AMITY We nurture talent

Information Technology & Management ADL-72Session -1OP SangwanAmity Institute of Information TechnologyAmity University---Uttar Pradesh---Sangwan_op@aiit.amity.edu

Module 1 Introduction to Computer Technology

WHAT IS A COMPUTER AND WHAT DOES IT DO?

An electronic machine, operating under the control of instructions stored in its own memoryaccepts datamanipulates the data according to specified rulesproduces resultsstores the results for future useIt can execute a prerecorded list of instructions (a program)

COMPUTER SYSTEMSPurpose: To convert data into informationThe Information Processing Cycle: Input-Process-Output and StorageComponents of a Computer SystemComputer hardwareComputer softwarePeople: users and IS professionals

Data vs. InformationData:Collection of raw unprocessed facts, figures, and symbolsInformation:Data that is organized,meaningful, and useful

The Information Processing Cycle

Hardware, SoftwareHardware: The electric, electronic, and mechanical equipment that makes up a computer

Software: The series of instructions that tells the hardware how to perform tasksEnd user who is the ultimate user of a computer system usually implies an individual with a relatively low level of computer expertisePower user is someone who has considerable experience with computers and utilizes the most advanced features of applications. IS Professionals are people who develop and operate IS.PeopleWho designs and writes software:Computer programmeruses a programming language to write software programs Systems Analystworks with both the user and the programmer to determine the desired output of the program

The Components of Computer HardwarespeakerThe Components of Computer Hardware

Computer Hardwareany part of a computer system that you can see or touchComputer (or system unit): CPU and Main MemoryPeripheral: any piece of hardware attached to a computerInput devicesOutput devicesSecondary storage devicesCommunications devices

Input DevicesAny hardware component that allows a user to enter data and instructions into a computer

Output DevicesAny hardware component that can convey information to a user

The Components of a MotherboardCPU or a ProcessorElectronic device that interprets and carries out the basic instructions that operate the computerMemoryTemporary holding place for data and instructionsStorageHolds data, instructions, and information for future useStorage MediumPhysical material on which a computer keeps the data, instructions and informationStorage DeviceRecords & retrieves items to and from a storage mediumDevices often function as source of input because they transfer items from storage into memory

Main-Memory ManagementMemory is a large array of words or bytes, each with its own address. It is a repository of quickly accessible data shared by the CPU and I/O devices.Main memory is a volatile storage device. It loses its contents in the case of system failure.The operating system is responsible for the following activities in connections with memory management: Keep track of which parts of memory are currently being used and by whom.Decide which processes to load when memory space becomes available.Allocate and deallocate memory space as needed.

Introduction to Software & Concepts of Programming

SoftwareSoftware is a collection of programs whose objective is to enhance the capabilities of a hardware machine. Types of softwareSystem software ->Operating System ->Utility Programs ->Language TranslatorsApplication software ->Customs programming ->Pre-written Packages

System SoftwareSystems software consists of low-level programs that interact with the computer at a very basic level. These programs control the operations of the computer and its devicesOperating System: Set of programs that coordinate all the activities among computer hardware devicesUtility program: performs a specific task, usually related to managing a computer, its devices, or its programs

Application softwarePrograms that do real work for usersSuite - Collection of popular individual software applications bundled together as a single unitWord processingSpreadsheetDatabasePresentation graphics

Benefits of Structured ProgrammingPrograms that meet the needs of the customerThough initially take longer time to generate code, often result in code with runs with no bugs the first time its runEasy to handle change in program specifications in the future

Structured ProgrammingA tool that becomes popular since the 70sShould have been learnt by student that have taken any programming courseAbsolutely essential for handling large programs that involve a team of programmers and huge number of man hours.The other popular philosophy is object oriented programming, but many programmers prefers structured programming

Seven Important Concepts of Structured Programming: 1. Structured WalkthroughBefore writing any program, the programming team must sit down with the customer and find out the requirementExtremely importantCustomers requirement is often impreciseIterative: several rounds of talksMust result in a specifications that is very preciseUnderstandable by programmer in programming terms

2. Stepwise RefinementA DIVIDE and CONQUER strategyWhen given a large job, divide it into smaller jobs.Given any job, it is useful to divide it intoInputProcessOutputDraw a treeRefine each job level by level (Breadth first)Use pseudo code to describe each jobDecision on data structure is delayed as much as possible

