AMITY

We nurture talent
Information Technology &
Management
ADL-72
Session -1
OP Sangwan
Amity Institute of Information Technology
Amity University
---Uttar Pradesh---
Sangwan_op@aiit.amity.edu


Module 1
Introduction to Computer
Technology
WHAT IS A COMPUTER AND WHAT DOES IT DO?

An electronic machine,
operating under the control
of instructions stored in its
own memory
accepts data
manipulates the data
according to specified rules
produces results
stores the results for future
use
It can execute a prerecorded
list of instructions (a
program)

COMPUTER SYSTEMS
Purpose: To convert data into information
The Information Processing Cycle: Input-Process-Output and Storage
Components of a Computer System
Computer hardware
Computer software
People: users and IS professionals

Data vs. Information
Data:
Collection of raw unprocessed facts, figures, and
symbols
Information:
Data that is organized,
meaningful, and useful
The Information Processing Cycle
Input
Any data or
instructions you
enter into a
computer
Output
Data that has
been processed
into information
Communication
The capability of
communicating
with other
computers

Process
Manipulate the
input (data) to
produce output
(information)
Hardware, Software
Hardware:
The electric, electronic, and
mechanical equipment that makes up a
computer

Software:
The series of instructions that
tells the hardware how to
perform tasks
End user who is the ultimate user of a computer system usually implies an
individual with a relatively low level of computer expertise
Power user is someone who has considerable experience with computers
and utilizes the most advanced features of applications.
IS Professionals are people who develop and operate IS.
People
Who designs and writes software:
Computer programmer
uses a programming language to write software programs
Systems Analyst
works with both the user and the programmer to determine the desired output of
the program
speaker
PC camera
microphone
keyboard
modem
monitor
mouse
The Components of Computer Hardware
printer
scanner
speaker
PC camera
microphone
digital camera
system unit
keyboard
modem
speaker
monitor
mouse
The Components of Computer Hardware
Computer Hardware
any part of a computer system that you can see or touch
Computer (or system unit): CPU and Main Memory
Peripheral: any piece of hardware attached to a computer
Input devices
Output devices
Secondary storage devices
Communications devices
Input Devices
Any hardware component that allows a user to enter data
and instructions into a computer
scanner
microphone
keyboard
PC camera
digital
camera
scanner
microphone
keyboard
PC camera
digital
camera
Output Devices
Any hardware component that can convey information to a user
printer
monitor speakers
The Components of a Motherboard
CPU or a Processor
Electronic device that interprets and carries out the basic
instructions that operate the computer
Memory
Temporary holding place for data and instructions
Storage
Holds data, instructions, and information for future use
Storage Medium
Physical material on which a computer keeps the data,
instructions and information
Storage Device
Records & retrieves items to and from a storage medium
Devices often function as source of input because they
transfer items from storage into memory
Main-Memory Management
Memory is a large array of words or bytes, each with its own
address. It is a repository of quickly accessible data shared by
the CPU and I/O devices.
Main memory is a volatile storage device. It loses its contents
in the case of system failure.
The operating system is responsible for the following activities
in connections with memory management:
Keep track of which parts of memory are currently being
used and by whom.
Decide which processes to load when memory space
becomes available.
Allocate and deallocate memory space as needed.

Introduction to Software & Concepts
of Programming
Software
Software is a collection of programs whose objective is to enhance
the capabilities of a hardware machine.
Types of software
System software
->Operating System
->Utility Programs
->Language Translators
Application software
->Customs programming
->Pre-written Packages

System Software
Systems software consists of low-level programs that interact
with the computer at a very basic level. These programs
control the operations of the computer and its devices
Operating System: Set of programs that coordinate all the
activities among computer hardware devices
Utility program: performs a specific task, usually related
to managing a computer, its devices, or its programs
Application software
Programs that do real work for users
Suite - Collection of popular individual software
applications bundled together as a single unit
Word processing
Spreadsheet
Database
Presentation graphics
Benefits of Structured Programming
Programs that meet the needs of the customer
Though initially take longer time to generate code,
often result in code with runs with no bugs the first
time its run
Easy to handle change in program specifications in the
future
Structured Programming
A tool that becomes popular since the 70s
Should have been learnt by student that have taken
any programming course
Absolutely essential for handling large programs that
involve a team of programmers and huge number of
man hours.
The other popular philosophy is object oriented
programming, but many programmers prefers
structured programming

