Part 1: Work Patterns Lesson 1: Computers On The Job: How Workers Use Computers

1
PART 1 : WORK PATTERNS
Lesson 1: Computers on the Job: How Workers use computers
The companies that use large computer system today are mostly the same companies that used them
30 to 40 years ago: corporations that have the big budget. These organizations – typically banks; insurance
firms and aerospace companies – were the pioneers. The computers used were potent by then-current
standards, even though today’s personal computers would provide a competitive edge. This turned out to be
true, but it was long time before managers really understood the true promise of computers.
Early users were somewhat uncertain about how to use the new tool. In fact, to them the computer
was useful for no more than clerical task. Pioneering applications for many companies were payroll and
accounting system. The idea was to save labor cost by having the computer to do some work. Many
organizations, including the government, used computers as “number crunchers” - Machines that ground
away formulas. When computers began to be used interactively, business people saw that the computer
could be used as a service tool, giving instant reservation or bank services.
Today, large computer systems are used in every conceivable way, from research to manufacturing.
Mid-range computers make numbers crunching and computerized services available for medium-sized
companies. But it is highly affordable personal computer that has already opened up computing for the
worker.
Personal Computer in the Workplace
Personal computer are everywhere in the workplace, no matter in the industry: retail, finance,
insurance, real estate, health care, education, government, legal services, sports, politics, publishing,
transportation, manufacturing, agriculture, construction and on and on. It would be easier to ask where
computers are excluded in the workplace. No industry interested in increasing productivity and helping
workers and managers would exclude them – and expect to compete in today’s marketplace. It is not always
that way.
Evolution of Personal Computer Use
Personal computers use seems to have evolved in three (3) phases. Personal computers were first
used in business by individual users to transform work task. Constantly retyped full documents, for example,
gave way to quickly modified word-processed documents. The much-erased manual spreadsheets became
automatically recalculated electronic spreadsheet. And overflowing file drawers were transformed into
automated database. These changes gave a significant boost of individual productivity and can be
considered the first phase of the evolution of personal computer use.
ITEC 85 – Quality Consciousness, Habits and Processes

Lecture Manual
2
More organizations have entered the second phase. That is, they have gone beyond personal
computer use by individual. The second phase involves by transforming a work group or department. This
department – oriented phase probably enhances a network and may also include personal computer access
to large computer system. This phase requires planning and structure.
The third phase of personal computer evolution is the most dramatic, calling for transformation of
the entire business. Practically speaking however, the third phase is really just an extension of the earlier
phase: each individual and each department uses computers to enhance the company as a whole. Few
companies have come close to this idyllic state. This three-stage transformation – individual, department,
and business – broadly describes a company’s progress at blending its computer and business goals.
The Impact of Personal Computers
In the decades to come, personal computers will continue to radically alter business world, much as
the automobile did. For more than 50 years, the automobile fueled the economy, spawning dozens of
industries, form oil companies to supermarkets. Other business, like real estate and restaurants were
transformed by the mobility provided by the car. Personal computers are having similar effect, for two
reasons: [1] They have brought the cost of computing down to the level of mass produced consumer product
[2] They have worked their way into most business organizations.
Now that they are in business, let us consider who in business rally needs to use them.
Where PC’s are Almost a Job Requirement

Who must know how to use a personal computer to perform some part of a job? As we have already
implied, the answer may soon be everyone. But we are not close to that landmark yet. Even if you can see
that your intended job is in the must-know category, it is likely that you can receive on-the-job-training. Let
us look some of the jobs that might require PC knowledge. Notice that many of the jobs mentioned would
probably fit more than one category.
Real Estate Broker, attorney, doctor, auto mechanic, or anyone who needs to search information in
variety of ways.
Accountant, tax planner, medical researcher, farmer, psychologist, budget manager, financial
planner, stockbroker, or anyone who needs to analyze data.
Advertising copywriter, secretary, author, teacher, student, legislator, reporter and anyone who
needs to share data with other worker.
Project leader, construction manager, reservation agents, trucker, factory supervisor, or anyone who
must kept tract of schedules.