Extremely Complex JobInputProcessOutputLevel 1Input from userInitializeLevel 2Initialize security settingsLevel 3

3. Modular DesignEach ellipse is a moduleA module is a self contained block:It only receives inputs from its immediate ancestorIt only outputs to its immediate ancestorIts computation should only require calling functions that are its immediate children and them onlyThe input variables and output variables of each module should be specified when defining the moduleEach module must be programmable no majic block should exist

4. Bottom Up Coding When the refinement has reached a simple function, code the simple functionYou can test the simple function independently of the rest of the programThis gives you achievement and satisfaction, sustaining you through the long projectProject Manager exercises division of labour here, ask a member to be responsible solely for that function

5. Testing Using StubsA structured Programming project can be field tested before everything finishesStubs - for unfinished modules, use a human being to emulate it, act on the test inputs, she fits in the correct output data by handthen other programmers can test their work Meanwhile she continues to program her own module (according to MS Project timelines)

6. White Box and Black Box TestingFor each module and whole program

White BoxInput something for which you know the desired result, it should give your expected outputBlack BoxTreat it as a black box, input some data, is the result reasonable?

7. Structured Programming DocumentsA structured programming document is generated along with the programWhen requirement of customer changes, go to the documentDoes not need to rewrite the whole program, just find which modules need to rewrite and rewrite the module and the sub-tree under itProgrammer usually forgets their code in 2 months; the structured document helps her to refresh her work quickly

OOPsObjects, Classes, Attributes and Methods

What is Object Oriented Programming?Object Oriented Programming is an approach that provides a way of modularizing programs by creating partitioned memory area for both data and functions that can be used as templates for creating copies of such modules on demand

GlossaryObject: Data accessed and manipulated through an interface, such as the Imagine program

Class: A template for a new object design

Inheritance: New class created by the modification of an existing class

Instantiation: Creating a new object from an existing class The new object is known as an instance of Class X

Advantages of OOPSObjectsClassesData Abstraction and EncapsulationInheritanceDynamic BindingMessage Communication (message passing)ReusabilityCreating New Data TypesPolymorphism & Overloading..

What is an Operating System?A program that acts as an intermediary between a user of a computer and the computer hardware.Operating system goals:Execute user programs and make solving user problems easier.Make the computer system convenient to use.Use the computer hardware in an efficient manner.

Four Components of a Computer System

Operating System Definition

OS is a resource allocatorManages all resourcesDecides between conflicting requests for efficient and fair resource useOS is a control programControls execution of programs to prevent errors and improper use of the computer

Operating System Definition (Cont.)No universally accepted definitionEverything a vendor ships when you order an operating system is good approximationBut varies wildlyThe one program running at all times on the computer is the kernel. Everything else is either a system program (ships with the operating system) or an application program

Operating System StructureMultiprogramming needed for efficiencySingle user cannot keep CPU and I/O devices busy at all timesMultiprogramming organizes jobs (code and data) so CPU always has one to executeA subset of total jobs in system is kept in memoryOne job selected and run via job schedulingWhen it has to wait (for I/O for example), OS switches to another jobTimesharing (multitasking) is logical extension in which CPU switches jobs so frequently that users can interact with each job while it is running, creating interactive computingResponse time should be < 1 secondEach user has at least one program executing in memory processIf several jobs ready to run at the same time CPU schedulingIf processes dont fit in memory, swapping moves them in and out to runVirtual memory allows execution of processes not completely in memory

Memory Layout for Multiprogrammed System

Computer Network

Overview of NetworkingNetwork: interconnected collection of autonomous computers, capable of exchanging information.A communications network is two or more computers connected to share data and resources are networked. The simple idea behind computer networking is to allow users to access more information and give them access to devices not directly attached to their local system, such as printers or storage devices.

Three of the main types of computer networks are: LAN - Local Area Network MAN Metropolitan Area Network WAN - Wide Area NetworkA LAN is comprised of computers located within close proximity, such as in an office or building. A WAN is a network of computers that are situated further apart, but still connected. Such a network might be of computers within a single state agency or of a multi-national corporation worldwide.A MAN is a communication infrastructures that have been developed in and around large cities

Computer NetworksLocal Area Networks are configured in 3 basic topologies. These are either the logical orphysical way the computers are connected. Each connection on the network is known as a node.

