You are on page 1of 15

COURSE CODE: CAP 417 COURSE NAME: Planning and Managing IT Infrastructure HOMEWORK 4

Submitted To– Lect. Pankaj Sharma

Submitted BySurendra MCA 4th SEM D3804A15 10806601

Declaration: I declare that this assignment is my individual work. I have not copied from any other student’s work or from any other source except where due acknowledgment is made explicitly in the text, nor has any part been written for me by another person. Student’s Signature: surendra Evaluator’s comments: _____________________________________________________________________ Marks obtained: ___________ out of ______________________ Content of Homework should start from this page only:

PART A: Q.1) like hardware is developed by following some architecture, similarly software is developed by following some architecture? Take suitable examples to discuss the various architectures for the development of the software? Answer: The architecture of the hardware is developed on the basis of the models which are created by the ISO and software also. There are much architecture that is used to develop the software and hardware. There architecture having some steps for developing the software and hardware. The software creation is depending on the type of the application which you want to create. For example, the client/server architecture can support a wide variety of systems across many different industries, and a typical office building can house many different kinds of businesses. Thus, we might start by looking for software components that support a wide variety of application areas in the same way that network architectures or building components. Every organization have to follow any kind of architecture for developing the hardware and software. These kind of architecture is called enterprise architecture. Enterprise architecture is the way or the set of rules or models that help us to develop the technical implementation or an organization. The software architecture of computing system is the structure or structures of the system, which comprise software components, the externally visible properties of those components, and the relationships between them. The term also refers to documentation of a system's software architecture. Documenting software architecture facilitates communication between stakeholders, documents early decisions about high-level design, and allows reuse of design components and patterns between projects. Software architecture is commonly organized in views. There are various architecture for developing the software: • Centralized Architecture: Software Application resides on a Central Server. For full redundancy, the computer system is backed up by another system. The system allows access

and forward events to other consoles on network. The centralized Architecture for distributed application, which may involve multiple processes and depends on one central process to serialize all events. Serialization is necessary to make sure that actions performed by multiple participants in a conversation are in a single consistent order, so that all participants will perceive a consistent view of the order of events. Advantages of centralized Architecture • Developers can use powerful development tools to develop reusable application components, instead of using more limited stored procedure languages. • Administrators can replicate application components to run on multiple machines simultaneously. This spreads client loads across multiple machines and enables higher availability, scalability, and performance. Application component replication (as opposed to data replication) is not possible with two-and-a-half–tiered architectures, because stored procedures must run in a single database. Client-server architecture: Under the structure of the client-server architecture, a business's computer network will have a server computer, which functions as the "brains" of the organization, and a group of client computers, which are commonly called workstations. The server part of the client-server architecture will be a largecapacity computer, perhaps even a mainframe, with a large amount of data and functionality stored on it. The client portions of the client-server architecture are smaller computers that employees use to perform their computer-based responsibilities. Service Oriented Architecture (SOA): Service Oriented Architecture (SOA) is a business-centric IT architectural approach that supports integrating your business as linked, repeatable business tasks, or services. With the Smart SOA approach, you can find value at every stage of the SOA continuum, from departmental projects to enterprise-wide initiatives.

So the hardware architecture is depending on the type of organization need and the budget of the organization. Because the hardware architecture is the collection of the hardware includes the wire, server configuration, commercial system.

Q.2) Software architecture and enterprise architecture plays an important role in the overall functioning of an enterprise and this architecture should be well planned? Comment on the statement and site some real world examples to illus tare their importance in an organization? Answer: Enterprise architecture (EA) is a rigorous description of the structure of an enterprise, its decomposition into subsystems, the relationships between the subsystems, the relationships with the external environment, the terminology to use, and the guiding principles for the design and evolution of an enterprise. This description is comprehensive, including enterprise goals, business functions, business process, roles, organizational structures, business information, software applications and computer systems. Practitioners of EA call themselves "enterprise architects." An enterprise architect is a person responsible for developing the enterprise architecture and is often called upon to draw conclusions from it. By producing enterprise

