Problem Solving Methodology BBC

r

Check out slides (have not added all info) - do not delete this listU4O2 KK09 - Technical underpinnings of Intranets, Internet and VPN-----------------------------------------------------Completed KKU3O1 KK01 - Characteristics of Data TypesU3O1 KK02 - Data StrucutesU3O1 KK03 - Design ToolsU3O1 KK04 - Input / Output and XMLU3O1 KK06 - Processing features of programming languagesU3O1 KK07 - Searching - Linear and BinaryU3O1 KK08 - Trace tables and test dataU3O1 KK9 - Internal DocumentaitonU3O2 KK01 - Techniques for collecting dataU3O1 KK04 - Methods for determining solution requirements, constraints, and scopeU3O2 KK03 - Analysis - Solution ConstraintsU3O2 KK04 - Analysis - Scope of SolutionU3O2 KK05 - SRSU3O2 KK07 - Evaluation Criteria - Efficiency and Effectiveness of solutionsU3O2 KK08 - Analysis Tools - Use Case DiagramsU3O2 KK09 - Analysis Tools - Context Diagrams and Data Flow DiagramsU3O2 KK10 - Design ToolsU3O2 KK11 - Factors influencing designU3O2 KK14 - Project ManagementU3O2 KK15 - Security - Data protection and authenticationU3O2 KK16 - Styles of modern applicaiton architectureU3O2 KK17 - Types of goals and objectivesU3O2 KK18 - Legal Requirements relating to ownership and privacy of dataU4O1 KK01 - File size, storage medium and organisation of files affect access of dataU4O1 KK02 - Data Structures - Associative ArraysU4O1 KK03 - Security, archiving, backing up and disposing filesU4O1 KK04 - Processing features of a programming langaugeU4O1 KK05 - Sorting Algorithms - Selection and QuickU4O1 KK06 - Characteristics of Efficient and Effective solutionsU4O1 KK07 - Test DataU4O1 KK08 - Validation - Existence, Type, RangeU4O1 KK09 - Usability testing and documenting test resultsU4O1 KK10+11 - Project plans - Recording progress and influencesU4O1 KK12 - Evaluation of solutions and project plansU4O2 KK01 - Reasons why individuals and organisations use information systemsU4O2 KK02 - Types of goals and objectivesU4O2 KK03 - Types of interactions (input and output) generated by ISU4O2 KK04 - Characteristics of data that has integrityU4O2 KK05 - Key legislation that affects how organisations control the storage, communication and disposal of their data and informationU4O2 KK06 - Data management practices that cause conflict between information systems, including data miningU4O2 KK07 - Advantages and Disadvantages for stakeholders affected by the operation of information systemsU4O2 KK08 - Impact of diminished data integrity on dependant systems(too much)grdggdrgdgdthdhfthfthfthfhfhfh kk9U4O2 KK10 - Wired and Wireless NetworksU4O2 KK11 - Threats to the intergrity and security of dataU4O2 KK12 - Physical and software controls to secure dataU4O2 KK13 - Hardware, Software, and Technical Protocols used to secure data

1) Analysis

Solution requirements

functional

input

xml file formats

XML = eXtensible Markup Language
XML files are used to store and transport data between software.
provides a common structure for sharing data between applications.
Uses tags to describe data, similar to HTML.
CSV (comma separated value) files are similar, but only contain raw data, whereas XML files have field names and structure.
XML files give structure - they show which pieces of data relate to each other through indentation.

Easy to edit and read by humans and software.
XML is CASE sensitive.
XML is an open-source file format.
XML files can be directly edited with a Text Editor (Notepad), or by instructions written in an application.
XML tags cannot start with a number, xml, or have spaces.

output

functions

Data manipulation (process)

Validation

non-functional

attributes

usability
(easy to use?)

maintainability
(easy to update/add?)

robustness
(no crashing?)

portability
(work in/ move to different environment?)

reliability
(same output every time?)

