STUDY UNIT NINE

INFORMATION TECHNOLOGY II
9.1 System Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
9.2 Contingency Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
9.3 Data Communications and Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
9.4 Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
9.5 Study Unit 9 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
This study unit addresses the nature and modes of computer processing, the elements of the IT
function, and basic control concepts. It continues with a treatment of computer hardware and operating
systems. The concluding subunits concern various aspects of system security, including planning for
business continuity in the event of an interruption of computer processing.
Core Concepts
I Internal auditors must be careful not to treat computer printouts as traditional paper evidence. The
degree of reliance on electronic evidence by the auditor depends on the effectiveness of the
controls over the system from which such evidence is taken.
I The most important control is to install an organization-wide network security policy. This policy
should promote the objectives of data availability; data security, privacy, and confidentiality; and
data integrity.
I Access control software protects files, programs, etc., from unauthorized access. It also restricts
use of certain devices and may provide an audit trail. A firewall is an example.
I Two types of access controls are physical controls and logical controls. Physical security controls
limit physical access and protect against environmental risks and natural catastrophes, such as a
fire or flood. Logical security controls are enacted with user identification and authentication,
restriction of access, and the generation of audit trails.
I A system access log records all attempts to use the system. Other access controls include
encryption, automatic log-off, and use of security personnel. Internet security should, at the very
least, have a user account management system, a firewall, and encryption.
I Encryption technology may be either hardware- or software-based. Two major types of encryption
software exist. Public-key, or asymmetric encryption, is the more secure of the two and requires
two keys. Private-key, or symmetric encryption, is less secure because it requires only a single
key for each pair of parties that want to send each other coded messages.
I A computer center should have a reconstruction and recovery plan that will allow it to regenerate
important programs and database files. The center should create backup copies of data files,
databases, programs, and documentation. Also, it should store backup copies offsite and plan for
auxiliary processing on alternate systems or at another site.
I Protection from malicious software and attacks is a key aspect of contingency planning. To protect
against viruses, three types of controls should be implemented: preventive controls, detective
controls, and corrective controls.
I Hot-site and cold-site backup facilities are another key aspect of contingency planning. A hot site
is a service bureau. It is a fully operational processing facility that is immediately available. A
cold site is a shell facility where the user can quickly install computer equipment. A hot site with
updated software and data that can begin operations in minutes is a flying-start site.
I A hub is a central connecting device in a network that joins communications lines together in a star
configuration. Switches are another type of connecting device; each port on a switch can give full
bandwidth to a single server, client, or hub. Bridges connect two or more segments of a local
area network; they improve network performance by keeping traffic contained within smaller
segments. Routers are devices that route data packets from one local area network or wide area
network to another.
1
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
I The most common types of transmission media include twisted copper wire, coaxial cable,
fiber-optic cable, and wireless transmission media.
I Private networks are dedicated facilities, such as satellites, microwave transmitters, or telephone
lines, leased from a common carrier. Public-switched networks use public telephone lines.
I In value-added networks, or VANs, the senders and receivers computers are never directly
connected. The third-party VAN receives, logs, stores, and forwards electronic documents to the
parties, thus eliminating the need for dedicated computers waiting for incoming messages.
I A local area network, or LAN, is a local distributed computer system. Computers, communication
devices, and other equipment are linked by dedicated channels. A network interface card links
the personal computers and printers in a LAN.
I A wide area network, or WAN, provides data communication and file sharing among remote
offices. A WAN may combine switched and dedicated lines, microwave transmission, and
satellite communication.
I The Internet is a series of networks throughout the world that facilitates information transfer among
computers. Gateways allow mainframe computers to interface with personal computers. The
fastest growing component of the Internet is the World Wide Web.
I An intranet is an internal network that applies Internet connectivity standards and web software.
Although an intranet is a network based on the same technology as the Internet, access is limited
to an organization or those with specific authorization. An extranet is an intranet to which
specified parties, such as suppliers and customers, have limited access.
I Hypertext markup language, or HTML, is the authoring software language used to create and link
pages on the web. Extensible markup language, or XML, was developed as an open standard
usable with many programs and platforms.
I A database is a series of related files combined to eliminate unnecessary redundancy of data
items. A single integrated information system allows for increased data accessibility. The data
are stored physically on direct-access devices for efficient access.
I The most-used logical structure of a database is a relational structure that organizes data in
conceptual tables. Each column in a table is a field, and each row is a specific record. A file is a
logical collection of records, such as those for customer accounts.
I The three basic operations in the relational database structure are selecting, joining, and
projecting.
I A database management system, or DBMS, is an integrated set of computer programs. They
create the database; maintain the elements; safeguard the data from loss or destruction; and
make the data available to applications, programs, and inquiries. The DBMS allows programmers
and designers to work independently of the physical structure of the database.
I The schema is a description of the overall logical structure of the database using data-definition
language, which is the connection between the logical and physical structures of the database.
The data dictionary is a file that describes the use of data from the database in applications.
9.1 SYSTEM SECURITY
1. Data Integrity
a. The difficulty of maintaining the integrity of the data is the most significant limitation of
computer-based audit tools.
b. Electronic evidence is difficult to authenticate and easy to fabricate.
c. Internal auditors must be careful not to treat computer printouts as traditional paper
evidence. The data security factors pertaining to electronic evidence must be
considered.
d. The degree of reliance on electronic evidence by the auditor depends on the
effectiveness of the controls over the system from which such evidence is taken.
2 SU 9: Information Technology II
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
e. The most important control is to install an organization-wide network security
policy. This policy should promote the following objectives:
1) Availability. The intended and authorized users should be able to access data
to meet organizational goals.
2) Security, privacy, and confidentiality. The secrecy of information that could
adversely affect the organization if revealed to the public or competitors should
be ensured.
3) Integrity. Unauthorized or accidental modification of data should be prevented.
2. Access Control
a. Access control software (1) protects files, programs, data dictionaries, processing,
etc., from unauthorized access; (2) restricts use of certain devices (e.g., terminals);
and (3) may provide an audit trail for both successful and unsuccessful access
attempts. For example, a firewall separates internal from external networks.
b. Segregation of functions. Many controls once performed by separate individuals
may be concentrated in computer systems. Hence, an individual who has access to
the computer may perform incompatible functions. As a result, other control
procedures may be necessary to achieve the control objectives ordinarily
accomplished by segregation of functions. Other controls may include:
1) Use of password controls to prevent incompatible functions from being
performed by individuals with online access to assets and records
2) Controls over access to equipment and data files
a) Access controls provide assurance that only authorized individuals use the
system and that usage is for authorized purposes.
i) Such controls include physical safeguards of equipment, proper
library security, and passwords.
c. Physical security controls limit physical access and protect against environmental
risks and natural catastrophes such as fire and flood.
1) Keypad devices allow entry of a password or code to gain entry to a physical
location or computer system.
2) Card reader controls are based on reading information from a magnetic strip on
a credit, debit, or other access card. Controls can then be applied to
information about the cardholder contained on the magnetic strip.
d. Logical security controls are needed because of the use of communications
networks and connections to external systems. User identification and
authentication, restriction of access, and the generation of audit trails are required in
this environment. Thus, access controls have been developed to prevent improper
use or manipulation of data files and programs. They ensure that only those persons
with a bona fide purpose and authorization have access to computer systems.
1) Passwords and ID numbers. The use of passwords and identification numbers
is an effective control in an online system to prevent unauthorized access to
computer files. Lists of authorized persons are maintained in the computer.
