- No category
IT Course Table of Contents: Data, Security, Networks
advertisement
1|Page Table of Contents MANAGING DATA ........................................................................................................................................ 4 Security techniques for the management of data .................................................................................. 4 Disaster recovery plan .......................................................................................................................... 4 Audit trails ............................................................................................................................................. 6 Types of backup techniques and archiving of data ................................................................................. 6 Snapshot imaging .................................................................................................................................. 7 Full back up ........................................................................................................................................... 7 Incremental back up ............................................................................................................................. 7 Differential back up............................................................................................................................... 8 Online data storage methods .................................................................................................................. 8 Data Warehouses .................................................................................................................................. 8 Data Mart .............................................................................................................................................. 9 Data in the Cloud .................................................................................................................................. 9 Purpose of data mining ....................................................................................................................... 10 Processing of data considering security of data through the use of .................................................... 10 Passwords ........................................................................................................................................... 10 Firewalls .............................................................................................................................................. 10 Biometrics ........................................................................................................................................... 11 Anti-virus software.............................................................................................................................. 11 Digital signatures................................................................................................................................. 11 Digital certificates ............................................................................................................................... 12 Encryption ........................................................................................................................................... 12 Concept of User generated content. ...................................................................................................... 13 Advantages and disadvantages of UGC .................................................................................................. 13 Purpose of worldwide consortium.......................................................................................................... 17 Purpose of W3C conventions ............................................................................................................... 17 HTML and CSS.................................................................................................................................... 17 Graphics ............................................................................................................................................. 18 AUDIO AND VIDEO ............................................................................................................................ 18 ACCESSIBILITY W3C GUIDELINES ................................................................................................... 19 INTERNATIONALIZATION ................................................................................................................ 19 MOBILE WEB ..................................................................................................................................... 19 2|Page Validation techniques for online forms ............................................................................................... 20 NETWORKS ................................................................................................................................................ 20 Types and characteristics of communication protocols ......................................................................... 20 Transmission Control Protocol/Internet Protocol (TCP/IP) ......................................................... 21 Hyper Text Transfer Protocol (HTTP): ............................................................................................ 21 Hyper Text Transfer Protocol Secure (HTTPS)............................................................................... 21 Wireless Application Protocol (WAP).............................................................................................. 21 Types and Characteristics of Communication Standards .................................................................. 22 802.11x (wireless)............................................................................................................................. 22 802.3 (Ethernet) .................................................................................................................................. 22 Types of Network Security Measures .................................................................................................. 22 Physical Network Security ................................................................................................................... 22 Password Protection ........................................................................................................................... 22 Firewall ................................................................................................................................................ 23 IMPACTS OF TECHNOLOGY ...................................................................................................................... 23 Data and information security ............................................................................................................. 23 Purpose of code of conduct .................................................................................................................... 24 Elements of code of conduct .................................................................................................................. 24 EMPLOYEE WORK HOURS ................................................................................................................... 24 WORK HOURS ..................................................................................................................................... 24 EMPLOYEE EMAIL USE ........................................................................................................................ 24 EMPLOYEE INTERNET USE ................................................................................................................... 24 EMPLOYEE PRIVACY ............................................................................................................................ 25 EMPLOYER'S RIGHT TO MONITOR WORK EMAILS, INTERNET ACCESS AND PERSONAL USE ............. 25 Online censorship in a global context ..................................................................................................... 25 Issus with the use of cloud computing ................................................................................................... 27 Availability of Online Applications ...................................................................................................... 