Wednesday, 29 February 2012

My Last Blog Post for DAC0163 subject. Comment and Suggestions.

Final examination for this semester is around the corner. This means that this post is my last post before I done this semester. When this semester ends, means that the end of my learning in this subjects for diploma (InsyaAllah).

Many new things that I have learned about the computer systems, the information systems security, system planning and the analysis and etc since I follow the lesson in Accounting Information System's class.
I think this kind of class and lesson should be continue as we can know many things that actually we need to know in order to keep out computer's systems and documents safe.

Here, I would like to say thank you so much to my lecturer for this subject,

SIR NOREFFENDY

for all guidance given to me in order to make me understand this subject better. 

Anyway, 

wish me luck for my final examination and also for my studies..!! :)

State six (6) Training Approaches under Employee Training Program under System Implementation Phase

Virtually any successful systems implementation requires that considerable attention be devoted to employee training. In some cases new employees must be hired and trained. In other cases, existing employees must be taught to work with new forms, reports and procedures.

The company typically will face a number of options relating to use and train employees. For example, management often has to decide whether the company should hire a new employee for a given position or retrain an existing employee.

There are several reasons for this :


ü  Recruiting costs relating to hiring a new employee are avoided.
ü  Existing employees are already familiar with the firm’s operations.
ü  Employee morale is often enhanced, especially in cases where the new position would be a promotion for an existing employee.

In addition, a number of training approaches are available to the company, including

Ø  Hiring outside training consultants.
Ø  Using training manuals.
Ø  Using videotape presentations.
Ø  Using audiotape presentations.
Ø  Using training seminars.
Ø  Using individualized hands-on instruction.
Ø  Using computer-assisted training.

Explain what is 'Communication Gap' under system analysis phase

A communication gap is a state that occurs when communication is not happening when it should be.


Phase I  :  Survey the Present System

Objectives : 
*  Gain a fundamental understanding of the operational aspects of the system.
*  Establish a working relationship with users.
*  Collect important data.
*  Identify specific problems.

Communication Gap Problem :

SYSTEMS ANALYST

to

·        Job security
·        Uncertainty
·        Resistance to change

to

MANAGEMENT

Approaches to Communication Gap
□  Get to know as many people involved in the system as soon as possible.
□  Communicate the benefits of the proposed system.
□  Sources for gathering facts : Inside & Outside
□  Analysis of survey findings.


Phase II  -  Identify Information Needs

Information Needs Analysis :
·         Identify the manager’s primary job responsibilities.
·         Identify the means by which the manager is evaluated.
·         Identify some of the major problems the manager faces.
·         Identify the means by which the manager evaluates personal output.


Phase III  -  Identify the Systems Requirements

-  Involves specifying systems requirements. Such requirements can be specified in terms of inputs and outputs.

Phase IV  -  Develop a Systems Analysis Report

Key elements of this report :

v  ~   A summary of the scope and purpose of the analysis project.
v ~   A reiteration of the relationship of the project to the overall strategic information systems plan.
v ~   A description of any overall problems in the specific subsystem being studied.
v  ~  A summary of the decisions being made and their specific information requirements.
v  ~  Specification of system performance requirements.
v  ~  An overall cost budget and timetable.
v  ~  Recommendations for improving the existing system and modifying objectives.

Find information that relates to Biometric Time and Attendance Systems

There have never been more accurate technologies as helpful to people in search of a way to keep track of group activity as biometric time and attendance technology. We have been in search of a way to track the way groups and individuals spend their time in various capacities for ages, and the ability to keep track of attendance has implications for the business sector, law enforcement and government as well.

What is biometric?? 

Biometric takes your unique physical characteristics and uses them for identification of your identity and verification that you are doing something you have been authorized to do. Your vascular patterns, hand print, finger print, iris patterns and even your voice can be used to ensure that you are who you say you are, and let people know that you have been given permission to do whatever it is you are attempting to do.

Biometrics can be used to ensure that a given person is where they are supposed to be, accurately. Whether it be for business or law enforcement, you can make sure someone is inattendance at any given point in time by having them use a hand or thumb print to verify their identity every so often. A biometric marker cannot be forged or faked in some way. It becomes much easier to keep track of a prisoner on parole when they must check in at given intervals through the use of unique physical markers.