architecture, architects are providing a tool for identifying opportunities to improve the enterprise, in a manner that more effectively and efficiently pursues its purpose. The term "enterprise" is used because it is generally applicable in many circumstances, including Public or Private Sector organizations An entire business or corporation A part of a larger enterprise (such as a business unit) A conglomerate of several organizations, such as a joint venture or partnership o A multiply-outsourced business operation o o o o Software architecture is commonly defined in terms of structural elements and relationships. Structural elements are identified and assigned responsibilities that client elements interact with through "contracted" interfaces. The software architecture of a program or computing system is the structure or structures of the system, which comprise software components, the externally visible properties of those components, and the relationships

among them.
Software architecture is combination of following concerns: • • • • • • • Not Fail Extensible to extent. Easily Maintained. Easily debuggable. Loosely coupled among integrated components/modules. Platform independent if possible. Documented enough so that can be viewed in papers. • Optimizable coding

Q.3) Ethics play an important role for the functioning of any organization. Comment on the statement and discuss the various ethics and ethical officer in case of an IT company? Answer: Business ethics (also known as corporate ethics) is a form of applied ethics or professional ethics that examines ethical principles and moral or ethical problems that arise in a business environment. It applies to all aspects of business conduct and is relevant to the conduct of individuals and business organizations as a whole. Applied ethics is a field of ethics that deals with ethical questions in many fields such as medical, technical, legal and business ethics. Ethics play the most important role in any business, and they are the key to its success. We all hear of business ethics and standards all the time. Have you ever wondered what defines these ethics and standards? Every company expects a standard pattern of behavior from their employees on some common grounds. They draw a line for behavior, and the employee cannot cross that line. Companies that have very high standards of ethics invariably start their code by saying all employees should be treated with dignity and respect. Employees are not allowed to give falsified information to anyone. These are some of the main elements of business ethics. Having a listed set of codes and rules helps a business to be more effective in their business practices. There would be several departments in a business

like finance, sales, marketing, HR and so on. If they do not have ethics and moral codes in place, employees can take the power given to them as granted. Morals and ethics defined by a business to their employees act like a moral police. Once an employee knows and understands that certain act would warrant a severance on non ethical grounds, they will refrain from doing it. PART B: Q.4) various ethics standards are set for the ethical officer of a corporate? What are those standards and what are the potential advantages of following those standards? Answer: Principles, which when followed, promote values such as trust, good behavior, fairness, and/or kindness. There is not one consistent set of standards that all companies follow, but each company has the right to develop the standards that are meaningful for their organization. Ethical standards are not always easily enforceable, as they are frequently vaguely defined and somewhat open to interpretation ("Men and women should be treated equally," or "Treat the customer with respect and kindness."). Others can be more specific, such as "Do not share the customer's private information with anyone outside of the company." • Determine corporate values • Create ethics & compliance training programs • Guide employees in making the right decision • Create reporting systems • Investigate reports of unethical activity • Report to executive management and the Board of Directors Duties of the Ethics Officer The duties of the city Ethics Officer include, but are not limited to the following: 1. Develop policies, programs and strategies to deal with all ethics-related matters; 2. Develop training and education programs in coordination with the General Counsel and the Jacksonville Ethics Commission;

3. Assist in the selection of Department Ethics Officers; 4. Assist departmental and agency ethics officers in training and education; 5. Conduct meetings with any or all of the departmental and agency ethics officers as well as senior management to discuss or provide advice on ethics issues; 6. Obtain copies of all reports and disclosures made pursuant to state law by persons subject to the Code if such reports and disclosures are substantially similar to reports and disclosures required under the Code and if a person may rely on such state report or disclosure pursuant to Section 602.455 to eliminate filing similar information under the Code; 7. Maintain a directory of where all reports and disclosures filed pursuant to the Code may be obtained; 8. Encourage compliance with the spirit and letter of ethics laws; 9. Review the Code and other applicable laws and regulations periodically and recommend any appropriate changes to the Ethics Commission; 10. Act as the liaison between the Ethics Commission and the officers and employees of the city; The aim of these guidelines is to enable the social researcher’s individual ethical judgements and decisions to be informed by shared values and experience, rather than to be imposed by the profession. The guidelines therefore seek to document widely held principles of research and to identify the factors which obstruct their implementation. They are framed in the recognition that, on occasions, the operation of one principle will impede the operation of another, that social researchers, in common with other occupational groups, have competing obligations not all of which can be fulfilled simultaneously. Thus, implicit or explicit choices between principles will sometimes have to be made.