These topologies are: Star Bus Ring

A Star topology connects all the nodes directly to the server or to a connecting device such as a hub.

All nodes on a Bus topology are connected to acentral line or backbone.

Nodes on a Ring topology are connected in a closed loop. This means that each node has two connections,one in and another out. Using this type of topology the data must travel through all the nodes.

INTERNET TECHNOLOGIESINTRODUCTION TO INTERNETINTRODUCTION TO INRANET AND EXTRANETBASIC CONCEPTS OF INTERNET AND IP ADDRESSDHCPDNSPROTOCOLSSERVICES OF INTERNET

INTRODUCTION TO INTERNETIn 1969, the Advanced Research Projects Agency (ARPA) of the U.S. Department of Defense created the Internet when it connected the computers at universities and defense contractors. This system was called ARPANET.

InternetInternet is a world wide system accessible through computers.The Internet is not just one computer,it is a coordinated union of multitude of networks all over the world.It is a network consisting of millions of machines.Network of networks.Millions of computers all over the world are connected through the Internet.Not a Government OrganizationAuthority of the Internet is the Internet Society, a Voluntary membership organization whose purpose is to promote global information exchange.

The Internet TodayThe Internet today is a cooperative community of over 100 million computer users connected worldwide.

INTRODUCTION TO INTRANET INTRANET

Intranet is an in-house network

Intranet allows internal circulation of information within the company

Intranet in an office,allows access of information to its offices and personnel

Basic Concepts of Internet And IP AddressInternet AddressJust like every house, every office, every location has an address, every page on the Internet has a unique address. This address is used get the web page for user from Internet.the address on the Internet is known as URL (Uniform Resource Locator). A typical Internet address or URL would look like; http://www.nos.org/computers/internet/url.htmThe URL contains the components that specify the protocol, server, and pathname of an item

(http://www.nos.org/computers/internet/url.htm).

The protocol is followed by a colon (http:),

the server is preceded by two slashes (//www.nos.org), and each segment of the pathname is preceded by a single slash (/computers/internet/url.htm).

A protocol is set of rules that tells the computer know how to interpret the information at that address.

What are protocols ?Networking software is organized as protocolsEg: Human protocol vs network protocol:

What are protocols ?HiHiTCP connection req.

IP Address:IP Address is a numeric identifier assigned to each machine on an IP network.It designates the location of the device that is assigned to it on the network.It is a software address.Each host should have a logically unique IP address.

IP ADDRESSCONSIST OF TWO PARTSNetwork IDIdentifies the system located on the same physical networkAll systems have same Network ID in the same network

HOST IDIdentifies a server,workstation,router within a networkAll systems have unique ID in the network

PROTOCOLSThe first component, the protocol, defines the manner for interpreting computer information. Many Internet pages use HTTP (Hyper Text Transfer Protocol).

Other common Internet protocols: FTP (File Transfer Protocol), and GOPHER (an alternative transfer protocol). Gopher protocol is mostly out of date now.

DHCPDynamic host configuration ProtocolCentralizes and manages the allocation of TCP/IP configuration information by automatically assigning IP addresses to computers configured to use DHCP.DHCP is a simple process by which a host system obtains an IP address,which is must for communication with rest of the network.

DHCP uses 4-phase process to configure

A DHCP clientA request for an IP address by a clientAn offer made to the client by DHCP serverThe client selecting an offer and asking for a leaseThe DHCP server sending an acknowledgement.

DNSDNS : Domain Naming SystemTranslate the Fully-Qualified Domain Name of a computer into its corresponding IP Number.People find names easier to remember than numbersA fully qualified domain name such as www.npr.org is converted to correct IP number 205.153.39.182 by the Domain Name Server and the IP number is used to establish connection.IP address also uses country codes comprising of two lettersThis lettering system is called DNS i.e. country codes for India is in,ca for canada,au for Australiaetc.

