IT Summary

Bhaskar Chakraborty
Md. Sazedul Kabir

ACNABIN
INFORMATION TECHNOLOGY
Professional Stage Knowledge Level
Summary
Page | 1
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
TABLE OF CONTENTS
Chapter Page No.

1. Information Within Organization 3-6
2. Information Technology Architecture 7-14
3. Management of IT 15-21
4. Communication And IT 23-30
5. Internal Control in Computer Based Business Systems 31-38
Page | 2
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
CHAPTER 1
INFORMATION WITHIN ORGANIZATION
1. Data: (Page 20) Data is the raw materials of information. A data processing system processes
data into information.
2. Information: (Page 20) Information is the data that has been processed into a form that is
meaningful to the recipient and is of real or perceived value in current or progressive decision.
3. Value of information: (Page 21) Information is of high value if it is –

 Reliable (accurate)
 Clean
 Complete
 Right quantity – avoiding intimidating overload
 Relevant – and perceived as relevant by the receiver
4. Usefulness of data:
 Companies that sell product may mail order need to keep up to date lists of name and
addresses of customers who may be interested in making a purchase. This data is very
valuable and can be sold to other “like” companies. What would make this list become of
little value?
 What could be added to the data so that it can be kempt up to date?
 Is the cost of keeping data up to date, accurate and complete worthwhile to the
company?
5. Difference between data and information: (Page 23) Data can be in the form of numbers,
characters, symbols or even pictures. A collection of these data which conveys some meaningful
idea is information.
SL Data Information
1 Raw, unanalyzed facts, figures and events Useful knowledge derived from the data.
2 Data is unprocessed instructions. If data is processed will become information.
3 Data is material Information is gathering all material to be it.
4 Data is raw material for data processing. Information is data that has been processed
Data relates to fact, event and in such a way as to be meaningful to the
transactions. person who receives it. It is anything that is
communicated.
5 Data is raw material which is unprocessed Information is data that has been processed,
for data processing. It is normally entered it can be useful for the person receiving
by input devices into computer and it can since it brings meaning. It can be understood
be in any form, useable or not. It does by human and normally convey by output
not bring meaning, some of them is even devices to people.
in computer language.
6. Importance of information: (Page 25) Information technology is fundamental to the success

of any business. The information that is collected and/or assembled in any business is as valuable
a resource as capital or people. Information may be processed, summarized and analyzed by
computers before being used by managers as the basis for decision making.
Page | 3
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
Information must be –
 Accurate
 Complete
 Up-to-date
7. Impact of information systems on organization and business firms: (Page 25) From the
point of view of economics, IT changes both the relative costs of capital and the costs of
information. Information systems technology can be viewed as a factor of production that can be
substituted for traditional capital and labor. IT also obviously affects the cost and quality of
information and changes the economics of information. Information technology helps firms
contract in size because it can reduce transaction costs – the costs incurred when a firm buys on
the market pace what it cannon make itself. Information technology, especially the use of
networks, can help firms lower the cost of market participation (transaction costs), making it
worthwhile for firms to contract with external suppliers instead of using internal sources.
8. Relationship between information and organization: Information system and organization

has a complex two-way relationship. This complex two-way relationship is mediated by many
factors, not the least of which are the decisions made or not made by managers. Other factors
mediating the relationship include the organizational culture, structure, politics, business process
and environment.
9. Attributes of useful and effective information: (Page 29)

 Availability
 Purpose
 Mode and format
 Decay
 Rate
 Frequency
 Completeness
 Reliability
 Cost Benefit Analysis
 Validity
 Quality
 Transparency
 Value Of Information
10. How do organizations differ? (Page 36)

 Ownership
 Control
 Activity
 Profit Or Non-Profit Orientation
 Size
 Legal Status
 Source Of Finance
 Technology
11. Decision Support System: (Page 39) DSS can be defined as a system that provides tools to
managers to assist them in solving semi structured and unstructured problems in their own
somewhat personalized way. A DSS is not intended to make decisions for managers, but rather to
Page | 4
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
provide managers with a set of capabilities that enables them to generate the information
required by them in making decisions. Examples of DSS in Accounting are:
 Cost Accounting System
 Capital Budgeting System
 Budget Variance Analysis System
 General Decision Support System
12. Characteristics of DSS: (Page 40)

 They support semi structured or unstructured decision making;
 They are flexible enough to respond to the changing needs of decision makers; and
 They are easy to use.
13. Components of DSS: (Page 40) Four basic components –

 The users: The user of a decision support system is usually a manager with an
unstructured or semi-structured problem to solve.
 Databases: Databases contain both routine and non-routine data from both internal and
external sources.
 Planning languages: Two types of planning languages. General purpose planning
languages allow users to perform many routine tasks. Special purpose planning
languages are more limited in what they can do. But they usually do certain jobs better
then the general purpose planning languages.
 The model base: It is the brain of the DSS because it performs data manipulations and
computation with the date provided to it by the user and the database.
14. Information Systems at different levels of management: (Page 44)

 Top management: Tactical decisions by the top management are dependent on the
information passed from middle management. —— EIS, MIS, DSS
 Middle Management: At the middle level of management the decision making process
starts. Inputs from different internal and external information sources are collected and
processed for strategic decisions. —— MIS, DSS
 Lower Level management: All types of inputs available from various sources are
collected. No decision making process is carried out at this level. —— TPS
TPS Lower Level Management

MIS Mid Level Management
DSS Mid Level Management
ESS/EIS Top Level Management
15. Transaction Processing System: (Page 45) TPS at the lowest level of management is an
information system that manipulates data from business transactions. A TPS involves the
following activities:
 Capturing date to organize in files or databases
 Processing of files/databases using application software
 Generating information in the form of reports
 Processing of queries from various quarters of the organization
16. Management Information Systems (MIS): (Page 46 & 49) It is an integrated user-machine
system designed for providing information to support operational control, management control
and decision making functions in an organization. A good MIS provides managers with
Page | 5
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
appropriate information at the right time. It also presents information in the right amount of
detail according to the level of management.
17. Activities of a Manager: (Page 46)

 Determination of organizational objectives and developing plans to achieve them,
 Securing and organizing the human and physical resources so that these objectives could
be accomplished,
 Exercising adequate controls over the functions
 Monitoring the results to ensure that accomplishments are proceeding according to plan.
18. Executive Information Systems (EIS): (Page 46) It is sometimes referred to as an executive
support system (ESS) is a DSS that is designed to meet the special needs of top-level managers.
Any distinction between the two usually is because executive support systems are likely to
incorporate additional capabilities such as electronic mail.
19. Types of Information: (Page 48) Two different types –

 Internal information: Information that has been generated from the operations of the
organization at various functional areas. The internal information gets processed and
summarized from junior to top most level of management.
 External information: The external information is collected from the external
environment of the business organization. External information is considered to affect the
organizational performance from outside the organization.
20. Passive and Interactive Information System: (Page 49)

 Passive Information System: Passive information systems are systems that will
answer queries based on the data that is held within them, but the data is not altered.
Example – Electronic encyclopedia.
 Interactive Information System: An interactive system is one that data can be
entered for processing which may alter the contents of the database. Example – Stock
control system in a supermarket.
21. Batch Processing and Rapid Response Processing: (Page 51)

 Batch Processing: A batch processing system is used when the output does not have to be
produced immediately. Other factors are that the application will tend to use a large amount
of data that processing will tend to be of the same type for each set of data and that human
intervention is not necessary.
 Rapid Response Processing: Rapid response processing referred to as real time
processing. Real time processing can be thought of as being used in process control where
the results of the process are used to inform the next input. The classic example is the airline
booking systems. (Page 51)
22. Knowledge-based system: (Page 52) A knowledge-based system (KBS) is a system where all
the expert human knowledge covering particular topic is brought together and made available to
the user through a computer system which uses the facts in its knowledge base by applying rules
that may sensibly be applied to the knowledge. (Page 52)
23. Types of knowledge-based systems: (Page 53) Three types -

 Diagnostic: The user interface gives a series of questions, each of which has a limited
number of possible answers, each one of which leads to another question. Gradually the
Page | 6
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
amount of data in the knowledge base is reduced until there is only a small amount of
relevant data which must provide the answer to the query.
 Advice Giving: An advice giving system is one that follows some process being done and
then offers advice on how to proceed if something needs to be done or goes wrong.
 Decision Making: A decision making knowledge based system is a system which
understands what is happening in a system and has been given enough rules to be able to
make and carry out decisions without further intervention.
Page | 7
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
CHAPTER 2
INFORMATION TECHNOLOGY ARCHITECTURE
1. Information System: (Page 76) Information system is a mechanism that helps people to
collect, store, organize and use information. Information system can be defined technically as a
set of interrelated components that process, store and distribute information to support decision
making and control in an organization. In addition to support decision making, coordination and
control, information system may also help managers and workers analyze problems, visualize
complex subjects and create new problems.
2. Information system from functional perspective: (Page 77)