Q.5) IT and E-Business has the major impact on the each and every part of business and in our lives and it has revolutionized the way business are done but it has also brought cyber crime threats to security of computers and other security issues ? Comment on the statement and by taking some suitable real world examples write down the various security related problems and cyber crime and some measures to prevent cyber crime? Answer:
The implications of all this for business are far-reaching. They suggest that there is a need for major changes in thinking about cyber-security and in planning and implementing security measures. These are particularly important if e -commerce is to reach its full potential and if individual companies are to avoid significant losses as a result of criminal activities. Perhaps the most important changes are in thinking. This has two distinct but overlapping dimensions: security has to be understood in b road rather than narrow terms, and security can no longer be an after-thought, but needs to be part of intelligence, planning, and business strategy. With this in mind, there are several specific recommendations that need to be considered carefully by firms in the high-tech sector. 1. Recognize the real problem is crime, not hacking Organized crime and cyber-crime are becoming an increasingly salient component of the business environment. Disruption, denial of service, and web site defacements will continue to be problems, but exploitation of access to information systems for profit is likely to become more pervasive. The trend towards accessing business systems, highlighting security holes, and offering one’s services for a significant fee, for example, is a thinly veiled form of extortion. As such, it is very difficult from traditional hacking that is designed to highlight security problems and ways of dealing with them as simply a demonstration of expertise. 2. Business intelligence needs to include criminal intelligence analysis Indeed, criminal intelligence analysis needs to be integrated fully into business intelligence; risk assessment needs to incorporate criminal threats; and cybersecurity needs to be conceptualized as part of a broader security problem that cannot be understood or dealt with in strictly technical terms. Defending against such contingencies requires that high-tech firms develop broad security programs that incorporate cyber-security into a much broader program. Cyber-security needs to be one component of a broader security program that includes personnel, physical assets, the provision of services, and financial assets. An arrangement in which the security officer is responsible for cyber-security as part of a comprehensive mandate is likely to be more effective and appropriate than

one in which cyber-security is seen as a distinct portfolio separate from other components of security. 3. Beware of infiltration If cyber-extortion is likely to be a growing problem, another danger is that the hightech industry is vulnerable to infiltration by organized crime, especially when seeking foreign partners. Consequently, the kind of due diligence exercise that has long been common in the banking sector needs to be extended to other industries. For bankers “know your customer” has become standard practice. For the hi-tech business, it is perhaps even more important to know your partners, especially when they are from another country. Be sensitive to money laundering opportunities Companies offering financial services on the Internet – and particularly those offering mechanisms to facilitate financial transactions – need to take steps to identify opportunities for money laundering. Once this is done, they need to introduce safeguards to close loopholes and prevent money laundering. The more this is done by the firms themselves, the less likely they are to be embarrassed and the less likely they will be subject to government regulation. 5. Develop partnerships and information-sharing arrangements Another response to the growing overlap between organized crime and cybercrime is to develop a working partnership with government and law enforcement agencies. Once again, there are precedents for this in other sectors. In recent years, the major oil companies, although very competitive with one another, established information sharing arrangements and worked very closely with law enforcement to minimize infiltration by organized crime figures and criminal companies.