Services of Internet - E-mail, FTP, Telnet, WWW E-Mail:E-mail or Electronic mail is a paperless method of sending messages, notes or letters from one person to another through Internet . The biggest advantage to using e-mail is that it is cheap, especially when sending messages to other states or countries .

Features of E-mail:One-to-one or one-to-many communications Instant communications. Physical presence of recipient is not required Most inexpensive mail service, 24-hours a day and seven days a week Encourages informal communication

Components of an E-mail AddressAs in the case of normal mail system, e-mail is also based upon the concept of a recipient address. John@hotmail.comjohn: name of a mailbox on the destination computer, where finally the mail will be delivered.hotmail: the mail server where the mailbox "john" exists..com: the type of organization on net, which is hosting the mail server.

Types of OrganizationsThere are six main categories;

com Commercial institutions or organization edu Educational institutions gov Government site mil Military site net Gateways and administrative hosts org Private organizations

FTP (File Transfer Protocol) An Internet utility software used to upload and download files.

It gives access to directories or folders on remote computers and allows software, data and text files to be transferred between different kinds of computers.

The basic objectives of FTP are:To give flexibility and promote sharing of computer programs, files and data

To transfer data reliably and more efficiently over network To encourage implicit or indirect use of remote computers using Internet

To shield a user from variations in file storage systems among hosts.

WORLD WIDE WEB (WWW) also commonly known as The Web.

The WWW is hypertext based information retrieval tool. One can easily surf the Web by jumping from one document to another using the links in those documents.

These documents can be in many formats, such as text, graphics, animation, sound and latest is video.

Web PagesAll the information on Internet are presented to the user as a document or more popularly known as Web Page.

All these Web Pages are link to each other or even to section within a Web Page. And these links are known as Hyper Links.

tool used to view these Web Pages on Internet is known as Internet browser or simply browser.

Introduction to DBMS

File OrganizationSequential Organization Sequential organization simply means storing and sorting in physical, contiguous blocks within files on tape or disk.Indexed Sequential Organization Use an index to locate records. Indexed sequential organization reduces the magnitude of the sequential search and provides quick access for sequential and direct processing.Inverted List Organization In indexed sequential method has a multiple index for s given, where as the inverted list method has a single for each key typeDirect Access Organization

File Organization Method-A Summary

File Organization Method-A Summary

Objectives of Data BaseControlled redundancyEase of Learning and useData independenceMore information at low costAccuracy and integrityRecovery from FailurePrivacy & SecurityPerformance

Data Base DesignKey Terms (entities, attributes, DDL, DML etc)Logical & Physical Views of Data (Schemas and subschema)Data Structure Types of Relationship (1:1, 1:M M:M)Types of Data structureHierarchical structuringNetworking Structuring Relational structuring Entities & Attributes4. Normalization Refining of data structure 1NF 2NF 3NF

Enterprise resource planning (ERP) software is a set of applications that automate finance and human resources departments as well as handle jobs such as order processing and production scheduling. ERP vendors have expanded into applications such as Manufacturing, supply-chain management, customer relationship management, and industry verticals. An ERP system is based on a common database and a modular software design ERP Defined

Finance-General Ledger-Accounts Receivable-Accounts Payable-Procurement-Fixed Assets-Treasury Mgmt-Cost Control-Grant Management Human Resources-HR/Benefits Administration-Payroll-Self-service HR

e-Business-eProcurement- Employee Self Service- e-Recruiting/e-Hiring- e-Filing- Citizen Access- Web-enabled transactions- e-Commerce

Transaction EngineCore software that manages transaction flow among applications and handles tasks like security and data integrity Customer Relationship Mgt-Consistent user experience- Personalization of services- Realtime access- enterprise info Supply Chain Mgmt Planning, scheduling and fulfillmentapplications that address all procurement requirements across the enterprise

Data AnalysisDecision support software that lets senior executives and other users analyze transaction data to track business performance

Characteristics of an ERP SystemIncludes business management software that enables finance and human resources in a completely integrated fashion

Enables high levels of integration across business functions and units

Provides for widespread sharing of data from a single information repository

Drives extensive business transformation and change management efforts

Requires high levels of implementation effort and support

ERP Implementation BenefitsStreamlines or eliminates inefficient manual processes