27 Level of Accessibility ........................................................................................................................... 27 Confidentiality of Data ........................................................................................................................ 28 Sensitivity of Documents .................................................................................................................... 28 Impacts of Digital Technologies and global markets on; ........................................................................ 28 Productivity: ........................................................................................................................................ 28 Outsourcing:........................................................................................................................................ 30 3|Page PROJECT MANAGEMENT .......................................................................................................................... 30 Concept of service level agreement ....................................................................................................... 30 Features of SLA ....................................................................................................................................... 31 Availability of services ......................................................................................................................... 31 Types of services ................................................................................................................................. 31 Advantages of local and global outsourcing compared with in-house................................................... 32 Purpose of Outsourcing data management ............................................................................................ 34 4|Page MANAGING DATA Security techniques for the management of data Disaster recovery plan Disaster recovery plan is a detailed, step-by-step course of action for getting a business back on its feet -- and quickly -- after a natural or manmade disaster. A disaster recovery plan should be in such a manner that it should offer continuous network monitoring, complete data backup and many more. It means that it should support in different aspects and provide complete protection. 1. Is a set of steps to protect data in the event of a disaster 2. Usually it is in writing 3. It is to minimise data loss 4. It is to minimise down time 5. It includes storing data off-site A disaster recovery plan contains four major components: the emergency plan the backup plan the recovery plan the test plan. The Emergency Plan An emergency plan specifies the steps to be taken immediately after a disaster strikes. The emergency plan usually is organized by type of disaster, such as fire, flood, or earthquake. Depending on the nature and extent of the disaster, the procedures that are followed in an emergency will differ. All emergency plans should contain the following information: 1. Names and telephone numbers of people and organizations to notify (e.g., management, fire department, police department) 2. Procedures to follow with the computer equipment (e.g., equipment shutdown, power shutoff, file removal) 3. Employee evacuation procedures 4. Return procedures; that is, who can reenter the facility and what actions they are to perform 5|Page The Backup Plan Once the procedures in the emergency plan have been executed, the next step is to follow the backup plan. The backup plan specifies how an organization uses backup files and equipment to resume information processing. The backup plan should specify the location of an alternate computer facility in the event the organization’s normal location is destroyed or unusable. The backup plan identifies these items: 1. The location of backup data, supplies, and equipment 2. The personnel responsible for gathering backup resources and transporting them to the alternate computer facility 3. A schedule indicating the order in which, and approximate time by which, each application should be up and running. The Recovery Plan The recovery plan specifies the actions to be taken to restore full information processing operations. As with the emergency plan, the recovery plan differs for each type of disaster. To prepare for disaster recovery, an organization should establish planning committees, with each one responsible for different forms of recovery. For example, one committee is in charge of hardware replacement. Another is responsible for software replacement. RECOVERY PLAN 1 - HOT SITE •this is a duplicate of the existing site in every way, servers, rooming, real time synchronisation so data is the same •following a disaster, this new site would be up and running in a short time frame e.g. 2 hours •advantage is it is ready to go and is the best recovery solution •disadvantage is it is very expensive to setup RECOVERY PLAN 2 - WARM SITE •this is a site that has computers set up, but not exact duplicates •following a disaster, this new site would be up and running in a longer time frame e.g. a week •advantage is it is not as expensive as the hot site •disadvantage is down time to get site operational 6|Page RECOVERY PLAN 3 - COLD SITE •this is a site that is not configured with computers and other hardware, some may be more setup than others •advantage is it is much cheaper than the hot or warm site •disadvantage is it is more down time, more time needed to get up and running The Test Plan To provide assurance that the disaster plan is complete, it should be tested. A disaster recovery test plan contains information for simulating various levels of disasters and recording an organization’s ability to recover. In a simulation, all personnel follow the steps in the disaster recovery plan. Any needed recovery actions that are not specified in the plan should be added. Although simulations can be scheduled, the best test of the plan is to simulate a disaster without advance notice. Audit trails Audit trails maintain a record of system activity both by system and application processes and by user activity of systems and applications. They can offer data security from cyber attacks. In conjunction with appropriate tools and procedures, audit trails can assist in detecting security violations, performance problems, and flaws in applications. They document the who, what, when, where, and why of all users’ behavior in an application. Audit trail entries capture access and changes made to electronic records, so all electronic alterations and views are noted, along with the user information of the employees who view or altered them An audit trail is a series of records of computer events, about an operating system, an application, or user activities. I.E when the data was accessed who accessed it what was accessed In most cases, it does not show why the data was accessed. Sometimes very secure systems may ask for a reason before asking sensitive data. allow administrators to review who has been accessing data and identify any unusual behaviour which can be investigated further. When files are moved or modified, audit trails can be used to identify who was responsible for such actions. Types of backup techniques and archiving of data Backup is the activity of copying/saving files or databases in another location so that they will be preserved in case of equipment failure or other catastrophe. 7|Page Backup is usually a routine part of the operation of large businesses with mainframes as well as the administrators of smaller business computers. For personal computer users, backup is also necessary but often neglected. The retrieval of files you backed up is called restoring them. Personal computer users can consider both local backup and Internet backup. Snapshot imaging In computer systems, a snapshot is the state of a system at a particular point in time. Used in online and local image backups Advantages: The computer system stays active and available for read and write operations during the back up. It allows you to take an image of your computers current state and put it on an external drive. It backs up your files, settings, data, registry, etc. When you restore to the image it will restore your computer to the exact state it was in when you created the backup image. Disadvantages: Requires additional software to be installed. Very large file sizes Full back up It's a backup of everything. A full backup of "your system" might include the entire contents of all the drives connected to your system. Advantages: All files from the selected drives and folders are backed up to one backup set. In the event you need to restore files, they are easily restored from the single backup set. Disadvantages: A full backup is more time consuming than other backup options. Full backups require more disk, tape, or network drive space. Incremental back up Includes only those things that have changed since the previous backup and saves those things into a separate, additional, backup file or location. 