (he knows where the dustbin is) and probably the names and perhaps other
details about the occupants. Discarded bills, bank statements and letters all reveal a
great deal that is useful to an identity thief. Identity theft can also occur on-line by
hackers using phishing and spoof websites or rogue Wi-Fi access points to get
personal information about people.
Although the original theft might occur off-line, once your personal information has
been stolen, it is easy for the thief to use it on-line.
There are many precautions that people can take to prevent themselves falling
victim to identity theft:
Shred all documents containing any personal information before putting them in
the dustbin.
Be very wary about any emails or phone calls that ask you for personal
information, especially nancial information. No nancial institution will ask
you for your account information by e-mail. If in doubt say that you will
phone/email back using a number/e-mail address that you already have not
one given to you by the caller.
Never give out any personal information unless you have initiated the
transaction.
Keep your computer security software up to date to prevent hackers accessing
your information.
Keep a check on your credit rating if you suddenly have a lot of debt that you
are not aware of you may have been the victim of an identity thief and should
report this immediately.
9.4.4 Cybervandalism
Just as vandals destroy physical items with no particular purpose, cybervandals can
destroy websites just because they think it is fun or because they hold a grudge
against the company. If a hacker manages to alter a company website and ll it with
offensive material and language this can have dire consequences for the company.
Tight access controls need to be enforced to ensure that no one can alter a company
website, the public face of an e-commerce company, without the proper authority.
9.4.5 Denial of service attacks
Denial of service attacks do not destroy or access information without authority.
What they do is prevent anyone else from accessing that information. A denial of
service attack might be carried out by the attacker ooding the system with requests
until it can not keep up with the demand and crashes. Legitimate users are then
unable to access the system. Consider the damage that such an attack might have on
an e-commerce site such as an Internet shop.
The attacker might initiate a denial of service attack by using a virus or worm which
causes infected computers to join a zombie network or botnet which continually
requests access to the target network.
58
CIS 108_Volume 2_2010_BOOK.pdf 64
08/09/2010 12:56:52
Keeping information secure
Learning activity
On 6th August 2009, the social networking site, Twitter was shut down for several hours due to a denial of
service attack. Learn more about this attack at http://community.norton.com/t5/Ask-Marian/Twitter-Hit-ByDistributed-Denial-of-Service-Attack-DDOS-Attack/ba-p/128035. What was the aim of this attack? What are
the implications for Twitter ?
9.4.6
Cyberterrorism
Nearly all of the threats mentioned so far denial of service attacks, viruses, worms,
unauthorised access to information, communication disruption and cybervandalism
can occur from anywhere in the world. As terrorism continues to increase,
governments are worried that computer systems are as likely to be attacked as
buildings, cars or trains. The benet for the terrorists is that they do not have to be
anywhere near the computer system that they are attacking. Widespread disruption
and harm could be caused if cyberterrorists were able to manipulate military, air
trafc control, nancial, or foreign intelligence systems for example.
Read more about Cyberterrorism and how we can defend against it at
www.symantec.com/avcenter/reference/cyberterrorism.pdf.
9.5 Keeping information secure
We have discussed some of the threats that companies are up against when trying to
protect their information and networks against attack. In this section we will look at
ways in which companies can minimise attacks by using access controls to prevent
unauthorised access to the network and encryption to prevent any data that is leaked
during transmission or stolen from a network from revealing anything of use to the
attacker.
As mentioned before, employees are the people who are most likely to cause security
breaches in a company. This might be with intent or by accident. Educating your
staff in computer security and enforcing security policies, for example on password
choice, is as important as having the policies in the rst place.
It is a big job to effectively manage all of the different security tools that are
available to businesses. Unied threat management technologies such as those
provided by Crossbeam, Fortinent and Secure Computing help businesses by providing
all of the necessary security tools in one comprehensive package. This can be an
efcient way for a small to medium sized business make sure that they have covered
all of the security vulnerabilities in their computer systems.
9.5.1 Access control
Security of data and networks depends upon the proper implementation of access
controls. Broadly speaking, access control means that people who have the proper
59
CIS 108_Volume 2_2010_BOOK.pdf 65
08/09/2010 12:56:52
Information systems:
Foundations of e-business
Volume 2
authority should be able to do whatever it is (and only whatever it is) they are
authorised to do. Nobody else should be able to do anything on the system.
Within a company, different users may have different access rights to the information
system. Consider the University of London Computing VLE for example
(http://computing.elearning.london.ac.uk). Access to the VLE is controlled by
username and password. Only students, academic staff and administrative staff are
issued with a username and password and so only they can access the VLE. Different
users have different access rights. For example, students can access only the courses
that they are registered on. They can upload their own assignments and write or
reply to questions in the forums for their courses and the general student forums.
However students are not able to edit the website or add new courses. Some staff
are able to access the site but have read only permission they are not able to join in
the discussion forums but can use the site for information only. Administrators are
able to access all of the courses, edit the website, add users and courses and so on.
Username/password systems
The most common method for implementing access control is a username/password
system as used in the VLE. The username provides identication it tells the system
who you are and associates you with the correct access permissions. The password
provides authentication it proves to the system that you are who you say you are.
Getting hold of somebodys username and password is the easiest way for a hacker
to gain access onto the system. Many users choose weak passwords that are easy for
a hacker to guess. Such weak passwords include:
No password at all some systems allow the password eld to be blank a
blank password offers no security at all.
A short password in general the longer the password the harder it is for a
hacker to break the password using a password cracking program that tries all
combinations of characters. Consider that if a password is 4 characters long and
is made up of upper and lower case letters (52 different characters in all) then
there are 524 = 7, 311, 616 possible passwords. It would take a password cracker
less than a second to check all of these. On the other hand, if the password is 8
characters long then there are 528 = 53, 459, 728, 531, 456 possible passwords and
it will take considerably longer to check all of these.