The entry of passwords or identification numbers; a prearranged set of personal
questions; and the use of badges, magnetic cards, or optically scanned cards
may be combined to avoid unauthorized access.
a) A security card may be used with a personal computer so that users must
sign on with an ID and a password. The card controls the machines
operating system and records access data (date, time, duration, etc.).
b) Proper user authentication by means of a password requires password-
generating procedures to ensure that valid passwords are known only by
the proper individuals. Thus, a password should not be displayed when
entered at a keyboard.
SU 9: Information Technology II 3
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
c) Password security may also be compromised in other ways. For example,
log-on procedures may be cumbersome and tedious. Thus, users often
store log-on sequences on their personal computers and invoke them
when they want to use mainframe facilities. A risk of this practice is that
anyone with access to the personal computers could log on to the
mainframe.
d) To be more effective, passwords should consist of random letters,
symbols, and numbers. They should not contain words or phrases.
2) File attributes can be assigned to control access to and the use of files.
Examples are read/write, read only, archive, and hidden.
3) A device authorization table restricts file access to those physical devices that
should logically need access. For example, because it is illogical for anyone to
access the accounts receivable file from a manufacturing terminal, the device
authorization table will deny access even when a valid password is used.
a) Such tests are often called compatibility tests because they ascertain
whether a code number is compatible with the use to be made of the
information. Thus, a user may be authorized to enter only certain kinds of
data, have access only to certain information, have access but not
updating authority, or use the system only at certain times. The lists or
tables of authorized users or devices are sometimes called access
control matrices.
4) A system access log records all attempts to use the system. The date and
time, codes used, mode of access, data involved, and operator interventions
are recorded.
5) Encryption involves using a fixed algorithm to manipulate plaintext. The
information is sent in its manipulated form, and the receiver translates the
information back into plaintext. Although data may be accessed by tapping into
the transmission line, the encryption key is necessary to understand the data
being sent.
a) For example, a web server (a computer that delivers web pages to the
Internet) should be secure. It should support a security protocol that
encrypts messages to protect transactions from third party detection or
tampering.
6) A callback feature requires the remote user to call the computer, give
identification, hang up, and wait for the computer to call the users authorized
number. This control ensures acceptance of data transmissions only from
authorized modems. However, call forwarding may thwart this control.
7) Controlled disposal of documents. One method of enforcing access
restrictions is to destroy data when they are no longer in use. Thus, paper
documents may be shredded and magnetic media may be erased.
8) Biometric technologies. These are automated methods of establishing an
individuals identity using physiological or behavioral traits. These
characteristics include fingerprints, retina patterns, hand geometry, signature
dynamics, speech, and keystroke dynamics.
9) Automatic log-off (disconnection) of inactive data terminals may prevent the
viewing of sensitive data on an unattended data terminal.
10) Utility software restrictions. Utility software may have privileged access and
therefore be able to bypass normal security measures. Performance monitors,
tape and disk management systems, job schedulers, online editors, and report
management systems are examples of utility software. Management can limit
the use of privileged software to security personnel and establish audit trails to
document its use. The purpose is to gain assurance that its uses are
necessary and authorized.
4 SU 9: Information Technology II
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
11) Security personnel. An organization may need to hire security specialists. For
example, developing an information security policy for the organization,
commenting on security controls in new applications, and monitoring and
investigating unsuccessful access attempts are appropriate duties of the
information security officer.
3. Internet Security
a. Connection to the Internet presents security issues. Thus, the organization-wide
network security policy should at the very least include
1) A user account management system
2) Installation of an Internet firewall
3) Methods such as encryption to ensure that only the intended user receives the
information and that the information is complete and accurate
b. User account management involves installing a system to ensure that
1) New accounts are added correctly and assigned only to authorized users.
2) Old and unused accounts are removed promptly.
3) Passwords are changed periodically, and employees are educated on how to
choose a password that cannot be easily guessed (e.g., a password of at least
six diverse characters that do not form a word).
c. A firewall separates an internal network from an external network (e.g., the Internet)
and prevents passage of specific types of traffic. It identifies names, Internet Protocol
(IP) addresses, applications, etc., and compares them with programmed access
rules.
1) A firewall may have any of the following features:
a) A packet filtering system examines each incoming network packet and
drops (does not pass on) unauthorized packets.
b) A proxy server maintains copies of Web pages to be accessed by
specified users. Outsiders are directed there, and more important
information is not available from this access point.
c) An application gateway limits traffic to specific applications.
d) A circuit-level gateway connects an internal device, e.g., a network
printer, with an outside TCP/IP port. It can identify a valid TCP session.
e) Stateful inspection stores information about the state of a transmission
and uses it as background for evaluating messages from similar sources.
2) Firewall systems ordinarily produce reports on organization-wide Internet use,
unusual usage patterns, and system penetration attempts. These reports are
very helpful to the internal auditor as a method of continuous monitoring, or
logging, of the system.
a) Firewalls do not provide adequate protection against computer viruses.
Thus, an organization should include one or more antivirus measures in
its network security policy.
d. Data traveling across the network can be encoded so that it is indecipherable to
anyone except the intended recipient.
e. Other Controls
1) Authentication measures verify the identity of the user, thus ensuring that only
the intended and authorized users gain access to the system.
a) Most firewall systems provide authentication procedures.
b) Access controls are the most common authentication procedures.
SU 9: Information Technology II 5
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
2) Checksums help ensure the integrity of data by checking whether the file has
been changed. The system computes a value for a file and then proceeds to
check whether this value equals the last known value for this file. If the
numbers are the same, the file has likely remained unchanged.
4. Data Storage
a. Storing all related data on one storage device creates security problems.
1) If hardware or software malfunctions occur, or unauthorized access is achieved,
the results could be disastrous.
2) Greater emphasis on security is required to provide backup and restrict access
to the database.
a) For example, the system may employ dual logging, that is, use of two
transaction logs written simultaneously on separate storage media. It
may also use a snapshot technique to capture data values before and
after transaction processing. The files that store these values can be
used to reconstruct the database in the event of data loss or corruption.
3) The responsibility for creating, maintaining, securing, and restricting access to
the database belongs to the Database Administrator (DBA).
4) A database management system (DBMS) includes security features. Thus, a
specified users access may be limited to certain data fields or logical views
depending on the individuals assigned duties.
5. Encryption
a. Encryption technology converts data into a code. A program codes data prior to
transmission. Another program decodes it after transmission. Unauthorized users
may still be able to access the data, but, without the encryption key, they will be
unable to decode the information.
b. Encryption software uses a fixed algorithm to manipulate plaintext and an encryption
key to introduce variation. The information is sent in its manipulated form (cypher-
text), and the receiver translates the information back into plaintext. Although data
may be accessed by tapping into the transmission line, the encryption key is
necessary to understand the data being sent. The machine instructions necessary to
code and decode data can constitute a 20-to-30% increase in system overhead.
c. Encryption technology may be either hardware- or software-based. Two major types
of encryption software exist.
1) Public-key/private-key, or asymmetric, encryption requires two keys: The
public key for coding messages is widely known, but the private key for
decoding messages is kept secret by the recipient. Accordingly, the parties
who wish to transmit coded messages must use algorithmically related pairs of
public and private keys. The sender searches a directory for the recipients
public key, uses it to decode the message, and transmits the message to the
recipient. The latter uses the public key and the related private (secret) key to
decode the message.
a) One advantage of public-key encryption is that the message is encoded
using one key and decoded using another. In contrast, private-key
encryption requires both parties to know and use the secret key.
b) A second advantage is that neither party knows the others private key.