Lecture Manual
3
Insurance sales person, fitness consultant, political candidate, sports manager, or anyone who needs
to give a compare – the – results sales pitch.
This list may make you pause; you may not have seen computers in some of these roles. But there is
no question that computers are changing the way we work.
How Computers Change the Way We Worked

Computers are changing the way both individuals and organization work. By providing timeless access
to data, computers let us spend less time checking and rechecking data and more time getting work done. In
addition to increasing overall productivity, computers have had a fundamental impact on the way some
people approach their jobs.
Executives were among the first to notice the change – an oil company executive noted that her
secretary is no longer the keeper of all knowledge, because many documents now get prepared without the
secretary even seeing them. In fact, a lot of professional use their computers in lieu of yellow pads. The net
result is that work is done much more effectively.
The Name of the Game is Speed

Not the computer game – the business game. From California to Maine a principal topic among
management consultants and business school professor is speed. Why? Who cares? And, if there really is
good reason for speed. How is it gained?
The why question has most straightforward answer: Speed kills competition. If your product gets to
the market first, you get the sale. Lag behind and get left out.
Who cares? Managers, of course, and perhaps surprisingly- employees. Employee satisfaction
improves when employees are working for a responsive, successful company. Also, using computers to speed
up operation gives employees more responsibility and flexibility.
So, how is speed achieved? Do we just put out an order to step on the gas? Probably, not – that would
just speed up the mess and burn out machines and workers. There are many ways to speeds up operations,
including providing worker incentives, reducing the number of approvals needed for the action, and - of
course – putting the computer to work whenever possible.
A new software tool for speeding up work is called groupware network software designed to be used
by many individuals at the same time. Groupware allows teams of workers to communicate more quickly and
efficiently. The Boeing Company recently cut the time needed to complete a wide range of team projects by
an average of 91% - or one tenth of the time they had taken before. In one case, a group of engineers,
designers, machinist and manufacturing managers used an IBM groupware product called TeamFocus to
design a standardized control system fro complex machine tools in several plants. Managers say such a job

Lecture Manual
4
would normally take more than one year; with 15 electronic meetings, it was dome in 35 days. The
computer is not the only answer, but it is a major factor.
By providing timely access to data, computers let us spend less time checking and rechecking data –
and time getting things done. This inspire informed decision making and improves overall productivity.
Today’s computer system speed memos, documents and graphs to workers throughout the organization. This
kind of direct people-to-people communication enriches every aspect of a business.
The Portable Worker
Many workers attribute their success to plain hard work. – and they want potential to take their work
with them whenever they go. These days, taking work along means taking the computer along.
The Tools of Productivity. For ideal portability, a worker needs this set of machines: a notebook,
palmtop or laptop computer – with fax and modem; a laser printer; a cellular phone or built in satellite
transmission capabilities. Some workers, especially managers, have these machines at home as well as in
the office. With the appropriate software, these machines can help the worker with many routine task –
from answering electronic mail to writing reports to comparing financial operations to possible merger – and
do it anywhere. Many workers carry a laptop in the field or when traveling. Workers can use technology to
send electronic and voice messages that can be picked up at the recipient’s convenience. A report prepared
at home or on the road can be sent fax to other interested parties. These electronic tools are catching on
rapidly, and they are spreading beyond the traditional office.
The New Convenience. Some say the new technology goes beyond providing convenience. Some say,
what computers provide is liberation – from the confines of the office, from the stressful 9-to-5 commute,
from frustrating telephone tags, and even from time zone barriers. Telecommunicating, as we have
mentioned, is ideal for some workers but the liberation being describe here is not a pattern of being home –
it is the lack of a pattern. Workers can, for all practical purposes, stay in tough with the office and the
action 24 hours a day, seven days a week.
Software at Work
Consider some specific business applications for the software tools in the market.
Communication Software
If you have a computer, a modem, and some communication software, you have the capability to
access any other computer system similarly configures. Businesses are the major users of communication

Lecture Manual
5
software. There are as many applications as there are entrepreneur to devise than a users to buy them.
Here are some on-line services that workers value.
On-line Reservation. Need a reservation? Don’t call your travel agent – reach for your computer. The
American Airlines Reservation System, called Sabre, is one of the major reservation system used by the
travel agents and airlines around the world. Now, for a fee, any business can direct access to the Sabre
system through that business’ own computer. Individuals can have access to Sabre too. Those who use Sabre
for business or personal travel have immediate access to airfares at any hour of the day. Sabre reports an
airline’s on-time performance, uses a personalize profile to sort through flights and seating arrangements,
spells out application restrictions, summarizes travel arrangements. Of course, anyone can get all this free
from an airline or travel agent, but some people prefer the convenience of making their own arrangements.
Weather Forecasting. We have long relied on the media, both television and print, to keep up
informed about the weather. This service is adequate for most of us. Some business, however, are too
dependent on the weather that they need constantly updated information. On-line service offers analysis of
the live weather data, including air pressure, fog, rain, and wind direction and speed. Businesses that
depend on the weather include agriculture, amusement parks, ski areas, and transportation companies, all
of which make business decisions based on weather forecasts.
On-line to the Stock Exchange. Stock portfolios can be managed by software that takes question on-
line directly from established market monitors such as Dow Jones. The software keeps records and offers
quick and accurate investment advice. And, of course, the stock exchange itself is a veritable bee hive of
computers.
Graphics at Work
Computer graphics are an appendage that can delight and entertain and inform. Business people can
enhance a message by using a graphics to express numbers in a easy to understood form. But, sometimes,
producing graphics, is the chief function of a computer system or an integral part of the job of the worker
who use the system.
Researcher. Some people worry a little about earthquakes; others get paid to worry about them.
Researchers in the field of earthquake prediction use graphic in several different ways to help them
visualize the forces that cause temblors. Computers can also digitize and assemble satellite photos, and the
graphics results help researchers spot geological patterns and shifts. These two examples are of government
research, but private firms also do an enormous amount of research to strengthen their product lines.