 Sales and marketing system: The sales and marketing system is responsible for
selling the organization’s product or services. This system deals with:
o Order processing
o Pricing Analysis
o Sales trend forecast
 Manufacturing and production system: Manufacturing and production system is

responsible for actually producing the firm’s goods and services. This system deals with:
o Machine control
o Production planning
o Facilities location
 Finance and accounting system: The finance system is responsible for managing the
firm’s assets and accounting system is responsible for maintaining and managing the
firm’s financial records. This system deals with:
o Accounts receivable
o Budgeting
o Profit planning
 Human resource system: the human resource is responsible for attracting, developing
and maintaining the firm’s workforce. This system deals with:
o Training and development
o Compensation analysis
o Human resources planning
3. Information system from constituency perspective: (Page 81)

 Executive Support system: ESS addresses non-routine decisions requiring judgment,
evaluation and insight because there is no agreed-on procedure for arriving at a solution.
It is designed to incorporate data about external events, such as tax laws or competitors.
They filter, compress and track critical data, displaying the data of greater importance to
senior managers.
 Decision Support System: DSS support non-routine decision making for middle
management. They focus on problems that are unique and rapidly changing for which the
procedures for arriving at a solution may not be fully predefined in advance.
 Management Information System: MIS summarizes and report on the company’s
basic operations using data supplied by TPS.
 Transaction Processing System: TPS is a computerized system that performs and
records the daily routine transactions necessary to conduct business, such as sales order
entry, hotel reservations, payroll, employee record keeping and shipping.
Page | 8
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
4. System: (Page 82) System is a collection of some integrated components that works to
accomplish a specific task. A system must satisfy the following properties:
 Each system consists of several components
 There must be a logical relation between the components
 The components of a system should be controlled in a way such that the specific task can
be accomplished.
5. Components of System: (Page 82)

 Hardware: The physical components of a computer system, such as electronic,
magnetic and mechanical devices.
 Software: Software is the collection of computer programs, procedures and
documentation that performs different tasks on a computer system. Software performs
the function of the program it implements, either by directly providing instructions to the
computer hardware or by serving as input to another piece of software.
 Humanware: Humanware is hardware and software that emphasizes user capability and
empowerment and the design of the user interface.
 Data/Information: The smallest unit of information is known as data. Data is some
raw facts that are not arranged in any specific order.
6. Types of Hardware: (Page 83)

 Motherboard: Central or primary circuit board.
 Central Processing Unit: Interprets instructions and process data in computer
programs.
 Random Access Memory: allows the stored data to be accessed in any order.
 Basic Input Output System: BIOS prepare the software programs to load, execute
and control the computer.
 Power Supply: supplies electrical energy to an output load.
 Video Display Controller: converts the logical representations of visual information
into a signal that can be used as input for a display medium.
 Computer Bus: used to transfer data or power between computer component inside a
computer.
 CD-Rom drive: contains data accessible by a computer.
 Zip Drive: Medium capacity removable disk storage system.
 Hard Disk: The non-volatile data storage system that stored data on a magnetic surface
layered unto hard disk platters.
7. Classification of Software: (Page 85)

According to the working principle, software can be classified into two classes:
A. System software: is computer software designed to operate the computer hardware
and to provide and maintain a platform for running application software.
 System Management Software
o Operating System
o Database Management System
o Network Management System
 System Support Software
o System Utility
o System Performance
o System Security Monitor Program
 System Development Software
Page | 9
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
o Programming Language Translator

o Programming editor and tools
o CASE (Computer Aided System Engineering
B. Application software: is computer software designed to help user to perform singular

or multiple related specific tasks. It resides above systems software, because it is unable
to run without the operating system and system utilities.
 Word Processing Software
 Database Software
 Spreadsheet Software
 Multimedia Software
 Presentation Software
 Enterprise Software
 Information Worker Software
 Educational Software
 Simulation Software
 Current Access Software
From commercial perspective software can be classified into three major classes:
A. Commercial software: Commercial software requires payment before it can be used
and includes all the program’s features, with no restrictions or time limits.
B. Freeware/ Open source: Freeware is free to use and does not require any payment
from the user. Open-source software (OSS) is computer software that is available in
source code form for which the source code and certain other rights normally reserved
for copyright holders are provided under a software license that permits users to study,
change and improve the software.
C. Shareware: Shareware is software that is distributed free on a trial basis with the
understanding that the user may need or want to pay for it later.
8. Difference between shareware and freeware:

 Unlike shareware, freeware can be downloaded for free.
 Freeware may end up being shareware, because the developer is offering the source
code for a limited period of time.
9. Firmware: (Page 92) In computing, firmware is software that is embedded in a hardware

device. Firmware boots up computerized or digital devices, as ROM chips are non-volatile,
meaning they do not require a power source to hold their contents. Perhaps the most familiar
firmware is the basic input output device (BIOS) chip. The BIOS chip on a computer motherboard
holds instructions that, upon powering up, initialize the hardware, ensure components are
working, and finally roll out the operating system to take over.
ROM= Read only memory
EPROM= Erasable programmable ROM
EEPROM= Electronically EPROM.
10. Process of Building Humanware: (Page 92)

 Define users and what they really want to do
 Identify tasks they will need to do or capabilities they will want
 Specify usability objectives for each task or capability
 Build a prototype of the user interface
Page | 10
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
 Test and verify or correct the prototype

 Provide the prototype and usability objectives to the program designers and coders
 Test the code against the prototype and objectives and if necessary, redesign or recode
the software
 Test the product with users or valid test subjects and revise as necessary
 Get feedback from users and continually improve the product.
11. Data structure: Data structure is the structure how data is organized in logical or mathematical
model or a particular organization of data.
 Array: A[1], A[2], A[3],……., A[N],
 Record: A record is a collection of related data items, each of which is called a filed or
attribute.
12. Data Analysis: (Page 96) Data analysis is a process in which raw data is ordered and organized
so that useful information can be extracted from it. Over the course of the data analysis process,
the raw data is ordered in a way which will be useful. Charts, graphs and textual write-ups of
data are all forms of data analysis. These methods are designed to refine and distill the data so
that one can glean interesting information without needing to sort through all of the data on their
own.
13. Data Validation: (Page 96) Data validation is the process of ensuring that a program operates
on clean, correct and useful data. It uses routines, often called “validation rules” or “check
routines”, that check for correctness, meaningfulness and security of data that are input to the
system.
14. Data Validation Methods: (Page 97)

 Allowed Character Check
 Consistency Checks
 Control Totals
 Data Type Checks
 File Existence Checks
 Format Or Picture Check
 Limit Check
 Logic Check
 Missing Data Test
 Range Check
 Uniqueness Check
15. Database Management System: (Page 99) A database management system (DBMS) is
designed to manage a large body of information. It aids in the storage, manipulation, reporting,
management, and control of data.
16. Features of DBMS: (Page 99)

 Query Ability
 Back Up And Replication
 Rule Enforcement
 Security
 Computation
 Change And Access Logging
Page | 11
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
 Automated Optimization
17. Advantages and disadvantages of DBMS: (Page 101)
Advantages:
 Reduced data redundancy
 Reduced updating errors and increased consistency
 Greater data integrity and independence from applications/programs
 Improved data access to users through use of host and query languages
 Improved data security
 Reduced data entry, storage and retrieval costs
 Facilitated development of new applications/programs
Disadvantages:
 Database systems are complex, difficult and time-consuming to design
 Substantial hardware and software start-up costs
 Damage to database affects virtually all applications programs
 Extensive conversion costs in moving from a file-based system to a database system
 Initial training required for all programmers and users.
18. Processing Techniques: (Page 102) 6 types -