The related public-key and private-key pair is issued by a certificate
authority (a third-party fiduciary, e.g., VeriSign or Thawte). However, the
private key is issued only to one party.
i) Thus, key management in a public-key/private-key system is more
secure than in a secret-key system because the parties do not have
to agree on, transmit, and handle the one secret key.
6 SU 9: Information Technology II
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
c) RSA, named for its developers (Rivest, Shamir, and Adelman), is the most
commonly used public-key/private-key method.
d) A public-key/private-key system is used to create digital signatures
(fingerprints).
i) A digital signature is a means of authentication of an electronic
document, for example, of the validity of a purchase order,
acceptance of a contract, or financial information.
G The sender uses its private key to encode all or part of the
message, and the recipient uses the senders public key to
decode it. Hence, if that key decodes the message, the
sender must have written it.
G One variation is to send the message in both plaintext and
cyphertext. If the decoded version matches the plaintext
version, no alteration has occurred.
ii) A digital certificate is another means of authentication used in
e-business. The certificate authority issues a coded electronic
certificate that contains the holders name, a copy of its public key,
a serial number, and an expiration date. The certificate verifies the
holders identity.
G The recipient of a coded message uses the certificate
authoritys public key (available on the Internet) to decode the
certificate included in the message. The recipient then
determines that the certificate was issued by the certificate
authority. Moreover, the recipient can use the senders public
key and identification data to send a coded response.
I Such methods might be used for transactions between
sellers and buyers using credit cards.
G A certificate also may be used to provide assurance to
customers that a website is genuine.
G The public key infrastructure permits secure monetary and
information exchange over the Internet. Thus, it facilitates
e-business.
G Protocols commonly used for coding and decoding functions on
the Internet are SSL (Secure Sockets Layer) and S-HTTP
(Secure Hypertext Transport Protocol).
G Digital time stamping services verify the time (and possibly
the place) of a transaction. For example, a document may be
sent to a service, which applies its digital stamp and then
forwards the document.
2) Secret-key, or symmetric, encryption requires only a single key for each pair of
parties that want to send each other coded messages.
a) Data Encryption Standard (DES), a shared private-key method
developed by the U.S. government, is the most prevalent secret-key
method. It is based on numbers with 56 binary digits.
b) The Advanced Encryption Standard (AES) is a recently adopted
cryptographic algorithm for use by U.S. government organizations to
protect sensitive information. The AES will be widely used on a voluntary
basis by organizations, institutions, and individuals as well as by the U.S.
government.
SU 9: Information Technology II 7
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
9.2 CONTINGENCY PLANNING
1. Backup and recovery policies and procedures. A computer center should have a
reconstruction and recovery plan that will allow it to regenerate important programs and
database files. The center should create backup (duplicate) copies of data files,
databases, programs, and documentation; store backup copies offsite; and plan for
auxiliary processing on alternate systems or at another site.
2. The organization must undertake contingency planning and risk analysis. During an early
stage of contingency planning for information systems, management must determine how
various processing disruptions may affect the entity. Risk analysis identifies and
prioritizes critical applications, evaluates their organizational impact, determines recovery
time frames and minimum hardware platform requirements, assesses insurance coverage,
identifies exposures and their implications, and develops recovery plans.
3. It is important in any information processing environment not to lose or otherwise destroy
data. Not only is the loss of data a problem, but the organization may also require
continuous processing without disruptions. For these reasons, it is imperative that any
system have adequate backup and recovery procedures in the event of system failure,
power loss, or other potential corruption of data. The procedures implemented will normally
be a function of the specific computer environment, type of processing, or storage mode.
a. Batch processing. Magnetic tape and magnetic disks are used.
1) Checkpoint procedures involve capturing all the values of data and program
indicators at specified points and storing these values in another file. If
processing is interrupted, it can be resumed at the last checkpoint rather than at
the beginning of the run.
b. Online processing. Magnetic disks are used for online processing.
1) Rollback and recovery procedures involve the dumping of the master files
contents and associated data structures onto a backup file. In the event of a
faulty run, the dump is used together with the transaction log or file to
reconstruct the file.
c. Database management systems use magnetic disks for online processing.
1) Database systems require a more elaborate backup procedure. Normally,
recovery and restart procedures must provide for continued operations during
reconstruction of lost information.
2) Dual logging involves the use of two transaction logs written simultaneously on
two separate storage media.
3) Before-image/after-image captures the data values before and after transaction
processing and stores them in files. These files can be used to re-create the
database in the event of data loss or corruption.
d. Fully protected systems have generator or battery backup to prevent data
destruction and downtime from electrical power disturbances. Loss of electrical
power or voltage fluctuations need not disturb the vulnerable contents of main
memory if a noninterruptible system is in place.
e. Fault-tolerant computer systems have additional hardware and software as well as
a backup power supply. A fault-tolerant computer has additional chips and disk
storage.
8 SU 9: Information Technology II
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
f. Protection from malicious software and attacks. An example of malicious software
is a computer virus, a software program that infects another program or a systems
primary storage (main memory) by altering its logic. Infection often results in the
destruction of data. Once infected, a software program can spread the virus to other
software programs. Obtaining software through a shareware network or by
downloading from an electronic bulletin board is a typical cause of infection.
Propagation of viruses through email attachments is also common.
1) To protect against viruses, three types of controls should be implemented.
a) Preventive controls include establishing a formal security policy, using
only clean and certified copies of software, not using shareware software,
checking new software with antivirus software, restricting access, and
educating users.
b) Detective controls include making file size and date/time stamp
comparisons.
c) Corrective controls include ensuring that clean backup is maintained and
having a documented plan for recovery from a virus.
2) For more on malicious software and a full discussion of attacks on computer
systems, see the next study unit.
g. Hot-site and cold-site backup facilities. A hot site is a service bureau. It is a fully
operational processing facility that is immediately available. A cold site is a shell
facility where the user can quickly install computer equipment.
1) A hot site with updated software and data that can begin operations in minutes is
a flying-start site.
9.3 DATA COMMUNICATIONS AND NETWORKS
1. The movement of data among CPUs and remote devices requires special hardware and
software and telecommunications technology.
a. To connect computers and remote terminals, the following devices may be used:
1) Front-end processors perform message switching, move data to primary
storage, translate coded data, and otherwise relieve the host computer of
certain communications control functions.
a) They are located between the computer and the modem in the network.
b) Nonprogrammable units are known as communications controllers.
2) Multiplexers are switching devices that route or channel the flow of data. They
intermix the two-way flow of data so that data may flow over one line. A
multiplexer channel permits sending more than one message on a
communication line (interleaving). Thus, several terminals may be able to
share a communication line to a CPU.
a) A concentrator is a programmable device that collects messages until it
has enough to be transmitted in a burst of signals to the host computer.
SU 9: Information Technology II 9
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
3) A modem (modulator-demodulator) is a hardware device to convert digital
signals from terminals and the CPU into analog signals for transmission across
data (usually telephone) lines. The receiving modem converts the analog
signal back to digital form for use by the receiving terminal or CPU.
a) If digital transmission facilities are available, however, a modem is not
required. Instead, the user employs a digital interface or data service
unit (DSU) as a connection with the digital transmission service.
i) Digital transmission is less prone to error because it is less sensitive
to electrical interference.
b) One way in which modems may differ is in their bit rates, not to be
confused with baud rates. The bit rate, usually measured in bits per
second, is a measurement of the transmission speed. The baud rate is
the number of signal changes or cycles per period of time and cannot
exceed the bandwidth of the communication channel.
i) At high speeds, more than one bit may be transmitted by a signal
change. Hence, the bit rate may be greater than the baud rate.
ii) A telecommunications mediums transmission capacity depends on
its frequency, i.e., the number of signal changes or cycles per
second that can be sent through the medium as measured in hertz.
