Professional Documents
Culture Documents
REVISION
CHAPTER 1 : CONCEPTS OF GOVERNANCE AND MANAGEMENT OF INFORMATION SYSTEMS
300
KEY CONCEPTS OF BENEFITS OF GOVERNANCE : (Afterwards Deffy and I GOVERNANCE
GOVERNANCE Provided Improvised Decision) DIMENSIONS
● Governance 1. Achieving enterprise objectives ● Conformance or Corporate
● Enterprise Governance 2. Defining and encouraging desirable behaviour in the use of IT Governance Dimension
● Corporate Governance 3. Implementing and integrating the desired business processes ● Performance or Business
● Improved transparency
to make the decisions ? regulatory requirements.
● What decision-making ● Governance requirements for
● Improved compliance
2. Risk Assessment ● To review and approve major IT deployment projects ● Management Control
basis
IT strategy planning in an enterprise could be broadly classified into the following categories :
● Enterprise Strategic Plan
301
302
KEY MANAGEMENT PRACTICES FOR ALIGNING IT BUSINESS VALUE FROM SOURCES OF RISK : (Mainly
STRATEGY WITH ENTERPRISE STRATEGY : (U Are The USE OF IT : (Electronic Dance HNI Causes Political and
Greatest Show Conductor) Music) Economical Tension)
1. Understand enterprise direction 1. Evaluate Value Optimisation 1. Management activities and
2. Assess the current environment, capabilities and performance 2. Direct Value Optimisation controls
3. Define the target IT capabilities 3. Monitor Value Optimisation 2. Human behaviour
4. Conduct a gap analysis 3. Natural events
5. Define the strategic plan and road map 4. Individual activities
6. Communicate the IT strategy and direction 5. Commercial and Legal
relationships
6. Political circumstances
7. Economic circumstances
8. Technology and Technical
issues
RELATED TERMS
1. Asset : Asset can be defined as something of value to the organisation; e.g. information in electronic or physical form, software
systems, employees.
2. Vulnerability is the weakness in the system safeguards that exposes the system to threats.
3. Threat : Any entity, circumstance, or event with the potential to harm the software system or component through its unauthorised
access, destruction, modification, and / or denial of service is called a threat.
4. Likelihood : Likelihood of the threat occurring is the estimation of the probability that the threat will succeed in achieving an
undesirable event.
5. Attack : An attack is an attempt to gain unauthorised access to the system's services or to compromise the system's dependability.
● Interconnectivity of systems.
● External factors such as legislative, legal and regulatory requirements or technological developments.
Countermeasure : An action, device, procedure, technique or other measure that reduces the vulnerability of a component or system is
referred as countermeasure.
Residual Risk: Any risk still remaining after the counter measures are analysed and implemented is called residual risk.
Revision
RISK MANAGEMENT KEY GOVERNANCE KEY MANAGEMENT KEY MANAGEMENT
STRATEGIES : (5T) PRACTICES OF RISK PRACTICES OF RISK PRACTICES OF IT
● Tolerate/Accept the risk MANAGEMENT : (Electronic MANAGEMENT : (CA and COMPLIANCE : (I Owe
● Terminate/Eliminate the Dance Music) MAD about Results) Company an Apology)
risk 1. Evaluate Risk Management 1. Collect Data 1. Identify external compliance
● Transfer/Share the risk 2. Direct Risk Management 2. Analyse Risk requirements
● Treat/Mitigate the risk 3. Monitor Risk Management 3. Maintain a Risk Profile 2. Optimise response to
● Turn back 4. Articulate Risk external requirements
5. Define a Risk Management 3. Confirm external compliance
Action Portfolio 4. Obtain assurance of external
6. Respond to Risk compliance
303
304
COMPONENTS OF COBIT 5: EVALUATING IT The key management practices for assessing and evaluating the
1. Control Objective GOVERNANCE STRUCTURE system of internal controls in an enterprise are given as follows :