Analysis Tools

Context diagram

interaction between the organisation and external entities

interaction between the organisation and external entities

Data flow diagram
(shows movement of data)

DFD symbols

DFD symbols

use case diagram

UCD symbols

UCD symbols

Solution constraints

economic

cost (how much money do we have?)

time (how much time do we have?)

technical

speed of processing

capacity (storage)

availability of equipment

compatibility

security

social

users' level of expertise

legal

copyright

privacy

usability

usefulness

ease of use

Scope of solution
(describes the boundaries or parameters of the solution)

list of what the program can do

list of what the program cannot do

SRS
(Software requirements
specification)

_breaking down a problem into component parts
_providing input to the design stage
_serving as a reference point for further stages of the problem-solving methodology.

SRS is done during analysis

Content of an SRS

Content of an SRS

2) Design

Solution design

design tools

Reasons for using design tools
_Represent solution before development begins
_Generate, brainstorm faster
_Ensure meeting the requirement of the client

object descriptions

describes objects/controls in solution

name of control

type

purpose

attached procedures/functions

formatting info
(font, size, colour, alignment)

pseudocode
(before coding)

keywords are bold

Pseudocode summary

Pseudocode summary

to access file contents

While Not End of file
(while loop)

Until End of File
(do loop)

assigning values to variable

age ← 16

name ← user input

selection (if statements)

If/Then/ElseIf/Else/EndIf

indent code

Must Endif

iteration (loops)

Repeat/Until
(do loop)

While/EndWhile
(while loop)

For/EndFor
(for loop)

loop through an array

For i = 0 to len(arr)

indent code

Structured English
Write down the methods for your program to describe it
Language independent
You should be able to read an algorithm in pseudocode, then write the algorithm in any programming language you are familiar with.

Note:
EXPECTED outcome is based on the description of the algorithm in the question stem
The ACTUAL outcome is based on the pseudocode algorithm.

data dictionaries

defines all data elements (variables and arrays) in program

name of variable

purpose of data

data type
(characterised by the kind of operations)

numeric
(can use for calculations)

integer

Whole numbers (+/-)

floating point

Any number, including decimals of up to 7 digits
greater precision in stored values

double

Any number, including decimals up to 15-16 digits
greater precision than a float

date

Stores date and time values
DD/MM/YYYY, HH:MM:SS.MS

character
(cannot use for calculations)

string

a collection of individual characters
(Any single alphanumeric characters and symbols)

Examples:

John
Computer

ID785342

mark@telstra.com.au

0407897235 - a 0 at the front cannot use a numeric data type!

boolean

True/False only

Note:
Correct data type benefits:
-efficient use of storage (e.g integers use less memory)
-speed up performance
-calculations can be performed?

size
(no. of characters)

Data dictionary example

Data dictionary example

mock-ups

Hand drawn visual representation of the solution.
Provides the layout and relative positioning of all controls on a form.
Labelled to indicate how the solution is used.

factors influencing design

usability
(easy to use? target audience?)

affordability
(cost/development budget enough? reasonable price for user?)

security
(also affects coding)

data protection

encryption

needs to protect sensitive data

must comply with Privacy Act

authentication

Login - Username and Password

Single-Sign-On (SSO)

interoperability
(work with other systems? aka portability)

must be compatible with other software packages
(e.g. data in XML works with other programs)

marketability
(easy to sell?)

measure of how much can be sold

how easy will software be to sell?

improve marketability by improving above factors + effiviency and effectiveness

Styles of application architecture

Mobile

Mobiles devices, such as smartphones and tablets.

Interface needs to be designed to work with touch input.
Larger icons, less text on interface

Usually, will not require internet connection to function (apart from the initial download).

Rich Client

does most of the processing of data on the client (users) computer.

requires some connection to a central server.

Example
Microsoft Word

Peer to Peer

processing and data are shared between peers (users).

No connection to a central server

Internet

require the use of the internet to function.

Most processing occurs on the server, rather than the user computer.

Example: Google Docs

Evaluation criteria

efficiency
(cost/time/effort)

less cost/time/effort = better

speed of processing

can data be entered quickly?

output generated at reasonable time?

functionality

does app address the tasks it was designed for?

cost of file manipulation

minimise time taken by solution to change files

use more efficient algorithm

effectiveness

completeness
(does required info get produced?)

readability/clarity
(is it easy to read the output?)

attractiveness
(does solution look good?)

accuracy
(is output correct and precise enough?)

accessibility
(does solution cater to people with disabilities?)

timeliness
(is it up-to-date?)

communication of message
(is it easy to understand info?)

relevance
(is output relevant to required functions?)

usability
(is software easy to use?)