The bandwidth is the range of frequencies from highest to lowest
that a given telecommunications channel can accommodate. As
the bandwidth increases, the capacity of the medium also
increases.
4) Communications channels differ from the data channels connecting the CPU
and peripheral equipment. These communications media for transmitting data
are classified according to their capacity:
a) Narrowband (baseband), e.g., telegraph lines
b) Voiceband, e.g., telephone lines
c) Broadband, which provides multiple paths and therefore permits
simultaneous transmission of different kinds of data
i) Examples are fiber-optic cable, microwave circuits, and satellite
channels.
d) Baseband network, a type of LAN used solely for data communications
5) The following are other hardware items used to connect computers in a network:
a) A hub is a central connecting device in a network that joins
communications lines in a star configuration.
i) Passive hubs are connecting units that add nothing to the data
passing through them.
ii) Active hubs, also sometimes called multiport repeaters,
regenerate the data bits to maintain a strong signal.
iii) Intelligent hubs provide added functionality, such as network
management, bridging, routing, and switching.
b) A switch is another connecting device. Each port on a switch can give full
bandwidth to a single server, client, or hub.
c) Bridges connect two or more LAN segments together. The segments can
be of similar or dissimilar types. Bridges improve network performance by
keeping traffic contained within smaller segments.
10 SU 9: Information Technology II
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
d) Routers are devices that route data packets from one local area network
(LAN) or wide area network (WAN) to another. Routers read the network
address in each transmitted frame and make a decision on how to send it
based on the most expedient route. They also perform the central
switching function on the Internet.
b. Transmission media include the following:
1) Twisted copper wire is used for analog communication by telephone. It is a
slow medium for data transmission, but new software and hardware have
improved its capacity.
2) Coaxial cable is used for cable television, high-speed modems, and LANs. It
consists of thickly insulated copper wire that is faster and more interference free
than twisted wire.
3) Fiber-optic cable uses light impulses that travel through clear, flexible tubing
half the size of a human hair. Fiber-optic cables are not subject to electrical
interference and are highly reliable. They provide for extremely flexible and fast
data transmission. The signal remains strong across long distances; i.e., it
does not tend to weaken (attenuate). Fiber-optic cables have been proven to
be more tamper resistant than the other media listed. Optical transmissions
cannot be wiretapped. It is also more expensive.
4) Wireless transmission media use the electromagnetic spectrum. For
example, microwave systems use high-frequency radio signals transmitted
through the atmosphere. Satellites may serve as relay points. They may be
the conventional high, stationary orbit variety or the cheaper low-orbit satellites
that require less powerful ground transmitters.
a) Pagers have long been used to alert the recipient of a message, but newer
systems permit transmission of brief text messages.
b) A cell phone uses radio waves to transmit voice and data through
antennas in a succession of cells or defined geographic areas. Two-way
digital data transmission via cell phone is made possible by the
transmission standard CDPD (Cellular Digital Packet Data).
c) Networks (mobile data networks) have been established expressly for
two-way data transmission between handheld computers.
d) Personal communications services (PCS) is a cellular technology based
on lower-power, higher-frequency radio waves. Cells must be smaller
and more numerous, but the phones should be smaller and less
expensive and be able to operate where other such devices cannot.
e) A personal digital assistant (PDA) is a handheld computer with
pen-based input. It may have wireless telecommunication capabilities, for
example, email, fax, and document data transmission.
c. Transmission modes may be asynchronous or synchronous.
1) Asynchronous, or start-stop, transmission is used for slow, irregular
transmissions, such as from a keyboard terminal. Each character is marked by
a start and stop bit.
2) Synchronous transmission is used when rapid, continuous transmission is
desired. It transfers blocks of characters without start and stop bits but requires
that the sending and receiving modems be synchronized.
SU 9: Information Technology II 11
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
d. The following are the types of transmission circuits:
1) Simplex transmission is in one direction only, such as for display purposes (e.g.,
a public address system).
2) Half-duplex transmission is in both directions but not at the same time. It is
appropriate when processing is online, but a response is not required (e.g., a
walkie-talkie).
3) Duplex transmission is in both directions at once, which is a necessity for
real-time processing (e.g., a telephone).
e. Teleprocessing is computer processing via remote terminals. Communications
software for teleprocessing is necessarily complex because of the multiple tasks to
be performed when many terminals are in simultaneous use. The CPU, the front-end
processor, and the concentrator all may have communications software.
1) This software performs the following functions:
a) Receives input, locates the appropriate program, loads it into memory,
transmits the input to the program, and passes the output to the user.
b) Identifies and corrects errors and provides for security. Encryption is a
typical security measure. A program codes data prior to transmission.
Another program decodes it after transmission.
c) Maintains a log of activity and a database or file of updated records.
d) Manages buffers (special storage areas) that hold input before processing.
e) Manages the sequencing and proper routing of messages.
2) A protocol is a set of rules for message transmission among the devices in the
network. Each device should adhere to the same protocol.
3) Snapshot copies of files are created at time intervals so that the files will be
available on the mainframe. A risk of snapshot files is that they could be
obsolete by the time they are downloaded.
2. Types of networks. A network consists of multiple connected computers at multiple
locations. Computers that are electronically linked permit an organization to assemble and
share transaction and other information among different physical locations.
a. Private networks are dedicated facilities, e.g., satellites, microwave transmitters, or
telephone lines, leased from a common carrier. Hence, no dial-up access is required,
and security is enhanced. A PBX (private branch exchange) is a special computer
at an organizations facility used to store, hold, transfer, and redial telephone calls. It
can carry both voice and data and can switch digital data among computers and
office equipment, e.g., printers, copiers, and fax machines. A PBX uses telephone
lines, so its data transmission capacity is limited.
b. Public-switched networks use public telephone lines. This arrangement may be the
most economical, but data transmission may be of lower quality, no connection may
be available, and security measures may be ineffective.
c. Value-added networks (VANs) are private networks that transmit the data of
subscribing entities. To compete with the Internet, these third-party networks add
value by providing error detection and correction services, electronic mailbox facilities
for EDI purposes, EDI translation, and security for email and data transmissions.
1) Packet switching is one way in which a VAN adds value by improving the
efficiency of transmissions. Packet switching divides a file into small packages
that are sent independently by available communication channels through a
network and then reassembled at the receiving end.
a) Frame relay is faster and less expensive but, unlike packet switching,
does not involve error correction. Frames are similar to packets. They
are best used for data rather than voice or video communication.
12 SU 9: Information Technology II
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
b) Asynchronous transfer mode (ATM) is a technology that avoids the
need for separate networks. It switches audio, video, graphics, and data
among users at whatever speed the network can operate and regardless
of whether the computers are from different vendors. It also eliminates
protocol conversion by dividing information into cells, each containing
53 bytes.
c) Internet Protocol (IP) is the packet-switching protocol upon which the
Internet is built. Other protocols, such as TCP/IP, are built on top of IP to
allow computers to connect to each other across many network nodes.
d. A local area network (LAN) is a local distributed computer system, e.g., within a
single office. Computers, communication devices, and other equipment are linked by
cable. Special software facilitates efficient data communication among the hardware
devices. The channel technology may be baseband or broadband. Baseband allows
one path for transmission of video, voice, text, or graphics, and only one data type
may be transmitted. Broadband provides multiple paths.
1) The LANs hardware consists of several microcomputers either attached to a
host computer, linked as part of several LANs that may or may not
communicate with a host computer, or connected together but not connected to
a host computer.
a) A peer-to-peer network operates without a mainframe or server.