A dictionary word before resorting to trying all combinations of characters a
hacker will usually perform a dictionary search. He will simply use a computer
program that tries all dictionary words as the password. The number of eight
letter words in a English dictionary is a lot less than 528 and it will not take the
hacker long to try all of them as the password.
A personal password many people use a password that is related to them in
some way, perhaps the name of their pet or their favourite football team. Such
passwords are easy to remember but they are also easy for a hacker to guess
especially if the hacker is a work colleague!
Password systems are only as good as the passwords used. To counter this, security
experts are coming up with alternative methods for authentication. Such methods
include using tokens and smart cards which are small physical devices that act a bit
like a key and allow the holder access to the network. Work is currently being done
on the use of mobile phones as tokens.
60
CIS 108_Volume 2_2010_BOOK.pdf 66
08/09/2010 12:56:52
Keeping information secure
Biometric information such as ngerprints, retina patterns and palm prints can also
be used to authenticate users. This is a high-cost solution and so would only be used
when the need for security is extremely high. It is worth noting however that with
sufcient nancial resources a determined attacker can replicate these physical
attributes, potentially leading to the catastrophic failure of a supposedly high
security identity system.
Firewalls
A rewall is a combination of software and hardware that is installed in a network to
control the packets of data passing through it. Most companies place a rewall at the
Internet access point of their network. The rewall provides a defence between the
company network and the Internet or any other network that the companys network
is communicating with. All data from or to the network must pass through the
rewall and only data that meets the company security policy will be allowed
through. Thus the rewall prevents unauthorised communications into and out of
the network.
Different rewall technologies include:
Packet ltering header elds of the transmitted data packets are examined.
Stateful inspection packets are accepted or rejected depending on whether or
not they are part of a veried exchange of information between sender and
receiver.
Network Address Translation (NAT) the IP addresses of the company computers
are concealed to prevent sniffer programs from nding out the IP addresses and
using them to help break into the network.
Application proxy lter a substitute message is passed through the rewall
instead of the actual message.
Usually these different technologies are used together to provide a strong rewall.
The security administrator must maintain a detailed lists of people, applications and
addresses that are to be allowed or rejected by the rewall. Simply having a good
rewall is not enough to guarantee that an attacker cannot gain access to the
network. A rewall is an important part, but not the only part, of a good security
system.
Anti-virus software
Any computer that is connected to the Internet (and even those that are not if any
les from another computer are ever transferred via disks or memory sticks) should
have anti-virus protection installed. Anti-virus software checks computer drives and
every incoming le for known computer viruses. If you try to download or open an
infected le, the anti-virus software should warn you and give you the option to
delete the le or try and clean it removing the virus. Anti-virus software can only
check for viruses that it knows about. Since new viruses are being released all the
time, it is very important that anti-virus software is kept up to the minute by online
updates. Many anti-virus software products automatically check for updates every
time the computer is on and connected to the Internet.
Some anti-virus software now searches for spyware as well as viruses. As mentioned
previously, not all spyware is malicious but some is. Even non-malicious spyware can
61
CIS 108_Volume 2_2010_BOOK.pdf 67
08/09/2010 12:56:52
Information systems:
Foundations of e-business
Volume 2
cause computers to slow down because it uses up too much memory. It is a good
idea to scan your computer for spyware and remove all spyware on a regular basis if
your anti-virus software enables this.
Examples of well known anti-virus software are produced by McAfee and Symantec.
Learning activity
Do you have anti-virus software installed on your computer? If no then get some now! If yes, what does
your anti-virus software claim to do? Is it effective? Have you ever had a computer virus? If so how did you
get rid of it?
If possible, scan your computer for spyware. Is there any spyware lurking on your computer? If so do you
know where it came from? Remove it if possible.
9.5.2 Encryption
Encryption is the process of transforming a plaintext message (a message that can be
read) into an unreadable encrypted form called a ciphertext message. The intention
of encryption is to ensure that if the encrypted message is intercepted then it will not
reveal anything meaningful to the interceptor.
Transmissions over a wireless network are particularly vulnerable to interception. As
more and more wireless access points spring up over the country the vulnerability of
wireless communications grows. Messages that are encrypted can still be intercepted
but will reveal no important information to the interceptor.
The standard methods for making on-line transmissions more secure are Secure
Sockets Layers (SSL) and Secure Hypertext Transfer Protocol (SHTTP). If you
are on an e-commerce website and the address shown in your web browser begins
with https then the website is using one of these two security measures. SSL (now
being succeeded by Transport Layer Security (TLS)) enables client and server
computers to manage encryption and decryption protocols as they communicate
with each other during a secure web session. SHTTP also encrypts data
transmissions over the Internet but it works on a message-by-message basis whereas
SSL establishes a secure connection between two computers. The ability to establish
secure transmissions is built in to browser software. The user does not have to know
or remember any keys or know how to encrypt or decrypt messages.
As well as protecting messages in transmission, encryption should be used when
storing condential or sensitive data. For example, in a username/password system,
the passwords have to be stored somewhere in order to check them against the
password that the user inputs. If the passwords are stored unencrypted in a password
le then anyone who gains access to that le has access to all of the system
passwords. Instead, the passwords should be stored in encrypted form indexed by
username. When a user logs onto the system, they enter their username and
password. The entered password is encrypted and the result is compared with the
encrypted password stored with the given username. If these match then the user is
authenticated. If not the log-in attempt is rejected. If anyone gains access to the
password le, they will only see the encrypted passwords and these cannot be used
to gain access to the system without rst being decrypted a very hard task is a one
62
CIS 108_Volume 2_2010_BOOK.pdf 68
08/09/2010 12:56:52
Keeping information secure
way function (see the next learning activity) is used for the encryption.
Medical, military, nancial and other sensitive records and data should also be
encrypted before being stored in digital form.
There are two types of encryption schemes in use public key and symmetric key. We
will briey discuss how each of these work and what they are used for.