4) Evaluation

Strategy

How well has the solution met its goals?

Collect information using Surveys, Interviews, Observations - just like collecting data for the solution requirements activity.

Technique for collecting data

information to collect

Information about the current system:
What is the current system used for?
What works?
What doesn’t work?
What does the new solution need / require? (Solution Requirements)

Interview

Qualitative data
Prepared questions, but can elaborate or move onto other topics
Harder to process
Takes more time, especially for multiple interviews.
Voice recorder, camera etc.

Surveys

Structured questions
Multiple-choice
Scale
Short answer, long answer text
Easier to process, not as detailed
Short time taken for multiple responses
Some people don't like filling in surveys
People sometimes write down what they THINK they do, not what they ACTUALLY do.
Online (Google Forms)

Observations

Watching and recording how a system is used, or how it performed.
Unobtrusive
Time consuming
Must choose appropriate time to observe
Users may behave differently if they know they are being observed.

Using evaluation criteria in the Design stage --> evaluate efficiency and effectiveness during design

Report

findings must be presented in the form of a written report.

Note:
Evaluation = did the solution meet its goal?
Completed AFTER the solution has been deployed

Conducted by the users and organisation

Relate back to system goals, objectives

Can use measured in terms of Efficiency and Effectiveness

3) Development

Manipulation
(Coding)

Data structures
(a way to store multiple pieces of data)
data element: variables(one variable is not a structure), arrays, records

One dimensional arrays

-only store values of the same data type, that are referenced with an index.
-usually start at 0 (beware: can start at 1 if the question says so )

associative arrays

purpose:
organise data -> retrieval easier, esp for large data

data stored as: key : value pairs

includes
_Hash tables
_Dictionaries

Hash tables

A hash function generates an index to store data, based on a key
Collisions can occur if a hash function produces the same in

A hash function generates an index to store data, based on a key
Collisions can occur if a hash function produces the same index from different keys.
Searching would return the index value of where the data is stored each time - no linear or binary searching required.

Dictionaries

records

group variables together for a particular purpose or to describe a particular object.

contain variables of different data types

example

example

why use records instead of arrays?
=>Each array does not make much sense on its own
-need to access the ‘name’ and ‘MobNo’ array to see who the number belongs to.
=>Sorting arrays like this becomes hard
-How do you keep the indexes and values lined up between arrays?

variables
(one variable is not a structure)

Processing features of a programing language

Instruction (a line of code)

Procedures (Multiple lines of code that do something (method in C#))
-a set of instructions

modular programming - breaking codes into procedurea

debugging easier

prevent duplication

can be called at anytime

Method ( an action that DOES something to a variable, object, class)

Functions (A procedure that returns a value that can be used elsewhere)

can be passed

perform some instructions

return a result

Control Structures (a block of code that controls which lines of code executed)

Sequence (Code running line by line in order)

Subtopic

Subtopic

Selection (If)

Iteration / Repetition (Loops)

Differences between for, do, while

Differences between for, do, while

Sorting algorithms

Sorting data in an array is effected by

How unsorted the data is

How many items there are to sort

The complexity of the sorting algorithm

Term:

Pass
Counted each time an array is cycled through

Comparison

Two array elements are compared to each other

Swap

When two array elements are moved within the array.

Selection sort

Algorithm:
Look at each item in the array, starting at first value (index 0)
Find smallest value (if sorting small to highest values)
Swap with the value at index (0)
Look at each item in array, starting from the next index (index 1)
Find smallest value
Swap with the value at index (1)
etc.

r

Easier to code than other sorts
Good enough for small amounts of data
Performs the same, no matter how the data is unsorted.
No. of Passes (how many times it looks at the whole array)
n-1 (n is the number of indexes in the array.)
No. of Swaps (how many times data is moved in the array)
n-1
No. of Comparisons (checking if a value is smaller or larger)

Selection sorts are overall not very good for most situations.

Pseudocode

Pseudocode

Quick sort

Algorithm:

Pick an element from the array to act as the pivot value. There are many ways to pick the pivot value, but it is often best to select it randomly.