2) A LAN also may use wireless spread spectrum broadcasting rather than a
direct cable link. However, a wireless LAN is likely to have slower response
times.
3) A network interface card links personal computers and printers in a LAN that is
connected by coaxial cable, twisted pair, or optical fiber. The card creates an
address for each message, determines the data transmission rate and the size
of message units, and specifies how the components are connected (the
topology).
4) A server is a computer in the LAN that functions as a librarian. It stores
programs and files for users and determines who obtains access to what. It
also contains the network operating system.
5) A gateway is a means of connecting otherwise incompatible networks, nodes, or
devices. It converts one set of communication protocols to another.
6) Ethernet is a set of LAN standards that allows networking products from
different vendors to communicate with each other. It is the most widely used
LAN technology.
7) A baseband network is used solely for data communications.
e. Wide area networks (WANs) provide data communication and file sharing among
remote offices. A WAN may combine switched and dedicated lines, microwave
transmission, and satellite communication. Common carriers determine rates and
connections between lines, but content and management (routing of messages,
editing, protocols, etc.) are the responsibility of the customer.
f. The Internet is a network of networks all over the world.
1) The Internet is descended from the original ARPANet, a product of the Defense
Departments Advanced Research Projects Agency (ARPA), introduced in
1969.
a) The idea was to have a network that could not be brought down during an
enemy attack by bombing a single central location. ARPANet connected
computers at universities, corporations, and government. In view of the
growing success of the Internet, ARPANet was retired in 1990.
SU 9: Information Technology II 13
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
2) The Internet facilitates inexpensive communication and information transfer
among computers, with gateways allowing mainframe computers to interface
with personal computers.
a) Very high-speed Internet backbones carry signals around the world and
meet at network access points.
3) Most Internet users obtain connections through Internet service providers
(ISPs) that in turn connect either directly to a backbone or to a larger ISP with a
connection to a backbone.
a) The topology of the backbone and its interconnections may once have
resembled a spine with ribs connected along its length but is now almost
certainly more like a fishing net wrapped around the world with many
circular paths.
4) The three main parts of the Internet are the servers that hold information,
clients that view the information, and the transmission control protocol/
Internet protocol (TCP/IP) suite of protocols that connect the two.
5) The Internet was initially restricted to email and text-only documents.
a) In the 1980s, English computer scientist Tim Berners-Lee conceived the
idea of allowing users to click on a word or phrase (a hyperlink) on their
screens and having another document automatically be displayed.
b) Berners-Lee created a simple coding mechanism called hypertext
markup language (HTML) to perform this function. He also created a set
of rules called hypertext transfer protocol (HTTP) to allow hyperlinking
across the Internet rather than on just a single computer. He then created
a piece of software, called a browser, that allowed users to read HTML
from any brand of computer. The result was the World Wide Web (often
simply called the Web).
i) As the use of HTML and its successor languages spread, it became
possible to display rich graphics and streaming audio and video in
addition to text.
ii) Extensible markup language (XML) was developed by an
international consortium and released in 1998 as an open standard
usable with many programs and platforms.
G XML codes all information in such a way that a user can
determine not only how it should be presented but also
what it is, i.e., all computerized data may be tagged with
identifiers.
G Unlike HTML, XML uses codes that are extensible, not
fixed. Thus, if an industry can agree on a set of codes,
software for that industry can be written that incorporates
those codes.
6) With the explosive growth of the World Wide Web in the 1990s, whole new
distribution channels opened up for businesses. Consumers can browse a
vendors catalog using the rich graphics of the Web, initiate an order, and remit
payment, all from the comfort of their homes.
a) An organizations presence on the Web is constituted in its website. The
website consists of a home page, the first screen encountered by users,
and subsidiary web pages (screens constructed using HTML or a similar
language).
14 SU 9: Information Technology II
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
b) Every page on the World Wide Web has a unique address, recognizable
by any web-enabled device, called a universal resource locator (URL).
However, just because the address is recognizable does not mean it is
accessible to every user -- security is a major feature of any
organizations website.
7) An intranet permits sharing of information throughout an organization by
applying Internet connectivity standards and web software (e.g., browsers) to
the organizations internal network.
a) An intranet addresses the connectivity problems of an organization with
many types of computers. It is ordinarily restricted to those within the
organization and to outsiders after appropriate identification.
b) An extranet consists of the linked intranets of two or more organizations;
for example, of a supplier and its customers. It typically uses the public
Internet as its transmission medium but requires a password for access.
g. Virtual Private Networks (VPNs)
1) Businesses have traditionally relied on private leased lines to link offices so that
workers could share information over a WAN. However, while providing a high
degree of privacy, leased lines are expensive to set up and maintain. For many
organizations, a leased line may be impractical, providing more bandwidth than
is needed at too high a price.
2) VPNs emerged as a relatively inexpensive way to solve this problem. Rather
than maintain a point-to-point leased line, an organization connects each office
or LAN to a local Internet service provider and routes data through the
Internet using shared, low-cost public bandwidth as the communications
backbone.
3) However, the major concern in using a public network for electronic data
exchange is security. Unprotected data sent across the Internet are
susceptible to being viewed, copied, or modified by unauthorized parties. The
success of VPNs will depend on the development of secure encryption products
that protect data while in transit across the Internet.
h. Given the worldwide proliferation of computer networks, connectivity has become a
major issue. The desire for greater connectivity favors open systems.
1) Open systems are those for which suppliers provide components whose
interfaces are defined by public standards. For example, the U.S. government
specifies that its suppliers adhere to the UNIX operating system and the
telecommunications protocols developed for the Internet. In contrast, a closed
systems components are built to proprietary standards so that the equipment
made by other suppliers could not interface with the existing system.
Accordingly, converting to open systems increases the number of vendors from
which substitutable components can be acquired, which increases price
competition for equipment.
2) Although uniform standards for telecommunications, networking, operating
systems, and user interfaces have not yet emerged, some standards have been
created by governments, industry associations, and international organizations.
a) Open Systems Interconnect (OSI) has been developed by the
International Organization for Standardization. It is a seven-layer
reference model that allows different types of computers and networks to
communicate.
b) Integrated Services Digital Network (ISDN) provides international
standards for voice, video, and data communications over telephone
lines.
SU 9: Information Technology II 15
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
3. Applications
a. Electronic mail permits transfer, receipt, and storage of messages within or between
computer systems. The mail consists of electronically transmitted messages. A
users mailbox is the storage area allocated for messages. The advantages of
electronic mail are high-speed transmission, reduction of message preparation costs,
and the possibility of sending or reading messages at a convenient time.
1) A typical system permits a user to answer messages, compose or delete
messages, edit, file, forward messages to other users, move items among files,
read, retrieve from files, scan contents of files, send messages, and print.
b. Voice mail converts spoken messages from analog to digital form, transmits them
over a network, and stores them on a disk. Messages are then converted back to
analog form when the recipient desires to hear them. Afterward, they may be saved,
forwarded, or deleted.
c. Conducting an electronic meeting among several parties at remote sites is
teleconferencing. It can be accomplished by telephone or electronic mail group
communication software.
1) Videoconferencing permits the conferees to see each other on video screens.
2) These practices have grown in recent years as companies have attempted to cut
their travel costs.
d. A fax machine can scan a document, convert its text and graphics to digital form, and
then transmit the result over telephone lines. The recipients fax machine can then
create a facsimile of the transmitted document.
e. An electronic bulletin board is a database into which computer users may dial to
read or post messages.
f. Electronic commerce (e-commerce) is discussed in more detail in Study Unit 10.
