IT Concepts and Systems

Analysis and Design

Abner F. Escullar
mcp,mcdst, mba
IT Infrastructure and Rules to
Accounting Functions
What is IT Infrastructure
consists of the equipment,
systems, software, and
services used in common
areas across an organization,
regardless of
mission/program/project.
Connection between the Firm, IT
Infrastructure and Business
Capabilities
Computing platforms
used to provide computing
services that connect employees,
customers, and suppliers into a
coherent digital environment,
including large mainframes,
midrange computers, desktop and
laptop computers, and mobile
handheld devices.
Application software
provide enterprise-wide
capabilities such as enterprise
resource planning, customer
relationship management,
supply chain management, and
knowledge management
systems that are shared by all
business units.
Physical facilities
management
develop and manage the physical
installations required for
computing, telecommunications,
and data management services.
IT management
plan and develop the
infrastructure, coordinate with the
business units for IT services,
manage accounting for the IT
expenditure, and provide project
management services.
IT standards
provide the firm and its business
units with policies that determine
which information technology will
be used, when, and how.
IT education
provide training in system use to
employees and offer managers training
in how to plan for and manage IT
investments.
IT research and
development
provide the firm with research on
potential future IT projects and
investments that could help the firm
differentiate itself in the marketplace.
 Stages in IT Infrastructure
Evolution
General-Purpose Mainframe and Minicomputer Era:
(1959 to Present)

Introduction of IBM 1401 and 7090 transistorized machines in 1959.

Beginning of widespread commercial use of mainframe computers
Mainframe computers became powerful enough to support
thousands of online remote terminals connected to centralized
mainframe.
 Stages in IT Infrastructure
Evolution
Personal Computer Era: (1981 to Present)

First personal computers appeared in 1970 (Xerox Alto,

MITS Altair 8000, Apple 1 and 11) but with limited distribution.
IBM PC was introduced in 1981 and widely accepted by American
businesses using DOS OS and later the Microsoft Windows Operating
system.
Windows operating became standard desktop computer until today

95%
WinTel
PCs user
 Stages in IT Infrastructure
Evolution
Client/Server Era (1983 to Present)

Desktop and laptop computers are called clients and is connected

to a powerful server computers that provide the client computers
with a variety of services and capabilities.
Client is the user point of entry, whereas the server typically process
and stores shared data.
 Stages in IT Infrastructure
Evolution
Enterprise Computing Era (1992 to Present)

firms turned to networking standards and software tools that could

integrate disparate networks and applications throughout the firm
into an enterprise-wide infrastructure.
business firms began seriously using the Transmission Control
Protocol/Internet Protocol (TCP/IP) networking standard to tie their
disparate networks together.
link different types of computer hardware, including mainframes,
servers, PCs, mobile phones, and other handheld devices, and it
includes public infrastructures such as the telephone system,
the Internet, and public network services.
Stages in IT Infrastructure
Evolution
 Stages in IT Infrastructure
Evolution
Cloud and Mobile Computing Era (2000 to Present)

refers to a model of computing that provides access to a shared

pool of computing resources (computers, storage, applications,
and services), over a network, often the Internet.
Infrastructure Ecosystem
 Infrastructure Components
COMPUTER HARDWARE PLATFORMS

Includes client machines like desktop PCs, mobile computing

devices such as netbooks and laptops but not including iPhones
and BlackBerrys and Server machines.
The server market uses mostly Intel or AMD processors in the form
of blade servers in racks, but also includes Sun SPARC
microprocessors and IBM POWER chips specially designed for
server use.
 PCs(Desktop, Portables, Servers, wireless)
-cost replacement cycles?

vs
 Infrastructure Components
OPERATING SYSTEM PLATFORMS

Microsoft Windows comprises about 75 percent of the server

operating system market, with 25 percent of corporate servers
using some form of the Unix operating system or Linux.
At the client level, 90 percent of PCs use some form of Microsoft
Windows operating system (such as Windows 7, Windows Vista,
or Windows XP) to manage the resources and activities of the
computer.
 Infrastructure Components
ENTERPRISE SOFTWARE APPLICATIONS

The largest providers of enterprise application software are SAP

and Oracle (which acquired PeopleSoft).

Microsoft is attempting to move into the lower ends of this market

by focusing on small and medium-sized businesses that have not
yet implemented enterprise applications.
 Infrastructure Components
DATA MANAGEMENT AND STORAGE

Enterprise database management software is responsible for

organizing and managing the firms data so that they can be
efficiently accessed and used.
The physical data storage market is dominated by EMC
Corporation for large scale systems, and a small number of PC
hard disk manufacturers led by Seagate, Maxtor, and
Western Digital.
 Infrastructure Components
NETWORKING/TELECOMMUNICATIONS PLATFORMS

TELECOMMUNICATIONS - science and practice of

transmitting information by electromagnetic means
- provide data, voice, and video connectivity to
employees, customers, and suppliers.