Re-order all the values that are smaller than the pivot value to come before it, all the ones higher to go after it.

The pivot will now be in its proper position

Recursively (run the method again) apply the above steps to the sub-array of elements with smaller values and separately to the sub-array of elements with greater values. Keep applying the algorithm until the array is sorted.

r

Uses Recursion - A function or procedure that calls itself.
Divide and Conquer algorithm - data broken down into smaller pieces to be worked on.
Sort Time - Faster and more efficient than selection sort.
Algorithmic Complexity - More complex to write then a selection sort.
Time taken to run the sort changes depending on the “unsortedness” of the data
No. of Comparisons (N the number of items in the array)
Best Case - N * log(N)
Worst Case (rare) - N2

Pseudocode

Pseudocode

Searching algorithms

Linear searching

Algorithm:
Similar to a human looking through a list of values.
Look at the first index in an array and check if it contains the data we are looking for.

If not, move to the next index.

Repeat this until the item is found, or you have reached the end of the array.

A Linear search is the only way to search unsorted data.
easy to code
slow (on average it will have check half the data set to find if the value is in an array)
efficient for small data sizes

Binary searching

Algorithm:
Binary searches can only be applied to sorted data.

A Binary search divides a list of values in half and makes a comparison on whether the value searched for is above or below the divided value.

Find the value mid-way through the data and ask:
Is this the value we are searching for?
If so, search is finished.
If not, is the value less than or greater than the mid-way value?
Search the half that should contain the data, ignore the other half.
Repeat until the value is found, or is proved to be not present.

______________________________________________
Very fast to run
More complex algorithm to write..
Great for large data sets, bad for small ones (use linear instead)
--------------------------------------------------------------
A binary search algorithm requires the following:
The array of values

Low - lowest index of list being searched (0)

High - highest index of list being searched (array.Length - 1)

Mid - middle index of list being searched (0)

Found - indicates if the value was found (false)

SearchValue - value being searched for

A loop to run through the search
-If statements

r

Pseudocode

Pseudocode

Validation

Validation:
ensure users are only allowed to input REASONABLE data.
It DOES NOT check the ACCURACY of input data.

Proper validation ensures that:
Your program does not crash if the user enters unreasonable or unexpected data.

Users are given a prompt if unreasonable data has been entered.

Users are able to re-input data.

Validation techniques

Existence
(Does any data exist?)

Type
(correct data type?)

Range
(data in an acceptable range?)

Testing

What should you test?

Does the solution run?

Functionality - Does the solution do what is is supposed to?

Non-functionality - useability, reliability, portability, robustness, maintainability.

Efficiency - cost, time, effort

Solution - speed of processing, its functionality(?) and the cost of file manipulation

Network - productivity, processing time, operational costs and level of automation

Effectiveness

Solution - completeness, readability, attractiveness, clarity, accuracy, accessibility, timeliness, communication of message, relevance and useability

Information Management Strategy - integrity of data, security, ease of retrieval and currency of files

Networks - reliability and maintainability

Test data:
It is extremely important that you choose an appropriate range of test data for each test.
Good test data tests every possible input:

Typical(Values you expect a user to enter)

Edge cases (aka Inside range values - Values at the extreme ends of the allowable range)

Outside allowable range (Values outside the allowed data range)

Garbage input (Invalid data - wrong data type, blank etc.)


Make sure you testing is through but not repetitive - the exam will often ask you to select the best set of test data, don’t select the set that tests the same type of input multiple times!

Focus on testing edge cases.

Note:
Testing is NOT the same as Evaluation
Testing = does the solution work -->ensure validation is working

Completed BEFORE the solution has been deployed

Conducted by the developer

User Acceptance Test - conducted by the main users of the program to make sure it does what is required.

Types of testing

Useability (Acceptance) Testing
(given to client/user)

Completed by a section of its daily users
Makes sure that solution included all the required functionality
Gives the chance for users to provide feedback before the solution is deployed
Test functional and non-functional requirements from analysis stage.
Once passed the solution is almost ready to be deployed.

testing table

Testing for logic errors (test the program overall)

Example

Example

Trace table

Algorithm testing

Example (Question 1 Section B 2018 exam)

Example (Question 1 Section B 2018 exam)

remember to list all the variables given

Store values as they change

Only enter a new value if a change occurs.