4. Network Configurations (Topologies)
a. Point-to-point networks provide a separate, direct link between each remote terminal
and the CPU.
b. Multidrop (or bus) networks provide links for each terminal to a single communica-
tions line connected to the CPU. However, only one terminal may send or receive
messages at one time. A superior but more costly alternative is to use a line-sharing
device (a multiplexor or a concentrator) to connect the group of terminals to the CPU.
1) Ethernet is an example of a network technology that is based on a bus topology.
c. Ring networks have no central computer. Each computer can communicate with
every other computer, but their connection forms a closed loop in which data pass
from one device to another, always in one direction.
1) In a token ring network, a packet of data (the token) passes along the network.
Each computer reads it and either accepts data from it, loads data onto the
token, or allows it to pass without change.
2) Once strongly promoted by IBM, the token ring topology has drastically declined
in usage with improvements in the speed and cost of Ethernet technology.
d. Completely connected networks have direct links among all computer locations.
e. Star networks permit each remote computer a direct link to the central location but
not to other remote computers.
16 SU 9: Information Technology II
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
5. Basic Architectures for Desktop Computing
a. Client-server model. A client-server system divides processing of an application
between a client machine on a network and a server. This division depends on
which tasks each is best suited to perform.
1) User interaction is ordinarily restricted to the client part of the application. This
portion normally consists of the user interface, data entry, queries, and receipt
of reports. Moreover, many applications, e.g., word processing and
spreadsheet software, reside on the client computer.
2) The server customarily manages peripheral hardware and controls access to
shared databases. Thus, a client-server application must be designed as
separate software components that run on different machines but appear to be
one application.
3) Security for client-server systems may be more difficult than in a highly
centralized mainframe-based system because of the numerous access points.
They also use distributed processing methods that result in heightened risk of
unauthorized access to data and processing. New methods of accessing data
and processing are also available. For example, remote procedure calls
(RPCs) in a distributed system allow a program on one computer to call on a
subroutine on another computer.
4) A variety of servers are encountered on the Internet, including those that allow
the transmission and receipt of electronic mail (mail servers); retrieval of files
from other computers (file servers); and access to documents, files, and
programs on the web (web server).
a) A commerce server is a type of web server with business-related
features, such as the Secure Electronic Transaction (SET) protocol for
encrypting all transmissions between the client and the commerce server,
digital certificates for identification of the client and server, and methods
for permitting the client to run programs on the server.
5) The client-server model has the advantages of a robot. Unlike a human being,
a server does not require compensation and is able to work 24 hours of every
day. It also can cope with many (possibly thousands) of clients at a time who
can access the server over the Internet from anywhere at any time with no
time-related charges.
b. Terminal. This is a specific kind of client-server architecture. A user can directly run
applications and access data on a server from a client computer known as a terminal.
1) A dumb terminal allows only text display and input. A client computer may run
a terminal application to connect to a remote computer over a network, or a
device such as a video display terminal (VDT) may be connected via a serial
cable to a timesharing computer.
2) A smart terminal allows display of graphics and use of a windowing
environment on the server. A smart terminal also may download applications
from the server to execute on the client. Examples of smart terminals include
X-Terminal for UNIX and Remote Desktop and Terminal Services Client for
Windows.
SU 9: Information Technology II 17
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
6. Voice Communications
a. Voice communications channels differ from the data channels connecting the CPU
and peripheral equipment. They are the communications media for transmitting voice
data and are classified according to their capacity.
1) An example of a voiceband channel is a telephone line.
2) Internet telephony is any transmission of two-way voice communication that
uses the Internet for all or part of its path. This can be performed with
traditional telephone devices, desktop computers equipped with a sound card,
microphone, and speakers, or terminals dedicated to this function.
b. Voice recognition input devices are still another alternative to keyboard input. These
systems compare the speakers voice patterns with prerecorded patterns. Advanced
systems now have large vocabularies and shorter training periods. They allow for
dictation and are not limited to simple commands.
c. A voice output device converts digital data into speech using prerecorded sounds.
d. Pagers have long been used to alert the recipient of a message, but newer systems
now permit transmission of brief text messages.
e. A cell phone uses radio waves to transmit voice and data through antennas in a
succession of cells or defined geographic areas.
f. Personal communications services (PCS) is a cellular technology based on
lower-power, higher-frequency radio waves. Cells must be smaller and more
numerous, but the phones should be smaller and less expensive and be able to
operate where other such devices cannot.
9.4 DATABASES
1. A database is a series of related files combined to eliminate redundancy of data items.
a. A single integrated system allows for improved data accessibility.
b. When systems within the organization are not integrated, they not only may contain
different data but also may define and update data in inconsistent ways. Thus,
determining the location of data and ensuring their consistency are more difficult.
c. EXAMPLE: The various files related to human resources in the conventional record
systems of most organizations include payroll, work history, and permanent
personnel data.
1) An employees name must appear in each of these files when they are stored
and processed separately. The result is redundancy. When data are combined
in a database, each data item is usually stored only once.
d. The data are stored physically on direct-access storage devices (e.g., magnetic
disks). They are also stored for efficient access.
1) The most frequently accessed items are placed in the physical locations
permitting the fastest access.
2) When these items were stored in separate files under older file-oriented
systems, the physical locations were usually similar to the logical structure of
the data. Items that logically belonged together were stored in physical
proximity to one another.
3) A logical data model is a user view. It is the way a user describes the data and
defines their interrelationships based on the users needs, without regard to
how the data are physically stored.
18 SU 9: Information Technology II
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
2. To understand the vast improvement in performance brought about by database technology,
it is helpful to review the development of file structures.
a. The early mainframe computers used flat files, meaning that all the records and all
the data elements within each record followed one behind the other. Much early
mainframe storage was on magnetic tape, which naturally stored data in this fashion.
b. EXAMPLE: Here are two records excerpted from a tape file:
c. Two inefficiencies are apparent at once in this method of accessing data:
1) The customers address has to be stored with every order the customer places,
taking up much unnecessary storage.
2) All intervening records must be read and skipped over in order to find both
records pertaining to this customer.
3. Database technology overcame these two difficulties. There are three main ways of
organizing a database.
a. A tree or hierarchical structure arranges data in a one-to-many relationship in which
each record has one antecedent but may have an unlimited number of subsequent
records.
1) EXAMPLE: One customer, many orders; one order, many parts
2) Because the records are not stored one after the other, a tree database structure
stores a pointer with each record. The pointer is the storage address of the
next record.
3) The tree structure cuts down on data redundancy but retains the necessity of
searching every record to fulfill a query. Thus, like the flat file, adding new
records is awkward and ad hoc queries are inefficient.
b. The network structure connects every record in the database with every other
record.
1) This was an attempt to make queries more efficient. However, the huge number
of cross-references inherent in this structure makes maintenance far too
complex.
SU 9: Information Technology II 19
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
c. A relational structure organizes data in a conceptual arrangement.
1) An individual data item is called a field, column, or attribute (e.g., name, date,
amount).
a) Related fields are brought together in a record, row, or tuple (e.g., for a
single sales transaction).
b) Multiple records make up a file, table, or relation (e.g., sales).
c) Tables can be joined or linked based on common fields rather than on
high-overhead pointers or linked lists as in other database structures.
2) EXAMPLE:
3) Note that in a relational structure, each data element is stored as few times as
necessary. This is accomplished through the process of normalization.
Normalization prevents inconsistent deletion, insertion, and updating of data
items.