Seven Important Concepts of Structured
Programming: 1. Structured Walkthrough
Before writing any program, the programming team must sit
down with the customer and find out the requirement
Extremely important
Customers requirement is often imprecise
Iterative: several rounds of talks
Must result in a specifications that is
very precise
Understandable by programmer in programming terms
2. Stepwise Refinement
A DIVIDE and CONQUER strategy
When given a large job, divide it into smaller jobs.
Given any job, it is useful to divide it into
Input
Process
Output
Draw a tree
Refine each job level by level (Breadth first)
Use pseudo code to describe each job
Decision on data structure is delayed as much as possible



Extremely
Complex
Job
Input Process Output Level 1
Input from
user
Initialize


Level 2
Initialize security
settings

Level 3
3. Modular Design
Each ellipse is a module
A module is a self contained block:
It only receives inputs from its immediate ancestor
It only outputs to its immediate ancestor
Its computation should only require calling functions that are its
immediate children and them only
The input variables and output variables of each module
should be specified when defining the module
Each module must be programmable no majic block
should exist
4. Bottom Up Coding
When the refinement has reached a simple function,
code the simple function
You can test the simple function independently of the
rest of the program
This gives you achievement and satisfaction,
sustaining you through the long project
Project Manager exercises division of labour here,
ask a member to be responsible solely for that
function
5. Testing Using Stubs
A structured Programming project can be field tested
before everything finishes
Stubs - for unfinished modules, use a human being to
emulate it, act on the test inputs, she fits in the correct
output data by hand
then other programmers can test their work
Meanwhile she continues to program her own module
(according to MS Project timelines)
6. White Box and Black Box Testing
For each module and whole program

White Box
Input something for which you know the desired result, it
should give your expected output
Black Box
Treat it as a black box, input some data, is the result
reasonable?
7. Structured Programming Documents
A structured programming document is generated
along with the program
When requirement of customer changes, go to the
document
Does not need to rewrite the whole program, just find
which modules need to rewrite and rewrite the
module and the sub-tree under it
Programmer usually forgets their code in 2 months;
the structured document helps her to refresh her work
quickly

OOPs
Objects, Classes, Attributes and
Methods
What is Object Oriented Programming?
Object Oriented Programming is an approach that
provides a way of modularizing programs by
creating partitioned memory area for both data and
functions that can be used as templates for creating
copies of such modules on demand
Glossary
Object: Data accessed and manipulated through an
interface, such as the Imagine program

Class: A template for a new object design

Inheritance: New class created by the modification of an
existing class

Instantiation: Creating a new object from an existing
class
The new object is known as an instance of Class X


Advantages of OOPS
Objects
Classes
Data Abstraction and Encapsulation
Inheritance
Dynamic Binding
Message Communication (message passing)
Reusability
Creating New Data Types
Polymorphism & Overloading
..

What is an Operating System?
A program that acts as an intermediary between a
user of a computer and the computer hardware.
Operating system goals:
Execute user programs and make solving user problems
easier.
Make the computer system convenient to use.
Use the computer hardware in an efficient manner.
Four Components of a Computer System
Operating System Definition

OS is a resource allocator
Manages all resources
Decides between conflicting requests for efficient and fair
resource use
OS is a control program
Controls execution of programs to prevent errors and
improper use of the computer
Operating System Definition (Cont.)
No universally accepted definition
Everything a vendor ships when you order an
operating system is good approximation
But varies wildly
The one program running at all times on the
computer is the kernel. Everything else is either a
system program (ships with the operating system) or
an application program
Operating System Structure
Multiprogramming needed for efficiency
Single user cannot keep CPU and I/O devices busy at all times
Multiprogramming organizes jobs (code and data) so CPU always has
one to execute
A subset of total jobs in system is kept in memory
One job selected and run via job scheduling
When it has to wait (for I/O for example), OS switches to another job
Timesharing (multitasking) is logical extension in which CPU
switches jobs so frequently that users can interact with each job
while it is running, creating interactive computing
Response time should be < 1 second
Each user has at least one program executing in memory process
If several jobs ready to run at the same time CPU scheduling
If processes dont fit in memory, swapping moves them in and out to
run
Virtual memory allows execution of processes not completely in
memory
Memory Layout for Multiprogrammed System
Computer Network
Overview of Networking
Network: interconnected collection of autonomous computers,
capable of exchanging information.
A communications network is two or more computers connected to share
data and resources are networked. The simple idea behind computer
networking is to allow users to access more information and give them
access to devices not directly attached to their local system, such as
printers or storage devices.
Three of the main types of computer networks are:
LAN - Local Area Network
MAN Metropolitan Area Network
WAN - Wide Area Network
A LAN is comprised of computers located within
close proximity, such as in an office or building.
A WAN is a network of computers that are situated
further apart, but still connected. Such a network
might be of computers within a single state agency
or of a multi-national corporation worldwide.
A MAN is a communication infrastructures that have been
developed in and around large cities

Computer Networks
Local Area Networks are configured in 3 basic
topologies. These are either the logical or
physical way the computers are connected. Each
connection on the network is known as a node.