Eliminates disparate stand-alone systems

Provides integrated, enterprise-wide common tools, processes and systems

Establishes a backbone structure that can be leveraged to handle all operational processes

Integrates and increases control of budgeting, planning and financial management processes

ERP Implementation Benefits (continued)Provides enterprise-wide reporting and decision support

Presents opportunity for re-engineering with industry best practices and templates

Presents opportunity to lever vendors future investment in enhanced functionality

Incorporates new functionality and technology - provides a springboard to e-Business

ERP Implementation ActivitiesPackage Integration (SAP,PeopleSoft, JDE, Oracle...)Software Environment BuildsEnterprise-wide Infrastructure Planning/Design & Roll-outInterfaces and ConversionsData Warehouse Integration E-BusinessBusiness IntelligenceNetworkingDesignImplementationTuningManage It...Change It...Implement It..Operate It...Service It...Teach It...Change Mgment Business Vision and GoalsProcess AnalysisPackage Select .Business Case Bus. Process ReengineeringIndustry Best PracticesAs Is /To Be Process Modeling Fit-Gap AnalysisPolicy Design and Procedure Dev.Readiness AssessmentOrganizational DesignCommunications PlanData Center OperationsApplication Development & MaintenanceNetwork Station ManagementNetwork Operations & SupportPlatforms & Technology ServicesInstallation/ Customization & MaintenancePerformance and TuningSoftware ServicesPlanning/Design/ InstallMigration ManagementProblem Mgmt.Systems Mgmt.Internet EnablementWeb Site DesignHelp DeskDisaster RecoveryBusiness Resumption ServicesTraining Needs AssessmentCustom Curriculum and Material DevelopmentCBT DevelopmentEnd User Training ClassesTrain-the-TrainersRoll-out of Training Prime Contractor Project ManagementDetailed Project planning and TrackingCommunications PlanSubcontractor managementProject Scope ControlFinancial Control Project Oversight and Quality Assurance Reviews

Disadvantage Customization of the ERP software is limited. Re-engineering of business processes to fit the "industry standard" prescribed by the ERP system may lead to a loss of competitive advantage. ERP systems can be very expensive leading to a new category of "ERP light" solutions The system may be too complex measured against the actual needs of the customer.

Electronic Commerce Systems

Electronic Commerce (E-Commerce)Commerce refers to all the activities the purchase and sales of goods or services.Marketing, sales, payment, fulfillment, customer service

Electronic commerce is doing commerce with the use of computers, networks and commerce-enabled software (more than just online shopping)

Brief History1970s: Electronic Funds Transfer (EFT)Used by the banking industry to exchange account information over secured networksLate 1970s and early 1980s: Electronic Data Interchange (EDI) for e-commerce within companiesUsed by businesses to transmit data from one business to another1990s: the World Wide Web on the Internet provides easy-to-use technology for information publishing and disseminationCheaper to do business (economies of scale)Enable diverse business activities (economies of scope)

E-commerce applicationsSupply chain managementVideo on demandRemote bankingProcurement and purchasingOnline marketing and advertisementHome shoppingAuctions

Ecommerce infrastructureInformation superhighway infrastructureInternet, LAN, WAN, routers, etc.telecom, cable TV, wireless, etc.Messaging and information distribution infrastructureHTML, XML, e-mail, HTTP, etc.Common business infrastructureSecurity, authentication, electronic payment, directories, catalogs, etc.

The Main Elements of E-commerceConsumer shopping on the Web, called B2C (business to consumer)Transactions conducted between businesses on the Web, call B2B (business to business)Transactions and business processes that support selling and purchasing activities on the WebSupplier, inventory, distribution, payment managementFinancial management, purchasing products and information

Advantages of Electronic CommerceIncreased salesReach narrow market segments in geographically dispersed locationsCreate virtual communitiesDecreased costsHandling of sales inquiriesProviding price quotesDetermining product availabilityBeing in the space

Disadvantages of Electronic CommerceLoss of ability to inspect products from remote locationsRapid developing pace of underlying technologiesDifficult to calculate return on investmentCultural and legal impediments

The process of e-commerceAttract customersAdvertising, marketingInteract with customersCatalog, negotiationHandle and manage ordersOrder capturePaymentTransactionFulfillment (physical good, service good, digital good)React to customer inquiriesCustomer serviceOrder tracking