NETWORKING - collection of computers and other

hardware interconnected by communication
channels that allow sharing of resources and
information.
Telecom Today
involves the use of electrical devices such as
the telegraph, telephone, and teleprinter, as
well as the use of radio and microwave
communications, as well as fiber optics and
their associated electronics, plus the use of
the orbiting satellites and the Internet.
Computer Network
 Infrastructure Components
INTERNET PLATFORMS

overlap with, and must relate to, the firms general networking
infrastructure and hardware and software platforms

Web hosting service maintains a large Web server, or series of

servers, and provides fee-paying subscribers with space to
maintain their Web sites.
Internet
global system of interconnected computer
networks that use the standard Internet
protocol suite (often called TCP/IP) to serve
billions of users worldwide.
Internet
network of networks that consists of
millions of private, public, academic,
business, and government networks, of local
to global scope, that are linked by a broad
array of electronic, wireless and optical
networking technologies.
Area to consider in
costing
Life Cycle Cost
Components (Intel)
PC Purchase Price : Cost of
purchase/delivery to the facility.
Training : cost to train users on the new PC.
PC engineering : The cost to create any
builds, patches and images for new PC
PC deployment : Cost to deliver PC
hardware and associated software to end-
users
Life Cycle Cost
Components (Intel)
PC Peripherals :cost to replace old add-on devices
such as cords, monitors, keyboards, etc.
Software : cost to create and deliver standards
patches to PC annually
Support : Average annual cost to support one PC
annually
Out of warranty repairs : cost to break-fix repair
after standard warranty
Retrieval and disposal costs : cost to remove the
PC from users workspace and dispose it
INTERACTIVE SESSION:
Technology

New to the Touch

Assignment :
Securing Information
Systems
Security
refers to the policies, procedures, and technical measures used
to prevent unauthorized access, alteration, theft, or physical
damage to information systems.

Controls
methods, policies, and organizational procedures that ensure the
safety of the organizations assets; the accuracy and reliability of
its records; and operational adherence to management
standards.
WHY SYSTEM IS
VULNERABLE?
 Securing Information Systems:

External Vulnerabilities
Internet
more vulnerable than internal networks because they are
virtually open to anyone.
When becomes part of corporate network, IS are more vulnerable
to actions from outside

Wireless Security Challenges

Is it safe to log onto a wireless network at an airport, library,
or other public location?
Securing Information Systems:

External Vulnerabilities

Wireless Security Challenges

 Securing Information Systems:
External Vulnerabilities
MALICIOUS SOFTWARE:

Malware : (Malicious program) includes a variety of threats such

as computer viruses, worms, and Trojan horses.

Virus - a rogue software program that attaches itself to

other software programs or data files in order to be
executed, usually without user knowledge or permission.

Worms - independent computer programs that copy

themselves from one computer to other computers over a
network.
Securing Information Systems:

examples of malicious code

Securing Information Systems:

examples of malicious code

 Securing Information Systems:
External Vulnerabilities
MALICIOUS SOFTWARE:

Trojan Horse - is not itself a virus because it does not

replicate, but it is often a way for viruses or other malicious
code to be introduced into a computer system.

SQL injection attacks - largest malware threat that take

advantage of vulnerabilities in poorly coded Web application
software to introduce malicious program code into a
companys systems and networks. 335
Securing Information Systems:
HACKERS AND COMPUTER CRIME

Hacker: Who are they?

 Securing Information Systems:
HACKERS AND COMPUTER CRIME

Individual who intends to gain unauthorized

access to a computer system.
 Securing Information Systems:
HACKERS AND COMPUTER CRIME

Computer Crime
Identity Theft - a crime in which an imposter obtains key pieces of
personal information, such as social security identification numbers,
drivers license numbers, or credit card numbers, to impersonate
someone else.

Popular tactics : Phising, Evil Twins, and Pharming

Securing Information Systems:
HACKERS AND COMPUTER CRIME

Computer Crime

Click Fraud - occurs when an individual or computer program

fraudulently clicks on an online ad without any intention of learning
more about the advertiser or making a purchase.
 Securing Information Systems:
HACKERS AND COMPUTER CRIME

INTERNAL THREATS: EMPLOYEES

Employees have access to privileged information, and in the

presence of sloppy internal security procedures, they are often
able to roam throughout an organizations systems without
leaving a trace
Data Security
Technologies
DiskEncryption
Hardware based Mechanism
Backups
Data masking
Data Erasure
Disk Encryption
encryption technology that encrypts data
on a hard disk drive. Disk encryption
typically takes form in either software or
hardware. Disk encryption is often referred
to as on-the-fly encryption ("OTFE") or
transparent encryption.
Software based Mechanism
Software based security solutions encrypt
the data to prevent data from being stolen.
However, a malicious program or a hacker
may corrupt the data in order to make it
unrecoverable or unusable. Similarly,
encrypted operating systems can be
corrupted by a malicious program or a
hacker, making the system unusable.
Hardware based
Mechanism
Hardware-based security solutions can
prevent read and write access to data and
hence offers very strong protection against
tampering and unauthorized access