These topologies are:
Star
Bus
Ring
Server
A Star topology connects all the nodes directly to the
server or to a connecting device such as a hub.
Server
All nodes on a Bus topology are connected to a
central line or backbone.
Server
Nodes on a Ring topology are connected in a closed
loop. This means that each node has two connections,
one in and another out. Using this type of topology
the data must travel through all the nodes.
INTERNET TECHNOLOGIES
INTRODUCTION TO INTERNET
INTRODUCTION TO INRANET AND EXTRANET
BASIC CONCEPTS OF INTERNET AND IP ADDRESS
DHCP
DNS
PROTOCOLS
SERVICES OF INTERNET





INTRODUCTION TO INTERNET
In 1969, the Advanced Research Projects Agency
(ARPA) of the U.S. Department of Defense created
the Internet when it connected the computers at
universities and defense contractors. This system
was called ARPANET.

Internet
Internet is a world wide system accessible through computers.
The Internet is not just one computer,it is a coordinated union of
multitude of networks all over the world.
It is a network consisting of millions of machines
.Network of networks.
Millions of computers all over the world are connected through the
Internet.
Not a Government Organization
Authority of the Internet is the Internet Society, a Voluntary
membership organization whose purpose is to promote global
information exchange.



The Internet Today
The Internet today is a cooperative community of over
100 million computer users connected worldwide.

INTRODUCTION TO INTRANET
INTRANET

Intranet is an in-house network

Intranet allows internal circulation of
information within the company

Intranet in an office,allows access of
information to its offices and personnel

Basic Concepts of Internet And
IP Address
Internet Address
Just like every house, every office, every location has an
address, every page on the Internet has a unique address.
This address is used get the web page for user from
Internet.
the address on the Internet is known as URL (Uniform
Resource Locator).
A typical Internet address or URL would look like;
http://www.nos.org/computers/internet/url.htm
The URL contains the components that specify the
protocol, server, and pathname of an item


(http://www.nos.org/computers/internet/url.htm).

The protocol is followed by a colon
(http:),

the server is preceded by two slashes
(//www.nos.org), and
each segment of the pathname is
preceded by a single slash
(/computers/internet/url.htm).

A protocol is set of rules that tells the
computer know how to interpret the
information at that address.

What are protocols ?
Networking software is organized as protocols
Eg: Human protocol vs network protocol:

What are protocols ?
Hi
Hi
Got the
time?
2:00
TCP connection
req.
TCP connection
reply.
Get http://www.rpi.edu/index.htm
<file>
time
IP Address:
IP Address is a numeric identifier assigned to
each machine on an IP network.It designates the
location of the device that is assigned to it on the
network.It is a software address.
Each host should have a logically unique IP
address.

IP ADDRESS CONSIST OF TWO
PARTS
Network ID
Identifies the system
located on the same
physical network
All systems have same
Network ID in the
same network

HOST ID
Identifies a
server,workstation,rou
ter within a network
All systems have
unique ID in the
network
PROTOCOLS
The first component, the protocol, defines the
manner for interpreting computer information.
Many Internet pages use HTTP (Hyper Text
Transfer Protocol).

Other common Internet protocols:
FTP (File Transfer Protocol), and
GOPHER (an alternative transfer protocol). Gopher
protocol is mostly out of date now.

DHCP
Dynamic host configuration Protocol
Centralizes and manages the allocation of TCP/IP
configuration information by automatically assigning IP
addresses to computers configured to use DHCP.
DHCP is a simple process by which a host system
obtains an IP address,which is must for communication
with rest of the network.

DHCP uses 4-phase process to configure

A DHCP client
A request for an IP address by a client
An offer made to the client by DHCP server
The client selecting an offer and asking for a lease
The DHCP server sending an acknowledgement.

DNS
DNS : Domain Naming System
Translate the Fully-Qualified Domain Name of a
computer into its corresponding IP Number.
People find names easier to remember than numbers
A fully qualified domain name such as www.npr.org
is converted to correct IP number 205.153.39.182 by
the Domain Name Server and the IP number is used
to establish connection.
IP address also uses country codes comprising of two
letters
This lettering system is called DNS i.e. country codes
for India is in,ca for canada,au for Australiaetc.

Services of Internet - E-mail, FTP, Telnet, WWW

E-Mail:
E-mail or Electronic mail is a paperless method of sending
messages, notes or letters from one person to another
through Internet .