 Batch Processing
 Distributed Processing
 Real time processing
 Timesharing
 Multiprogramming
 Multiprocessing
19. Batch Processing: (Page 102) In a batch processing group of transactions is collected over a
period of time, entered, processed and then the batch results are produced. Batch processing
requires separate programs for input, process and output. It is an efficient way of processing high
volume of data. Example - End of day reporting; printing etc.
Advantages:
 It allows sharing of computer resources among many users and programs
 It shifts the time of job processing to when the computing resources are less busy
 It avoids idling the computing resources with minute-by-minute manual intervention and
supervision
 By keeping high overall rate of utilization, it better amortizes the cost of a computer,
especially an expensive one.
20. Distributed Processing: (Page 103) A distributed system consists of multiple autonomous
computers that communicate through a computer network. Distributed processing implies that
processing will occur on more than one processor in order for a transaction to be completed. In
other words, processing is distributed across two or more machines and processes are most likely
not running at the same time i.e. each process performs part of an application in a sequence.
Advantages:
 Each computer can be used to process data like a decentralized system.
Page | 12
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
 It allows greater flexibility in placing true computer power at the location where it is
needed;
 It facilitates quick and better access to data and information especially where distance is
a major factor;
 Better computer resources are easily available to the end users;
 The availability of multiple processors in the network permits peak load sharing and
provides backup facilities in the event of equipment failure.
Disadvantages:
 There is lack of proper security controls for protecting the confidentiality and integrity of
the user programs and data that are stored online and transmitted over network
channels.
 It is not possible to link different equipments produced by different vendors into a
smoothly functioning network;
 Due to decentralization of resources at remote sites, management from a cental point
becomes very difficult.
21. Real time processing: (Page 104) In a real time processing, there is a continual input, process
and output of data. Data has to be processed in a small stipulated time period (real time),
otherwise it will create problems for the system.
22. Timesharing: (Page 105) A processing system with a number of independent, relatively low
speeds, online, simultaneously usable stations. Each station provides direct access to the CPU.
Advantages:
 Reduces CPU idle time
 Offers computing facility to small users
 Provides advantages to quick response
 Reduces the output of paper
 Avoids duplication of software
Disadvantages:
 Question of security
 Problem of reliability
 Problem of data communication
 Question of overhead involved
23. Multiprogramming: (Page 107) It means that there are a number of programs available to the
CPU (store in main memory) and that a portion of one is executed, then a segment of another
and so on.
Requirements:
 Large Memory
 Memory protection
 Program status preservation
 Proper job mix
Advantages:
 Increased throughput
Page | 13
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
 Lowered response time
24. Multiprocessing: (Page 107) The term multiprocessing is used to describe interconnected
computer configurations or computers with two or more independent CPUs that have the ability
to simultaneously execute several programs.
Advantages:
 It improves the performance of computer system by allowing parallel processing of
segments of programs.
 It facilitates more efficient utilization of all the other devices of the computer system.
 It provides a built-in backup.
Disadvantages:
 A very sophisticated operating system is required to schedule, balance and coordinate the
input, output and processing activities of multiple CPUs.
 A large main memory is required for accommodating the sophisticated operating system
along with several users programs.
 Such systems are very expensive.
25. Difference between Multiprogramming and Multiprocessing: (Page 108)

SL Multiprogramming Multiprocessing
1 Multiprogramming is the interleaved Multiprocessing is the simultaneous
execution of two or more process by a execution of two or more process by a
single CPU computer system. computer system having more than one CPU.
2 It involves executing a portion of one Multiprocessor makes it possible for the
program, then a segment of another etc. system to simultaneously work on several
in brief consecutive time periods. segments of one or more programs.
26. Security: (Page 109) Security refers to the policies, procedures and technical measures used to
prevent unauthorized access, alteration, theft or physical damage to information systems.
27. Control: (Page 109) Control consists of all the methods, policies and organizational procedures
that ensure the safety of the organization’s assets, the accuracy and reliability of its accounting
records and operational adherence to management standards.
28. Malicious Software: (Page 109) Malicious software programs are referred to as malware and
include a variety of threats such as computer viruses, worms and Trojan horses.
29. Different Types of Malicious Software: (Page 109)

 Backdoor or Trapdoor: Allows those who know access bypassing usual security
procedures.
 Logic bomb: Activated when specified conditions met e.g. presence/absence of some
file, particular date/time, and particular user.
 Virus: Once a virus is executing, it can perform any function, such as erasing files and
programs.
 Worms: A program that can replicate itself and send copies from computer to computer
across network connections.
 Trojan horse: When invoked perform some unwanted or harmful functionality.
 Zombie: Program which secretly takes over another networked computer.
Page | 14
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
30. Hackers and Cyber-vandalism: (Page 113)

 Hacker: A hacker is an individual who intends to gain unauthorized access to a computer
system.
 Cracker: A hacker is criminal intent.
 Spoofing: Hackers attempting to hide their true identities often spoof or misrepresent
themselves by using fake e-mail addresses or masquerading as someone else.
 Sniffer: A sniffer is a type of eavesdropping program that monitors information traveling
over a network.
 Distributed Denial of Service (DDos): In a DDos attack, hackers flood a network
server or web server with many thousands of false communications or requests for
services to crash the network.
31. Technologies and tools to provide security: (Page 114)

 Access control: Access control software is designed to allow only authorized users to
use systems or to access data using some method of authentication.
 Firewalls: The firewall acts like a gatekeeper who examines each user’s credentials
before access is granted to a network.
 Intrusion detection system: It features full time monitoring tools placed at the most
vulnerable points or hot-spots of corporate networks to detect and deter intruders
continually. The system generates an alarm if it finds a suspicious or anomalous event.
 Antivirus software: Antivirus software is designed to check computer systems and
drives for the presence of computer viruses.
32. E-commerce: (Page 116) Electronic Commerce is the process used to distribute, buy, sell or
market goods and services, and the transfer of funds online, through electronic communications
or networks. Example: Amazon.com
33. Characteristics of e-commerce: (Page 116)

 Business Oriented: E-commerce is business oriented, as it is the purchasing, selling
and exchanging of goods and services.
 Convenient Service: Customers will no longer be confined by geographical constraints
in receiving services.
 System Extendable: For e-commerce an extendable system is the guarantee of system
stability.
 Online Safety: Online safety is the first priority of e-commerce.
 Co-ordination: E-commerce is the process of coordination between employees,
customers, manufacturers, suppliers and business partners.
34. Benefits of e-commerce: (Page 118)

 Increases Sales
 Decreases Costs
 Provides Price quotes
 Increases profits
 Expands the size of the market from regional to national or national to international
 Contracts the market
 Reaches to a narrow market
Page | 15
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
35. Limitations of e-commerce: (Page 119)

A. Technical Limitations
 Costs of technological solution
 Some protocol are not standardized around the world
 Insufficient telecommunication bandwidth
 Software tools are not fixed but constantly evolving
 Integrating digital and non-digital sales and production information
 Access limitations of dial-up, cable, ISDN, wireless
 Some vendors require certain software to show features on their pages which in not
common in the standard browser used by the majority
 Difficulty in integrating e-commerce infrastructure with current organizational IT systems.
B. Non-technical Limitations
 Customer fear of personal information being used wrongly
 Customer expectations unmet
 Vulnerability to fraud and other crimes
 Lack of trust and user resistance
 Limitations to support services
 Non-accessibility outside of urban/suburban areas
 Higher employee training required
 People’s resistance to change
 People not used to faceless/paperless/non-physical transactions.
Page | 16
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
CHAPTER 3
MANAGEMENT OF IT
1. Phases Of Policy Evolution Process: (Page 126)

 Enterprise’s Organizational Structure And Business Process Techniques
 System Requirements Analysis
 Policy Definition And Specification
 Policy Analysis And Translation
 Policy Distribution And Enforcement
 Policy Monitoring And Maintenance
 Reverse Engineering
2. Categories/approaches of Organizational Management Process: (Page 129)

 Work processes
 Behavioral processes
 Change processes
3. Summary of Management Process: (Page 131)

Key Issues Work Processes Behavioral Processes Change Processes
Definition Sequence of activities Widely shared patterns of Sequence of events
that transform inputs into behavior and ways of over time.
outputs. acting/interacting.
Role Accomplish the work of Infuse and shape the way Alter the scale,
the organization. work is conducted by character, and
influencing how individuals identity of the
and groups behave. organization.
Major Operational and Individual and Autonomous and
Categories administrative interpersonal induced, incremental
and revolutionary.
Examples New product Decision making, Creation, growth,
development, order communication, transformation,
fulfillment, strategic organizational learning decline
planning
4. Information System: (Page 133) An information system collects, processes, stores, analyzes
and disseminates information for a specific purpose. It processes the inputs by using technology
such as PCs and produces outputs that are sent to users or to other systems via electronic
networks.
5. Formal And Informal Information Systems: (Page 133)

 Formal Information Systems: Formal systems include agreed-upon procedures,
standard inputs and outputs, and fixed definitions. A company’s accounting system would
be a formal information system that processes financial transactions.
 Informal Information Systems: Informal systems take many shapes, ranging from an
office gossip network to a group of friends exchanging letters electronically.
Page | 17
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
6. Computer Based Information System (CBIS): (Page 133) A computer based information
system (CBIS) is an information system that uses computer technology to perform some or all of
its intended tasks.
7. Components Of Information System: (Page 134)

 Hardware
 Software
 Database
 Network
 Procedure
 People
8. Fundamental Roles of Information Systems In Business: (Page 135) There are three
major roles of the business applications of information systems:
 Support of its business processes and operations
 Support of decision making by its employees and managers
 Support of its strategies for competitive advantage
9. Information System Infrastructure: (Page 137) There are five major components of the
infrastructure:
 Computer hardware
 Software
 Networks and communication facilities (including the internets and intranets)
 Databases
 Information management personnel
10. Information System Architecture: (Page 137) Information technology architecture is a high-
level map or plan of the information assets in an organization including the physical design of the
building that holds the hardware. It is a guide for current operations and blueprint for future
directions. It assures managers that the organization’s IT structure will meet its strategic business
needs.
11. Asset and types of IT asset:

Asset: a resource with economic value that a company owns or controls with the expectations
that it will provide future benefit.
Fixed Asset:
Tangible: Large CPU Server
Intangible: Software with long term purchase contract
Current Asset:
Tangible: Monitor
Intangible: Shareware
12. Asset life cycle:
Page | 18
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
Plan → Acquire → Deploy → Manage → Retire → Plan

_____________ _______________ ____________
Control Audit Reconcile
13. IT Asset Management: (Page 142) ITAM is a process to control the day to day operation and
utilization of IT assets, ensuring that an organization realizes maximum efficiency from these
assets and the employees using them.
14. Optimization of ITAM Program: (Page 143) To optimize an ITAM program, the following
considerations should be addressed:
 Link IT to business objectives
 Incorporate lifecycle processes and governance
 Avoid common mistakes
15. How Does ITAM Work: (Page 144) ITAM can help an organization:
 Control IT purchases and deployment
 Compare its actual needs with contract terms and purchase history
 Avoid non-compliance and its associated legal risks
 Eliminate unnecessary purchases
 Determine optimum retirement dates for equipment nearing the end of its lifecycle
16. Benefits of IT asset management: (page 145)

 Reduce it costs by better managing and administering your IT assets.
 Ensure software compliance by knowing what you have and what you use.
 Align it with business goals to support business decisions.
 Improve productivity by empowering the IT administration team to easily track and
manage assets and their changes.
 Detect unauthorized and illegal software by adopting a software usage policy and easily
detecting any policy deviations.
17. Evaluation of an IT Asset Management Solution: (page 147) When considering an ITAM
solution, look for the following:
 Efficient and accurate discovery of all IT assets, including routers, printers, servers,
laptops, PDAs and workstations
 A structured approach to software discovery across the company, with application, suite
and version recognition for both workstations and servers
 A centralized asset repository that houses the physical, contractual, and financial
information for each asset, along with information about software throughout the
organization, including version, users and number of copies.
18. Misconceptions regarding ITAM: (page 147)

 Methodology is first and foremost about technology
 The IT platform with the lowest-cost TCO is the best choice
 Soft costs don’t count
19. Software: (Page 149) The programs, routines and symbolic languages that control the
functioning of the hardware and direct its operation.
Page | 19
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
20. Types Of Software: (Page 150)

 System Software: System software helps to run the computer hardware and computer
system. It includes a combination of the following: device drivers, operating systems,
servers, utilities and window systems. Examples are- Microsoft Windows, Linux, and Mac
OS X.
 Programming Software: Programming software usually provides tools to assist a
programmer in writing computer programs, and software using different programming
languages in a more convenient way. The tools include – compilers, debuggers,
interpreters, linkers and text editors.
 Application Software: Application software allows end users to accomplish one or
more specific task.
21. Organizational Complexities of Global ERP Implementation: (Page 152)

 Business process standardization
 Understanding of local needs
 Localized delivery of employee communication and training
 Rely on your change agents
 Leverage performance measures
22. Problem Management: (Page 157) Problem management is a business function comprised of
people, processes, and tools organized and chartered to resolve customer problems.
23. Problem Management Process: (Page 157) Five core processes -

 Problem Identification
 Customer Validation
 Problem Logging
 Service Delivery
 Knowledge Capture And Sharing
24. Problem Management System: (Page 162) Problem management systems, or help desk
systems, have four primary functions:
 To capture request information
 To store that information in a common location
 To route and escalate the request as necessary, and
 To store and report metrics on the entire process
25. What is IT? (Page 167) Information technology is an umbrella term which covers a vast array of
computer disciplines that permit organizations to manage their information resources. Data
processing and management information systems (MIS) are integral parts of existing IT services.
26. Components of Traditional Data Processing: (Page 167) Three main components -
 Data Entry: Day-to-day production data entry
 Operations: day-to-day maintenance, routine report generation, backup etc.
 Applications: Software development, maintenance and support.
27. Information Security: (Page 177) Information security is the security that data or information
is protected against harm from threats that will lead to its loss, inaccessibility, alteration, or
wrongful disclosure. The protection is achieved through a layered series of technological and non-
Page | 20
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
technological safeguards such as physical security measures, user identifiers, passwords, smart
cards, biometrics, firewalls etc.
28. Why is Information System Security Important? (Page 177) Information System security is
important for the protection of the interests of those relying on information, and the information
systems and communications that deliver the information, from harm resulting from failures of
availability, confidentiality, and integrity.
29. What Information is Sensitive? (Page 179)

 Strategic plans: Strategic plans are crucial to the success of a company. The
advantages of achieving insight into a competitor’s intentions can be substantial.
 Business Operations: Business operations consist of an organization’s process and
procedures, most of which are deemed to be proprietary. As such, they may provide a
market advantage to the organization. A company’s client lists and the prices charged for
various products and services can also be damaging in the hands of a competitor.
 Finances: Financial information, such as salaries and wages, are very sensitive and
should not be made public.
30. Establishing Better information Protection: (Page 180) These points may be considered –
 Not all data has the same value
 Know where the critical data resides
31. Information security objective: (Page 181) The following steps must be taken to ensure that
the organization’s information security objectives include:
 Implementing the plan
 Monitoring logs to verify compliance and identify problems
 Measuring the results
 Identifying potential improvements
 Refining processes and procedures
32. Components of Information Security: (Page 181) Information security comprises of three
component parts:
 Data Security
 IT Security
 Compute Security
33. Management of IT Security: (Page 183)

 Vulnerability management
 Threat management
 Trust management
 Identity management
 Information technology control and audit
 Security monitoring
 Incident management
34. Vulnerability management: (Page 183) Vulnerabilities are “weakness or exposures in IT

assets or processes that may lead to a business risk or security risk. A vulnerability management
process is needed to combat this risk. Once identified, the vulnerabilities need to be prioritized
and implemented based on the risk of the particular issue.
Page | 21
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
35. Threat management: (Page 183) A threat management included virus protection, spam
control, intrusion detection, and security event management.
36. Trust management: (Page 184) Trust management includes encryption and access controls. To
ensure cryptography is applied in conformance with sound disciplines, there has to be a formal
policy on the use of cryptography that applies across the organization.
37. Identity management: (Page 185) Identity management is the process used to determine who
has access to what in an organization. It is also one of the most difficult areas to manage due to
the number of functions that must work together to implement proper controls. Identity
management should be a collaborative effort between information security, applications
development, operations, human resources, contracts/procurement, and business groups to
implement.
38. Information technology control and audit: (Page 185) Integrating all these systems with a
common identity management program can be costly and time consuming. Gartner Group
recommends implementing identity management over time by first proving success with a single
function or application.
39. Security monitoring: (Page 185) Computer systems handling sensitive, valuable or critical
information must securely log all significant computer security relevant events. Examples of
computer security relevant events include password guessing attempts, attempts to use privileges
that have not been authorized, modifications to production application software, and
modifications to system software.
40. Incident management: (Page 186) To deal with security incidents that affect the installation in
a disciplined manner, security incidents (e.g. malfunctions, loss of power or communications
services, overloads, and mistakes by users or personnel running the installation, access
violations) have to dealt with in accordance with a formal process. Such process has to apply to
all forms of security incident.
41. Accounting software: (Page 187) Accounting software is application software that records and
processes accounting transactions within functional modules such as accounts payables, accounts
receivables, payroll and trial balance. It functions as an accounting information system.
42. Composition of accounting software: (Page 187) Accounting software is typically composed
of various modules, different sections dealing with particular areas of accounting. Among the
most common are:
 Core Modules
 Accounts receivable
 Accounts payable
 General Ledger
 Billing
 Stock/inventory
 Purchase order
 Sales order
 Cash book
Page | 22
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
 Non Core Modules

 Debt collection
 Electronic payment processing
 Expense
 Inquiries
 Payroll
 Reports
43. Categories of accounting software: (Page 188)