Public key encryption
In public key encryption schemes there are two keys a public key which anyone
can know, and a private key which the key holder must keep secret. The two keys
are related by a special mathematical function called a one-way function which is
easy to compute in one direction but very hard (impossible in a realistic time frame)
to reverse.
Learning activity
An example of a mathematical one-way function is multiplication/factorisation. Given two very large prime
numbers3 , it is easy (using a computer) to multiply them together. However, it is very hard (even using a
computer) to factorise (i.e. nd the divisors) of the result.
For example, use a calculator to multiply together the prime numbers 1009 and 1019. This should not prove
to be too difcult.
Now try to nd the two prime numbers that when multiplied together give the result 5921449. This is a much
harder problem. If you write a computer program which tries to divide 5921449 by all possible factors
starting at 2 and increasing until you nd a factor, you will be able to solve this problem. However note that
the prime numbers used in commercial encryption schemes are approximately 200 digits long and this
makes the factorisation problem as good as impossible to solve.
Messages which are encrypted with a public key can only be decrypted by using the
corresponding public key. So if Alice wants to send Bob4 a message, she will look up
Bobs public key, use it to encrypt the message and send the resulting ciphertext to
Bob. Bob receives the ciphertext from Alice and uses his private key to decrypt the
message. This is illustrated in gure 9.1. Only Bob is able to decrypt the encrypted
message, so even if the ciphertext is intercepted during transmission it will not
reveal any information to anyone except Bob.
Public key cryptography is relatively slow and expensive when compared with
symmetric key cryptography (see below). It is generally used for encrypting short
messages such as keys for use in a symmetric key cryptosystem. It is also used to
produce digital signatures and certicates.
3 A prime number is a number with exactly two factors 1 and itself. The rst 10 prime numbers are
2,3,5,7,11,13,17,19,23 and 29.
4 Alice and Bob are used in cryptography to represent any two entities who want to send and receive
encrypted messages. Alice and Bob could be people, companies or computers.
63
CIS 108_Volume 2_2010_BOOK.pdf 69
08/09/2010 12:56:52
Information systems:
Foundations of e-business
Volume 2
Plaintext
Alice:
Uses Bobs
public key
to encrypt
plaintext
message
Ciphertext
Bob:
Uses Bobs
private key
to decrypt
ciphertext
Plaintext
Figure 9.1: The public key is used to encrypt and the corresponding private key is
used to decrypt in a public key cryptosystem
Digital signatures
If you sign your name on a document, your signature is binding and proves that you
have agreed to whatever it is that you are signing. For example, if you sign a cheque
then you are agreeing to pay a certain amount of money to a specied person or
company. However, if you send money or important information digitally over the
Internet then it is not possible to provide a hand written signature. Digital signatures
are used instead.
If Bob wants to sign an electronic message for Alice, he can encrypt it using his
private key to produce a cipher text which is the digital signature. Bob sends the
cipher text and the original unencrypted message to Alice. Alice uses Bobs public
key to decrypt the digital signature and checks that it matches the original message.
If it does then Alice is assured that the message is genuinely from Bob because only
he had the private key that could produce the cipher text that decrypted correctly
using Bobs public key. This is illustrated in gure 9.2.
Bob:
Uses his own
private key
to encrypt
plaintext
to generate
digital signature
Plaintext
Digital signature
Alice:
Uses Bobs
public key
to decrypt
digital signature.
Veries that
decrypted signature
equals plaintext.
Figure 9.2: The private key is used to encrypt a message to generate a digital signature. The corresponding public key is used to decrypt the signature and verify the
message.
In the scheme described above the message is sent in an unencrypted form with the
signature. The message is not secret or condential it is just important that Alice is
sure that the message has come from Bob and not from an impostor pretending to be
Bob. If the message is condential then Bob can use Alices public key to encrypt the
plaintext message and the signature. Alice decrypts the whole ciphertext using her
own private key to get the message and the signature. Then she decrypts the
signature using Bobs public key. If the decrypted signature matches the message
64
CIS 108_Volume 2_2010_BOOK.pdf 70
08/09/2010 12:56:52
Security policies
Alice is sure that the message has come from Bob and no one else who intercepts the
message will be able to read it.
Digital certicates
One problem of using public key cryptography is that when encrypting a message for
Bob, Alice must be sure that it is actually Bobs public key that she is using. A hacker
could try to fool Alice into using his own public key in place of Bobs. Then the
hacker will be able to decrypt the messages using his corresponding private key.
Digital certicates are a way of ensuring that public keys are genuine.
To obtain a digital certicate, Bob produces a document which includes his name
and his public key. This document is digitally signed as described above by a
certication agency (a government agency or nancial institution for example) who
rst check that Bobs documents and details are genuine. The signed document is
the digital certicate. If Alice wants to send a message to Bob she can look up his
digital certicate, decrypt it using the public key of the certication agency and use
the public key for Bob contained within. In this way Alice is assured that she is using
the correct key for Bob because it has been veried as genuine by the certication
agency.
Public key infrastructure (PKI) which uses public key cryptography and digital
certicates is now commonly used in e-commerce.
Symmetric key encryption
In symmetric key cryptography the encryption and decryption keys are the same (or
one can be easily derived from the other). Hence the key must always be kept secret.
If Alice and Bob want to send encrypted messages to each other using symmetric key
encryption then they both need to have a copy of the key. Public key cryptography
can be used to transmit the key from Alice to Bob or vice versa. Once they are both
in possession of the key, Alice and Bob can then proceed to use symmetric key
cryptography to transmit messages.
The advantage of symmetric key cryptography over public key cryptography is that is
it faster and cheaper to use. Symmetric key cryptography is therefore generally used
to transmit long messages.
9.6 Security policies
As discussed in the previous sections of this chapter there are both many threats to
the security of computer networks and also many precautions that can be taken to
minimise the risk of these threats. For a company to ensure that it is doing
everything that it can to minimise threats it needs to have a security policy which
describes the security methods and procedures that it will enforce.