Lecture Manual
6
Artist and Designer. As a tool of their craft use sophisticated software to produce stunning computer
art animation. A clear business application of graphics is design. Everyone from architects to engineers to
fashion designer can use computer to design and stimulate products.
Musicians. The old movies feature inspired composers hanging over the piano in the middle of the
night. First we see few finger dabbing at the keys, then a pause, a cocked ear, another bit of the key
tinkling, and – finally – a pencil writing noted on a paper. Many composers still play the notes, but a
computer equipped with listening software captures them reproduces them as a graphic images on screen.
When the composition is completed, the composer instructs the computer to print out the music sheet.
Doctors. How do you look inside a body to take its picture? X-rays are one way, of course. But
amazing as X-ray technology is, it is far from perfect. X-ray films can be so fussy that interpreting them
seems more an art than science. Modern medical imaging had gotten quite a boost from the computer.
Decision-Making Software
You have already studied in detail one important type of decision making software: a computerized
spreadsheet. You have seen how the ability of spreadsheet software to recalculate automatically test
decision making explore different possibilities. Beginning with Loan Amortization, let us consider some of
the significant ways that business use spreadsheets and other decision making software.
Loan Amortization. Software for loan amortization determines due dates, payment number, payment
amount, principal, interest, accumulated interest, and loan balance. Most amortization software produces
yearly and monthly reports.
Break-Even Analysis. Can we afford the new equipment? Should we buy or lease? Should we try to
compete in that makes? What is the pay-off? And what point do we break-even? Net value present and break
– even software answer these questions and more – analyzing the relationship among variable cost, fixed
cost, and income – based on actual conditions sure beats hunches scribbled on the back of an envelope.
Property Management. A type of program sometimes referred to as ladlord can be used to manage
any income property, whether marina, apartment complex, or shopping mall. The software can record
charges and payments for each renter and produce a variety of reports, such as lease expiration list and tax
analysis list for each property.

Lecture Manual
7
No matter the business, getting a job done efficiently often depends on reliable access to stored
data.
Storage and Retrieval Software

Office worker and salespeople and manufacturers all use computers as tools in their business; most
of these workers and many other rely on access to store data.
Crime Detection. A lot of crime detection involves a process of elimination, which is often tedious
work. A tedious task, however, is often the kind of the computer does best. Once data is entered into the
database then searching by computer is possible. Examples: Which criminal use a particular mode of
operation? Which criminals are associates of this suspect? Does license number AXB221 refer to stolen car?
And so on. One specific type of crime detection computer system is the finger-print matching system, which
can match the crime-scene fingerprints with computer stored fingerprints.
Sports Statistics. Here is the situation. Tied game, bases loaded, two outs, left-handed batter,
bottom on the ninth. If you are coaching the team in the filed, do you leave in the right handed pitcher of
pull him for a lefty. The seat-of the pants are less common this days. Coaches and managers in professional
sports wants any help that they can get. A wonderful source of help, one that can be carried right to the
edge of the filed, is the computer. In our current example, the batter’s past performance against statistics
about the available pitcher.
Performing Arts. People in the performing arts as standard business tools. They find databases
particularly useful. Database software, for example, can search for the names of musical pieces – all 20
minute violin pieces by German composers, for example. The American Ballet Theater takes their computers
on tour: One database plot rehearsal schedule; another keep track of sets, lighting of costumes. Some
sophisticated organization use databases to coordinate ticket sales with fund-raising; as patron, this
probability means that you will receive your tickets with great efficiently, then be solicited fro donations.
Legal Services. You have seen the formal photograph of the judge, the attorney, the politicians –
each with a solid wall books in the background. Those books are not just decoration, however. Worker in
any law office need to be able to research legal precedents and related matters. But why not take the
information in those books and just “drop it” into a computer? That is, in essence, what has been done. The
books have been converted into a computer-accessible databases, and the results is that legal research time
has decreased significantly. Two common computerized legal research systems are Lexis and Westlaw,
available in law libraries and law firms.