1. The first incremental backup is a full backup 2. The second incremental backup backs up only those files that have changed since the previous backup was taken 3. perform a monthly full backup and then a daily incremental 8|Page ADVANTAGES: Backup time is faster than full backups. Incremental backups require less disk, tape, or network drive space. You can keep several versions of the same files on different backup sets. DISADVANTAGES: In order to restore all the files, you must have all of the incremental backups available. It may take longer to restore a specific file since you must search more than one backup set to find the latest version of a file. Differential back up Includes only those things that have changed since the previous FULL backup and saves those things into a separate, additional, backup file or location. 1. The first differential backup is a full backup 2. The second differential backup backs up only those files that have changed since the previous full backup was taken 3. Perform a monthly full backup, weekly differential backup, and then a daily incremental. ADVANTAGES: Backup time is faster than full backups. Differential backups require less disk, tape, or network drive space. You can keep several versions of the same files on different backup sets. Safer than incremental backups – if one differential image becomes corrupted, the other differential images are not reliant on it. DISADVANTAGES: Larger files sizes than incremental Slower than incremental Online data storage methods Data Warehouses Data warehouses are the facilities that hold all data for the business. Data warehouses are comprised of hundreds of servers connected to provide users their specific data and the business a summary of that historical transaction data. This is to do analysis on that data (data mining) for financial or other gain. Often inside a data warehouse you will find a large bank of very modern, high end computers with a large database (Relational DataBase Management System RDBMS), and software called Online Analytical Processing (OLAP) database. Users need this data and can get it from the central data warehouse, or from smaller collection points called data marts 9|Page For example, an online store would store all of the customer's information on severs in a data warehouse. The data warehouse provides customers individual data such as transaction history and watch-lists. Business managers would receive a summary of that information such as total sales, level of inventory and popular items bought. Data Mart Data marts are a subsection of a data warehouse that hold data relating to a specific function or department of a business. For example, a manufacturer could have a data mart dedicated to each product line it manufactures. Data in the Cloud Data in the cloud refers to online cloud storage, where data is stored offsite of business premises, onto internet connected servers located around the world. Security and privacy of the data is surrendered to the cloud storage provider and what they can or cannot do with the data is outlined in their license agreements. In addition, data stored around the world is subject to different privacy laws. Storing data in the cloud requires 3 things. an internet connection a username and password accepting a user agreement The cloud is actually a collection of servers that store and transmit data, you can; Upload - you can upload your files, Download - you can download your files Advantages: advantage - no need to buy the software advantage - can be used from any device with an internet connection advantage - compatible with most devices and operating systems advantage - updates transfer automatically across devices eg calendar, email, notes, messages Disadvantages: disadvantage - security problems disadvantage - privacy issues disadvantage - ownership of your data For example, cloud storage provider, Dropbox, will release information upon request by authorities. 10 | P a g e Purpose of data mining Data mining is the process of finding information in a data mart or data warehouse to extract useful patterns, trends or information. This is done by businesses for their business to gain financially from it and is a source of business intelligence. The idea is that once marketers know who you are, they can better promote products and services based on your interests and personal attributes. Marketers use algorithms to detect and identify certain patterns in online activity to build a customer profile. Common uses: A human resource department, for example, can use data mining to explore a large pool of applicants and extract the best candidates for the job. Where previously HR professionals would spend hours pouring over resumes, data mining now uses keyword targeting and other methods to cull down the candidate pool. When it comes to making the decision on whether or not to approve a line of credit, predictive modeling, a form of data mining, allows banks to determine the likelihood of an applicant following the terms of the loan. In the education field, college admissions offices are using data mining to predict whether an applicant will accept an admissions offer. Processing of data considering security of data through the use of Data security is hiding your data from other people. It is protecting your data so only authorised people can see it. Passwords A password is used to protect data. Data that is not important, may not even need a password, however, important data needs strong passwords. A combination of characters, linked to a username (often an email), used to unlock access to certain computer resources. Firewalls A firewall is a barrier to prevent harmful programs getting to a computer, a simple firewall is software on the computer which is turned on to prevent access to the computer from the internet. A firewall can also be hardware which filters information from the internet, again to protect the computer. E.g a proxy server in a computing network 11 | P a g e Biometrics Unique human characteristics, used to verify the user to unlock access to certain computer resources. Biometrics can include: Fingerprints facial recognition (eye) iris recognition hand geometry (the shape of hand/length of fingers) voice recognition Anti-virus software Software installed on a device with the purpose of monitoring and removing malware. Malware is checked against a list of regularly updated virus definitions. Each time a new intruder program (or virus) is found, it is added to the server, individuals also use anti-malware software to protect data. Digital signatures An electronic code, embedded in a document via public key infrastructure, with the purpose of verifying the contents of the document and the sender's identity. Used to make sure that a document hasn't been touched or altered while emailed or transferred. If someone tries to alter a document with a digital signature, they can't re-create a valid digital signature, the reason for this is because the intruder cannot know the private key made at document creation, for it to be successful the public and private keys must be matched. A digital signature helps in establishing the following: 1. Authenticity: ensure that the contents of the document to which it is attached is not tampered with by the recipient. 2. Integrity: Ensure that both the sender and the receiver receive the same document containing the same data with integrity. 3. Non-Denial: Prevent the signer from denying of signing the document at a later stage. 12 | P a g e Digital certificates An electronic passport that uses public key infrastructure, to secure transmit data between a website and a user's device (this is basically that little lock next to the URL). These are kept on your computer and when you link to the location (e.g. Woolworths online), the digital certificate is matched to the online version. If it matches you can connect. Digital certificates use public keys and digital signatures A digital certificate helps in establishing the following: 1. Trustworthiness of a person or organization is verified by a Certificate Authority 2. The recipient can check for legitimacy of the information by looking up the ownership of the sender. 