-more on manual action to allow user to log

in or log out.
Backups
used to ensure data which is lost can be
recovered.
Data masking
process of obscuring (masking) specific
data within a database table or cell to
ensure that data security is maintained
and sensitive information is not exposed to
unauthorized personnel.
Data Erasure
method of software-based overwriting that
completely destroys all electronic data
residing on a hard drive or other digital
media to ensure that no sensitive data is
leaked when an asset is retired or reused.
Privacy
relationship between collection and
dissemination of data, technology, the public
expectation of privacy, and the legal and
political issues surrounding them.
 Securing Information Systems:
THE ROLE OF AUDITING

How does management know

that information systems security
and controls are effective?
REA Model
The REA data model was developed
specifically for use in designing
accounting information systems.

It focuses on business semantics

underlying an organization's value
chain activities.
Provides guidance for:

Identifying the entities to be

included in a database.
Structuring the relationships
among the entities.

REA data models are usually depicted

in the form of E-R diagrams.
Therefore, we refer to E-R diagrams
developed with the REA model as REA
diagrams
Three Basic Types of Entities

The REA data model is so named because it

classifies entities into three distinct
categories:

1. Resources that the organization acquires

and uses.

2. Events in which the organization engages

3. Agents participating in these events

The REA data model
prescribes a basic pattern for
how the three types of entities
(resources, events, and
agents) should relate to one
another.
merEmployeeS
Rule 1: Each event is linked to at least one resource that it
affects.
Rule 2: Each event is linked to at least one other event.

Rule 3: Each event is linked to at least two agents.

entoryCashAc
collec
t
Rule 1: Each event is linked to at least one resource that it
affects.
Some events affect the quantity of a resource:
If they increase the quantity of a resource, they are called a "get
event. If they decrease the quantity of a resource they are called
a "give event
Relationships that affect the quantity of a resource are
sometimes referred to as stock flow relationships.
If a customer orders goods but has not paid and has not received
goods, this activity is called a
commitment
event.
Rule 2: Each event is linked to at least one other event.

Give and get events are linked together in

what is labeled an economic duality
relationship.
Rule 3: Each event is linked to at least two agents.

For accountability, organizations need to

be able to track actions of employees.

They also need to monitor the status of

commitments and exchanges with outside
parties.
Developing an REA diagram for a specific
transaction cycle consists of three steps:

STEP ONE: Identify the events about

which management wants to collect
information.
STEP TWO: Identify the resources affected
byte events and the agents who
participated.
STEP THREE: Determine the cardinalities
between the relationships.
STEP ONE: IDENTIFY RELEVANT EVENTS

At a minimum, every REA model must include the two

events that represent the basic give-to-get economic
exchange performed in that transaction cycle.

The give event reduces one of the organization's

resources.

The get event increases a resource.

There are usually other events that management is

interested in planning, controlling, and monitoring.
These should be included in the model.
Example: Typical activities in the
revenue cycle include:

1. Take customer order

2. Fill customer order
3. Bill customer
4. Collect payment
While accounts receivable is an asset in financial
reporting, it is not represented as a resource in an
REA model. It represents the difference between
total sales to a customer and total cash collections
from the customer. The information to calculate an
accounts receivable balance is already there
because the sales and cash receipt information is
captured.

Events that pertain to entering data or re-

packaging data in some way do not appear on the
REA model. They are not primarily value-chain
activities. What is modeled is the business event and
the facts management wants to collect about the
event, not the data entry process.
STEP TWO: IDENTIFY RESOURCES AND AGENTS

When the relevant events have been

diagrammed in the center of the REA diagram,
the resources that are affected those events
need to be identified.

Involves determining:

The resource(s) reduced by the give event.

The resource(s) increased by the get event.
The resources that are affected by
commitment event.
The agents who participate in each event
should also be identified.
STEP THREE: DETERMINE CARDINALITIES OF
RELATIONSHIPS

The final step in an REA diagram for transaction

cycle is to add information about the relationship
cardinalities.

A cardinality describes the nature of the

relationship between two entities.
It indicates how many instances of one entity
can be linked to a specific instance of another
entity.

For each sale a company makes, how many

customers are associated with that sale?
 ERP and
e-COMMERCE
 What is an ERP
Multiple module software
packages that evolved
primarily from traditional
manufacturing resource
planning (MRP II) systems.
 Objective of ERP
Integrate the key process of the organization in the following areas:

Order Entry
Manufacturing
Procurement and accounts payable
Payroll
Human Resources