Lecture Manual
8
Vertical Market Software

Vertical market software describes a program written especially for a particular market group of
customers such as accountants and doctors. Some software maker specialized in a computer systems for
such markets. This user-oriented software usually present options with a series of easy to follow menus that
minimized training need.
Auto Repair Shops. Designed in conjunction with people who understand the auto repair business,
this all-in-one software for an auto shop cam prepare work orders, process sales transactions, produce
invoices, evaluate sales profits, track parts inventory automatically, print reorder reports and update the
customer mailing list
Video Rental Stores. An important goal for a video rental store is fast service. One concept for the
fast service is simple enough; let the computer match the customer and tapes they rent. Here is how it
work. Each regular customer receives a card with an identifying barcode on it; each rental tape is also bar
code. At rental time, a customer’s bar code and the tape’s bar code are scanned, causing an invoice to be
printed. The entire transaction takes only few seconds (the scanning system can be overridden by typing the
name and other data for new or card less customers). When the tape is returned, a clerk needs only to scan
the tape label; the system automatically credits the proper customer with the return.
Beauty Salons. Does your hairdresser really remember exactly how to do your hair and you like yard
work and movies? Maybe. But it is more likely that card is on file somewhere, listing your preferences. In
some shops, that “card” is stored in the computer. Before you arrived, this data can be pulled up on a
screen. After you leave, the hairdresser immediately updated your customer history. In addition, the
computer credits your stylist for providing the service and uses this data to calculate the stylist’s
commission. The computer can also produce reports, including sales summaries by period, product
inventories, appointment reminder cards, thank you cards and promotional letters.
Mailing List. Traditionally, managers ignored the cost of mailing as a nickel–and– dime-expense. Now,
managers view their company mailing list as a target for cost reduction. There are many software packages
to generate mailing list; cost saving can result from trimming and focusing them. “Hunter-Killer” software
roots out incomplete addresses and duplicates, even if they are not quite identical in appearance. This kind
of software can also use addresses “intelligently”. For example, if the mailing consist of lawn care circular,
the software can eliminate addresses that include “Apt”.

Lecture Manual
9
Lesson 2: Security, Privacy and Ethics
What Is Computer Security and Privacy?
Any factor that can damage your computer or the data on it is a computer threat. Natural events
such as earthquakes or hurricanes can cause widespread physical damage. It is possible that you or someone
else accidentally deletes some important files causing the computer to malfunction. When your computer is
connected to a network, the computer becomes even more vulnerable to computer threats. For example,
another user may use the network to gain unauthorized access to your computer.
There are various measures that you can use to reduce these threats and reduce the likelihood of
loss due to damage. By following basic guidelines, you can minimize the risks of damage to your computer
and ensure its security and privacy.
Computer Security
The computer hardware can be damaged due to human carelessness or natural causes. Also, the data
and software on the computer need to be protected from accidental or intentional loss and tampering.
Computer security deals with the measures that you can take to avoid such damage to the computer and its
data.
Computer Privacy
You store your personal files or documents on your computer and would not want anyone to read
them. Computer privacy means that your data, such as personal files and e-mail messages, is not accessible
by anyone without your permission. Computer privacy deals with the measures that you can take to restrict

Lecture Manual
10
access to your data. Computer privacy also includes being careful while giving out any personal information
over the Internet. Any such information is likely to be misused to gain access to your personal accounts,
such as your e-mail and bank accounts.
Natural Threats
Natural calamities such as earthquakes, floods, hurricanes, can damage your computer at any time.
Natural calamities can cause fires, extreme temperatures, and lightning strikes that lead to major physical
damage to the computers and loss of data.
This illustration describes the various natural threats to computer security and privacy.
Most of the components of a computer are designed to operate within a

specific temperature range. In case of excessive heat or cold, some
components may start to malfunction, and you may need to replace them. If
your computer has been exposed to extreme temperatures, let it return to
room temperature before you start it.
Fire can damage your computer beyond repair. Even if the computer does not
directly catch fire, the heat caused is enough to melt the delicate components
inside the computer. Moreover, smoke can damage the CPU fan, which in turn
can cause overheating of the CPU and damage it.