2. Framework AND PRACTICES BY (Play Station Is Ensured to be Exchanged on MRP)
3. Process Descriptions INTERNAL AUDITORS : 1. Plan assurance initiatives
4. Management Guidelines (Organisational Leaders 2. Scope assurance initiatives
Perform to Process Risky 3. Identify and report control deficiencies
Controls)
4. Ensure that assurance providers are independent and qualified
1. Organisational Structure
5. Execute assurance initiatives
2. Leadership 6. Monitor internal controls
3. Performance Measurement/ 7. Review business process controls effectiveness
Monitoring
8. Perform control self-assessment
4. Processes
5. Risks
6. Controls
Revision
CLASSIFICATION OF CHARACTERISTICS OF COMPONENT OF CHARACTERISTICS OF A
SYSTEM INFORMATION : (CAR has INFORMATION SYSTEM BUSINESS SYSTEM /
1. Elements MRF Tyres and Voice ● People COMPUTER-BASED
● Abstract System Recorder) ● Computer System INFORMATION SYSTEM
● Physical System 1. Completeness ● Data
(CBIS)
2. Cost Benefit Analysis ● All systems work for
2. Interactive Behaviour ● Network
3. Accuracy and Quality predetermined objectives
● Closed System
4. Relevance and Purpose ● No subsystem can function in
● Open System
5. Mode and Format isolation
● Relatively Closed System
● If one subsystem or
3. Degree of Human 6. Redundancy
component of a system fails,
Intervention 7. Frequency
then in most cases the whole
● Manual System 8. Timeliness
system does not work.
● Automated System 9. Validity
● The way a subsystem works
4. Working / Output 10. Reliability with another subsystem is
● Deterministic System called interaction.
● Probabilistic System ● The work done by an
individual subsystem is
MAJOR AREAS OF TYPES OF INFORMATION SYSTEMS integrated to achieve the
COMPUTER BASED ● Operational Level IS central goal of the system.
APPLICATIONS - Transaction Processing Systems (TPS)
1. Finance and Accounting ● Management Level IS
TRANSACTION
2. Marketing and Sales - Management Information Systems (MIS) PROCESSING SYSTEM (TPS)
3. Production and - Decision Support Systems (DSS) ● Capturing data to organize
Manufacturing ● Strategic Level IS in files or databases
4. Inventory / Stores - Executive Information Systems (EIS) ● Processing of files /
Management ● Knowledge Base IS databases
5. Human Resource - Knowledge Management Systems (KMS) ● Generating information
Management
- Office Automation Systems (OAS) ● Handling of queries from
various quarters of the
organization.
305
306
TPS COMPONENTS FEATURES OF TPS : (LABS) MANAGEMENT MISCONCEPTIONS ABOUT
● Inputs ● Large volume of data INFORMATION SYSTEM MIS
● Processing ● Automation of basic (MIS) ● Any computer based
307
308
Different office activities can be broadly grouped into the BENEFITS OF OFFICE CATEGORIES OF
following types of operations: (Files are Created, Captured, AUTOMATION SYSTEMS COMPUTER BASED OFFICE
Calculated & Recorded before Distribution) (i)Improve communication AUTOMATION SYSTEMS
● Filling, Search, Retrieval and Follow up (ii) Reduce the cycle time 1. Text Processing Systems
● Document Creation (iii) Reduce the costs 2. Electronic Document
● Document Capture (iv) Ensure accuracy Management Systems
● Calculations 3. Electronic Message
● Recording Utilization of Resources Communication Systems
● Receipts and Distribution 4. Teleconferencing and Video-
conferencing Systems
INFORMATION SYSTEM AND ITS ROLE IN The impact of IT on information systems for different sectors is
MANAGEMENT explained below :
● Aids in decision-making 1. E-business
● Gain competitive edge 2. Financial Service Sector
● Innovative ideas 3. Wholesaling and Retailing
● Knowledge 4. Public Sectors
● It can be integrated to formulate a strategy of action or 5. Others
operation
309
CHAPTER 3 : PROTECTION OF INFORMATION ASSETS
310
SECURITY OBJECTIVE WHAT INFORMATION IS TOOLS TO IMPLEMENT ISSUES TO ADDRESS
● Confidentiality SENSITIVE ? POLICY ● A definition of information
● Integrity ● Strategic Plans Standards, Guidelines and security.