The biggest advantage to using e-mail is that it is cheap,
especially when sending messages to other states or
countries .



Features of E-mail:
One-to-one or one-to-many communications
Instant communications.
Physical presence of recipient is not required
Most inexpensive mail service, 24-hours a day and seven
days a week
Encourages informal communication
Components of an E-mail
Address
As in the case of normal mail system, e-mail is also based
upon the concept of a recipient address.
John@hotmail.com
john: name of a mailbox on the destination
computer, where finally the mail will be
delivered.
hotmail: the mail server where the mailbox
"john" exists.
.com: the type of organization on net, which is
hosting the mail server.


Types of Organizations
There are six main categories;

com Commercial institutions or organization
edu Educational institutions
gov Government site
mil Military site
net Gateways and administrative hosts
org Private organizations



FTP (File Transfer Protocol)

An Internet utility software used to upload and download files.

It gives access to directories or folders on remote computers and
allows software, data and text files to be transferred between
different kinds of computers.

The basic objectives of FTP are:
To give flexibility and promote sharing of computer
programs, files and data

To transfer data reliably and more efficiently over
network

To encourage implicit or indirect use of remote
computers using Internet

To shield a user from variations in file storage systems
among hosts.
WORLD WIDE WEB (WWW)

also commonly known as The Web.

The WWW is hypertext based information retrieval tool.
One can easily surf the Web by jumping from one
document to another using the links in those documents.

These documents can be in many formats, such as text,
graphics, animation, sound and latest is video.


Web Pages
All the information on Internet are presented to the
user as a document or more popularly known as
Web Page.

All these Web Pages are link to each other or even
to section within a Web Page. And these links are
known as Hyper Links.

tool used to view these Web Pages on Internet is
known as Internet browser or simply browser.

Introduction to DBMS

File Organization
Sequential Organization
Sequential organization simply means storing and sorting in physical,
contiguous blocks within files on tape or disk.
Indexed Sequential Organization
Use an index to locate records. Indexed sequential organization reduces the
magnitude of the sequential search and provides quick access for sequential
and direct processing.
Inverted List Organization
In indexed sequential method has a multiple index for s given, where as the
inverted list method has a single for each key type
Direct Access Organization

File Organization Method-A Summary
Method Advantage Disadvantage
Sequential Simple to design
Easy to program
Variable length and blocked
records available
Best use of storage
Records cannot be added to
the middle of file
Indexed-sequential Records can be inserted or
updated in the middle of file
Processing may be carried
out sequential or randomly
Unique keys required
Processing occasionally slow
Periodic reorganization of
file required
File Organization Method-A Summary
Method Advantage Disadvantage
Inverted List Used in application
requesting specific data on
multiple keys
Random Records can be inserted or
updated in the middle of file
Better control over record
allocation
Calculating address
required for processing
Variable length records
nearly impossible to process
Objectives of Data Base
1.Controlled redundancy
2.Ease of Learning and use
3.Data independence
4.More information at low cost
5.Accuracy and integrity
6.Recovery from Failure
7.Privacy & Security
8.Performance
Data Base Design
1.Key Terms (entities, attributes, DDL, DML etc)
2.Logical & Physical Views of Data (Schemas and
subschema)
3.Data Structure
Types of Relationship (1:1, 1:M M:M)
Types of Data structure
Hierarchical structuring
Networking Structuring
Relational structuring
Entities & Attributes
4. Normalization
Refining of data structure
1NF
2NF
3NF
Enterprise resource planning (ERP) software is a set
of applications that automate finance and human
resources departments as well as handle jobs such as
order processing and production scheduling. ERP
vendors have expanded into applications such as
Manufacturing, supply-chain management, customer
relationship management, and industry verticals.
An ERP system is based on a common database and a
modular software design

ERP Defined
Finance
-General Ledger
-Accounts Receivable
-Accounts Payable
-Procurement
-Fixed Assets
-Treasury Mgmt
-Cost Control
-Grant Management
Human Resources
-HR/Benefits
Administration
-Payroll
-Self-service HR

e-Business
-eProcurement
- Employee Self Service
- e-Recruiting/e-Hiring
- e-Filing
- Citizen Access
- Web-enabled transactions
- e-Commerce

Transaction Engine
Core software that manages
transaction flow among
applications and handles tasks
like security and data integrity
Customer Relationship Mgt
-Consistent user experience
- Personalization of services
- Realtime access- enterprise info
Supply Chain Mgmt
Planning, scheduling and fulfillment
applications that address all
procurement requirements across
the enterprise

Data Analysis
Decision support software that lets
senior executives and other users
analyze transaction data to track
business performance