3. Holds public keys that can be used to encrypt data. Encryption Encryption is the process of encoding data, through algorithms, so it can only be read by the sender and its intended recipient. Encryption uses public key infrastructure, which consists of two keys, a public key that anyone can obtain off the web, and a private key known only by the sender and the intended recipient. It is the translation of a file or document into a secret code, the only way to read the file or document is to have the secret code. Putting it into the secret code is called encryption, reading it from the secret code is called decryption. If encrypted, it is called cypher text, if not encrypted, it is called plain text. Encryption can be used when transferring a file, it can also be used when storing a file. It is becoming popular with more people worried about data security, you can use encryption software to protect your data, but it can slow down your work procedures quite a lot. Encryption helps in establishing the following: 1. Ensures end to end obscuration of information sent/received 2. Ensures that what is sent is what is received 3. Only those who have keys can encrypt/decrypt 13 | P a g e Concept of User generated content. User-generated content (UGC), alternatively known as user-created content (UCC), is any form of content created by users of a system or service and made available publicly on that system. UGC most often appears as supplements to online platforms, such as social media websites, and may include such content types as blog posts, wikis, videos, photos, comments or ecommerce. It is the act of users promoting a brand rather than the brand itself. Advantages and disadvantages of UGC Advantages 1. Take Advantage of Content Curation Build brand awareness Establish credibility as a thought leader Streamline lead nurturing Boost social media metrics Support lead generation 2. Boost Social Media Reach and Growth Strategies that encourage user-generated content on social include: Create a custom hashtag or photo contest on Instagram Ask a question or create a challenge on Twitter or Facebook Launch a video contest Additionally, designing a social media based UGC campaign increases social traffic, which results in: A higher follower base Extended reach Increased brand awareness Boosted social metrics such as likes, shares, comments, retweets Greater web traffic/page views 3. Get SEO Perks If your users are publishing content on their own blogs, backlinks to your website can also improve its SEO ranking. And analyzing the most frequently used words and phrases your audience uses can improve your keyword optimization research. 14 | P a g e 4. Gain Audience Insights User-generated content is a gold mine of data Better understand your audience and what they find engaging. ] help generate leads and increase sales If they're writing reviews, notice what customers are complaining about, and improve on it. B2B companies will probably find a Twitter chat or online suggestion box work better than an Instagram photo contest. 5. Find Unique Content Audience will produce different content from your marketing team. Take advantage of this "outsider" perspective These photos, videos, reviews, blog posts and more offer a fresh take and a varying point of view. Encourages new audiences to join the fun and loyal users to stay engaged. 6. Increase Personalization Develop an online community that strengthens the customer/brand relationship. To get your target audience to notice and engage with content is to understand what resonates with them. Disadvantages 1. Negative feedback, obscene or rude feedback. Flaming can occur if someone disagrees with comments by another person. 2. Bias - users often hold strong opinions about a topic and often don't contribute a balanced perspective 3. Lack of reliability and creditability - anyone can publish content from a 5-year-old to a University professor, therefore, user generated content must be taken with a pinch of salt. There's no guarantee that information presented in user generated content is factual and is why Wikipedia has a poor reputation and often avoided in referencing 4. Online Defamation risk - users can publish false, offensive or inappropriate content, which could pose a legal liability towards the website owner. In February 2016, an online user on TripAdvisor, wrote a defaming review of Gold Coast hotel - Paradise Resort. Such comments could negatively impact the business by deterring future guests from staying at the hotel. 15 | P a g e 5. Confusion over Intellectual Property - who owns user generated content? There is often confusion over who owns user generated content and how it can be used? Concept of web 2.0 and web 3.0 WEB 1.0 - INFORMATION WEB It is first generation of web, it allows only read the information from web. It has only limited interaction between sites and web users. It is simply an information portal where users passively receive information without being given the opportunity to post reviews, comments, and feedback It is era of static websites and representation of static content. Web 2.0 – SOCIAL WEB Web 2.0 is a new-age web application, which encourages interactivity, information sharing, and collaboration on the Internet. It is quite opposite of a website, where users can take a passive view of the content. Web 2.0 is based on user interaction. All social networking sites, video sharing sites, blogs, forums, wikis etc. are examples of web 2.0 application. Major features of Web 2.0 – Free sorting of information permits users to retrieve and classify the information collectively. Dynamic content that is responsive to user input. Information flows between site owner and site users by means of evaluation & online commenting. Developed APIs (Application Programming Interface) to allow self-usage, such as by a software application. Web access leads to concern different, from the traditional Internet user base to a wider variety of users. Web 3.0 – SEMANTIC WEB Web 3.0 is based on semantic web. This is a technology, where information and data are stored in such a way that the computer systems understand them. It may give birth to a next-gen artificial intelligence. It can lead to a virtual web. With the advent 16 | P a g e of web 3.0 and virtual games, it is clearly evident that it will discover a new web, based on a virtual world. Web 3.0 brings the concept of personal desktop. It gives you the option to save your data and access it from anywhere in the world. You just need to login to your account from same browser. It is assumed that web 3.0 allows users to drag and drop files from their desktop to the internet browser. Several features such as 3D, seamless animation, high-definition graphics, audio, and video are expected to be embedded in web 3.0. Main features that can help us define Web 3.0: Semantic Web The succeeding evolution of the Web involves the Semantic Web. The semantic web improves web technologies in demand to create, share and connect content through search and analysis based on the capability to comprehend the meaning of words, rather than on keywords or numbers. Artificial Intelligence Combining this capability with natural language processing, in Web 3.0, computers can distinguish information like humans in order to provide faster and more relevant results. They become more intelligent to fulfil the requirements of users. 