● Availability ● Business Operations Procedures ● Reasons why information
● Finances security.
● A brief explanation of the
MEMBERS OF SECURITY TYPES OF INFORMATION SECURITY POLICIES AND THEIR security policies, principles,
POLICY HIERARCHY : (U And I Can Obviously Nail It) standards and compliance
● Management members 1. User Security Policy requirements.
● Definition of all relevant
● Technical group 2. Acceptable Usage Policy
information security
● Legal experts 3. Information Security Policy
responsibilities.
4. Conditions of Connection
● Reference to supporting
5. Organisational Information Security Policy
documentation.
6. Network and System Security Policy
7. Information Classification Policy
EFFECT OF COMPUTERS Internal Controls used within BASED ON OBJECTIVE Another Classification of
ON INTERNAL an Organisation comprise of 1. Preventive Controls Controls is based on the
CONTROLS : (RAM’S the following five Interrelated 2. Detective Control Nature of such Controls with
Personal Assistant) Components : (Environment 3. Corrective Controls regard to the Nature of IS
● Record keeping Information Requires Resources to which they are
4. Compensatory Controls
● Control Activities
Revision
BASED ON AUDIT INFORMATION ACCESS CONTROL LOGICAL ACCESS PATHS :
FUNCTION CLASSIFICATION : (TCP/IP) MECHANISMS (D BOOT)
(a) Managerial Control ● Top Secret 1. Identification 1. Dial-up Ports
(b) Application Control ● Highly Confidential 2. Authentication 2. Online Terminals
● Proprietary 3. Authorisation 3. Operator Console
● Internal Use only 4. Telecommunication Network
● Public Documents
BOUNDARY CONTROL INPUT CONTROLS (b) Data Coding Controls (c) Validation Controls
TECHNIQUES ARE (a) Source Document Controls ● Transcription Errors ● Field interrogation
● Personal Identification ● Use pre-numbered source - Addition ● Record interrogation
Numbers (PIN) document - Truncation ● File interrogation
● Passwords ● Use source documents in - Substitution
● Cryptography sequence ● Transposition Errors
● Identification Cards ● Periodically audit source - Single transposition
● Biometric Devices documents - Multiple transposition
311
312
FIELD INTERROGATION RECORD INTERROGATION FILE INTERROGATION PROCESSING CONTROLS
● Limit Check ● Reasonableness Check ● Version Usage 1. Processor Control
● Picture Check ● Valid Sign ● Internal and External (i) Error detection and
● Valid Code Checks ● Sequence Check Labeling correction
● Check Digit ● Data File Security (ii) Multiple execution states
● Arithmetic Checks ● Before and after Image and (iii) Timing controls
● Cross Checks Logging (iv) Component replication
● File Updating and 2. Real Memory Control
Maintenance Authorisation 3. Virtual Memory Control
● Parity Check 4. Data Processing Control :
(REFER)
OUTPUT CONTROLS : DATABASE CONTROLS COMMUNICATION ● Run-to-run totals
(Spoon and Log Require The update controls are: CONTROL ● Edit checks
Retaining, Storing, Reporting ● Sequence Check Transaction (a) Physical Component ● Field initialization
& Printing) and Master Files Control ● Exception reports
● Spooling/Queuing ● Ensure All Records on Files (b) Line Error Control ● Reasonableness verification
● Logging of output program are processed (c) Flow Control ● Existence and Recovery
executions ● Process multiple transactions (d) Link Control Control
● Recovery Controls for a single record in the (e) Topology Control
● Retention controls correct order (f) Internet Working Control
● Storage of sensitive critical ● Maintain a suspense account
● On-line Data Entry Controls ● Division of Environments ● Who is permitted to update data?