4) The relational structure is the most popular because it is relatively easy to
construct and is useful for unplanned, ad hoc queries. However, its processing
efficiency is relatively low because many accesses may be necessary to
execute the basic operations.
5) The three basic operations in the relational model are selecting, joining, and
projecting.
a) Selecting creates a subset of records that meet certain criteria.
b) Joining is the combining of relational tables based on a common field or
combination of fields.
c) Projecting results in the requested subset of columns from the table. This
operation creates a new table containing only the required information.
6) Cardinality expresses the bounds (a minimum and a maximum) of the
association between related entities. For example, a college class must have a
minimum of 3 students and can have a maximum of 59. The student-class
relationship has a cardinality limit expressed as (3, 59).
d. The data in a database are subject to the constraint of referential integrity. This
means that if data are collected about something, e.g., a payment voucher, all
reference conditions regarding it must be met; thus, for a voucher to exist, a vendor
must also exist.
20 SU 9: Information Technology II
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
e. A distributed database is stored in two or more physical sites using either replication
or partitioning.
1) The replication or snapshot technique makes duplicates to be stored at
multiple locations.
a) Changes are periodically copied and sent to each location. If a database is
small, storing multiple copies may be cheaper than retrieving records from
a central site.
2) Fragmentation or partitioning stores specific records where they are most
needed.
a) For example, a financial institution may store a particular customers data
at the branch where (s)he usually transacts his or her business. If the
customer executes a transaction at another branch, the pertinent data are
retrieved via communications lines.
b) One variation is the central index. A query to this index obtains the
location in a remote database where the complete record is to be found.
c) Still another variation is the ask-the-network distributed database. In
this system, no central index exists. Instead, the remote databases are
polled to locate the desired record.
3) Updating data in a distributed system may require special protocols.
a) Thus, a two-phase commit disk-writing protocol is used. If data are to be
updated in two places, databases in both locations are cleared for
updating before either one performs (commits) the update.
b) In the first phase, both locations agree to the update. In the second phase,
both perform the update.
f. A deadly embrace (deadlock) occurs when each of two transactions has a lock on a
single data resource.
1) When deadly embraces occur, the DBMS must have an algorithm for undoing
the effects of one of the transactions and releasing the data resources it
controls so that the other transaction can run to completion. Then, the other
transaction is restarted and permitted to run to completion.
2) If deadly embraces are not resolved, response time worsens or the system
eventually fails.
4. A database management system (DBMS) is an integrated set of computer programs that
create the database, maintain the elements, safeguard the data from loss or destruction,
and make the data available to applications programs and inquiries.
a. The DBMS allows programmers and designers to work independently of the physical
and logical structure of the database.
1) Before the development of DBMSs, programmers and systems designers
needed to consider the logical and physical structure of the database with the
creation of every new application. This was extremely time consuming and
therefore expensive.
b. The schema is a description of the overall logical structure of the database using
data-definition language, which is the connection between the logical and physical
structures of the database.
1) A subschema describes a particular users (applications) view of a part of the
database using data definition language.
c. A fundamental characteristic of databases is that applications are independent of the
database structure; when writing programs or designing applications to use the
database, only the name of the desired item is necessary.
SU 9: Information Technology II 21
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
d. A data item is identified using the data manipulation language, after which the
DBMS locates and retrieves the desired item(s).
1) The data manipulation language is used to add, delete, retrieve, or modify data
or relationships.
e. The physical structure of the database can be completely altered without having to
change any of the programs using the data items. Thus, different users may define
different views of the data (subschemas).
5. Other Database Definitions
a. The database administrator (DBA) is the individual who has overall responsibility for
developing and maintaining the database and for establishing controls to protect its
integrity.
1) Thus, only the DBA should be able to update data dictionaries. In small
systems, the DBA may perform some functions of a DBMS. In larger
applications, the DBA uses a DBMS as a primary tool.
b. The data dictionary is a file, either computer or manual, that describes both the
physical and logical characteristics of every data element in a database.
1) The data dictionary includes, for example, the name of the data element (e.g.,
employee name, part number), the amount of disk space required to store the
data element (in bytes), and what kind of data is allowed in the data element
(e.g., alphabetic, numeric).
a) The data dictionary also provides a mapping from the data element to
every application where it is updated and vice versa.
2) Thus, the data dictionary contains the size, format, usage, meaning, and
ownership of every data element as well as what persons, programs, reports,
and functions use the data element.
3) In an advanced data dictionary, a change in a data element automatically
changes related programs.
c. The database mapping facility is software that is used to evaluate and document the
structure of the database.
d. The data control language specifies the privileges and security rules governing
database users.
e. Data command interpreter languages are symbolic character strings used to control
the current state of DBMS operations.
6. Storing all related data on one storage device creates security problems.
a. Should hardware or software malfunctions occur, or unauthorized access be achieved,
the results could be disastrous.
b. Greater emphasis on security is required to provide backup and restrict access to the
database.
1) For example, the system may employ dual logging, that is, use of two
transaction logs written simultaneously on separate storage media.
2) It may also use a snapshot technique to capture data values before and after
transaction processing.
3) The files that store these values can be used to reconstruct the database in the
event of data loss or corruption.
c. The responsibility for creating, maintaining, securing, and restricting access to the
database belongs to the database administrator.
d. A DBMS includes security features. Thus, a specified users access may be limited to
certain data fields or logical views depending on the individuals assigned duties.
22 SU 9: Information Technology II
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
7. Databases and the associated DBMS permit efficient storage and retrieval of data for formal
system applications.
a. They also permit increased ad hoc accessing of data (e.g., to answer inquiries for data
not contained in formal system outputs) as well as updating of files by transaction
processing.
b. These increased capabilities, however, result in increased cost because they require
1) The use of sophisticated hardware (direct-access devices)
2) Sophisticated software (the DBMS)
3) Highly trained technical personnel (database administrator, staff)
4) Increased security controls
8. An object-oriented database is a response to the need to store not only numbers and
characters but also graphics and multimedia applications.
a. Translating these data into tables and rows is difficult. However, in an object-oriented
database, they can be stored, along with the procedures acting on them, within an
object.
9. In a hypermedia database, blocks of data are organized into nodes that are linked in a
pattern determined by the user so that an information search need not be restricted to the
predefined organizational scheme. A node may contain text, graphics, audio, video, or
programs.
a. Hybrid systems containing object-oriented and relational database capabilities have
also been developed.
10. Advanced database systems provide for online analytical processing (OLAP), also called
multidimensional data analysis, which is the ability to analyze large amounts of data from
numerous perspectives.
a. OLAP is an integral part of the data warehouse concept.
11. A data warehouse contains not only current operating data but also historical information
from throughout the organization. Thus, data from all operational systems is integrated,
consolidated, and standardized into an organization-wide database into which data is
copied periodically. This data is maintained on one platform and can be read but not
changed. Graphics and query software and analytical tools assist users. Accordingly, data
mining is facilitated by a data warehouse.
SU 9: Information Technology II 23
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
9.5 STUDY UNIT 9 SUMMARY
1. The difficulty of maintaining the integrity of data is the most significant limitation of
computer-based audit tools. Internal auditors must be careful not to treat computer
printouts as traditional paper evidence. The degree of reliance on electronic evidence by
the auditor depends on the effectiveness of the controls over the system from which such
evidence is taken.
2. The most important control is to install an organization-wide network security policy. This
policy should promote the objectives of data availability; data security, privacy, and
confidentiality; and data integrity.
3. Access control software protects files, programs, etc., from unauthorized access. It also
restricts use of certain devices and may provide an audit trail. A firewall is an example.