3D Graphics The three-dimensional design is being used widely in websites and services in Web 3.0. Museum guides, computer games, ecommerce, geospatial contexts, etc. are all examples that use 3D graphics. Connectivity With Web 3.0, information is more connected thanks to semantic metadata. As a result, the user experience evolves to another level of connectivity that leverages all the available information. Ubiquity Content is accessible by multiple applications, every device is connected to the web, the services can be used everywhere. WEB 4.0 -INTELLIGENT WEB It is fourth generation of web It is “intelligent” 17 | P a g e Self -learning Self-organizing Connects all devices in the real and virtual world in real time IoT - IoT encompasses everything connected to the internet, but it is increasingly being used to define objects that "talk" to each other. "Simply, the Internet of Things is made up of devices – from simple sensors to smartphones and wearables – connected together," Purpose of worldwide consortium The W3C (World Wide Web *Consortium) is an international community consisting of member organisations, full time staff and the public who work together to develop web standards. They develop web standards to ensure web accessibility and to ensure that the web evolves in one direction rather than being split amongst multiple directions by rival groups. (*Consortium = an association of two or more individuals, companies, organizations or governments.) Purpose of W3C conventions Web standards are a set of rules that web developers should follow when developing and choosing file formats for their websites. Of course, anyone can do anything on the web, but the rules act as a guide to ensure accessibility and compatibility for all users. The W3C standards aim to ensure accessibility and compatibility for all users, using all browsers on all devices. The Web is fundamentally designed to work for all people, whatever their hardware, software, language, location, or ability. When the Web meets this goal, it is accessible to people with a diverse range of hearing, movement, sight, and cognitive ability. HTML and CSS What is HTML? Hypertext Markup Language (HTML) is the standard markup language used for the creation, structuring and presentation of web pages, websites and web applications. Hypertext means machine readable text and markup means to structure it in a specific format. So, HTML is called hypertext markup language because it is a language that allows users to organize, improve the appearance of, and link text with data on the internet. HTML consists of plain text and HTML tags. The tags instruct the browser how to render (display) the text. 18 | P a g e W3C sets the standard for the structure and language for a website as HTML, that means that the web standard for markup languages for websites is HTML. Other formats are not preferred to ensure web comparability. What is CSS? Cascading Style Sheets (CSS) is a style sheet language used for describing the presentation (e.g. layout, colours, fonts) of a document written in a markup language like HTML. It describes the style of a HTML document and how HTML elements should be displayed.CSS is a cornerstone technology of the World Wide Web, alongside HTML and JavaScript. CSS enables multiple web pages to share formatting by specifying the relevant CSS in a separate .css file and reduce complexity and repetition in the structural content. Multiple web pages in a website will usually by linked to one CSS file controlling the layout, design, colour etc. of those pages. The CSS standards are maintained by the World Wide Web Consortium (W3C) and CSS3 is the current standard. (easy way to remember it for me is, HTML is the structure of the website and the overall layout, CSS the style of the website) Graphics Web graphics are visual representations used on a Web site to enhance or enable the representation of an idea or feeling. Graphics may Entertain, educate or emotionally impact the user. Graphics are crucial to strength of branding, clarity of illustration and ease of use of interface. The use of graphics on Web sites enhances the experience for users. Different use cases for graphics demand different solutions: Photographs are best represented with PNG – lossless, portable well-compressed storage, rich color control. PNG is designed for web. Line art, data visualization, and even user interfaces need the power of SVG vector images and Canvas API. CSS exists to enhance other formats like HTML or SVG. WebCGM meets the needs for technical illustration and documentation in many industries. AUDIO AND VIDEO The terms audio and video commonly refer to the time-based media storage format for sound/music and moving pictures information. Use of video and audio on Web sites enhance the experience for users Only MP3, WAV, and Ogg audio are supported by the HTML standard. The MP4 format is recommended by YouTube 19 | P a g e ACCESSIBILITY W3C GUIDELINES Guidelines and resources to help make the Web accessible to people with auditory, cognitive, neurological, physical, speech, and visual disabilities Examples of Web Accessibility Guidelines include: Alternative Text for Images Keyboard Input as an alternative to mouse input Transcripts for Audio INTERNATIONALIZATION W3C working groups liaise with other organizations to make it possible to use Web technologies with different languages, scripts, and cultures. Internationalization comes under the remit of W3C commitment to accessibility and inclusion. You design or develop your content, application, specification, and so on, in a way that ensures it will work well for, or can be easily adapted for, users from any culture, region, or language. Examples include Language options for websites Use of Unicode encoded fonts such as Arial, Times New Roman Translation options built in that uses translation engines rather than alternative versions of websites. Currency options Payment options MOBILE WEB Responsive web design takes into account the screen size of web enabled devices. Over the past years, W3C has developed a number of Web technologies that explicitly take into account the specificities of mobile devices: CSS Mobile, a profile of the cascading style sheet language that matches the need of mobile Web authors SVG Tiny, a profile of the Web’s scalable vector graphics format well-suited to the capabilities of mobile devices XHTML For Mobile, which defines a subset of XHTML for mobile The latest generation of mobile browsers are capable of using more advanced Web technologies, including features from HTML5, CSS 2.1 and 3, a number of rich JavaScript APIs, opening the way for Web-based mobile applications (including widgets). 20 | P a g e Validation techniques for online forms SERVER-SIDE VALIDATION Server-side validation is validation which occurs on the server, after the data has been submitted. Used to validate the data before it is saved into the database. If the data fails authentication, a response is sent back to the client to tell the user what corrections to make. Server-side validation is not as user-friendly as client-side validation, as it does not provide errors until the entire form has been submitted. However, it is last line of defense against incorrect or even malicious data. All popular server-side frameworks have features for validating and sanitizing data (making it safe). CLIENT-SIDE VALIDATION Client-side validation is validation that occurs in the browser, before the data has been submitted to the server. This is more user-friendly than server-side validation as it gives an instant response. This can be further subdivided: JavaScript validation is coded using JavaScript. It is completely customizable. REAL-TIME VALIDATION Real-time validation is where JavaScript can be used to provide an instant response to a user action. So rather than having to fill out the entire form and pressing submit, the user gets an instant response as they are typing so that they can make immediate corrections if necessary. One example of real-time validation would be a password strength indicator where each key stroke triggers the validation and sends a response to indicate to a user how weak or strong that website thinks the password they have chosen is. NETWORKS Types and characteristics of communication protocols For a network to work correctly it needs to have rules to make the system work. These rules are called protocols, for example when you type in a web address, it is the HTTP protocol that is working. A protocol is a set of rules that allow a computing device to communicate with another computing device. A network standard is an industry agreed upon standard for the rules that make up protocols 21 | P a g e A protocol can also be a standard because there is an industry agreed upon set of rules to use to communicate. Transmission Control Protocol/Internet Protocol (TCP/IP) TCP is a popular communication protocol which is used for communicating over a network. It divides any message into series of packets that are sent from source to destination and there it gets reassembled at the destination. IP is designed explicitly as addressing protocol. It is mostly used with TCP. The IP addresses in packets help in routing them through different nodes in a network until it reaches the destination