Responding to the challenge Given the difficulty in identifying cybercriminals and the virtual impossibility of bringing judicial action against the perpetrator of a crime that was committed in cyberspace, there is slim hope of any government body taking action to reduce the impact of cybercrime. The onus is therefore on the brand owners to protect their own names, reputations and profits. But how? Create accountability – realise that the problem is large and multidisciplinary; addressing it successfully requires a co-ordinated response from professionals in many departments including legal, IT, security, brand and product management, or online commerce business units. Make sure your company is clear about who needs to be involved and who will lead the effort.

Put the problem into perspective – think clearly through the costs associated with online brand abuse for your company – they’re probably bigger than you think. Aside from direct losses, consider damage to brand equity and business reputation. Use the latest tools to fight the problem – some companies offer technologies and services to help corporations fight and overcome these issues. Waiting for your customers to inform your company about specific abuses or searching your brand names is not enough. Be relentless – companies that actively police online brand abuse and respond to it make themselves unattractive to online criminals. Banks that actively monitor and respond to phishing attacks often experience a dramatic decrease in ongoing attacks as the criminals seek out easier targets. Whilst everyone knows that the business impact of the internet is growing, comparatively few recognise that the opportunities for cybercrime are also growing, and exponentially. Brand owners have a clear economic incentive to take action, with their heavily invested reputations under attack from a sophisticated and well organised set of cybercriminals intent on profiting from their good name at every turn. Q.6) there are various types of attacks possible on the information a company contains; make a list of these attacks by taking suitable examples? Answer: Introduction: This is age of information technology if there is some profit but also the fear of many security attacks by the hackers or crackers. Today is the person is doing his work through using the modern technology. The first half of 2008 has seen an explosion in threats spread via the web, the preferred vector of attack for financially-motivated cybercriminals. On average, Sophos detects 16,173 malicious WebPages every day - or one every

five seconds. This is three times faster than the rate seen during 2007.

The corporate information security is divided into two parts; 1. Information Domains: Understanding corporate security is about understanding what the key assets in the company are. Today, the key asset is often information. But information alone is not enough; knowledge of how to use valuable information is needed to provide a competitive edge. The value of information may depend on being secret and accurate. Three "information domains" are defined: Physical Social/Personal Logical or Network

2. Domain Interfaces: Each of these domains contains interfaces to the outside world.

Threats The domain interfaces can be subject to various types of threats, for example: Logical or Network: (0) Telephone/voicemail security is often forgotten about; threats involve attackers telephoning cheaply internationally, listening to voicemail messages and possibly unauthorized access to the Intranet (if an interface to the Intranet exists).

(1) Dial-up networks can be an easy entry point for attackers, as they are often less well protected or monitored than Internet connections. Typical attacks are identity spoofing leading to unauthorized access. Analog connections are easier to eavesdrop. (2) The Internet connection offers a way to communicate with millions of people globally, but is difficult to control due to it's complex and dynamic nature. A wide range of attacks are possible: eavesdropping, identity spoofing, denial of service. (3) Connections to vendors/partners are often not secured enough, due to lack of time/resources, or belief in security through obscurity. They can be used as an attack point by Partner organizations (Partners don't always stay partners...) and also for attackers who have already penetrated the Partner's network. Threats: unauthorized access, denial of service. (4) Wide area networks are used to extend the corporate Intranet to many remote areas. The cabling probably passes through public zones. The complexity of Wide Area Networks can serve as a deterrent to attackers, but is it enough? How much can you trust network providers? The main threats are eavesdropping, denial-of-service and possibly identity spoofing. Social / Personal: (5) Social engineering can be used to trick personnel into divulging information or providing access. (6) Helpdesks may also be subject to social engineering, providing modem numbers, passwords etc. unwittingly to unauthorized persons. The other key threats are misuse of privileges, illegitimate use and mistakes. Physical: (7) Many people who are not employees will have access to buildings in one way or another. Threats include theft, damage and copying.

(8) Sensitive information, if not securely disposed of, will yield a valuable resource to attackers. The main threat is unauthorized access to information. Other physical threats include laptop theft, natural disasters and loss of media during transport. These threats can result in critical information being lost, copied, deleted, accessed or modified, or services no longer functioning (loss of confidentiality, integrity or availability).