It can be hard for governments to legislate effectively against computer crime
because of the global nature of the problem. Criminals committing computer crime
do not have to be anywhere near the scene of their crime. So is it the country where
the criminals are, or the country where the crime is carried out, that is responsible
65
CIS 108_Volume 2_2010_BOOK.pdf 71
08/09/2010 12:56:52
Information systems:
Foundations of e-business
Volume 2
for bringing the criminals to justice? These two countries might easily have different
laws and attitudes to punishment.
In the following sections we will consider the steps that companies and governments
can take in the attempt to stop computer crime.
9.6.1 Company security policies
If they were building a new ofce block, a company would incorporate security
measures into the design. From the start of the building work until the building was
occupied and beyond the company would want to ensure the security of the
building. It would use locking doors and windows to prevent unauthorised access,
maybe install security cameras to monitor who is where in the building and make
sure that no uninvited visitors have gained access. It may also have security guards
patrolling the building or checking the credentials of visitors and staff so that no-one
is allowed to enter the building unless they are authorised to do so.
When designing an information system a company needs to take similar steps to
ensure security. Right from the start of the design process the company needs to
think about how it will secure its networks and the data that it stores. Two types of
information system controls are:
General controls manual and automated controls which govern the design,
security and use of computer programs and data les throughout the company.
General controls will apply to all computing devices and applications within the
company including software, hardware, computer operations, data security,
implementation processes and administrative processes.
Application controls application specic controls which ensure that input,
output and processing is carried out accurately by that application.
Risk assessment
Before and during the development of information systems, businesses need to carry
out risk assessment procedures to determine weaknesses in the system and the level
of risk if a particular activity or process failed for security, technology or other
reasons. Table 8.4 on page 340 of Laudon and Laudon shows the estimated loss of
income that could occur in an online order processing system that processes 30,000
order per day. A risk assessment of this system shows for example that there is a
30% chance of a power failure and that the resulting loss of annual income might be
$30,750.
Once risks have been identied, the information system designers should
concentrate their efforts on those areas with the greatest vulnerability and the
greatest potential for loss. For example, if a power failure would be catastrophic
(suppose that the information system in question is a life support machine or the
braking system for a high speed train for example) then provisions should be made
for an emergency power supply in the case that the main power supply fails.
Disaster recovery planning and business continuity planning give the company
the opportunity to think in advance about how they would recover and continue to
operate their business in the event of a disaster such as a re or ood which leads to
loss of equipment, buildings or personnel.
66
CIS 108_Volume 2_2010_BOOK.pdf 72
08/09/2010 12:56:52
Security policies
Learning activity
Consider the following types of businesses:
Internet banking enabling nancial transactions to be processed on-line.
E-commerce shop selling goods via an on-line shop.
An on-line magazine provides access to subscribers via a username/password system.
A political party or a charity that uses a website to advertise its policies and aims.
Which of the following threats do you think would be most serious for each of these types of businesses and
why? Consider this question both in terms of the cost of potential nancial losses and the cost of loss of
reputation.
Unauthorised access to data.
Disruption of communication.
Cybervandalism.
A denial of service attack.
A virus that deletes all les on infected computers in the system.
Once the risks to an information system and their potential consequences for the
company have been identied, the company needs to develop a security policy
which states their security goals and how these are to be achieved. The security
policy might include:
An Acceptable use policy which outlines acceptable and unacceptable uses of
hardware and telecommunications equipment. It might specify specic
consequences for non-compliance.
An Access control policy or Authorisation policy which determines the access
different users have to different information resources.
Accountability
There is no point in having a security policy detailing who can do what, when and
where if you have no way of actually knowing who is doing what, when and where.
Accountability means that the system is able to provide audit trails of all
transactions. Information system managers are accountable through scrutiny from
outside of the system and must be able to provide details of all transactions that
have occurred. Audit trails must be kept (and protected to ensure that they
themselves are not tampered with) so that actions affecting the security of the
system can be traced back to the responsible party.
Computer forensics is the collection of evidence from computers or computing
devices that can be used as evidence in a court of law. It is a growing eld because of
the increasing use of digital storage and reliance on e-mail as a means of
communication. Courts are now likely to accept all forms of communication to be
used as evidence. It is therefore up to businesses to develop methods of capturing
and storing all electronic communications including e-mail, instant messaging and
e-commerce transactions. Anyone tempted to commit computer crime should be
aware that computer forensics enables the recovery of computer les that have been
67
CIS 108_Volume 2_2010_BOOK.pdf 73
08/09/2010 12:56:52
Information systems:
Foundations of e-business
Volume 2
deleted because ambient data remains in magnetic form on the hard drive long after
the le has been deleted.
9.6.2 Government security policies
Some companies may be unwilling to spend a great deal on implementing security
polices for their information systems because such spending does not directly
produce an increased revenue. Protecting information systems is vital however as
the consequences of not doing so can be very damaging as discussed above it
might also prove to be illegal. So much personal and nancial information is now
maintained electronically that many governments have passed laws mandating how
such data will be protected from unauthorised or illegal misuse.
Learning activity
On pages 336 and 337 of Laudon and Laudon recent U.S. government regulations are described:
HIPAA which protects medical and health care data.
Gramm-Leach-Bliley Act which requires nancial institutions to ensure the security and
condentiality of their customer data.
Sarbanes-Oxley Act which requires companies and their management to safeguard the accuracy and
integrity of nancial information that is used internally and released externally.
Are there similar acts or laws in your country? Find out about them.
9.7 Summary
In this chapter we have discussed the different threats that put computers and the
data stored upon them at risk. We have seen how networks may be attacked and
looked at the reasons why wireless networks are particularly vulnerable. We have
described how hackers and computer criminals might attempt to gain unauthorised
access to data using spoong, phishing and sniffer programs and discussed the
consequences of such a breach of security. We have talked about viruses, worms,
trojan horses and spyware and how damaging these can be. We have also discussed
other computer crimes including identity theft, cybervandalism and denial of service
attacks. We have described how companies and individuals can respond to these
threats by using access controls, username/password systems, rewalls, anti-virus
software and encryption. We have seen why companies should implement a security
policy which sets out how the company protects its data and computers both for
their own good and to meet legal requirements.