Documentation

Characteristics of internal documentation

Comments

Purpose
Reminds a programmer what a piece of code was for (its purpose)
Helps team members understand each other's coding

Comments are not executed and have no affect on the performance of an application.

Meaningful names

All controls, variables and arrays in a program should have meaningful names.
This makes it easier to identify their purpose just by reading the name.

Use naming conventions:
=> v, before all variables - vName, vAge
=> CamelCase for controls
_Description of purpose
_Type of Control
_FirstNameLabel, CalcButton

Related contents

Interactions and Impacts

Information Systems

combination of _________ to create, control and communicate ideas and digital solutions

People

the human beings that use the IS

everyone

Hardware

physical components of IS

includes machines and computers used

Software

applications and services used on hardware

includes OS and other websites as well

Processes

rules to ensure the IS is used properly

includes general actions (saving files, etc.) and restrictions (access permissions, etc.)

Data

documents/files/statistics created and modified using the IS

includes information (attendance, personal details, etc.) and work (assignments, documents, etc.)

allows for:

sharing of data between users

sharing of hardware between users

improved services for customers or clients

reduction in time taken to process data

should support goals and objectives of organisation's IS
(Not related to organisation as a whole)

Objectives

measurable statements that describe what needs to be achieved to reach a goal

e.g Record all students' attendance and report progress OR Produce annual reports for sales

Goals

statements that describe something the organisation is aiming to achieve

e.g. Reduce user errors by 50% OR Remain stable and reliable 99.5% of time

(see pg. 3 to 4 for more info)

Input

data that is entered into the IS

e.g. keyboard, touch screen, microphone, etc.

Output

data that has been stored or processed by the IS and turned to information

e.g. visual(monitor), sound(speaker), paper(fax or printer) and touch(gamepad)

Factors Affecting Integrity of Data

Data

raw facts and figures that have not been turned into information

Integrity

internal consistency or lack of corruption in electronic data

Factors:

accuracy

how much the data is a true representation of the source material
(how well data is measured)

greater accuracy leads to more precision

In 2017:
there were 24.5 million people living in Australia
(less accurate)
vs.
there were 24,530,282 people living in Australia
(more accurate)

timeliness

how much the data is within its "use-by-date" and can provide meaningful information

length of time for 'timely' data depends on the data

data too old will be irrelevant and not provide an accurate representation of source material

1999 data vs 2019 data for current trends

reasonableness

how much the data makes sense with the source material
(is it related to the context?)

should fall within a range that makes sense

authenticity

how trustworthy and proven the data's source is

primary data most trustworthy, if not find reputable sources

correctness

whether or not data is right or wrong
(always yes or no)

Data Management Practices that Cause Conflict

Data Mining

the analysis of large sets of data in attempts to extract patterns and knowledge

done by dedicated data mining software

conflicts:

privacy

is there consent for data mining?

is there consent for data sharing?

reasonableness/relevance

some information found don't make sense or are irrelevant

converting data from different databases

differences in field names

differences in data types

missing data

manual data entry

can be valid and reasonable but incorrect due to human error

incompatibility

different setups can cause miscommunication

different software

user permissions

could allow export but prevent import

Advantages and Disadvantages for Stakeholders Affected by IS

stakeholders

person or group with an interest or concern in something, especially a business

For businesses, these include: employees, employers, shareholders, customers

Advantages

increased efficiency in running the business

automated systems --> reduced time/effort

less employees needed --> reduced cost

Upskilling

users of IS must learn new IT skills to use IS

more effective/efficient for customers

24/7 access

can order goods and services online --> reduced time/effort

can access own data or history in organisation

Disadvantages

start-up costs ($)

significant investment in getting the IS running

training costs for staff

conversion of data into the new IS

deskilling

users become dependent on IS for work

loss of jobs, people being replaced by IS

customers deal with IS, not a person

loss of 'personal touch' or face-to-face contact with the business

24/7 access - work overtime

Factors affect access of data

File size

The amount of space on a storage medium (HDD, DVD) taken up by a file.