● Data Processing and Storage ● Offsite Backup Storage ● Who is permitted to read and use the data?
Controls ● Quarter-End and Year-End ● Who is responsible for determining who can read and update
● Documentation ● Pen drives can be very ● Centralised purchase of hardware and software
● Dual control conveniently transported ● Standards set for developing, testing and documenting
● Input/ output verification ● Does not provide inherent ● Uses of antimalware software
● Supervisory review
data safeguards ● The use of personal computer and their peripheral must be
● Segregation of duty is not controls.
possible
● The staff mobility is higher
be adequately trained
313
314
REMOTE AND DISTRIBUTED DATA PROCESSING APPLICATIONS CAN BE CONTROLLED IN MANY WAYS
● Remote access to computer and data files through the network should be implemented.
● Applications that can be remotely accessed via modems and other devices should be controlled appropriately.
● Terminal and computer operations at remote locations should be monitored carefully and frequently.
● There should be proper control mechanisms over system documentation and manuals.
● When replicated copies of files exist at multiple locations it must be ensured that all are identical copies contain the same information
and checks are also done to ensure that duplicate data does not exist.
LOGICAL ACCESS CONTROL ACROSS THE SYSTEM PHYSICAL ACCESS ISSUES AND EXPOSURES
● User access management The following points elucidate the results due to accidental or
● User responsibilities intentional violation of the access paths:
● Network access control ● Abuse of data processing resources.
● Unauthenticated entry
315
15. Trap Door
CHAPTER 4 : BUSINESS CONTINUITY PLANNING AND DISASTER RECOVERY PLANNING
316
NEED FOR BUSINESS ADVANTAGE OF BUSINESS BCM POLICY BUSINESS CONTINUITY
CONTINUITY CONTINUITY The objective of this policy is to PLANNING
MANAGEMENT (BCM) 1. is able to proactively assess provide a structure through Business continuity covers the
Some key terms related to the threat scenario and which: following areas:
BCM : potential risks; ● Critical services and activities ● Business resumption
3. Business Continuity contain the damage and will be identified. ● Crisis management
Planning (BCP) minimize the impact on the ● Plans will be developed to
enterprise; and ensure continuity of key
3. is able to demonstrate a service delivery.
response through a process ● Invocation of incident
of regular testing and management and business
trainings. continuity plans can be PHASES OF BUSINESS
managed. CONTINUITY PLANNING :
OBJECTIVES AND GOALS OF BUSINESS CONTINUITY ● Incident Management Plans (Pakistan Vs Bangladesh
PLANNING and Business Continuity Delayed Playing Their Match
The key objectives of the contingency plan should be to: Plans are subject to ongoing In India)
● Provide for the safety and well-being of people on the premises testing, revision and The eight phases are described
at the time of disaster. updation as required. in detail in the following:
● Continue critical business operations. ● Planning and management 1. Pre-Planning Activities
● Minimise the duration of a serious disruption. responsibility are assigned to 2. Vulnerability Assessment
● BCM - Strategy Process business continuity BCM program, the enterprise complete and workable.
● BCM - Development and
management system : should : ● The competence of personnel
Implementation Process ● The business continuity ● assess the impacts that would in their performance of
● BCM Testing and
policy; occur if the activity was recovery procedures can be
Maintenance Process ● The business continuity disrupted over a period of evaluated.
management system; time; ● The resources such as
● BCM Training Process
● The business impact analysis ● identify the maximum time business processes, IS
report; period after the start of a systems, personnel, facilities
● The risk assessment report; disruption within which the and data are obtainable.
● The aims and objectives of
activity needs to be resumed; ● The manual recovery
● Training program.