9.8 A reminder of your learning outcomes
After studying this chapter and the recommended reading you should be able to:
describe why networked computers in general, and wireless networks in
particular are vulnerable to security threats
68
CIS 108_Volume 2_2010_BOOK.pdf 74
08/09/2010 12:56:52
Chapter questions
describe the damage that viruses, worms and trojan horses can do and how they
are spread. Give examples of each of these
describe the different methods that a hacker might use in order to try to gain
unauthorised access to a computer network
outline the consequences of a breach of security
describe computer crimes including modication of data, theft of data, identity
theft, cybervandalism, cyberterrorism and denial of service attacks and
understand the implications for a company that is the victim of such an attack in
terms of loss of nance and/or reputation
describe how access controls such as username/password systems, rewalls and
anti-virus software are used to control access to data and resources
outline the basic principles of encryption, what it is used for and the difference
between public and symmetric key encryption schemes
describe how private encryption keys can be used to digitally sign electronic
documents and produce certicates which verify public keys
explain the importance of security policies and why companies need to make
sure that their security systems provide accountability.
9.9 Chapter questions
Why are wireless networks more susceptible to security threats than wired
networks? What can businesses do to prevent or detect an attack on their
wireless networks?
What is a denial of service attack? Find an example of a denial of service attack
and describe the impact that the attack had on the company in question. What
can companies do to prevent denial of service attacks?
Discuss the statement: Employees are the biggest threat to information security.
What are the main differences between the theft of a physical item such as a car
and the theft of an electronic item such as a secret recipe?
Every business should have a security policy. What elements should a good
security policy include?
69
CIS 108_Volume 2_2010_BOOK.pdf 75
08/09/2010 12:56:52
Information systems:
Foundations of e-business
Volume 2
70
CIS 108_Volume 2_2010_BOOK.pdf 76
08/09/2010 12:56:53
Find millions of documents on Course Hero - Study Guides, Lecture Notes, Reference Materials, Practice Exams and more.
Course Hero has millions of course specific materials providing students with the best way to expand
their education.
Below is a small sample set of documents:
Below is a small sample set of documents:
Goldsmiths - COMPUTING - 2910108
BSc and Diploma inComputing and Related SubjectsInformation systems:foundations of e-businessVolume 1R. Shipsey20102910108The material in this subject guide was prepared for the University of LondonInternational Programmes by:Dr Rachel Shipsey P
National Taiwan University - EECS - 101
1.1 Answering machine Alarm clock Automatic door Automatic lights ATM Automobile: Engine controller Temperature control ABS Electronic dash Navigation system Automotive tune-up equipment Baggage scanner Bar code scanner Battery charger Cable/DSL Modems an
National Taiwan University - EECS - 101
CHAPTER 22.1 Based upon Table 2.1, a resistivity of 2.6 -cm < 1 m-cm, and aluminum is a conductor. 2.2 Based upon Table 2.1, a resistivity of 1015 -cm > 105 -cm, and silicon dioxide is an insulator. 2.3 I max 2.4 10-8 cm2 7 A = 10 1 = 500 mA (5m)( m) 2 c
National Taiwan University - EECS - 101
CHAPTER 33.1(1019 cm-3 )(1018 cm-3 ) = 0.979V NA ND j = VT ln 2 = (0.025V )ln ni 10 20 cm -62( 11.7 8.854 x10-14 F cm-1 ) 2s 1 1 1 1 w do = + 19 -3 + 18 -3 (0.979V) j = -19 10 cm q NA ND 1.602x10 C 10 cm w do = 3.73 x 10-6 cm = 0.0373m w do 0.0373m w d
National Taiwan University - EECS - 101
CHAPTER 44.1 (a) VG > VTN corresponds to the inversion region (b) VG < VTN corresponds to the accumulation region (c) VG < VTN corresponds to the depletion region 4.2 (a)" ox -14 3.9o 3.9 8.854x10 F / cm F nF C = = = = 6.91x10-8 2 = 69.1 2 -9 Tox Tox 50
National Taiwan University - EECS - 101
CHAPTER 55.1 Base Contact = B n-type Emitter = D 5.2v BC iB + B + E iE C iCCollector Contact = A n-type Collector = FEmitter Contact = C Active Region = EFor VBE > 0 and VBC = 0, IC = F I B or F =IC 275A = = 68.8 4A IBR =0.5 R = =1 1- R 1- 0.5 IC
National Taiwan University - EECS - 101