State the Differences between Paper Based Information Systems and Paperless Information Systems

Paper Based Input Systems
Paperless Input Systems
v   Inputs to the accounting system that are based on handwritten or types source documents.
v   Input directly into the computer network, and need for keying in source documents is eliminated.

v   Provide a lower degree of automation.

v   Provide a higher degree of automation.
v   Does not involve optical scanner and bar-coded merchandised.
v   Need the use of optical scanner and bar-coded merchandised.

v    Lower degree of  control.
v    Higher degree of  control.

v    Work in batches.
v    Does not work in batches.

v    Time consuming.
v    Less time consuming.

v    Data update regularly.
v    Data update instantly.

Discuss & Elaborate Disaster Risk Management Procedure

Disaster risk management is essential to ensure continuity of operations in the event of a catastrophe. Disaster risk management consists of  preventing planning and contingency planning.

Preventing Disasters

Preventing disasters is the first step in managing disaster risk.  The frequencies of disaster causes :-

                 Natural disasters         30%
                 Deliberate actions       45%
                 Human error               25%

Many disasters resulting from sabotage and errors can be prevented by good security policy and planning. Careful consideration should be given to natural-disaster risks associated with prospective building sites. Concentration of computer equipment and data should be located in parts of buildings least exposed to storms, earthquakes, floods and fire, as well as deliberate acts of sabotage.


Contingency Planning

A disaster recovery plan, must be implemented at the highest levels in the company. It should be approved by a committee of the board of directors as part of the general computer security plan.

The design of the plan should include three major components which are:-

   Assess the company’s critical needs
     
-  All mission-critical resources should be identified.
-  Include hardware, software, power and maintenance requirements.

   List priorities for recovery
        
-  The priority list might indicate certain mission-critical activities and services are to be re-established within minutes or hours after the disaster.

   Recovery strategies and procedures
        
-  The plan should include a complete set of recovery strategies and procedure, so that when disaster strikes, the company immediately knows what to do, who should do it, how to do it and how long it should take.

A complete set of recovery strategies should take into account the following :-

>  Emergency Response Center

-  When disaster strikes, all authority for data processing and computer operations is transferred to the emergency response team, headed by the emergency operations director. These individuals direct the execution of the recovery plan from the emergency operations center, a predesignated site.

>  Escalation Procedures

-  The escalation procedures state the conditions under which a disaster should be declared, who should declare it, and who that person should notify when executing the declaration.

>   Alternate Processing Arrangements

   -  The most important part of  a disaster recovery plan is the specification of a backup site to be used if the primary computing site is destroyed or unusable.
-  There are three types of backup sites are possible which are cold site, hot side and flying-start site.

>   The Personnel Relocation Plan

-  Contingency plans need to be made for the possibility of having to suddenly relocate employees to a backup site.

>   The Personnel Replacement Plan

-  The possibility of losing employees to the disaster must be considered. The highly skilled employees can be difficult and the replacement employees may require extensive training.

>   The Salvage Plan

-  For example, a buildings that losses its roof in a hurricane will be exposed to rain. Losses in such a situation might be minimized if salvage efforts get under way immediately.

>   The Plan for Testing and Maintaining System

-  Companies’ computing needs often change rapidly. For this reason, any disaster recovery plan should be tested every 6 months. Outdated or untested plans might not work in a crisis.

Thursday, 2 February 2012

How does 'Wiretappers' pose a threat to the information system?

What is wiretappers?? 

Wiretappers is a large portion of the information processed by the company's computers travels over wires and cables. Some information is transmitted only from one room to the next, other information may be transmitted across the country via the Internet. These lines are vulnerable to wiretapping, which may be done with even inexpensive devices that are capable of performing the task without giving any clues that the wire is being tapped.


Wiretapping occurs all the time in for example crime movies. Spies and gangsters know the enemy is listening, so they speak in code over the phone and keep an eye out for bugs. In the real world, we may not think about wiretapping. Most of the time, we assume our phone lines are secure, and in most cases, they are, but only because nobody cares enough to listen in. If people did not want to eavesdrop, they could tap into almost any phone line quite easily.