system. TCP/IP is the most popular protocol connecting the networks. Hyper Text Transfer Protocol (HTTP): It is the standard to transfer hypertext, HTTP is the request, response protocol. A client requests, yes via typing http... into the web address bar, if the web server can proceed with the request, ie the web address is correct, it will send the page. If the server cannot proceed with the request, ie the web address is wrong, it will send an error page 404 page not found. Hyper Text Transfer Protocol Secure (HTTPS) It is the standard to transfer hypertext, but with a secure connection. It is secure because data passes within a connection encrypted by SSL (secure socket layer). A web server will authenticate to see if the password, called a digital certificate public/private key matches, if this key setup matches, it remains secure and you can get into the webpage. Wireless Application Protocol (WAP) WAP is the set of rules governing the transmission and reception of data by computer applications on or via wireless devices like mobile phones. WAP allows wireless devices to view specifically designed pages from the Internet using only plain text and very simple black-and-white pictures. Some of the advantages of WAP includes: simplifies the receipt of internet content to wireless devices standardises the way that wireless/mobile devices, such as cellular telephones and radio transceivers, can be used for internet access, including email, the World Wide Web, newsgroups, and instant messaging enhances wireless specification interoperability supported by all operating systems. 22 | P a g e Types and Characteristics of Communication Standards 802.11x (wireless) 802.11 (sometimes called 802.11x, but not 802.11X) is the generic name of a family of standards for wireless networking related to Wi-Fi. They form wireless local-area networks (WLANs). An access point acts as a central transmitter and receiver of wireless radio signals. Wireless 802.11.x is the Wireless standard to how two wireless devices use radio waves to communicate with one another. 802.3 (Ethernet) 802.3 is a standard specification for Ethernet, a method of packet-based physical communication in a local area network (LAN), a LAN is a network of computers and other electronic devices that covers a small area such as a room, office, or building. Which is maintained by the Institute of Electrical and Electronics Engineers (IEEE). In general, 802.3 specifies the physical media and the working characteristics of Ethernet. Ethernet uses cables to connect devices. Types of Network Security Measures Physical Network Security Protecting your hardware devices from theft and physical intrusion - Corporations spend large sums to lock their network servers, network switches, and other core network components in well-guarded facilities. Lock your servers in a separate room Use surveillance Secure the devices within the room Ensure you have proper ventilation and cooling Back it up Password Protection If applied properly, passwords are extremely effective in improving network security. A few other best practices in password management go a long way toward network and device security, too: Set strong passwords or passcodes on all devices that join the network. Change the default administrator password of network routers. Don't share passwords with others unless absolutely necessary. 23 | P a g e Firewall A firewall is a network security device/software that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules. Its purpose is to establish a barrier between your internal network and incoming traffic from external sources (such as the internet) in order to block malicious traffic like viruses and hackers. Firewalls carefully analyze incoming traffic based on pre-established rules and filter traffic coming from unsecured or suspicious sources to prevent attacks. Firewalls can either be software or hardware, though it’s best to have both. A software firewall is a program installed on each computer and regulates traffic through port numbers and applications, while a physical firewall is a piece of equipment installed between your network and gateway. IMPACTS OF TECHNOLOGY Data and information security Personal Information - Personal information is any information that can be used to identify you. Personal information could be characterised as belonging to you. Examples of Personal Information Address Date of Birth Name Email Address Phone Number Sensitive Information - Sensitive information is information that is protected and should not be disclosed unless under specific circumstances. The Privacy Act defines sensitive information as "information or an opinion about an individual’s: racial or ethnic origin; political opinions; membership of a political association; religious beliefs or affiliations; philosophical beliefs; membership of a professional or trade association; criminal record" 24 | P a g e Purpose of code of conduct A code of a conduct is a written document that establishes the expected behavior and standards of employees and acts as grounds for disciplinary action and in extreme cases, termination where codes have been breached. Elements of code of conduct EMPLOYEE WORK HOURS > Under the Code of Conduct, an employer’s expectation in terms of work hours may be stated > At AIC, teachers are expected to be on campus between 8:15am to 3:45 pm >This would include work breaks WORK HOURS > Under the Code of Conduct, work hours accepts a degree of flexibility with ICT systems. > ICT can enable workers to work offsite business premises with remote access to work files and programs. EMPLOYEE EMAIL USE > Under the Code of Conduct, email sent using an official company email address is regarded as official company policy. > Employees should be careful when sending emails as it gives the receiver written evidence which could be used to legally enforce contracts or conditions. >Employees are also refrained from sending inappropriate emails, including but not limited to offensive emails or defamatory emails about another person. >Personal emails are allowed to be sent using the business email address as long as it does not have a significant impact on the productivity of the employee. >Employees have the right to monitor all communications on business email addresses. EMPLOYEE INTERNET USE > Employees can only use business internet resources for business purposes. > Employees must not visit websites that could diminish their level of productivity, websites such as social media, pornography, gambling or online games. > Employees must also not visit illegal websites. 25 | P a g e > Employers have the right to monitor all traffic on business internet resources. > Employees should limit their use of social media to official breaks and it should never affect their workplace performance EMPLOYEE PRIVACY > Employees are allowed a degree of privacy with the right to be trusted when using business equipment and resources. > Employees are allowed privacy of confidential and personal information. > While employers have the right to monitor traffic and activities on ICT systems, they must also respect the privacy of confidential and personal information. EMPLOYER'S RIGHT TO MONITOR WORK EMAILS, INTERNET ACCESS AND PERSONAL USE > Employers own the business and ICT business resources, including the right to monitor work emails, internet access and personal use. > While they have the right to monitor these systems, they should respect the privacy of personal and confidential information. > (For example, an employer should avoid opening personal emails and only checking work related emails). > Employers have the right to monitor ICT systems as they have the right to: >Protect the business from legal threats >Ensure the business reflects a positive reputation >Ensure workers remain productive >Protect ICT systems from malware > Employers however, must consider employee's rights to: > Be trusted > Take regular breaks >Confidentiality of own data Online censorship in a global context Internet censorship puts restrictions on what information can be publicized or viewed on the Internet. Governments and other organizations commonly use internet censorship to block access to copyrighted information as well as to harmful or sensitive content. However, internet censorship can also be used as a propaganda method to promote specific religions and political agendas. 