CHAPTER 66.1(a ) Pavg = 1W 10-5W / gate = 10 W / gate (b) I = = 4 A / gate 105 gates 2.5V6.2(a) Pavg = 100 5x10-6W / gate = 5 W / gate (b) I = = 2 A/ gate 2.5V 2x10 7 gates(c) I total = 2(2x10 gates)= 40 A gate7A6.3 2.5 - 0 5 (a ) VH = 2.5 V | V
National Taiwan University - EECS - 101
CHAPTER 77.1' n -14 cm 2 (3.9) 8.854x10 F / cm 3.9o K = nC = n = n = 500 Tox Tox V - sec 10x10-9 m( 100cm / m) " oxox()F A A = 173 x 10-6 2 = 173 2 V - sec V V p ' 200 A A " K 'p = pCox = Kn = 173 2 = 69.1 2 n V V 500 ' Kn = 173x10-67.2VDD(5 V)
National Taiwan University - EECS - 101
CHAPTER 88.1(a) 256Mb = 28 210 210 = 268,435,456 bits (b) 1Gb = 210 = 1,073,741,824 bits8 10 10 28( )( ) (c) 256Mb = 2 (2 )(2 )= 2I pA 1mA = 3.73 28 bit 2 bits( )3| 128kb = 2 7 210 = 217 |( )228 = 211 = 2048 blocks 17 28.28.3(a) P = CV (b) P
National Taiwan University - EECS - 101
CHAPTER 99.1 Since VREF = -1.25V , and v I = -1.6V , Q1 is off and Q2 is conducting.vC1 = 0 V and vC 2 = - F I EE RC -I EE RC = -(2mA)(350) = -0.700 V9.2 V IC 2 0.995 F I EE = exp BE VBE = 0.025ln = 0.132V IC1 0.005 F I EE VT (a) v I = VREF + VBE = -1
National Taiwan University - EECS - 101
CHAPTER 1010.1 A/C temperature Automobile coolant temperature gasoline level oil pressure sound intensity inside temperature Battery charge level Battery voltage Fluid level Computer display hue contrast brightness Electrical variables voltage amplitude
National Taiwan University - EECS - 101
CHAPTER 1111.1v O = vS iS = v 1M 1k (1000)1k + 0.5 | Av = vO = 990 or 59.9 dB 1M + 5k S | Ai = iO 990 6 = 10 = 9.9x105 or 120 dB iS 1000 vO 5V = = 5.05 mV AV 990 vS 990vS and iO = 1M + 5k 1kAP = Av Ai = 990 9.9x105 = 9.8x108 or 89.9 dB | v S =()11.2
National Taiwan University - EECS - 101
CHAPTER 1212.1(a) A = 10 20 = 2.00x104 | Av-ideal = 1+A Av = = 1+ A FGE =86150k = 13.5 12k2.00x10 4 = 13.49 4 12k 1+ 2.00x10 162k 1 13.5 -13.49 = 6.75x10-4 or 0.0675% | Note : FGE = 6.75x10-4 A 13.5 2.00x10 4 = 125 1.2k 4 1+ 2.00x10 151.2k 150k (b
National Taiwan University - EECS - 101
CHAPTER 1313.1 Assuming linear operation : vBE = 0.700 + 0.005sin 2000t V 5mV vce = (-1.65V ) sin 2000t = -1.03sin 2000t V 8mV vCE = 5.00 -1.03sin 2000t V ; 10 - 3300IC 0.700 IC 2.82 mA 13.2 Assuming linear region operation : vGS = 3.50 + 0.25sin 2000t V
National Taiwan University - EECS - 101
CHAPTER 1414.1 (a) Common-collector Amplifier (npn) (emitter-follower)RIQ1viR1R2+RER3vo-(b) Not a useful circuit because the signal is injected into the drain of the transistor.RI viRDM1+R3vo-R1(c) Common-emitter Amplifier (pnp)
National Taiwan University - EECS - 101
CHAPTER 1515.1(a) IC= F IE =VCE = VC - (-0.7V ) = 5.87V | Q - Point = (20.7A, 5.87V )1 F 12 - VBE 1 100 12 - 0.7 = = 20.7 A | VC = 12 - 3.3x105 IC = 5.17V 5 2 F + 1 REE 2 101 2.7x10 (b) Add= -g m RC = -40(20.7A)(330k)= -273Rid = 2r = 2 oVTIC=
National Taiwan University - EECS - 101
CHAPTER 1616.1 Av (s) = 50 s2 s2 | Amid = 50 | FL (s)= | Poles : - 2,-30 | Zeros : 0,0 (s + 2)(s + 30) (s + 2)(s + 30) s rad | L 30 s (s + 30) | fL = Yes, s = -30 | Av (s) 50 fL = L 30 = 4.77 Hz 2 22 2 1 302 + 22 - 2(0) - 2(0) = 4.79 Hz 2 50 2 | MATLAB
National Taiwan University - EECS - 101
CHAPTER 1717.1(a) T = A = (b) A = 10Av =80 20|Av =1=5|FGE = 0= 10000 | T = 10000(0.2)= 2000A 10000 100% 100% = = 5.00 | FGE = = = 0.05% 1+ A 1+ 2000 1+ A 2001 A 10 100% (c) T = 10(0.2)= 2 | Av = 1+ A = 1+ 2 = 3.33 | FGE = 1+ 2 = 33.3% 17.2 1k
St. Andrews Presbyterian College - MM - 201
Perception MapProduct will be positioned as high utility device meant for all categories due tocustomization factor. Keeping in mind the price sensitivity of the target consumers whenchoosing Tablet PCs over traditional portable devices like Laptop, it
Birmingham UK - AA - a
ChairesTablesCabinetsProductions unit Sales 2011OctoberNovember90097517518890102CashAccount receivableMachinery(net book valueDecember95020195TotalPriceCarpenter hourPackaging & shipping$200$900$180.42 .56$15$65$1359850080
University of Calgary - AMAT - 217
AMAT 217 OFFICIAL FORMULA SHEETA: BASIC INTEGRALSLet r , a R , r 1 , and a 0x r+1 + Cr+11. x r dx =2. sin(ax) dx = 1 cos(ax) + Ca3. cos(ax) dx =1 sin(ax) + CaB: BASIC TRIGONOMETRIC IDENTITIESGROUP (A) :(i) tan(t) =sin(t)cos(t)(ii) cot(t
Rutgers - CS - 513
Fall 2011CS 513: #1 Math FundamentalsFarach-ColtonDue by the beginning of class, Sept. 13.1. Prove: A binary tree with n nodes has depth at least log n and at most n 1. (Hint:Show that if a binary tree has depth d and has n nodes, then n 2d+1 1.)2.