Characteristics of an ERP System
Includes business management software that enables finance and
human resources in a completely integrated fashion
Enables high levels of integration across business functions and
units

Provides for widespread sharing of data from a single information
repository

Drives extensive business transformation and change management
efforts

Requires high levels of implementation effort and support
ERP Implementation Benefits
Streamlines or eliminates inefficient manual
processes
Eliminates disparate stand-alone systems
Provides integrated, enterprise-wide common tools,
processes and systems
Establishes a backbone structure that can be leveraged
to handle all operational processes
Integrates and increases control of budgeting,
planning and financial management processes
ERP Implementation Benefits
(continued)
Provides enterprise-wide reporting and decision
support
Presents opportunity for re-engineering with industry
best practices and templates
Presents opportunity to lever vendors future
investment in enhanced functionality
Incorporates new functionality and technology -
provides a springboard to e-Business
ERP Implementation Activities
Package Integration
(SAP,PeopleSoft, JDE,
Oracle...)
Software Environment
Builds
Enterprise-wide
Infrastructure
Planning/Design &
Roll-out
Interfaces and
Conversions
Data Warehouse
Integration
E-Business
Business Intelligence
Networking
Design
Implementation
Tuning
Manage It... Change It... Implement It.. Operate It... Service It... Teach It...
Change Mgment
Business Vision
and Goals
Process Analysis
Package Select .
Business Case
Bus. Process
Reengineering
Industry Best
Practices
As Is /To Be
Process
Modeling
Fit-Gap Analysis
Policy Design
and Procedure
Dev.
Readiness
Assessment
Organizational
Design
Communications
Plan
Data Center
Operations
Application
Development
& Maintenance
Network Station
Management
Network
Operations &
Support
Platforms &
Technology
Services
Installation/
Customization &
Maintenance
Performance and
Tuning
Software Services
Planning/Design/
Install
Migration
Management
Problem Mgmt.
Systems Mgmt.
Internet Enablement
Web Site Design
Help Desk
Disaster Recovery
Business
Resumption
Services
Training Needs
Assessment
Custom
Curriculum and
Material
Development
CBT Development
End User Training
Classes
Train-the-
Trainers
Roll-out of
Training
Prime Contractor
Project Management
Detailed Project
planning and
Tracking
Communications
Plan
Subcontractor
management
Project Scope
Control
Financial Control
Project Oversight and
Quality Assurance
Reviews
Disadvantage
Customization of the ERP software is limited.
Re-engineering of business processes to fit the
"industry standard" prescribed by the ERP system
may lead to a loss of competitive advantage.
ERP systems can be very expensive leading to a new
category of "ERP light" solutions
The system may be too complex measured against the
actual needs of the customer.



Electronic Commerce Systems
Electronic Commerce (E-Commerce)
Commerce refers to all the activities the
purchase and sales of goods or services.
Marketing, sales, payment, fulfillment, customer
service

Electronic commerce is doing commerce with
the use of computers, networks and commerce-
enabled software (more than just online
shopping)
Brief History
1970s: Electronic Funds Transfer (EFT)
Used by the banking industry to exchange account information over
secured networks
Late 1970s and early 1980s: Electronic Data Interchange
(EDI) for e-commerce within companies
Used by businesses to transmit data from one business to another
1990s: the World Wide Web on the Internet provides easy-to-
use technology for information publishing and dissemination
Cheaper to do business (economies of scale)
Enable diverse business activities (economies of scope)
E-commerce applications
Supply chain management
Video on demand
Remote banking
Procurement and purchasing
Online marketing and advertisement
Home shopping
Auctions
Ecommerce infrastructure
Information superhighway infrastructure
Internet, LAN, WAN, routers, etc.
telecom, cable TV, wireless, etc.
Messaging and information distribution
infrastructure
HTML, XML, e-mail, HTTP, etc.
Common business infrastructure
Security, authentication, electronic payment,
directories, catalogs, etc.

The Main Elements of E-commerce
Consumer shopping on the Web, called B2C
(business to consumer)
Transactions conducted between businesses on the
Web, call B2B (business to business)
Transactions and business processes that support
selling and purchasing activities on the Web
Supplier, inventory, distribution, payment management
Financial management, purchasing products and
information
Advantages of Electronic Commerce
Increased sales
Reach narrow market segments in geographically
dispersed locations
Create virtual communities
Decreased costs
Handling of sales inquiries
Providing price quotes
Determining product availability
Being in the space