4. Two types of access controls are physical controls and logical controls. Physical security
controls limit physical access and protect against environmental risks and natural
catastrophes, such as a fire or flood. Logical security controls are needed because of the
use of communications networks and connections to external systems. User identification
and authentication, restriction of access, and the generation of audit trails are required in
this environment.
5. The use of passwords and identification numbers is an effective logical security control in an
online system to prevent unauthorized access to computer files.
6. A system access log records all attempts to use the system. Other access controls include
encryption, automatic log-off, and use of security personnel. Internet security should, at the
very least, have a user account management system, a firewall, and encryption.
7. The responsibility for creating, maintaining, securing, and restricting access to the database
belongs to the database administrator.
8. Encryption technology may be either hardware- or software-based. Two major types of
encryption software exist.
9. Public-key, or asymmetric encryption, is the more secure of the two and requires two keys;
the public key for coding messages is widely known, but the private key for decoding
messages is kept secret by the recipient. A public-key system is used to create digital
signatures and certificates.
10. Private-key, or symmetric encryption, is less secure because it requires only a single key for
each pair of parties that want to send each other coded messages.
11. A computer center should have a reconstruction and recovery plan that will allow it to
regenerate important programs and database files. The center should create backup
copies of data files, databases, programs, and documentation. Also, it should store backup
copies offsite and plan for auxiliary processing on alternate systems or at another site.
12. The organization must undertake contingency planning and risk analysis. During an early
stage of contingency planning for information systems, management must determine how
various processing disruptions may affect the entity.
13. Protection from malicious software and attacks is a key aspect of contingency planning. To
protect against viruses, three types of controls should be implemented: preventive
controls, detective controls, and corrective controls.
14. Hot-site and cold-site backup facilities are another key aspect of contingency planning. A
hot site is a service bureau. It is a fully operational processing facility that is immediately
available. A cold site is a shell facility where the user can quickly install computer
equipment. A hot site with updated software and data that can begin operations in minutes
is a flying-start site.
24 SU 9: Information Technology II
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
15. The movement of data among CPUs and remote devices requires special
telecommunications technology. Among the devices used are front-end processors,
multiplexors, concentrators, and modems. Communications channels are the
communications media for transmitting data and are classified according to their capacity.
16. A hub is a central connecting device in a network that joins communications lines together in
a star configuration. Switches are another type of connecting device; each port on a switch
can give full bandwidth to a single server, client, or hub. Bridges connect two or more
segments of a local area network; they improve network performance by keeping traffic
contained within smaller segments. Routers are devices that route data packets from one
local-area network or wide-area network to another.
17. The most common types of transmission media include twisted copper wire, coaxial cable,
fiber-optic cable, and wireless transmission media.
18. Private networks are dedicated facilities, such as satellites, microwave transmitters, or
telephone lines, leased from a common carrier.
19. A PBX, or private branch exchange, is a special computer at an organizations facility used
to store, transfer, and redial telephone calls.
20. Public-switched networks use public telephone lines.
21. In value-added networks, or VANs, the senders and receivers computers are never directly
connected. The third-party VAN receives, logs, stores, and forwards electronic documents
to the parties, thus eliminating the need for dedicated computers waiting for incoming
messages.
22. A local area network, or LAN, is a local distributed computer system. Computers,
communication devices, and other equipment are linked by dedicated channels. A network
interface card links the personal computers and printers in a LAN.
23. A server is a computer in a network that stores programs and files for users and determines
access rights. It also contains the network operating system.
24. A gateway is a means of connecting otherwise incompatible networks, nodes, or devices. It
converts one set of communication protocols to another.
25. A wide area network, or WAN, provides data communication and file sharing among remote
offices. A WAN may combine switched and dedicated lines, microwave transmission, and
satellite communication.
26. A virtual private network, or VPN, avoids the expense of a WAN. Rather than maintain a
point-to-point leased line, the organization connects each office or LAN to a local Internet
service provider. Data are routed through the Internet using shared, low-cost public
bandwidth as the communications backbone.
27. Given the worldwide proliferation of computer networks, connectivity has become a major
issue. Open systems allow greater connectivity. Open systems are those for which
suppliers provide components whose interfaces are defined by public standards.
28. Voice communications channels are the media for transmitting voice data and are classified
according to their capacity.
29. The Internet is a series of networks throughout the world that facilitates information transfer
among computers. Gateways allow mainframe computers to interface with personal
computers. The fastest growing component of the Internet is the World Wide Web.
30. The web is accessed via programs called browsers. A browser is software that permits a
computer to retrieve and recognize HTML files. They allow text, graphics, audio, and video
to be integrated for the user.
31. An intranet is an internal network that applies Internet connectivity standards and web
software. Although an intranet is a network based on the same technology as the Internet,
access is limited to an organization or those with specific authorization.
SU 9: Information Technology II 25
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
32. An extranet is an intranet to which specified parties, such as suppliers and customers, have
limited access. An extranet provides web access for existing customers or specific users
rather than the general public. It typically uses the public Internet as its transmission
system but requires a password to gain access.
33. Hypertext markup language, or HTML, is the authoring software language used to create
and link pages on the web. Extensible markup language, or XML, was developed as an
open standard usable with many programs and platforms. XML codes all information in
such a way that a user can determine not only how it should be presented but also what it
is; that is, all computerized data may be tagged with identifiers.
34. A database is a series of related files combined to eliminate unnecessary redundancy of
data items. A single integrated information system allows for increased data accessibility.
The data are stored physically on direct-access devices for efficient access.
35. The most-used logical structure of a database is a relational structure that organizes data in
conceptual tables. Each column in a table is a field, and each row is a specific record.
One relation can be joined together or related to another by the database management
system without pointers or linked lists if each contains one or more of the same fields. The
relational structure is the most popular because it is relatively easy to construct and is
useful for unplanned, ad hoc queries.
36. A field is an item in a record. It consists of a group of related characters, called bytes,
providing a unit of data about some entity, for example, a customer or employee. A record
is a collection of related fields pertaining to some entity. A file is a logical collection of
records, such as those for customer accounts.
37. Normalization is the term for determining how groups of data items in a relational structure
are arranged in records in a database. This process relies on normal forms, that is,
conceptual definitions of data records and specified design rules.
38. The three basic operations in the relational database structure are selecting, joining, and
projecting. Selecting creates a subset of records that meet certain criteria. Joining is the
combining of relational tables based on a common data element. Projecting is the basic
operation in a relational database that results in a subset consisting of columns in a table.
This operation creates a new table containing only the required information.
39. A distributed database is stored in two or more physical sites using either replication or
partitioning. Replication makes duplicates to be stored at multiple locations. Changes are
periodically copied and sent to each location. Partitioning stores specific records where
they are most needed.
40. A database management system, or DBMS, is an integrated set of computer programs.
They create the database; maintain the elements; safeguard the data from loss or
destruction; and make the data available to applications, programs, and inquiries. The
DBMS allows programmers and designers to work independently of the physical structure
of the database.
41. The schema is a description of the overall logical structure of the database using
data-definition language, which is the connection between the logical and physical
structures of the database. A subschema describes a particular applications view of a part
of the database using data-definition language.
42. The data dictionary is a file that describes the use of data from the database in applications.
It provides a mapping from the database to applications and vice versa. Thus, the data
dictionary states the meaning of a data element, its ownership, size, format, and usage.
Moreover, it states what persons, programs, reports, and functions use the data element.
43. The data control language specifies the privileges and security rules governing database
users.
26 SU 9: Information Technology II
Copyright 2008 Gleim Publications, Inc. and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com