Rutgers - CS - 513
Fall 2011CS 513: #2Farach-ColtonDue by the beginning of class, Sep. 20.1. Find a closed form for the recurrence:T (1) = 1T (n) = 2T (n/2) + log n (for n 2)You may assume n is a power of 2. Give a tight big-oh bound on T . Showyour derivation and p
Rutgers - CS - 513
Fall 2011CS 513: #3Farach-ColtonDue by the beginning of class, Sept. 27.1. Suppose that you are given an k -sorted array, in which no element is farther thank positions away from its nal (sorted) position. Give an algorithm which will sortsuch an ar
Rutgers - CS - 513
Fall 2011CS 513: #4Farach-ColtonDue by the beginning of class, Oct. 4.1. The Longest Common Prefix problem is dened as follows:Preprocess: D = cfw_S1 , . . . , Sn , Si m , that is D is a set of n strings, eachof which is of length m.Queries: LCP (i
Rutgers - CS - 513
Fall 2011CS 513: #5Farach-ColtonDue by the beginning of class, Oct. 11.1. Let A[1, n] be an array of numbers. Dene the cartesian tree, CA , of A recursively, as follows. If n = 1, then CA is a node with value A[1]. Otherwise, letA[i] be a minimal ele
Rutgers - CS - 513
Fall 2011CS 513: #6Farach-ColtonDue by the beginning of class, Nov. 8.1. A palindrom is a string that reads the same forwards and backwards, like Ablewas I ere I saw Elba or Lonenly Tylenol (in this case if you ignore the spaces).Given a string, a p
Rutgers - CS - 513
Fall 2011CS 513: #07Farach-ColtonDue by the beginning of class, Dec. 6.1. A boolean formula is in Disjunctive Normal Form if = 1 . . . k ,where each i = i1 iji . That is, it is the disjunction of a sequence ofconjunctions. The DNF problem is dened a
Universiti Teknologi Malaysia - BEE - bek4243
J(4uetq 6n I,_._Head- )gFt: ?-barnWq*erflow =SOFL3 :o.r.1*39. = boolo'l) 0:9rLq4: 9'8l xO.bxo.tg*3r?,6>r",:6,:)', ,:i-,f * ("g,.-grevrlgforce- q-&th/satL= etKqe$cgO - q,ucnti+y oF urqtercfw_+ _- e*Fe<_cfw_vL hecrd en )Tr) 6,3rLOOiir
Universiti Teknologi Malaysia - BEE - bek4243
.lqFF+JOqeEcfw_rbn 2-,i) Per = Pgh = rooo Vgl^t x g"slV*exgxPerrn/s. x t00rv1Hloog &,urt* : VXtoOO l.g/n3x 1.gl rn/s.lrt00V: lolg,3?r.n3qre _ tot q .3T t,)/ uonn= tot.931*.,j, ThiS hy/ro is*oiirecrsonqbtegroc,luce \ooo-: :.,=,o '
Edhec Business School - ECON - 101
Part II Fundamentals of Fluid MechanicsBy Munson, Young, and OkiishiWHAT we will learnI. Characterization of Fluids- What is the fluid? (Physical properties of Fluid)II. Behavior of fluids- Fluid Statics:Properties of a fluid at rest(Physics of th
Edhec Business School - ECON - 101
cen54261_ch10.qxd12/2/0310:55 AMPage 461PARTFLUID MECHANICS2461cen54261_ch10.qxd12/2/0310:55 AMPage 462cen54261_ch10.qxd1/8/048:12 AMPage 463CHAPTERINTRODUCTION TO FLUIDMECHANICSn the second part of the text we present the fundamentals
Keller Graduate School of Management - HR - hr595
Student Name _Course Section _HR595_FIELD ANALYSIS: UNDERSTANDING THE KEY PARTIES AND THEIR ROLE IN ANEGOTIATIONInstructions: For purposes of this assignment, assume that you are the negotiator who is taskedwith a salary (on call time, step increases
Keller Graduate School of Management - HR - hr595
Personal Bargaining Inventory Answers (2 pages)Student Name _Tasha Smith_Course Section _Rating Your Own BehaviorFor each statement, please indicate how much the statement is characteristic of you on thefollowing scale:1234Strongly uncharacteris
Keller Graduate School of Management - HR - hr595
Case 1: Capital Mortgage Insurance CorporationBackgroundCapital Mortgage Insurance Corporation (CMI) is a wholly owned subsidiary of NorthwestEquipment Corporation (NEC). NEC expects Frank Randall, company president; to build CMIinto a larger more div
Keller Graduate School of Management - HR - hr595
Negotiations 246Capital Mortgage InsuranceGroup Position Paper 1Arin HalickiAmit ShahHelen KimSatish Ramachandran10/31/08OverviewCapital Mortgage Insurance Corporation (CMI) sells insurance to lenders protectingagainst mortgage default losses. T
Keller Graduate School of Management - HR - hr595
Negotiation In a Cross-Cultural EnvironmentAmerican versus JapaneseBy Therese PerlmutterHR595 Negotiation SkillsKeller Graduate School of ManagementDr. Larry RayMay 10, 2005Table of contentsI.IntroductionII.III.IV.V. ConclusionVI. References
Keller Graduate School of Management - HR - hr595
NTable of ContentsI. CBA BackgroundII. IssuesPage 2Page 5III. NBA ProposalPage 7IV. Players ProposalPage 9V. OutcomePage 10VI. ReferencesPage 14CBA BackgroundDuring 1998-1999 the NBA (National Basketball Association) had suffered a loss of
Keller Graduate School of Management - HR - hr595
You Decide WorksheetName _Tasha Smith_Course Section _week 6_Date _12/10/2011_Scenario Summary:A supervisor in a large accounting firm is scheduled to interview a job candidate who comeshighly recommended and has excellent qualifications. Jim has an
Keller Graduate School of Management - HR - hr595
Communication Competence Scale AnswersStudent Name _Tasha Smith_Course Section _Questionnaire_RatingFor each statement, answer each as it relates to what you generally think about concerning socialsituations.5 Always true of me4 Often true of me3
Keller Graduate School of Management - HR - hr595
History of Collective bargaining agreementThe National Basketball Players Association was formed in 1954, when Celtics guard Bob Cousybegan to organize the players in an effort to implement a minimum salary and give players healthand retirement benefit
Keller Graduate School of Management - HR - hr595