Disadvantages of Electronic Commerce
Loss of ability to inspect products from remote
locations
Rapid developing pace of underlying
technologies
Difficult to calculate return on investment
Cultural and legal impediments
The process of e-commerce
1. Attract customers
Advertising, marketing
2. Interact with customers
Catalog, negotiation
3. Handle and manage orders
Order capture
Payment
Transaction
Fulfillment (physical good, service good, digital good)
4. React to customer inquiries
Customer service
Order tracking
Web-based E-commerce Architecture
Client
Tier 1
Web Server
Tier 3 Tier 2 Tier N
Application
Server
Database
Server
DMS

E-commerce Technologies
Internet
Mobile technologies
Web architecture
Component
programming
Data exchange
Multimedia
Search engines
Data mining
Intelligent agents


Access security
Cryptographic security
Watermarking
Payment systems

Infrastructure for E-commerce
The Internet
system of interconnected networks that spans the globe
routers, TCP/IP, firewalls, network infrastructure, network
protocols
The World Wide Web (WWW)
part of the Internet and allows users to share information
with an easy-to-use interface
Web browsers, web servers, HTTP, HTML
Web architecture
Client/server model
N-tier architecture; e.g., web servers, application servers,
database servers, scalability

E-Commerce Software
Content Transport
pull, push, web-caching, MIME
Server Components
CGI, server-side scripting
Programming Clients
Sessions and Cookies
Object Technology
CORBA, COM, Java Beans/RMI
Technology of Fulfillment of Digital Goods
Secure and fail-safe delivery, rights management
System Design Issues
Good architectural properties
Functional separation
Performance (load balancing, web caching)
Secure
Reliable
Available
Scalable


Creating and Managing Content
What the customer see
Static vs. dynamic content
Different faces for different users
Tools for creating content
Multimedia presentation
Integration with other media
Data interchange
HTML, XML (Extensible Markup Language)

Cryptography
Keeping secrets
Privacy: interceptor cannot use information
Authentication: senders identity cannot be forged
Integrity: data cannot be altered
Non-repudiation: sender cannot deny sending
How to evaluate cryptography
Secret key (symmetric) cryptography; e.g., DES
Public key (asymmetric) cryptosystems; e.g, RSA
Digital signatures, digital certificates
Key management; e.g., PKI
Security
Concerns about security
Client security issues
Server security issues
Security policy, risk assessment
Authentication methods
Something you know: passwords
Something you have: smart card
Something you are: biometrics
Firewalls, proxy servers, intrusion detection
Denial of service (DOS) attacks, viruses, worms

Payment Systems
Role of payment
Cash
properties: wide accept, convenient, anonymity,
untraceability, no buyer transaction cost
Online credit card payment, Smart Cards
Secure protocols: SSL, SET
Internet payment systems
Electronic cash, digital wallets
Micro-payments
Wireless devices

Transactions Processing
Transactions and e-commerce
Overview of transaction processing
Transaction processing in e-commerce
Keeping business records, audit, backup
High-availability systems
Replication and scaling
Implementation

Other System Components
Taxes
Shipping and handling
Search engines
Data mining
Intelligent agents
Inventory management, enterprise resource
planning (ERP)
Customer relation management (CRM)
Business to Business E-Commerce
Most EDI was done over private networks but there
is a big push to establish common standards to use
it over the Internet:
Open Trading Protocol(OTP)-intended to standardize a
variety of payment-related activities, including purchase
agreements, receipts for purchases, and payments
Open Buying on the Internet (OBI)- standard created by
the Internet Purchasing Roundtable to ensure that all the
different e-commerce systems can talk to each other
These standards work in a similar fashion to the
ANSI X12, which you already learned about.
Business to Business E-Commerce
Example:
The automotive industry is investing in a new venture, the
Automotive Network Exchange (ANX). ANX is a
managed virtual private network (VPN) that runs over the
Internet and links manufacturers and suppliers worldwide.
This will electronically link those suppliers who still
communicate to manufacturers by traditional means
(phone,fax, e-mail). The network will electronically route
product shipment schedules, CAD files for product
designs, POs, payments and other business information.