317
318
MAINTENANCE PROGRAM REVIEWING BCM ARRANGEMENT
● Determine the ownership and responsibility. An audit or self-assessment of the enterprise's BCM program
● Identify the BCP maintenance triggers to ensure that any should verify that :
organisational, operational, and structural changes are ● All key products and services and their supporting critical
● Implement version control procedures to ensure that the plan is ● The enterprise's BCM solutions are effective
relevant staff
● Change control processes are in place and operate effectively
TRAINING, AWARENESS AND COMPETENCY TYPES OF PLANS : (Boys SOFTWARE AND DATA
● Actively listens to others, their ideas, views and opinions; Entered the Room) BACK-UP TECHNIQUES -
● Provides support in difficult or challenging circumstances; 1. Back-up Plan TYPES OF BACK-UPS : (I
● Responds constructively to difficult circumstances; 2. Emergency Plan Managed to Draw a Flower)
● Adapts leadership style appropriately to match the 3. Recovery Plan 1. Incremental Backup
circumstances; 4. Test Plan 2. Mirror back-up
319
CHAPTER 5 : ACQUISITION, DEVELOPMENT AND IMPLEMENTATION
320
OF INFORMATION SYSTEMS
APPROACHES TO SYSTEM SYSTEM DEVELOPMENT LIFE CYCLE THE PHASES INVOLVED IN THE
DEVELOPMENT (SDLC): framework provides system SDLC: (I Require A Design Developer To
● Waterfall: Linear framework type designers and developers to follow a Implement and Maintain)
● Prototyping: Iterative framework type sequence of activities. It consists of a set of ● Preliminary Investigation
iterative framework type SDLC uses the results of the previous one. ● Systems Design
● Behavioural ● Operational
● Technical BENEFITS:
● Economical ● Tangible
● Resources ● Intangible
● Financial
323
324
STAGE - II : SYSTEMS ANALYSIS OF PRESENT SYSTEM SYSTEMS ANALYSIS OF PROPOSED
REQUIREMENTS ANALYSIS ● Review Historical Aspects SYSTEMS: After each functional area of
FACT FINDING TECHNIQUES: (Doctor ● Analyze Inputs the present information system has been
Interviews and Questions while ● Review Data Files Maintained
carefully analysed, the proposed system
Observation) ● Review Methods, Procedures & data
specifications must be clearly defined.
● Documents Communications
● Interviews ● Analyze Output
● Questionnaires ● Review Internal Controls
● Observations ● Model the Existing Physical & Logical
System
● Undertake Overall Analysis
support tool that uses a tree-like graph or about the data items in the files of a ● Identify of source document used to
model of decisions and their possible business information system. In other create data item
consequences, including chance event words, it is a computer file about data. ● Names of computer file storing data item
outcomes, resource costs, and utility. Uses: ● Names of computer programs that
DECISION TABLE: ● Aids in documentation - To modify data item
A Decision Table is a table which may Programmers & analysts ● Identity of individual permitted to access
accompany a flowchart, defining the ● File Security
● Identity of individual not permitted to
possible contingencies that may be ● For Accountant - Planning flow of access
considered within the program and the transaction data
appropriate course of action for each ● For Auditors - Establish audit trail
contingencyCondition Stub - which ● Aids in investigation / documenting
comprehensively lists the comparisons or internal control procedures
conditions;
● Condition Stub
● Action Stub
● Condition entries
● Action entries
325
326
LAYOUT FORM AND SCREEN SYSTEM SPECIFICATION ROLES INVOLVED IN SDLC
GENERATOR, MENU GENERATOR, At the end of the analysis phase, the ● Steering Committee
REPORT GENERATOR, CODE systems analyst prepares a document ● Project Manager
GENERATOR called “Systems Requirement ● Project Leader
● Layout form and Screen Generator Specifications (SRS)”, it contains: ● Systems Analyst / Business Analyst
● Menu Generator ● Introduction
● Module Leader / Team Leader
● Report Generator ● Information Description
● Programmer / Coder / Developer
● Code Generator ● Functional Description
● Database Administrator (DBA)
● Behavioural Description
● Quality Assurance
● Validation Criteria
● Tester
● Appendix
● Domain Specialist
● SRS Review
● IS Auditor
STAGE – III: SYSTEM DESIGN THE DESIGN PHASE INVOLVES: DESIGN OF DATABASE
System design involves first logical design ● Architectural Design ● Conceptual Modeling
and then physical construction of a system. ● Design of the Data / Information Flow ● Data Modeling
Design specifications instruct ● Design of the Database ● Storage Structure Design
programmers about what the system ● Design of the User-interface ● Physical Layout Design
should do. The programmers, in turn,
● Physical Design
write the programs that accept input from
● Design and acquisition of the hardware/
users, process data, produce the reports,
system software platform
and store data in the files.