26 | P a g e Internet censorship is used for protection by > Preventing individuals accessing copyrighted information. > Stopping people from viewing harmful or sensitive content. > Control Internet-related and Internet-communicated crime. > Monitoring the billions of people on the Internet with varying opinions and preferences. > Promote particular religions and political ideas Forms of online censorship of information DNS Tampering/filtering: In countries where authorities have control over domain name servers, officials can “deregister” a domain that is hosting nefarious content. This makes the website invisible to the browsers of users seeking to access the site because it prevents the translation of domain names to site IP addresses. IP Blocking: Governments with control over internet service providers can blacklist certain IP addresses of websites they do not like. When you request access to a site, your request is monitored by surveillance computers, which check your request against a list of blacklisted IP addresses. If you are trying to reach one of these forbidden sites, the internet service provider will drop the connection, causing it to fail. Keyword filtering: IP address filtering only blocks websites that are explicitly blacklisted. However, there are billions of websites, and new ones are created all the time, making it nearly impossible to create a fully updated list of sites of forbidden content. Keyword filtering will inspect website on a per visit basis and scan for “suspect” keywords. URL filtering. This mechanism scans the requested Uniform Resource Locator (URL) string. If the URL includes forbidden terms, the connection will be reset. Packet filtering/IP address filtering: Packet filters analyze incoming and outgoing packets and let them pass or not based on the IP addresses of the source and destination. It can only block communication on the basis of where packets are going to or coming from – that is, their address – not the actual material of their contents. Deep packet filtering: Examines packet contents for banned keywords. Communication identified as containing forbidden content can be disrupted by dropping the connection. Users may receive one of a number of error message on their browsers, none indicating explicitly that they are being censored. 27 | P a g e Negative impacts of online censorship > It restricts too much information. It’s entirely possible that real info is blocked along with fake info, which opens up what you should and shouldn’t restrict/access. > Who’s to define what is censored and what is not? Are there checks and balances in place to ensure that what is censored is done so in the best interest of the community being censored. > Censors free speech. Internet censorship not only limits the content you can access but potentially the content you post as well. > There is a cost. There are human and electronic resources , required to control and survey Internet users. And this is ultimately at the expense of taxpayers. Positive impacts of online censorship > Stop fake news. If more content was closely monitored, it could cut down on the mass amounts of fraudulent information including false advertising. > Curb access to harmful activities. The dark web is unchartered territory to the majority of Internet users, but there are sites that are shockingly easy to find that are dedicated to illegal acts Issus with the use of cloud computing “Cloud computing is the delivery of computing services – servers, storage, databases, networking, software, analytics and more – over the Internet“ Availability of Online Applications > The more online applications we have, the more online data we have. > 10 years ago there were hardly any online applications. Now we have 1000s to choose from. > We can use online applications such as social networking to keep in touch with family and friends. > Business can choose from 100s of online storage applications. > The more that data is stored online, the more opportunity for criminal activity such as theft and fraud. Level of Accessibility > Access to the data, means who can get to the data. > Is it a matter of going to a website and collecting the information. > Do you need to log in to get the information? > Google docs uses the login method. So does Facebook, Twitter and many more. > The more valuable the data is, the more care needs to be taken to keep it safe. 28 | P a g e > We need to train people to have secure passwords, and to consider unauthorised access as a way of cloud life. > Businesses need to consider reliable and secure cloud computing services, if they were to go down this road. Confidentiality of Data > If your data is saved on your home computer, you know it is relatively safe. > If your data is saved in the cloud, you don’t know if it is safe or not. > It is the same with business. If stored locally, they know it is mostly safe. > If business store in the cloud, then there are many questions that can be asked. > Is the data safe from unauthorised people looking at it and possibly using it? > The Cloud Service Provider (CSP) may analyse client data. > Hackers may get into the data and analyse it for business secrets and the like. > People need to consider where they place confidential or secret data. >Businesses need to consider if the cloud storage solution they are using is secure or not. Sensitivity of Documents > Data stored in the cloud is important. > Some are more important than others. > For example the secret business plans for Holden’s latest model car. > Patient records for hospital systems are sensitive and their storage needs to be different from that of a blog post for kid writing about his BMX race on the weekend. > The more sensitive the document, the more care needs to be taken to keep it safe. Impacts of Digital Technologies and global markets on; Productivity: > Global markets provides more opportunities for consumers. > Technological improvements in farm machinery, mean that farmers can buy tractors that can be driven remotely to seed or plough a paddock. > Improvements in educational opportunities via online learning improves the productivity of graduates from universities. > Improvements in medical diagnosis equipment such as a MRI, means improved productivity for the health industry. 29 | P a g e > Digital analysis of business statistics can point out areas where costs can be made and where cutbacks should occur. > Computer analysis of production samples can assist purity for minerals such as gold and iron ore assisting productivity. > Computer analysis of DNA in police forensics is advancing so that criminals can be caught and bodies identified which has improved policing productivity Access to Knowledge or Resources Access to learning: > 24/7 access to university and courses online, cheaper method of getting a degree, less travel, > 24/7 access to students in schools via school extranets, improved results with constant feedback for improvement opportunities > 24/7 access to information on a plethora of topics. We now have access to all past and present knowledge at our fingertips. > This makes for a more informed society > There is also a devaluation of knowledge Access to entertainment: > 24/7 access to movies on demand, is there uncontrolled viewing for young kids watching the wrong thing > Can lead to indolence > 24//7 access to online games. Will this lead to lack of concentration in class Access to work > 24/7 access to work extranets > 24/7 access to work cloud storage is convenient, but there are privacy concerns > 24/7 access to emails and work from home may affect work/life balance Access to online purchasing: > 24/7 access to ebay and gumtree style of websites > 24/7 access to a plethora of items for purchase. > The long tale with more niche products > Harder to return items. Access to family and friends: > 24/7 access to social networking to share news and events. > Improved communication for families > Cyber bullying and social media addiction are issues 30 | P a g e Outsourcing: > Outsourcing is getting other companies to do some of a company’s normal business activity. > Improvements in digital technologies and availability of global markets assist this to happen. > For example, Telstra, Optus and many other companies have outsourced a lot of customer support off shore. > An impact of this is that local jobs in Australia are lost. > Security of company details could be lost off shore. > Privacy laws in Australia are not relevant in other countries so privacy is a large issue. > Quality control of services is up to the whim of the company conducting the