Measured in Bytes

1 Byte (B) = 8 bits (b) - a single 0 or 1

Transfer speed of data in a storage medium is measured in MB per second (MBps), networks use Mbps

Storage Medium

hardware device where files are physically saved.

Examples

Hard disk drive
Solid State Drive
USB Flash Drive
Optical media (CD / DVD / BD)
Magnetic Tapes

Comparison

Comparison

Organisation of files

Filename convention
(How files are named)

Using a logical file naming convention

easier and quicker to find a file

Where files are stored is also important

Use an appropriate file structure

Impact of diminished data integrity on dependant systems
(ALWAYS relate your answer back to the system in question)

Garbage in - Garbage out

Impact on SYSTEMS

Errors on invoices for new books

Program crashes

Incorrect information stored about customer address, letter sent to wrong person

Increased time taken to service customer

Impact on Organisations

Profit loss

Reputation loss

Customer loss

Sued

Jail

goals and objectives of organisations and information systems

Information system

support the goals and objectives of the organisation.

Organisations

An entity that has a collective purpose

Varied sizes
_Single person
_Multi-national company

Mission statement

A short statement describing the ultimate goal of the organisation.

Usually describes why the organisation exists.

Guides the actions of the organisation

Goals

describe something to achieve.

Help to achieve the mission statement

Objectives

Measurable statements that describe what needs to be achieved in order to reach a goal.

Example of the differences

Example of the differences

More example

More example

r

Identify the organisational and system goals and objectives in this case study.Fred’s law firm has 2 computers. He wants his firm to be more successful, so he is updating his information system. He wants his PCs to run 20% faster to help him produce more accurate communications with customers and to increase income by 10% this year. With increased income, he can spend money on extra secretarial support because he wants his firm to get a reputation for professional excellence. Organisational goal: his firm to be more successful, reputation for professional excellence.Organisational objective: increase income by 10% this yearSystem goal: produce more accurate communications with customersSystem objective: his PCs to run 20% faster

Project Management

Concepts

Milestones

Major points of progress in a project

diamond shapes

used to judge whether a project is on schedule or not.

Dependencies

a following task cannot be begin until a previous task has been completed.

represented with arrows

Time allocation

length of the bar.

Critical Path

The path followed through the project for its longest duration - this will be equal to the SHORTEST time possible to complete the project.

Recording progress and influences

Annotations

Making notes on the project plan were changes were made.

Adjustment to tasks and timeframes

Logs

Factors that influence the effectiveness

Completeness

contain all the required tasks, milestones, dependances?

Readability / Clarity

easy to read?

Accuracy

How accurate are the time allocations, milestones and the tasks required?

Relevance

Are all the parts of the project plan relevant to the project?

Procedures for handling files/data

Security

Physical
( protect data while it is being stored - restrict unauthorised people)

Procedures

backing up

Creating a copy of files on the main system

storing the duplicates in a secure location.

original files are NOT removed from the main system

Types

Full

All data copied to backup medium

largest amount of storage

Easiest to restore something goes wrong
Access the latest backup, restore files or whole HDD from there.

Differential

Full backup is made first (total copy of selected files or HDD)

Each backup after the full backup, only contains files changed since the full backup

To restore
Restore full backup
Restore latest differential backup

Uses less space than daily full backups

Incremental

Full backup is made first

backup after the full backup, only contains files changed for that day, or since the last backup.

To restore
Restore full backup
Restore each incremental backup, in order, from earliest to most recent.

can backup more frequently
Harder to restore (must be in correct order)

On site / Off site
Off site prevents larger disasters causing data loss

Medium

HDD / SSD

Tape Drives

Optical Disc

Cloud

Medium considerations

Capacity

Cost

Speed (Bandwidth for data transfer)

Ease-of-use

Frequency

Highly dependant on the organisation
Full Backup - Weekly / Monthly
Differential - Daily
Incremental - Hourly / Daily

checking authorisation credentials

shredding confidential documents (disposal of paper/hdd)

equipment

Zoned security strategies

Locks, alarms, fences, gates

Different keys open different locks, creating ‘zones’ or areas that are only accessible by employees with the required key.

Barrier techniques

Doors, locks, gates, bars, fences, walls

Guards

Anything put in place to prevent a person from physically accessing servers or computer equipment holding data.