● Signal important events, opportunities, ● Media two or three alternatives and choose the
warnings ● Form best one on pre-specified criteria.
● Trigger an action ● Format ● The design should be based on the
down.
● The design should be modular.
● Ensuring security, reliability, and ● Rapid implementation ● Compatibility with Existing Systems
functionality already built into a ● Cost ● Maintainability of the proposed system
product. ● Quality ● Cost benefits of the proposed system
● Ensuring managers complete ● Low risk ● Performance rating of the proposed
appropriate vendor, contract, and METHODS OF VALIDATING system in relation to its cost
licensing reviews. PROPOSAL
● Including invitations-to-tender and ● Checklists
request-for-proposals. ● Point Scoring Analysis
● Establishing acquisition standards to
● Public evaluation Reports
ensure functional, security, and ● Benchmarking problem for vendor’s
operational requirements to be proposal
accurately identified and clearly detailed
● Test problems
in request-for-proposals.
327
328
STAGE – IV – Part 2 : DEVELOPMENT Characteristics Of A Good Coded Program Debugging
(PROGRAMMING TECHNIQUES AND Program: Debugging refers to correcting
LANGUAGES) ● Reliability programming language syntax and
Objective: ● Robustness diagnostic errors so that the program
To convert the specification into a ● Accuracy compiles cleanly. It consists of:
functioning system. ● Efficiency ● Inputting the source program to the
Activities: ● Usability
compiler,
Application programs are written, tested ● Letting the compiler find errors in the
● Readability
and documented, conduct system testing. program,
Document / Deliverable: ● Correcting lines of code that are
329
CHAPTER 6 : AUDIT OF INFORMATION SYSTEMS
330
NEED FOR CONTROL AND EFFECT OF COMPUTERS ON 2. Changes to Evidence RESPONSIBILITY OF IS
AUDIT OF INFORMATION AUDIT Evaluation / New causes and AUDITOR
SYSTEMS 1. Changes to evidence sources of error: ● Sound knowledge of
● Organisational Costs of Data collection/ in the audit trail / ● System generated business operations
Loss audit evidence transactions ● Technical qualification and
● Incorrect Decision Making ● Data retention and storage ● Systematic Error certifications
● Costs of Computer Abuse ● Audit Evidence ● Understanding of
and transactions.
● The occurrence of non-compliance with laws and regulations.
331
332
ADVANTAGES DISADVANTAGES UNDERSTANDING THE AUDIT TRAIL FOR
● Timely, comprehensive and ● Auditors should be able to LAYERS AND RELATED APPLICATION CONTROLS
detailed auditing obtain resources AUDIT ISSUES Boundary Controls
● Surprise test capability ● More likely to be used if (i) Operational Layer Audit trail includes
● Information to system staff auditors are involved in the (ii) Tactical Layer ● Identify would be user of
on meeting of objectives development (iii) Strategic Layer system.
● Training for new users ● Auditors need the ● Authentication Information
knowledge and experience of supplied.
working with computer ● Resources requested.
systems ROLE OF IS AUDITOR IN ● Action privileges requested.