 Small business/personal accounting software: Mainly for home users that use
payable type accounting transactions, managing budgets and simple reconciliation.
Examples –
 ePeachtree
 MYOB Plus
 Small Business Manager
 Low-end accounting software: it allows most general business accounting functions

to be performed. Many of the low end products are characterized by being “single-entry”
products, as opposed to double entry system seen in many businesses. Examples –
 BusinessVision 32
 MAS 90 & MAS 200
 QuickBooks Pro 2003
 Middle-Market accounting software: It may be capable of serving the needs of

multiple national accountancy standards and allow accounting in multiple currencies. In
addition to general accounting functions, the software may include integrated or add-on
management information systems, and may be oriented towards one or more markets.
Examples –
 ACCPAC
 Great Plains (Microsoft)
 MAS 90 & MAS 200
 Navision
 High-end accounting software: It is frequently part of an extensive suite of software

often known as Enterprise Resource Planning or ERP software. The advantage of high-
end solution is that these systems are designed to support individual company specific
processes, as they are highly customizable and can be tailored to exact business
requirements. Examples –
 Axapta (Microsoft Software)
 e- Business Suite (Oracle)
 MAS 500
 Vertical Market: Some business accounting software is designed for specific business
types e.g. banking, construction, medical, non-profit etc. It will include features that are
specific to that industry.
44. Checklist for selecting accounting software: (Page 190) Checklist of questions and key
features need to be addressed:
Page | 23
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
 Ability to drill down from summary general ledger data to individual transactions?
 Ability to import and export data to and from spreadsheets and work processing
programs?
 Ability to generate custom reports?
 Fast posting of large batches of transactions?
 Strong security?
 Adequate technical support?
 Retention of historical data and ability to compare current results to past results?
 Ability to match direct expenses with specific clients and projects?
 Ability to allocate indirect costs to individual projects?
 Ability to integrate customer management and ecommerce functions?
 Ability to flow data from the program into your tax software?
 Ability to add more users at a later data with minimal cost increases?
Page | 24
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
CHAPTER 4
COMMUNICATION AND IT
1. Definition of Data communication: (Page 197) Data communication is the function of

transporting data from one point to another Or, Communication system is the process of
transferring messages from one point to another. Here the data sender and receiver are normally
machines, particularly computer devices and transmission medium may be telephone lines,
microwave links, satellite links etc.
2. What are the basic elements of a Communication system? (Page 197) There are three (3)
elements of Communication system i.e. sender, medium and receiver.
 A Sender (source) which creates the message to be transmitted.
 A medium which carries the message
 A receiver (Destination) which receives the message
3. What are the ways/modes of data transmission modes? (Page 197) There are three ways
or modes for transmitting data from one point to another. These are simplex, half-duplex and
full-duplex.
 Simplex: If transmission is simplex, communication can take place in only one direction.
Sender Receiver
 Half-duplex: This system can transmit data in both directions but only in one direction
at a time. This is the most common type of transmission for voice communications
because only one person is supposed to speak at a time.
Sender or Receiver or
(Receiver) (Sender)
Or
 Full-duplex: This system allows information to flow simultaneously in both directions on

the transmission path.
Sender and Receiver and

(Receiver) (Sender)
And
4. What are the methods for delivering information? Or, How information is delivered?
(Page 198) There are three basic methods of delivering information. These are Unicast, Broadcast
and Multicast.
 Unicast: This is a type of transmission in which information is sent from only one sender
to only one receiver. This is between one-to-one nodes. For e.g. Unicast transmission are
HTTP, SMTP, Telnet, SSH, POP3.
Page | 25
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
 Broadcast: This is type of transmission in which information is sent from just one
computer but is received by all the computers connected to the network. For Ex. DHCP
server and ARP ( address resolution protocol)
 Multicast: This transmits a single message to a selected group of recipients. This is a

type of transmission or communication in which there is only one sender and the
information sent is meant for a set of receivers.
5. What are the differences among unicast, broadcast and multicast? (Page 200)
 Unicast: One-to-one, from one source to one destination.
 Broadcast: One-to-all, from one source to all possible destinations.
 Multicast: One-to-many, from one source to multiple destinations expressing an interest
in receiving the traffic.
6. What is Computer network? (Page 201) A computer network is a system of interconnected

computers. The computers of a network communicate with one another and share applications,
data, voice and video and hardware components.
7. Classify the different types of Network? (Page 201) According to geographical area there
are three types of computer networks i.e. Local area network, Metropolitan area network and
Wide area network.
A. Local area network (LAN):

 A local area network (LAN) is a group of computers within a small area such as house,
office or school which is connected each other.
Page | 26
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
 All computers/ workstations connected on the LAN can communicate with one another.
This allows users to share data, share expensive resources like printers and scanners,
and communicate via email and instant messaging.
 Most current LANs run on Ethernet and use the IEEE 802.3 protocol for communication.
B. Metropolitan area network (MAN): MAN is a computer network usually spanning a

campus or a city which typically connect a few local area networks using high-speed
technologies. It provides efficient connections to a wide area network (WAN).
 This network size falls intermediate between LANs and WANs. It usually covers an area
between 5 and 50km range.
 A MAN (like WAN) is not generally owned by a single organization.
 A MAN often acts as a high speed network to allow sharing of regional resources.
C. Wide area network (WAN): A WAN is a telecommunications network, usually used for
connecting computers that spans a wide geographical area. WAN can be used to connect
cities, states or even countries. It is used by large organizations.
8. What are the advantages and disadvantages of a LAN? (Page 202)
Advantages:
1. Workstations can share peripheral devices like printers. This is cheaper than buying a
printer for every work stations.
2. Workstations do not necessarily need their own hard disk or CD-ROM drives.
3. User can save their work centrally on the networks file server.
4. Users can communicate with each other and transfer data between workstations very
easily.
5. One copy of each application package such as a word processor, spreadsheet etc. can be
loaded onto the file and shared by all users.
Disadvantages:
1. Special security measures are needed to stop users from using programs and data that
they should not have access to.
2. Networks are difficult to set up and need to be maintained by skilled technicians.
3. If the file server develops a serious fault, all the users are affected.
9. How WAN works? (Page 204)

 WANs are either point to point, involving a direct connection between two sites or
operate across packet-switched networks, in which data is transmitted in packets over
shared circuits.
 Point-to-point WAN service providers include both local telephone companies and long
distance carriers.
10. Differences between LAN and WAN? (Page 204)

Key issues LAN WAN
Covering A LAN is restricted to a limited WAN spans greater distances and may
areas geographical coverage of a few operate nationwide or even worldwide.
kilometers.
Cost to The cost to transit data in a LAN is The cost to transmit data may be very
Page | 27
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
transmit negligible since the transmission high because the transmission medium
medium is owned by the user used is leased lines or public systems
organization such as telephone lines, microwave and
satellite links.
Connections The computers, terminals and There may not be a direct physical
peripheral devise are usually connection between various computers.
physically connected with wires.
Speed Data transmission is much higher in The data transmission speed is normally
LAN than WAN. Typically of the order of 1800 to 9600 bits per
transmission speeds in LANs are 0.1 second.
to 100 mega bits per second.
Data error Fewer data transmission errors Higher data transmission errors.
11. What are the different types of computer network as per STRUCTURE? (Page 205)
There are 3 different types of computer network.
 Centralized network
 Distributed network
 Hybrid network
12. What are the uses/ benefits of computer network? (Page 205) Computer network provides
many benefits
 Simultaneous access to program and data
 Sharing peripheral devices like printers, scanners etc.
 Personal communication using e-mail
 Making backup of information
 Aiding communication by teleconferencing and video-conferencing
13. Which devices are used in the network? (Page 205) The using devices are -
 Router,
 Switch,
 Repeater,
 Bridge and
 Hub.
14. Router: A router is a device that forwards data packets along networks. It is connected to at
least two networks, commonly two LANs and WANs or a LAN and its ISP’s network. When data is
sent between locations on one network or from one network to another network the data is
always seen and directed to the correct location by router. It has a back side of router. The wide
router would look similar but lack of antenna. A router may have
 The port to internet connects to a modem
 Each of the ports to LAN can be used to connect to a computers adapter.
 The plug to power transformer always connects to the power transformer that shipped
with the product.
 The reset button is used to undo all the settings you made to the router.
15. Switch: A switch is a small hardware device that joins multiple computers together within one
local area network (LAN). Network switches are capable of inspecting data packets as they are
received, determining the source and destination device of each packet and forwarding them
Page | 28
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
appropriately. A network switch can support 10/100 MBPS or 10/100/1000 MBPS port transfer
rates.
16. Repeater: A repeater is a device that receives a digital signal on an electromagnetic or optical
transmission medium and regenerates the signal along the next leg of the medium. A series of
repeaters make possible the extension of a signal over a distance. Repeater removes the
unwanted noise in an incoming signal. Even if weak or distorted, it can be clearly perceived and
restored. Because digital signals depend on the presence or absence of voltage, they tend to
dissipate more quickly than analog signals and need more frequent repeating.
17. Bridge: A bridge device filters data traffic at a network boundary. Bridges reduce the amount of
traffic on LAN by dividing it into two segments. Bridges inspect incoming traffic and decide
whether to forward or discard it.
18. Hub: A hub is a device where the entire connecting mediums come together. A hub is a medium
used to collect signals from the input line(s) and redistribute them in various available writings
around a topology. Hub basically acts as signal splitter, it accepts signal through its input port and
output it to the output ports.
19. Classification of Hubs: (Page 209) Three different types of HUBs exist i.e. passive, active and
intelligent.
 Passive hubs do not amplify the electrical signal of incoming packets before
broadcasting them out to the network.
 Active hubs do perform this amplification
 Intelligent hubs add extra features to active hub that are of particular importance of
business.
20. What is network topology? (Page 210) A network topology is how computers and other
devices are connected over a network. It describes the layout of wires, devices and routing paths.
21. Discuss the different type physical topologies? (Page 210) There are 6 different common
topologies used in networks and other related topics.
A. Linear bus topology:

 This topology consists of a main run of cable with a terminator at each end. All nodes
(file server, workstations) are connected to the linear table.
 The bus topology was fairly popular in the early years of networking. It’s easy to set up
but not to mention inexpensive. All devices on the bus topology are connected using a
singe cable.
 It is extremely important to note that both ends of the main cable need to be terminated.
If there is no terminator, the signal will bounce back when it reaches the end.
 Lastly the bus topology is commonly less common these days.
B. Ring topology:
 The ring topology is very a very interesting topology indeed. It is a lot more complex that
it may seem. It looks like just a bounch of computers connected in a circle. Beyond the
scenes it is providing a collision free and redundant networking environment.
 It is noted that since there is no end on a ring topology, no terminators are necessary. A
frame travels along the circle, stopping at each node.
Page | 29
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
C. Star topology :
 One of the most popular topologies for Ethernet LANs is the star and extended star
topology. It is easy to set up and relatively cheap and it creates more redundancy than
bus topology.
 It works by connecting each node to a central device. This central connection allows us to
have a fully functioning network even when other devices fail.
 A star topology is designed with each node (file server, workstations, and peripherals)
connected directly to a central network hub, switch or connector.
D. Tree (Expanded Star) topology: A tree topology combines characteristics of linear bus
and star topologies. It consists of group of star-configured workstations connected to a linear
butch backbone cable. Tree topologies allow for the expansion of an existing network and
enable schools to configure a network to meet their needs.
E. Hierarchical topology: This topology is much like the star topology, except that it doesn’t
use a central node. Although Cisco prefers to call this Hierarchical. This type topology suffers
from the same centralization flaw as the star topology. If the device that is on top of the
chain fails, consider the entire network down.
F. Mesh topology: There are two types of mesh topology one is full mesh topology and
another is partial mesh topology.
 The full-mess topology connects every single node together. This will create the most
redundant and reliable network around especially for large networks. If any link fails, we
should always have another link to send data through.
 The Partial-Mesh topology is much like the full mesh. Only we don’t connect each
device to every other device on the network. Instead we only implement a few alternate
routes.
17. Mention the advantages and disadvantages of linear Bus, Ring, Star and Tree
topology? (Page 210)
Advantages Disadvantages
Bus 1. Easy to connect a computer or 1. Entire network shuts down if there is a
Topology peripheral to a linear bus break in the main cable
2. Requires less cable length than a 2. Terminator are required at both ends
star topology of the backbone cable
3. Difficult to identify the problem if he
entire network shuts down
4. Not meant to be used as a stand –
alone solution in a large building.
Page | 30
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
Ring 1. It works well where there is no 1. In this network, communication delay

Topology central site computer system. It is directly proportional to a number of
is truly distributed data nodes in the network. Hence addition
processing system of new nodes in the network increases
2. It is more reliable than a the communication delays.
network because communication 2. The ring network is not as popular as
is not dependent on a single star network because of its more
host computer complicated control software.
Star 1. Easy to install and wire 1. Requires more cable length than a
Topology 2. If any of the local computers fail, linear topology
the remaining portion of the 3. The system crucially depends on the
network is unaffected central node. If the host computer
3. Easy to detect faults and to fails, the entire network fails.
remove parts
4. Transmission delays between
two nodes do not increase by
adding new nodes to the
network because any two nodes
may be connected via two links
only.
Tree or 1. Point to point wiring for 1. Overall length of each segment is
Expanded individual segments limited by the type of cabling used
Star 2. Supported by several hardware 2. If the backbone line breaks, the entire
and software vendors segment goes down
18. What factors should consider when choosing a topology for installing a Computer
Network? (Page 216) The following factors should consider when we are choosing a topology
for installing a computer network.
 Reliability of the entire system
 Expandability of the system
 Cost involved
 Availability of communication lines
 Delays involved in routing information from one node to another
Indeed, an organization usually use some sort of hybrid network, which is simply a combination
network. The exact shape or configuration of the network depends on the needs and overall
organizational structure of the computer involved.
19. What is network software? (Page 217) Network software is the data communication software
that is responsible for holding all data communications system together. It instructs computer
system and devices as to exactly how the data is to be transferred from one place to another.
20. What does network software do? (Page 217) Software controls the operations of computer
networks. The software that manages the resources of the network is often called the network
operating system; servers in LANs rely on network operating systems such as Novell Network,
IBM OS/2 warp server, Microsoft Windows NT server.
Page | 31
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
21. What is the communication software? (Page 217) A variety of communication software
packages are available for micro-computers, especially for internet web browsing like Microsoft
explorer, Mozilla Firefox, Microsoft access etc.
22. What are the functions of communication software? (Page 217) Several functions of
communication software packages are for ex. Access control, Transmission Control, Network
Management, Error Control, Security Management etc.
1. Access control: it is responsible for establishing the connection between terminals and
computers in a network. This control activity include connecting links through modems,
establishing communication parameters i.e. speed, mode and direction, automatic
telephone dialing and redialing, logging on and off with appropriate account numbers.
2. Transmission Control: This function allows computer and terminals to send and
receive commands, messages, data and programs. Data and programs are usually
transmitted in the form of files and thus, this activity is also called the transfer.
3. Error control: This function involves detection and correction of errors. Communication
software and processes detect errors in transmission by different methods, including
parity checking and cyclic redundancy check (CRC).
4. Network Management: This function manages communication in computer network. It
also monitors network activity and the use of network resources by end users. Security
management is required to protect a computer from unauthorized access.
23. What is communication protocol? (Page 219) In data communication process, “a protocol is
a set of rules and procedures established to control transmission between two points so that the
receiver a properly interpret the bit stream transmitted by the sender”. It provides a method and
efficient exchange of data by establishing rules for the proper interpretation of controls and data
transmitted as raw bits and bytes.
24. What are the elements of Protocol? (Page 219) In computer network, communication occurs
between entities in different systems. An entity is anything capable of sending or receiving
information. However, two entities can not simply send bit entities to each other and expect to be
understood. To occur the communication, the entities must agree on a protocol. A protocol
defines what is communicated, how is communicated and when it is communicated.
25. Key elements of protocol: (Page 219) 3 (three) Key elements of protocol:
 Syntax: The term syntax refers to the structure and format of the data, meaning the
order in which they are presented.
 Semantics: This refers to the meaning of each station of bits.
 Timing: This refers to two characteristics; when data should be sent and how fast they
can be sent.
26. What are the roles of protocol? (Page 220) In a computer network, Data Communication
software normally performs the following functions for the efficient and error free transmission of
data:
 Data sequencing: It refers to a long transmission into smaller blocks and maintaining
control.
 Data Routing: This is designed to find the most efficient paths between sources and
destinations.
Page | 32
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
 Flow Control: A communication protocol also prevents a fast sender from overwhelming
a slow receiver. It also ensures resources sharing and protection against congestion by
regulating the flow of data on the communication line.
 Error Control: Error detecting and recovering routines are also an important elements
of communication protocols. The most common method for correcting errors is to
retransmit a block.
 Precedence and order of Transmission: This is ensured that all stations get a chance
to use the communication lines and other resources of the network depending upon the
priorities assigned to them.
 Connection establishment: when two stations of a network want to communicate with
each other, the communication protocol establishes and verifies a connection between
the two.
 Data Security: Providing data security and privacy is also built into most
communications software packages. It prevents access of data by unauthorized users
because it is relatively easy to trap a data communication line.
 Log Information: Data communications software can also develop log information
which consists of all jobs and data communications tasks that have taken place.
27. What do you mean by OSI Model? Or What is OSI model? (Page 221) Open System
Interconnections (OSI) model is a reference model developed by ISO (International Organization
for Standardization) in 1984 as a conceptual framework of standards for communication in the
network across different equipment and applications by different vendors.
 It is considered the primary architectural model for inter-computing and networking
communications.
 Most of the Communication protocols used today have a structure based on the OSI
model.
 This model defines the communication process in to 7 layers which divides the tasks
involved with moving information between networked computers in to seven smaller,
more manageable task groups.
28. 7 Layers of OSI Model: (Page 222)
7 Application  Supports application and end user process.