NOTE: VPNs provide secure data transfer over the
net--think of them like a tunnel for data
Business to Business E-Commerce
Example:
The Great Plains e.Order demo that you just did is a great
example of B2B over the web. It is done in a client-server
environment with a Great Plains C/S+ back end
(sometimes called back office) and a front end developed
in Microsoft tools. Front end is simply the term used to
describe what you, the user, see. It is the GUI, the web
browser screen you view and/or interact with. Back end is
the term used to describe what is happening with the data
that the user doesnt see. Typically, that data may be in an
application program or a relational database such as
Oracle, DB2, SQL server, Sybase SQL server.
Business to Business E-Commerce
Example:
Just in case you never got a good understanding of why
client/server (C/S) is such a big deal, here is an example.
A customer calls to change their number. Without C/S the
accounts receivable clerk would have to access the entire
A/R master file from the file server just to change one
record. Since this is probably thousands/millions of records
and takes up lots of bandwith on the network, it makes the
system crawl!!!! With C/S, the server selects out just the
one record and then sends only the one record to the A/R
clerk to be changed. By distributing processing in this way
the system is SIGNIFICANTLY faster!!!
Business to Business E-Commerce
At some point you are going to wonder how the back end and
the front end communicate. They often cant since many
companies still have back ends that were not created to
interface with (display) over the web. The answer is
Middleware. Middleware is simply the glue or layer of
software that allows the front ends (often in Java, HTML,
XML, CGI scripts, ASP pages) to interact with the back
end. Just like you need a translator when someone who is
speaking Spanish is talking to someone who is speaking
French, you often need middleware for your front end to
communicate with your back end.
Business to Consumer E-Commerce
Its a little different with B2C:
The consumer moves through the internet to the
merchants website.
(i.e. Jay Crew, Amazon.com)
Decides to purchase a product. He is connected to an
online transaction server. All the information in this server
is encrypted.
After placing an order, the information moves through a
private gateway to a Processing Network.
The Processing Network is where the issuing and acquiring
banks complete or deny the transaction.
THIS ALL TAKES PLACE IN NO MORE THAN 5-7
SECONDS!


Business to Consumer E-Commerce
IT Enabled Service
Information Technology Enabled Services
India, China and Philippines - predominant IT
off shoring

Why?
In order to gain from a large talent pool and
low labor cost.
Information Technology Enabled Services
India has some 5-6 % share of the total
BPO Industry.

This constitutes about 63% share of the
offshore component.
This 63% is a drop from the 70% offshore
share that India enjoyed last year

Information Technology Enabled Services
It is a form of outsourced service which has emerged
due to involvement of IT in various fields such as
banking and finance, telecommunications, insurance,
etc.

Some of the examples of ITES are medical
transcription, back-office accounting, insurance
claim, credit card processing
Source: Wikipedia
ITES
Major aspects

Services and Quality
Organization and Policies
Process Management
Source: For the next 5 slides ->Foundations of IT service Management; Van Haren Publishing, 2005;
Services and Quality
Providers of IT services

Not only to support the organization

....but the expectation is to present options to
implement the objectives of the organization
(what are the objectives????:)
Providers of IT services

..can no longer afford to
focus on technology and their
internal organization.

Providers of IT services

..have to consider the quality
of the services they provide and
focus on the relationship with
customers.


Services and Quality
The quality of services depends on the way in
which these things are organized
Demmings Quality circle

..provides a simple and
effective model to control quality
(Plan, Do, Check, Act)

Processes are divided into
activities with their own plans
and opportunities for checking.
Quality management is
everybodys responsibility

Quality assurance is a policy
matter within the organization.

Quality system is the
organizational structure related to
responsibilities, procedures and
resources for implementing quality
management

ISO 9000 series of standards is often used to develop, define, assess and
improve quality systems
Permanent quality
improvement
demands a certain
degree of maturity
of the organization
Organization and policies
Vision Business Model
Why exist? And how? And the logic?

Does the organization (processes) fulfill the objectives.?
Most common method the Balanced Scorecard

Objectives help define critical success factors

Key performance indicators (KPI) are parameters for measuring
progress relative to key critical success factors.

Processes
A process is a logically related series of activities
conducted toward a defined objective.

IT Service Management is
primarily known as the
process and service-
focused approach to IT
Management
Select Examples:

Service Delivery Processes:

Capacity Management, Availability
Management, IT Service Continuity
Management, Financial Management for
IT services, Service Level Management

Service Support Processes

Incident Management, Problem
Management, Configuration
Management, Change Management,
Release Management
Information Systems Security
Information Systems Security provides essential information for managing the
security of a modern, evolving enterprise. It is written for information security
managers and other technical managers and staff who are the first-line support
responsible for the daily, efficient operation of security policies, procedures,
standards, and practices. It covers:
Access control systems and methodologies
Computer operations security
Application and systems development
Business continuity and disaster recovery planning
Telecommunications and network security
Security architecture and models
Physical security
Cryptography
Security management practices
Law, investigations, and ethics

Security Certification (of an IT system)
The comprehensive evaluation of the management,
operational, and technical security controls in an
information system
Evaluation supports the security accreditation process
Evaluation performed by security expert (may be
contractor)
Assesses the effectiveness of the implemented security
controls in a particular environment of operation
Are the controls an acceptable set?
Are the controls operating as intended?
Determines remaining vulnerabilities in the information
system based on the assessment.