● Continuous auditing PHYSICAL ACCESS ● Start and finish time.
techniques are more likely to CONTROLS ● Number of sign on attempts.
be used where the audit trail 1. Risk assessment ● Log in and log out time.
is less visible and the costs of
2. Controls assessment ● Action privileges allowed /
errors and irregularities are
3. Planning for review of denied.
high.
physical access controls
● Physical device used to enter data into system. hardware consumption - ● When the output was
333
CHAPTER 7 : INFORMATION TECHNOLOGY REGULATORY ISSUES
334
REQUIREMENTS OF IRDA FOR SYSTEM CONTROLS AND REQUIREMENTS OF RBI FOR SYSTEM CONTROLS AND
AUDIT AUDIT
(i) System Audit (i) System Controls
(ii) Preliminaries ● Duties of system designer should be assigned to persons
(iii) System Controls operating the system and there should be separate persons
● There should be Electronic transfer of Data without manual dedicated to system design.
intervention. ● Contingency plans in case of failure of system should be
● The auditor should comment on the audit trial maintained introduced and tested at periodic intervals.
in the system for various activities. ● An appropriate control measure should be devised.
● The auditor shall also ascertain that the system has separate ● Uniformity of software used by various branches / offices.
logins for each user and maintains trail of every transaction ● Board of Directors and senior management are responsible
with respect to login ID, date and time for each data entry, for ensuring that an institution's system of internal controls
authorisation and modifications. operates effectively.
● Annual review of IS Audit Policy.
● To enhance and create National and Sectorial level 24*7 ● The Do Phase
● To enhance the protection and resilience of Nation's critical ● The Act Phase
cybercrime;
● To create a culture of cyber security and privacy enabling
335
CHAPTER 8 : EMERGING TECHNOLOGIES
336
CLOUD VS GRID GOALS OF CLOUD COMPUTING : (I Saw CAR being Created CLOUD COMPUTING
COMPUTING in front of my Eyes) ARCHITECTURE
● Scalability 1. "Anywhere Access" (AA) ● Front End Architecture
● Multi-tasking 2. To scale the IT ecosystem quickly, easily and cost-effectively. ● Back End Architecture
CLOUD COMPUTING CLOUD COMPUTING MODELS 2. Platform as a Service 3. Software as a Service (SaaS)
ENVIRONMENT 1. Infrastructure as a Service (IaaS) (PaaS) Services
(a) Public Clouds Services Services ● Business Services
(b)Private Clouds ● Storage ● Programming Languages ● Social Network
(c) Hybrid Clouds ● Network ● Framework/Templets ● Document Management
(d) Community Clouds ● Compute ● Database (For Software ● Mail Services
Instances Instances
● NaaS ● TaaS
● STaaS ● APIaaS
● DBaaS ● EaaS
337
338
4. Issues in Mobile BENEFITS AND CHALLENGES FOR SOCIAL NETWORKS BYOD
Computing USING WEB 2.0 Risks can be classified into
● Security Issues Benefits four areas as outlined below :
- Confidentiality 1. It provides a platform (I Need Apple Devices)
- Integrity 2. No new knowledge skills are required. 1. Implementation Risks
- Availability 3. Web 2.0 techniques are very people centric activities 2. Network Risks
- Legitimate 4. People are coming much closer to another 3. Application Risks
- Accountability 5. Using Web 2.0 also increases the social collaboration to a very 4. Device Risks
● Bandwidth high degree
● Location Intelligence Number of challenges
● Power Consumption 1. Data security and privacy
● Revising the Technical 2. Privacy of individual users also arises
Architecture 3. A majority of the social networks are offline
● Reliability, Coverage, 4. This becomes more viable in the areas of the world that are
Capacity and Cost developing
APPLICATION OF WEB 2.0
● Integration with Legacy
1. Social Media
Mainframe and Emerging
TYPES AND BEHAVIOUR SOCIAL MEDIA AND 2. Marketing
Client/Server Applications
OF SOCIAL NETWORKS WEB 2.0 3. Education
● Business Challenges
● Social Contract Networks Components of Web 2.0 for
● Study Circles Social Networks APPLICATION OF WEB 3.0
ADVANTAGES/BENEFITS
● Social Networks for ● Communities 1. Semantic Web
OF BYOD
Specialist Groups ● Blogging 2. Web Services
1. Happy Employees