outsourcing. > Company projects could be copied and sold on as their own causing copyright and licensing issues. > The reputation of the company is in the hands of a different company PROJECT MANAGEMENT Concept of service level agreement Service Level Agreements are a contract between a service provider and a user of the service (ie the customer), that defines the expected quality of services to be provided by the service provider. > The SLA may address several areas including the availability of the service, the performance of the service, how it will operate, priorities, responsibilities of involved parties, guarantees and warranties. > As well as defining key areas, the Service Level Agreement may also specify a level of service, including targets and a minimum level that can be reached. SLA – PURPOSE: It is as important to have an SLA as it is to have a contract for business arrangements of all types as it constitutes a single document that contains the terms of the agreement as understood by both parties. > Defines the customer’s needs and wants > Provides a framework of understanding between the supplier and consumer > Simplifies complex issues with supply of the service 31 | P a g e > Reduce areas of conflict between supplier and consumer > Encourages dialogue in the event of disputes > Eliminates any unrealistic expectations from either party. Features of SLA Availability of services This section of the Service Level Agreement outlines the period of time the services will be provided and the quality of service to be provided, including outlining any downtimes such as those from routine maintenance, planned outages or unplanned outages. This indicates the amount of time/window of time that the services managed by the outsourcer are available, ranging from online application availability to delivery of reports by a specified time of day. Measures can be reported positively or negatively and usually incorporate some level of tolerance (for example, online application availability 99 percent of the time between the hours of 8:00 am and 6:00 pm). Types of services Customer Service Level Agreement A customer service level agreement is a contract between a service provider and an external customer. An external customer is someone who receives services in exchange for money. Customer Service Level Agreements often outlines support services to be provided to the customer such as help desks, email/phone/online support. Internal Service Level Agreement An internal service level agreement is a contract for an internal customer, that is someone who works in a different department of the same organisation. An Internal Service Level Agreement outlines the expected quality of services to be received by an internal service provider and outlines items such as response times. Vendor Service Level Agreement A vendor service level agreement is a contact between a service provider and a vendor. A vendor is someone who provides service to the company. For example, you could hire someone to provide ICT support and guarantees uptime of ICT services. 32 | P a g e Advantages of local and global outsourcing compared with in-house WHAT IS OUTSOURCING > Outsourcing is an arrangement in which one party provides services for another > Traditionally these services may have been provided in-house (within the company). In-house (sometimes called insourcing) If a company is to make a product (or service) it will need employees to do it. Employees need to be paid a minimum wage. Employees need holiday pay. Employees need long service leave (in Australia) Employees need sick leave. All of these costs add up, so some companies don't produce things in-house anymore. They outsource. OUTSOURCING VS. IN-HOUSE: Local > Outsourcing locally can be beneficial to both the business and the local economy. > By outsourcing services the company will get expertise whilst also fostering employment locally Global > Outsourcing globally can mean that you get a wider range of expertise. > It can also be cheaper to outsource a job/service overseas as wages are lower in those countries. Advantages of Local Outsourcing Cost efficiencies - Outsourcing producers could have significantly larger production facilities or more specialised equipment to lower the unit cost of production Mass production - Outsourcing can produce large output demanded by businesses. Producing large outputs reduce the unit costs of production. 33 | P a g e Greater focus on core business areas - eliminating focus on manufacturing aspects of their business, businesses can dedicate more resources to increasing client relationships, marketing and research and development. Eliminates required investment in infrastructure and technology - in addition, businesses do not need to constantly upgrade equipment and can get access to the latest manufacturing equipment Access to skilled workers - eliminates the need for businesses to recruit and train employees Advantages of Global Outsourcing In addition to the above benefits of local outsourcing, global outsourcing also offers additional benefits including: Lower company tax rates - businesses may be able to save money by producing elsewhere to take advantage of lower company tax rates such as Ireland at 12.5%, Germany at 15%, Cambodia at 20% while Australia's company tax rate is 30% Lower regulation and red tape - other countries can have significant less barriers to production. For example, outsourcing can avoid strict environmental, planning and employee regulation. Lower wage costs - Australia has relatively high minimum wages. Outsourcing can take advantage of lower wage costs in developing countries. DRAWBACKS OF OUTSOURCING > Risk that outsourcing supplier will fail to meet quality standards or otherwise not deliver > Potential loss of expertise from the business > No guarantee that costs will be lower Advantages of In-House Production Greater quality control - the business is able to examine the quality of the manufacture of goods or providing of service. Easier customisation - the business is able to easily modify production to suit special orders or request by customers. Outsourcers may have difficulty understanding the client requirements of special orders. 34 | P a g e Greater volume production control - the business can easily adjust its volume of production in accordance to demand. If there is low demand for a product, the business can easily decrease production whereas outsourcing could be contracted to a fixed volume. May be cost effective at small volumes No transportation delays - businesses have to wait for outsourced production to arrive at the business which is especially long for global outsourcers Lower shipping and distribution costs Purpose of Outsourcing data management Data management consists of the entry and policies of the storage of valuable data. Why do Businesses Outsource Data Management? Save on costs - global outsourcing of data management leads to lower costs but achieves the same purpose. Eliminate investment on infrastructure and technology - businesses will not need to invest in data management technologies and eliminates the need to constantly increase expenditure on acquiring latest data management systems. Outsourcing provides access to the latest data management systems. Saves on ICT costs in managing data in-house - eliminates cost for support, hardware and software of data management Saves on physical space Evaluating Digital Solutions for Usability How can you evaluate a digital product? Surveys - ask for user's opinions about the use of an ICT product by filling out a survey. The survey can be used to gather analytics about areas of ICT product that are liked and disliked and any comments or recommendations. The survey results can then be used to refine an ICT product to meet the needs of its users. Self Reflection - the creator of an ICT product could critically evaluate aspects of an ICT product for usability, noting down any areas that could be refined and improved. 35 | P a g e Client Feedback - the creator of an ICT product could ask the client to evaluate the product, noting down any areas where features can be added or removed. The ICT product can then be refined to suit the client's needs.
0
advertisement
Download
advertisement
Add this document to collection(s)
You can add this document to your study collection(s)
Sign in Available only to authorized usersAdd this document to saved
You can add this document to your saved list
Sign in Available only to authorized users