Web-based E-commerce ArchitectureClientTier 1Web ServerTier 3Tier 2Tier NApplication ServerDatabase ServerDMS

E-commerce TechnologiesInternetMobile technologiesWeb architectureComponent programming Data exchangeMultimediaSearch enginesData miningIntelligent agents

Access securityCryptographic securityWatermarkingPayment systems

Infrastructure for E-commerceThe Internet system of interconnected networks that spans the globerouters, TCP/IP, firewalls, network infrastructure, network protocolsThe World Wide Web (WWW) part of the Internet and allows users to share information with an easy-to-use interfaceWeb browsers, web servers, HTTP, HTMLWeb architectureClient/server modelN-tier architecture; e.g., web servers, application servers, database servers, scalability

E-Commerce SoftwareContent Transport pull, push, web-caching, MIMEServer ComponentsCGI, server-side scriptingProgramming ClientsSessions and CookiesObject TechnologyCORBA, COM, Java Beans/RMITechnology of Fulfillment of Digital GoodsSecure and fail-safe delivery, rights management

System Design IssuesGood architectural propertiesFunctional separation Performance (load balancing, web caching)SecureReliableAvailableScalable

Creating and Managing ContentWhat the customer seeStatic vs. dynamic contentDifferent faces for different usersTools for creating contentMultimedia presentationIntegration with other mediaData interchangeHTML, XML (Extensible Markup Language)

CryptographyKeeping secretsPrivacy: interceptor cannot use informationAuthentication: senders identity cannot be forgedIntegrity: data cannot be alteredNon-repudiation: sender cannot deny sendingHow to evaluate cryptographySecret key (symmetric) cryptography; e.g., DESPublic key (asymmetric) cryptosystems; e.g, RSADigital signatures, digital certificatesKey management; e.g., PKI

SecurityConcerns about securityClient security issuesServer security issuesSecurity policy, risk assessmentAuthentication methodsSomething you know: passwordsSomething you have: smart cardSomething you are: biometricsFirewalls, proxy servers, intrusion detectionDenial of service (DOS) attacks, viruses, worms

Payment SystemsRole of paymentCashproperties: wide accept, convenient, anonymity, untraceability, no buyer transaction costOnline credit card payment, Smart CardsSecure protocols: SSL, SETInternet payment systemsElectronic cash, digital walletsMicro-paymentsWireless devices

Transactions ProcessingTransactions and e-commerceOverview of transaction processingTransaction processing in e-commerceKeeping business records, audit, backupHigh-availability systemsReplication and scalingImplementation

Other System ComponentsTaxesShipping and handlingSearch enginesData miningIntelligent agentsInventory management, enterprise resource planning (ERP)Customer relation management (CRM)

Business to Business E-CommerceMost EDI was done over private networks but there is a big push to establish common standards to use it over the Internet: Open Trading Protocol(OTP)-intended to standardize a variety of payment-related activities, including purchase agreements, receipts for purchases, and payments Open Buying on the Internet (OBI)- standard created by the Internet Purchasing Roundtable to ensure that all the different e-commerce systems can talk to each otherThese standards work in a similar fashion to the ANSI X12, which you already learned about.

Business to Business E-CommerceExample:The automotive industry is investing in a new venture, the Automotive Network Exchange (ANX). ANX is a managed virtual private network (VPN) that runs over the Internet and links manufacturers and suppliers worldwide. This will electronically link those suppliers who still communicate to manufacturers by traditional means (phone,fax, e-mail). The network will electronically route product shipment schedules, CAD files for product designs, POs, payments and other business information.

NOTE: VPNs provide secure data transfer over the net--think of them like a tunnel for data

Business to Business E-CommerceExample:The Great Plains e.Order demo that you just did is a great example of B2B over the web. It is done in a client-server environment with a Great Plains C/S+ back end (sometimes called back office) and a front end developed in Microsoft tools. Front end is simply the term used to describe what you, the user, see. It is the GUI, the web browser screen you view and/or interact with. Back end is the term used to describe what is happening with the data that the user doesnt see. Typically, that data may be in an application program or a relational database such as Oracle, DB2, SQL server, Sybase SQL server.