Biometrics

Identifying individuals based on unique physical characteristics.

Fingerprints

Face recognition

Iris recognition

Photograph ID

Software
( ensure protection if someone has managed to gain physical access to an information system.)

usernames and passwords

Prevents unauthorised access to the computer system.

access logs and audit trails

Access logs

A record of user login attempts into an IS stored on the server.

Can detect strange or suspicious login activity

Audit Trails

Track the user activity once logged in

access restrictions

Blocking users from data and resources on an IS, based on their classification in the system

Stops a user from accessing resources, even if they have managed to login successfully

encryption

Encoding information so that is unreadable without the use of the encryption key or ‘cipher’

The original data is referred to as plaintext

The encrypted data is known as ciphertext.

firewalls and system protection

Firewalls

stops unwanted traffic from entering a network

System Protection

Anti-malware software

Software (security protocols)

Transport Layer Security (TLS) and Secure Sockets Layer (SSL)

Creates secure (encrypted) connections over a network (HTTPS).

Asymmetric Key system
Public / Private Keys

Public / Private Key Cryptography

A banking website provides a user’s browser with the bank’s public encryption key.
The user’s username and password (plaintext) is encrypted with the bank’s public key.
The encrypted data (ciphertext) is sent to the banking website.
The banking website decrypts the encrypted username and password with the bank’s own private key.
The bank can send out the public key to all its customers for encryption.
The bank MUST keep its private key safe to decrypt the encrypted data.

Archiving

Removing files no longer required for immediate access from the main system.

Storing these files for an indefinite period of time in another, secure system.

If the files are required, they must be retrieved from the archive system

Archiving frees up space on the primary file server, which in-tern reduces the size of backups

Wired and wireless networks

Link:

m

Networks

Intranet

An intranet is a collection of private network resources accessible only to an organization's staff.

stored on servers within the organisation.

accessible from outside the organisation by using a VPN.

Internet

Global system of connected networks (WANs & LANs)

Virtual Private Network (VPN)

A secure, encrypted connection over the internet using publicly available infrastructure to access an organization's resources or intranet while off-site.

connect to a web-server through a different network path then normal to circumvent geo-blocking or make your internet traffic harder to track.

requires login

Check the slide

d

Key legislation

Look at the attachment

d

Characteristics

Characteristics of solutions

Look for effectiveness and efficiency (in evaluation criteria)

Characteristics of Information Management Strategy

Effectiveness

Integrity of data
Security
Ease of retrieval
Currency of files

Characteristics of Networks

Efficiency

Productivity

Processing time

Operational costs

Level of automation

Effectiveness

Reliability

Maintainability

Threats to the integrity and security of data

Accidental threats

Mistakes made by the user.

measures that can be put in place to reduce their impact

Deliberate threats

A purposeful act by someone to cause a loss of data integrity or breach security measures.

Deleting data

Stealing data

Making data inaccessible to users

Malware

Malicious software

Software designed to cause harm to data integrity.

may also contain a payload - a part of some malware that damages the computer in a specific way on a certain date or trigger.

Types

Viruses

replicate itself

cannot run by itself

Worms

replicates itself WITHOUT any interaction or assistance from the user (different from a virus).

purpose is to spread and consume large amounts of bandwidth on a network, making the network unusable.

Trojans

A virus disguised as a legitimate program.

relies on the user downloading and running what they think is a legitimate program

Spyware

Malware with the purpose of collecting information

Personal details (for identify theft)

Email addresses (for spam purposes)

Browsing history (for marketing / advertising)

Adware

Generates ads in pop-up windows or browser tabs

Phishing

attempts by scammers to trick you into giving out personal information

DDOS

Distributed Denial of Service attack

The purpose of a DDOS is to have millions of computers infected with a worm or virus (a ‘botnet’) to simultaneously activate a payload which sends data traffic to a web server in order to overload it.

cause the web server to performance to suffer greatly, or even crash meaning legitimate users cannot access the website or service running on the web server.

Events-based threats

Events outside a user's control that cause a loss of data integrity.

foreseeable, meaning measures can be put in place to reduce their impact

Examples

Power-surge

Failure of a HDD

Software crash

File corruption

Natural Disasters

Fire

Flood

Earthquake