Security Accreditation (of an IT system)
The official management decision to authorize
operation of an IT system
Residual risk is one factor in decision
Authorization:
Is given by a senior agency official
Is applicable to a particular environment of operation of
the IT system
Explicitly accepts the level of residual risk to agency:
Operations (including mission, functions, image or reputation),
Assets, &
Individuals
that remain after the implementation of an agree upon
set of security controls in the IT system.
Terminology
Certification & Accreditation are loaded terms
Their use is confusing outside of US government
Security certification: Assessing/verifying
effectiveness of implemented security controls
Security accreditation: Approval/authorization to
operate IT system
Above definitions more accurately reflect concepts

System Security Activities (Inside) within the System
Development Life Cycle (Outside)

I nformation Security
Activities
Risk Assessment
Security Planning
Determine Security Requirements
Select Security Controls

Security
Accreditation
Continuous Monitoring of
Security
Control Effectiveness
Security Control
Development
Developmental Security
Test & Evaluation
Develop Security Test Plan
Test & Evaluate Security
Controls
Configuration Management
and control
Initiation
D
i
s
p
o
s
a
l

Development/Acquisition





O
p
e
r
a
t
i
o
n
/

M
a
i
n
t
e
n
a
n
c
e

A: Assess residual risk; Make
accreditation determination
C: Determine control
effectiveness; Determine &
document residual
vulnerabilities;
C: Assess residual vulnerabilities; A: Assess residual risk
Categorize System
Security Control
Integration
Implementation
C = Certification
A = Accreditation
FISMA-Related
Guidance


AGENCY INFORMATION
AND INFORMATION
SYSTEM

SP 800-37 SP 800-53A
Verification of
Security Control
Effectiveness
(Certification)
Measures the effectiveness of the security controls associated with
information systems through security testing and evaluation
Defines categories of information and
information systems according to levels
of risk for confidentiality, integrity, and
availability; maps information types to
security categories
Categorization &
Mapping of Information
and Information System
FIPS 199 SP 800-60
Documents the security requirements and
security controls planned or in place for the
protection of information and information systems
Security Planning
SP 800-18
Analyzes the threats to and vulnerabilities of
information systems and the potential impact or
magnitude of harm that the loss of confidentiality,
integrity, or availability would have on an agencys
operations and assets
Risk Assessment
SP 800-30
System
Authorization
(Accreditation)
The authorization of information
systems to process, store, or transmit
information, granted by a senior
agency official, based on the
effectiveness of security controls and
residual risk

SP 800-37
Security Control
Selection and
Implementation


Minimum management, operational, and technical
controls (i.e., safeguards and countermeasures)
planned or in place to protect information and
information systems

FIPS
200
SP 800-53 (Interim)
Completed
In Progress (OMB/FISMA general requirement)
In Progress (FISMA Requirement for NIST)
Assurance in Information Systems (IS)
Building more secure systems requires:
Well defined system-level security requirements
and security specifications
Well designed component products
Sound systems security engineering practices
Competent systems security engineers
Appropriate metrics for product/system testing,
evaluation, and assessment
Comprehensive system security planning and
life cycle management
Supporting Tools and Programs
Building more secure systems is enhanced by:
Standardized Security Requirements and Specifications
U.S. Common Criteria protection profile development project
Private sector protection profile contributions
BITS functional packages
Smart Card Security Users Group (SCSUG)
Process Control Security Requirements Forum (PCSRF)
IT Component-level Product Testing and Evaluation
Programs
Common Criteria Evaluation and Validation Schemes (CCRA)
Cryptographic Module Validation Program (U.S. NIST/Canada CSE)
Security Implementation Guidance
Security Technical Implementation Guides
Security Reference Guides
System Certification and Accreditation
Supporting Tools and Programs
Operational Environment
Accreditation Authority
Standards
Guidelines
Certification
Accreditation
Real World Threats and Vulnerabilities
Risk Management
Security Policies
System Security Plan
Personnel Security
Procedural Security
Physical Security

T
e
c
h
n
i
c
a
l

S
e
c
u
r
i
t
y

Specific IT System
Products
Generic
Systems
System-level Protection Profiles
Laboratory Environment
CMVP
CCEVS
Accredited
Testing
Laboratories
Products
Profiles
Validated Products
Evidence
Security Targets
Evaluation Reports
Validation Reports

FIPS 140-2 Testing
Cryptographic
Modules
CC Evaluations
General IT
Products
Protection
Profiles
Implementation Guidance
At Amity
learning never ends
the journey of excellence
continues

Thank You