Business to Business E-CommerceExample:Just in case you never got a good understanding of why client/server (C/S) is such a big deal, here is an example. A customer calls to change their number. Without C/S the accounts receivable clerk would have to access the entire A/R master file from the file server just to change one record. Since this is probably thousands/millions of records and takes up lots of bandwith on the network, it makes the system crawl!!!! With C/S, the server selects out just the one record and then sends only the one record to the A/R clerk to be changed. By distributing processing in this way the system is SIGNIFICANTLY faster!!!

Business to Business E-CommerceAt some point you are going to wonder how the back end and the front end communicate. They often cant since many companies still have back ends that were not created to interface with (display) over the web. The answer is Middleware. Middleware is simply the glue or layer of software that allows the front ends (often in Java, HTML, XML, CGI scripts, ASP pages) to interact with the back end. Just like you need a translator when someone who is speaking Spanish is talking to someone who is speaking French, you often need middleware for your front end to communicate with your back end.

Business to Consumer E-CommerceIts a little different with B2C:The consumer moves through the internet to the merchants website. (i.e. Jay Crew, Amazon.com)Decides to purchase a product. He is connected to an online transaction server. All the information in this server is encrypted. After placing an order, the information moves through a private gateway to a Processing Network. The Processing Network is where the issuing and acquiring banks complete or deny the transaction.THIS ALL TAKES PLACE IN NO MORE THAN 5-7 SECONDS!

Business to Consumer E-Commerce

IT Enabled Service

Information Technology Enabled Services India, China and Philippines - predominant IT off shoring

Why?In order to gain from a large talent pool and low labor cost.

Information Technology Enabled Services India has some 5-6 % share of the total BPO Industry.

This constitutes about 63% share of the offshore component. This 63% is a drop from the 70% offshore share that India enjoyed last year

Information Technology Enabled Services It is a form of outsourced service which has emerged due to involvement of IT in various fields such as banking and finance, telecommunications, insurance, etc.

Some of the examples of ITES are medical transcription, back-office accounting, insurance claim, credit card processing Source: Wikipedia

ITESMajor aspects

Services and QualityOrganization and PoliciesProcess ManagementSource: For the next 5 slides ->Foundations of IT service Management; Van Haren Publishing, 2005;

Services and QualityProviders of IT services

Not only to support the organization

....but the expectation is to present options to implement the objectives of the organization (what are the objectives????:)Providers of IT services

..can no longer afford to focus on technology and their internal organization.

Providers of IT services

..have to consider the quality of the services they provide and focus on the relationship with customers.

Services and QualityThe quality of services depends on the way in which these things are organizedDemmings Quality circle

..provides a simple and effective model to control quality(Plan, Do, Check, Act)

Processes are divided into activities with their own plans and opportunities for checking.Quality management is everybodys responsibility

Quality assurance is a policy matter within the organization.

Quality system is the organizational structure related to responsibilities, procedures and resources for implementing quality management

ISO 9000 series of standards is often used to develop, define, assess and improve quality systemsPermanent quality improvement demands a certain degree of maturity of the organization

Organization and policiesVision Business Model Why exist? And how? And the logic?

Does the organization (processes) fulfill the objectives.?Most common method the Balanced Scorecard

Objectives help define critical success factors

Key performance indicators (KPI) are parameters for measuring progress relative to key critical success factors.

ProcessesA process is a logically related series of activities conducted toward a defined objective.

IT Service Management is primarily known as the process and service-focused approach to IT ManagementSelect Examples:

Service Delivery Processes:

Capacity Management, Availability Management, IT Service Continuity Management, Financial Management for IT services, Service Level Management

Service Support Processes

Incident Management, Problem Management, Configuration Management, Change Management, Release Management

Information Systems SecurityInformation Systems Security provides essential information for managing the security of a modern, evolving enterprise. It is written for information security managers and other technical managers and staff who are the first-line support responsible for the daily, efficient operation of security policies, procedures, standards, and practices. It covers: Access control systems and methodologies Computer operations security Application and systems development Business continuity and disaster recovery planning Telecommunications and network security Security architecture and models Physical security Cryptography Security management practices Law, investigations, and ethics

Security Certification (of an IT system)The comprehensive evaluation of the management, operational, and technical security controls in an information system Evaluation supports the security accreditation process Evaluation performed by security expert (may be contractor)Assesses the effectiveness of the implemented security controls in a particular environment of operation Are the controls an acceptable set?Are the controls operating as intended?Determines remaining vulnerabilities in the information system based on the assessment.