 Provides application services to file transfers, email and other network
software services.
6 Presentation  Translates from application to network format and vice versa.
 Formats and encrypts/ decrypts data to be sent across a network
5 Session  Establishes, manages and terminates connections between
applications.
 Deals with session and connection coordination.
4 Transport  Responsible for end to end error recovery and flow control.
 Ensures complete data transfer.
3 Network  Creates logical paths for transmitting data from node to node.
 Includes switching, routing and forwarding.
2 Data Link  Packets are encoded and decoded into bits.
 Two slab layers: Media Access Control (MAC) and Logical Link Control
(LLC)
1 Physical  Conveys the bit stream-electrical, light or radio signal through the
network at the electrical; and mechanical
Page | 33
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
Page | 34
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
CHAPTER 5
INTERNAL CONTROL IN COMPUTER BASED BUSINESS SYSTEM
1. What is the definition of internal control? (Page 228) Internal controls are the processes
that auditor develop to administer unit effectively. They generally include rules and procedures.
The collective result should be a dynamic process which is designed to provide reasonable, but
not absolute assurance regarding the achievement of objectives with regard to the following:
 Effectiveness and efficiency of operations
 Reliability with applicable laws and regulations
 Compliance with applicable laws and regulations.
2. What are the features of IC? (Page 228)

 It affects every aspect of an o0rganization including all of its people, processes and
infrastructure.
 It is a basic element that permeates an organization, not a feature that is added on
 Incorporate the qualities of good management
 It is dependent upon people and will succeed or fail depending on the attention people
give to it
 It is effective when all of the people and surrounding environment work together
 It provides a level of comfort regarding the likelihood of achieving organizational
objectives and
 It helps an organization achieve its mission
3. What are the purposes of IC? (Page 228-229) While the overall purpose of IC is to help an
organization achieves its mission, it also helps an organization to -
 Promote orderly, economical, efficient and effective operations and produce quality
products and services consistent with the organization’s mission
 Safeguard resources against loss due to waste, abuse, mismanagement directives
 Develop and maintain reliable financial and management data, and accurately present
that data in timely reports.
4. How do you evaluate IC? (Page 229) The first place to start is to establish a framework that
allows companies to assess existing internal controls. The framework has 5 key phases.
 Define IC
 Organize project team and plan
 Evaluate controls at the entity level
 Evaluate controls at the process, transaction or application level
 Evaluate, improve and monitor
5. What are the components of IC? Or, what are the standards of IC? (Page 229)
 Control environment
 Risk assessment
 Control activities
 Information and communication
 Monitoring
Page | 35
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
There is a synergy and integration among control components that helps form an integrated
system that reacts dynamically to changing conditions.
6. What control activities are taken for IT? (Page 231) While some of the control activities
relating to information technology (IT) are the responsibility of specialized IT personnel, other IT
control activities are the responsibility of all employees who use computers in their work. The
control activities are
 Encryption tools, protocols or similar features of software applications that protect
confidential or sensitive information from unauthorized individuals
 Back-up and restore features of software applications that reduce the risk of lost data
 Virus protection software and
 Passwords that restrict user access to networks, data and applications
7. What are the components of the control activity? (Page 232) ICs rely on the principle of
checks and balances in the workplace. The following components focus on the control activity -
 Personnel
 Authorization procedures
 Segregation duties
 Physical restrictions
 Documentation and record retention
 Monitoring operations
8. What are the limitations of IC? (Page 233) There is no such thing as a perfect control
system. Limitations which may hinder the effectiveness of an otherwise adequate system of
controls include
 Resource constraints
 Inadequate skill, knowledge or ability
 Degree of motivation by management and employees
 Faulty judgments
 Unintentional errors
9. What are the elements of a good Internal Control system? (Page 234) There are 4 (four)
elements in a good internal control system
A. Separation of duties
B. Authorization
C. Documentation
D. Reconciliation
A. Separation of duties: No person should have control a transaction from beginning to end.
Ideally, no person should be able to record, authorize and reconcile a transaction.
Why?
 To protect employees
 To prevent and detect intentional and unintentional errors and
 To encourage better job performance
Key points (Page 234)
Page | 36
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
B. Authorization: Transactions should be authorized and executed by persons acting within

the range of their authority.
Why?
 To prevent invalid transactions
Key points (Page 235)
C. Documentation: Transactions should be clearly and thoroughly documented and available

for review.
Why?
 Documents provide a record of each event or activity
 Appropriate documentation helps to ensure assets are properly controlled
 Documents provide evidence the accuracy and completeness of transactions
Key points for non payroll and payroll (from manual, page 236)
D. Reconciliation: Reconciliation is the process of compari8ng the entries in general ledger to

supporting documentation and resolving any discrepancies i.e. accounts payable, accounts
receivable, cash, property depreciation, interest income and other. For payroll, reconciliation
is the process of comparing the entries on the time sheet report to supporting documentation
and resolving any discrepancies.
10. What are the objectives of IT control? (Page 240) The objectives of IT control relate to the
confidentiality, integrity and availability of data and overall management of the IT function of the
business enterprises.
11. Describe the categories of IT control? (Page 240) IT controls are often described in two
categories -
A. IT general control (ITGC): ITGC represent the foundation of the IT control
structure. ITGC include controls over the information technology (IT) environment,
computer operations, access to programs and data, program development and program
changes.
B. IT application control (ITAC): IT application controls refer to transaction processing

controls, sometimes called “Input-processing-output” controls. These are fully automated
design to ensure the complete and accurate processing of data, from input through output.
These controls also help ensure the privacy and security of data transmitted between
applications. Categories of IT application control may include -
 Completeness checks
 Validity checks
 Identification
 Authentication
 Input controls
12. Discuss the COBIT and COSO in Internal Control Framework. (Page 242)
 COBIT: COBIT is a widely-used framework containing best practices for both ITGC and
application controls. It consists of domains and processes. The basic structure indicates
Page | 37
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
that IT processes satisfy business requirements which is enable by specific IT control

activities. It also recommends the best practices and methods of evaluation of an
enterprise’s IT controls.
 COSO: The Committee of Sponsoring Organization of the Trade Way Commission
(COSO) identifies five components of internal control i.e. control environment, risk
assessment, control activities, information and communication and monitoring that need
to be place to achieve financial reporting and disclosure objectives.
13. What are the effects or impact of IT on Internal Audit? (Page 243-248) The effects of IT
on Internal Audit are summarized under four main headings
A. Changes in the audit trail and audit evidences
B. Changes in the internal controls environments
C. New opportunities and mechanisms for fraud and error and
D. New audit procedures
A. Changes in the audit trail and audit evidences: The existence of audit trail is a key
financial audit requirement, since without an audit trail, the financial auditor have extreme
difficulty in gathering sufficient, appropriate audit evidence to validate the figures in the
client’s accounts. The stages of Changes in the audit trail and audit evidences are -
 Data retention and storage
 Absence of input documents
 Lack of a visible audit trail
 Lack of visible output
 Audit evidence
 Legal issues
B. Changes in the internal controls environments: The internal controls within a client’s
financial systems, both manual and computerized, can be divided into several categories
 Personnel
 Segregation of duties
 Authorization procedures
 Record keeping
 Access to assets and records
 Management supervision and review
a. Segregation of duties
b. Concentration of programs and data
C. New opportunities and mechanisms for fraud and error:

 System Generated Transactions
 System Error
D. New audit procedures: Within a computerized environment the auditor may be required
to adopt a different audit approach to gain sufficient audit evidence to provide an opinion on
the financial statements.
14. What are the main types of IT audit? (Page 248-250)