Student Name _Course Section _FIELD ANALYSIS: UNDERSTANDING THE KEY PARTIES AND THEIR ROLE IN ANEGOTIATIONInstructions: For purposes of this assignment, assume that you are the negotiator who is taskedwith a salary (on call time, step increases, over
Keller Graduate School of Management - HR - hr595
Final Exam PapersHR595: Negotiation SkillsInstructor: Richard MeltonStudent: Anh NguyenFebruary 2011B| Given desired goals and outcomes for a negotiation process, describe a planningframework to achieve stated objectives and apply to a specific neg
Keller Graduate School of Management - HR - HR1515
SSSSSSSsssssssjloeijSituation Analysis:1. Corporate Philosophy Bosch has a corporate philosophy that stretches from Germanyto more than 140 countries throughout the globe. The reason for their great successglobally is credited to their spirit of indep
Keller Graduate School of Management - HR - HR1515
Keller Graduate School of Management Managerial Statistics (GM533)Course ProjectHousing Sales Price Predictor ModelHousing Sales Price Predictor ModelPage 2TO:FROM:Eastville, Oregons Board of Realtors Realtor October 20, 2010 Housing Sales Price Pr
Keller Graduate School of Management - HR - HR1515
Resistance to ChangeHR587-Managing Organizational ChangeCourse ProjectInstructor: Kathleen MilburnKeller Graduate School of Management06/16/2010Nga LeTable of ContentsExecutive Summary 2Literature Review3Force-Field Analysis Diagram4Decoding
Keller Graduate School of Management - HR - HR1515
Multiple Regression AnalysisCase #28, Housing Prices IIKeller Graduate School of Management GM533Ryan D. LeeExecutive Summary:In this report I will use a multiple regression analysis approach to predict the appropriate sellingprice of my home in Eas
Keller Graduate School of Management - HR - HR1515
To:From:Date:Subject:MEMORANDUMHope Williams, CommissionerTasha Smith, NBPA PresidentNovember 13, 2011A proposal to reject or accept the latest proposal from NBA owners.PurposeI am writing to propose a solution to the currently rejected collecti
Keller Graduate School of Management - HR - HR1515
MemoTo:Howard Hughes, RepresentativeFrom:Tasha Smith, Chief of StaffDate:12/18/2011Re:Requested paper consisting of answers to panel questions regarding Medicare Crisisq wertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcv
Keller Graduate School of Management - HR - HR1515
IntroductionWith more than so many Americans being uninsured to the tune of over 45 million thereis no wonder that there is lots of debate of how to best ensure that all receive health coverage.The debate is rather to mandate that all Americans purchas
Keller Graduate School of Management - HR - HR1515
Fi515 Week 1 AssignmentWeek 1 assignments FI515Mini caseA-Why is corporate finance important to all managers?Corporate finance provides managers with the skills to identify and select the corporate strategiesand individual projects that add value to
Berkeley - MCB 32 - 57703
MCB 32 Introductory Human Physiology Fall 2011TuTh 9:30-11:00, 2050 VLSBProfessors:Terry Machen, 231 LSA, 642-2983, t machen@berkeley.edu, office hrs: M 2-3 or by appt.Helen Lew, 4074 VLSB, h_lew@yahoo.com, office hours: TBAJames Crothers, 241 LSA, C
Berkeley - MCB 32 - 57703
Physiology OverviewCh. 1. pp 6-20Cells, tissues, organs and organ systemsBody fluidsHomeostasis by negative feedback, e.g., insulinMolecules in PhysiologyInorganic:water, ions, H+Ch. 2. pp 24-30Ch. 2. pp 30-46Organic:Carbohydrates, proteins, li
Berkeley - MCB 32 - 57703
Cell Metabolism pp. 105-117OverviewGlycolysisKrebs cycleOxidative phosphorylationLactic acid during anaerobic conditionsCell MetabolismOverviewGlycolysisKrebs cycleOxidative phosphorylationLactic acid during anaerobic conditionsENERGY GENERATI
Berkeley - MCB 32 - 57703
Cell OrganellesCh. 3 pp. 50-63, 67-71Plasma membrane, cytoskeleton, nucleusendoplasmic reticulum, ribosomes, Golgi complexlysosomes, secretory granules and mitochondriaEnergy, enzymes and reactionsCh. 4 pp. 87-93, 96-101ATP stores and releases ener
Berkeley - MCB 32 - 57703
MCB32 FINAL EXAMA. MILLER QUESTIONS67 multiple choice questions worth 133 pointsMidterm 3: 50 multiple choice questions, each worth 2 pts:Respiratory: 14 questionsKidney: 14 questionsGI: 11 questionsRepro: 11 questionsFinal A.Miller section only :
FIU - AMH - 2041
A Model of Christian CharityGovernor John Winthrop(1630 on board the Arbella)IntroductionJohn BeardsleyThis is Winthrops most famous thesis, written on board the Arbella, 1630. In an age not longpast, when the Puritan founders were still respected b
FIU - AMH - 2041
Give Me Liberty! Sources of Freedom History CenterSources of Freedom: Alien and Sedition Acts (July6, 1798)The Alien and Sedition Acts were passed in 1798 by the Federalistcontrolled Congress. America was on the brink of war with France,and President
FIU - AMH - 2041
Give Me Liberty! Sources of Freedom History CenterSources of Freedom: The Memoirs of Ann Carson(1828)In this excerpt from the memoirs of Ann Carson, she described leaving herhusband because he did not see her as his equal. She also wroteabout her eff
FIU - AMH - 2041
Give Me Liberty! Sources of Freedom History CenterSources of Freedom: Baltimore and Ohio Railroad(July 7, 1828)John B. Morris of the Baltimore and Ohio Railroad gave this speech on theoccasion of the laying of the foundation stone for the line. After
FIU - AMH - 2041
Give Me Liberty! Sources of Freedom History CenterSources of Freedom: Boston Massacre Article(March 12, 1770)This article from the March 12, 1770 edition of the Boston Gazetterecounted the events of the previous week that would come to beknown as the