Security Accreditation (of an IT system)The official management decision to authorize operation of an IT systemResidual risk is one factor in decisionAuthorization: Is given by a senior agency officialIs applicable to a particular environment of operation of the IT systemExplicitly accepts the level of residual risk to agency:Operations (including mission, functions, image or reputation), Assets, &Individualsthat remain after the implementation of an agree upon set of security controls in the IT system.

TerminologyCertification & Accreditation are loaded termsTheir use is confusing outside of US governmentSecurity certification: Assessing/verifying effectiveness of implemented security controlsSecurity accreditation: Approval/authorization to operate IT systemAbove definitions more accurately reflect concepts

System Security Activities (Inside) within the System Development Life Cycle (Outside)

Information SecurityActivitiesRisk AssessmentSecurity PlanningDetermine Security RequirementsSelect Security Controls

Security AccreditationContinuous Monitoring of SecurityControl EffectivenessSecurity Control DevelopmentDevelopmental Security Test & EvaluationDevelop Security Test PlanTest & Evaluate Security ControlsConfiguration Management and controlInitiationDisposalDevelopment/Acquisition

Operation/ MaintenanceA: Assess residual risk; Make accreditation determinationC: Determine control effectiveness; Determine & document residual vulnerabilities; C: Assess residual vulnerabilities; A: Assess residual riskCategorize SystemSecurity Control IntegrationImplementationDevelopment/Acquisition

C = CertificationA = Accreditation

FISMA-Related Guidance

AGENCY INFORMATIONAND INFORMATION SYSTEM

SP 800-37 SP 800-53AVerification of Security Control Effectiveness (Certification)Measures the effectiveness of the security controls associated withinformation systems through security testing and evaluation Defines categories of information and information systems according to levelsof risk for confidentiality, integrity, and availability; maps information types to security categoriesCategorization & Mapping of Information and Information System FIPS 199 SP 800-60Documents the security requirements and security controls planned or in place for the protection of information and information systems Security Planning SP 800-18Analyzes the threats to and vulnerabilities of information systems and the potential impact or magnitude of harm that the loss of confidentiality, integrity, or availability would have on an agencys operations and assetsRisk Assessment SP 800-30System Authorization (Accreditation)The authorization of information systems to process, store, or transmit information, granted by a senior agency official, based on the effectiveness of security controls and residual risk

SP 800-37Security Control Selection and Implementation

Minimum management, operational, and technicalcontrols (i.e., safeguards and countermeasures) planned or in place to protect information and information systems

FIPS 200 SP 800-53 (Interim)CompletedIn Progress (OMB/FISMA general requirement)In Progress (FISMA Requirement for NIST)

Assurance in Information Systems (IS)Building more secure systems requires:Well defined system-level security requirements and security specificationsWell designed component productsSound systems security engineering practicesCompetent systems security engineersAppropriate metrics for product/system testing, evaluation, and assessmentComprehensive system security planning and life cycle management

Supporting Tools and ProgramsBuilding more secure systems is enhanced by:Standardized Security Requirements and SpecificationsU.S. Common Criteria protection profile development projectPrivate sector protection profile contributionsBITS functional packagesSmart Card Security Users Group (SCSUG)Process Control Security Requirements Forum (PCSRF)IT Component-level Product Testing and Evaluation Programs Common Criteria Evaluation and Validation Schemes (CCRA) Cryptographic Module Validation Program (U.S. NIST/Canada CSE)Security Implementation GuidanceSecurity Technical Implementation GuidesSecurity Reference GuidesSystem Certification and Accreditation

Supporting Tools and ProgramsOperational EnvironmentAccreditation Authority Standards Guidelines Certification AccreditationReal World Threats and Vulnerabilities Risk Management Security Policies System Security Plan Personnel Security Procedural Security Physical SecurityLaboratory EnvironmentImplementation Guidance

At Amity learning never ends the journey of excellence continues

Thank You