 Operational computer system/ Network audits
 IT installation Audits
 Developing Systems Audits
Page | 38
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
 IT Management Audits
 IT Process Audits
 Change Management Audits
 Information security & Control Audits
 IT Legal Compliance Audits
 Certification and Other Compliance Audits
 Disaster contingency, Business continuity, Planning and IT Disaster Recovery Audits
 IT strategy Audits
 Special Investigations
15. What is CAAT? (Page 250-251) CAATs are tools or utilities to help auditors select, gather,
analyze and report audit findings. Here are the sorts of questions that an IT auditor might want
to ask -
 What were the top 10% of transactions by value last march?
 How many changes were made to the customer details file during the previous year?
 Are there any out-of-range or unusual data values in column 4 or any suspicious data
patterns?
 Are any of our suppliers also employees?
 Who will win the winter Olympics?
16. What are the responsibilities of Control Managers? (Page 253) Management is
responsible for establishing and maintaining control to achieve the objectives of effective and
efficient operations and reliable information systems. Management should consistently apply
internal control standards to meet each of the internal control objectives and to assess internal
control effectiveness.
17. What measures the Information Managers must take? (Page 253)
 Develop and Implement appropriate, cost effective internal control for results oriented
management.
 Assess the adequacy of internal control in programs and operations
 Separately assesses and document internal control over information systems consistent
with the information security policy of the organization
 Identify needed improvements
 Take corresponding corrective action
 And report annually on internal control through management assurance statements.
18. What is COBIT and COBIT Framework? (Page 254) The Information Systems Audit &
control Foundation (ISACF) developed the Control Objectives for Information and related
Technology (COBIT). COBIT is a framework of generally applicable information systems security
and control practices for IT Control. The framework allows -
 Management to benchmark the security and control practices of IT environments
 Users of IT services to be assured the adequate security and control exist and
 Auditors to substantiate their opinions on internal control and to advice on IT security
and control matters.
19. What are the advantages/ Dimension of COBIT Framework? (Page 255) The framework
addresses the issue of control from the vantage points or dimensions.
1. Business Objectives: To satisfy business objectives, information must conform to
certain criteria that COBIT refers to as business requirements for information. The criteria
Page | 39
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
are divided into seven distinct overlapping categories that map into the COSO objectives:
Effectiveness (relevant, pertinent and timely), efficiency, confidentiality, integrity,
availability, compliance with legal requirements and reliability.
2. IT resources, while include people, application system, technology, facilities and data.
3. IT processes, which are broken into four domains: Planning and organization,
acquisition and implementation, delivery and support and monitoring.
20. What is COBIT structure? (Page 258) COBIT covers four domains:
 Plan and Organize
 Acquire and Implement
 Deliver and Support
 Monitor and Evaluate
21. Information Systems Control Techniques: (Page 259) The basic purpose of information
system controls in an organization is to ensure that the business objectives are achieved and
undesired risk events are prevented or detected and corrected. When reviewing a client’s control
systems the auditor will be able to identify three components of internal control. The information
system auditor will be most familiar with:
1. Accounting Control: Those controls which are intended to safeguard the client’s assets
and ensure the reliability of the financial records.
2. Operational Control: These deals with the day to day operations, functions and
activities are contributing to business objectives.
3. Administrative Controls: These are concerned with ensuring efficiency and compliance
with management policies, including the operational controls.
22. Auditor’s Categorization of Controls: (Page 259) We categorize the controls into following 4
groups:
1. Preventive Controls: Preventive Controls are those inputs, which are designed to
prevent an error, omission or malicious act occurring. One of the examples is to use of
password to gain access to a financial system.
2. Detective Control: These controls are designed to detect errors, omissions or malicious
acts that occur and report the occurrence.
3. Corrective Controls: Corrective Controls are designed to reduce the impact or5 correct
an error once it has been detected. Corrective controls may include the use of default
dates on invoices where an operator has tried to enter the incorrect date.
4. Compensatory Controls: Controls are basically designed to reduce the probability of
threats, which can exploit the vulnerabilities of an asset and cause a loss to that asset.
23. Audit Trails: (Page 262) Audit Trails are logs that can be designed to record activity at the
system, Application and user level.
Objectives of Audit Trails:

 Detecting unauthorized access to the system
 Facilitating the reconstruction of events; and
 Promoting personal accountability.
24. Implementing an Audit Trail: (Page 263)

 Information contained in audit logs measuring the potential damage and financial loss
associated with application errors, abuse of authority.
Page | 40
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
 Audit logs also provide valuable evidence or assessing both the adequacies of controls in
place and the need for additional controls.
25. User Controls: (Page 264) Validity of computer application systems output lies ultimately with
the users is responsible for data submission and for correction of errors that are the result
inaccurately submitted data.
26. Controls over System Selection, Acquisition/Development: (Page 266) System

development and acquisition control include the following key elements:
1. Strategic Master Plan
2. Project Controls
3. Data Processing Schedule
4. System Performance Measurement
5. Post Implementation review.
27. Acceptance Testing: (Page 268) Acceptance Testing is a complete end-to end test of the
operational system including all manual procedures.
28. The post Implementation Review: (Page 269) The full scope of a Post Implementation
Review (“PIR”) will depend largely on the scale and complexity of the project.
29. Change Management Controls: (Page 273) To properly control information system changes
companies need formal change management control policies.
30. Authorization Controls: (Page 274) Authorization controls ensure all information and data
entered or used in processing is:
 Authorize management
 Representative of events that actually occurred.
31. Documentation controls: (Page 274) The documentation contains descriptions of the
hardware, software, policies, and standards, procedures and approvals related to the system
and formalize the system security controls. Assessing documentation involves evaluating OJP’s
efforts to complete the following critical procedures:
 There is sufficient documentation that explains how software/hardware is to be used.
 There are documented formal security and operational procedures.
32. Testing and Quality Controls: (Page 275) Testing commences during the design phase,
during which designs and specifications should be subject to quality reviews(non-computer
testing) and continues during the system development and acceptance testing phases of the
SDLC (System Development life cycle).
33. Quality Reviews: (Page 276) Quality review covers various non-computer testing activities.
34. Data Integrity: (Page 278) The primary objective of data integrity control techniques is to
prevent, detect and correct errors in transaction as they flow though they flow through the
various stages of a specific data processing program. Assessing data integrity involves evaluating
the following critical procedures:
 Virus detection and elimination software is installed and activated
Page | 41
Bhaskar Chakraborty
Md. Sazedul Kabir
ACNABIN
 Data integrity and validation controls are used to provide assurance that the information
has not been altered and the system functions as intended.
35. Threats to the Computerized Environment: (Page 283)

1. Power Loss
2. Communication Failure
3. Disgruntled Employees
4. Errors
5. Malicious Coe
6. Abuse of access privileges by employees
7. Natural Disasters
8. Theft or Destruction of computing Resources
9. Downtime due to technology failure
10. Fire, etc.
36. The Risk Management Cycle: (Page 288) It is a process involving the following steps:
 Identifying assets
 Vulnerabilities and threats
 Assessing the risks
 Developing a risk management plan
 Implementing risk management actions
 Reevaluating the risks.
These steps are categorized into 3 primary functions -

 Risk Identification
 Risk Assessment
 Risk mitigation
The End
Page | 42

IT Summary

Uploaded by

Document Informationclick to expand document informationInformation Technology

Document Informationclick to expand document information

Copyright:

Available Formats

IT Summary

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IT Summary

Uploaded by

Copyright:

Available Formats

Bhaskar Chakraborty

Md. Sazedul Kabir

Chapter Page No.

3. Value of information: (Page 21) Information is of high value if it is –

6. Importance of information: (Page 25) Information technology is fundamental to the success

8. Relationship between information and organization: Information system and organization

9. Attributes of useful and effective information: (Page 29)

10. How do organizations differ? (Page 36)

12. Characteristics of DSS: (Page 40)

13. Components of DSS: (Page 40) Four basic components –

14. Information Systems at different levels of management: (Page 44)

TPS Lower Level Management

17. Activities of a Manager: (Page 46)

19. Types of Information: (Page 48) Two different types –

20. Passive and Interactive Information System: (Page 49)

21. Batch Processing and Rapid Response Processing: (Page 51)

23. Types of knowledge-based systems: (Page 53) Three types -

2. Information system from functional perspective: (Page 77)

 Manufacturing and production system: Manufacturing and production system is

3. Information system from constituency perspective: (Page 81)

5. Components of System: (Page 82)

6. Types of Hardware: (Page 83)

7. Classification of Software: (Page 85)

o Programming Language Translator

B. Application software: is computer software designed to help user to perform singular

8. Difference between shareware and freeware:

9. Firmware: (Page 92) In computing, firmware is software that is embedded in a hardware

10. Process of Building Humanware: (Page 92)

 Test and verify or correct the prototype

14. Data Validation Methods: (Page 97)

16. Features of DBMS: (Page 99)

17. Advantages and disadvantages of DBMS: (Page 101)

18. Processing Techniques: (Page 102) 6 types -

 Lowered response time

25. Difference between Multiprogramming and Multiprocessing: (Page 108)

29. Different Types of Malicious Software: (Page 109)

30. Hackers and Cyber-vandalism: (Page 113)

31. Technologies and tools to provide security: (Page 114)

33. Characteristics of e-commerce: (Page 116)

34. Benefits of e-commerce: (Page 118)

35. Limitations of e-commerce: (Page 119)

1. Phases Of Policy Evolution Process: (Page 126)

2. Categories/approaches of Organizational Management Process: (Page 129)

3. Summary of Management Process: (Page 131)

5. Formal And Informal Information Systems: (Page 133)

7. Components Of Information System: (Page 134)

11. Asset and types of IT asset:

12. Asset life cycle:

Plan → Acquire → Deploy → Manage → Retire → Plan

16. Benefits of IT asset management: (page 145)

18. Misconceptions regarding ITAM: (page 147)

20. Types Of Software: (Page 150)

21. Organizational Complexities of Global ERP Implementation: (Page 152)

23. Problem Management Process: (Page 157) Five core processes -

29. What Information is Sensitive? (Page 179)

33. Management of IT Security: (Page 183)

34. Vulnerability management: (Page 183) Vulnerabilities are “weakness or exposures in IT

 Non Core Modules