Lecture Manual
11
Lightning that strikes with a huge amount of electrical charge can cause a
surge. A surge or spike is a sudden increase in the supply voltage, which can
permanently damage some components of your computer. For example, a
sudden increase in voltage can destroy the motherboard of your computer.
Measures for Protection from Natural Threats
Natural threats can cause considerable damage to your

computer. The following table explains the measures that you
can take to protect your data and computer from natural
threats.
Measure Description
Backing up data involves creating multiple copies of your data. Events like floods
and earthquakes can strike without warning. Making a backup helps you recover
Back up data your data in case of any data loss. To provide better recoverability, keep a copy of
your important data in a physically separate location, such as in another building or
city.
Install computers in Install your computer in a place where it is not likely to get damaged due to
secure locations natural factors. For example, avoid installing computers in rooms that are exposed
to excessive dust or moisture.
Install protective Install devices such as an Uninterruptible Power Supply (UPS) that can provide
electrical devices battery backup in case of a power outage. A UPS prevents software damage caused
by abrupt shutting down of your computer. A UPS also provides surge protection
and line-conditioning features, which help protect your computer against spikes
and surges on the power line. You can also install separate surge protectors and
line conditioners. However, in case of a strong surge, caused by events such as a
major storm, you should turn off the computer and unplug it from the power to
avoid damage.
Insulate computers Insulate the computers from fire by housing them in fire retardant surroundings. In
from fire addition, you can install adequate fire safety equipment and procedures for quick
damage control.
Maintain appropriate You should maintain an optimum temperature and humidity level to ensure the
temperature and smooth functioning of your computer. You can do this by installing devices such as
humidity air conditioners and humidity controllers.

Lecture Manual
12
Threats from Human Actions
A type of threat to your computer is malicious human sources. A discontented employee in your
office can deliberately try to tamper with or destroy the data on your computer. A hacker is a
person who tries to illegally access your computer when you
connect it to the Internet. After accessing your computer, a
hacker can steal or damage the data stored on the computer.
In addition to malicious human threats, human errors such as
accidental deletion of data and physical damage are also a
threat to your computer. The following table describes
various threats from malicious human sources and human
errors to your computer.
Threat Description
Anyone can steal your computer or its components, if they have access to it. With the
popularity of portable computers, such as laptops, physical theft of computers has
become very common.
You can also become a victim of virtual theft, when your computer is connected to the
Theft Internet. One example of virtual theft is identity theft, in which a hacker can steal
your personal information to assume your identity. Using this false identity, the hacker
can gain access to your finances or perform an illegal activity. Another example of
virtual theft is software piracy, which is theft of a computer design or program. It can
also mean unauthorized distribution and use of a computer program and confidential
documents.
Viruses, Worms, Viruses are computer programs that can damage the data or software on your computer
and Trojan or steal the information stored on your computer. These viruses can reach your
horses computer, without your knowledge, through the Internet or through storage devices,
such as floppy disks and CD-ROMs. Worms are viruses that replicate themselves once

Lecture Manual
13
they attack a computer, making it difficult to remove them. A Trojan horse is also a
kind of virus disguised as useful software, such as a game or a utility. Once a Trojan
horse reaches your computer, it starts acting like a virus causing damage to the
computer's data.
Spyware Spyware are programs that get installed on your computer without your knowledge.
They can secretly send out information about your Web browsing habits or other
personal details to another computer through the network.
Internet scams While using the Internet, you might come across some attractive offers through e-mail
messages or chat room communication. You should be very careful before accepting any
such offers because these offers can be part of well-planned scams that can cause you a
financial loss.
Online predators Online predators are individuals who lure anybody online, into inappropriate and
unethical relationships. You or your family members can become targets of online
predators. Online predators develop contact with their targets by using e-mail or chat
room communication.
Accidental Many times, damage to a computer is due to unintentional human errors. Accidental
deletion of data deletion of an important file can disrupt the integrity of data or prevent other files or
programs from working. For example, you may accidentally delete an important file,
causing the computer to malfunction.
Accidental Computer components, being delicate, run the risk of getting damaged due to
damage to carelessness. For example, if you accidentally drop your laptop computer, this might
hardware result in damage to the hardware components, such as motherboard or CD-ROM. As a
result you lose the data stored on the computer. In addition, physical damage to data
due to spilling of food and beverages on storage devices or peripherals can affect your
computer.
Hackers
- was the term used to describe self-taught, enthusiastic computer users
- describes as a person who gains access to computer system illegally.
Examples:
- A small business operator and a salesman were arrested by a police in a sting operation that netted
more than $200,000 worth of counterfeit packages of Microsoft latest DOS Software.
- A brokerage clerk sat at his terminal in Denver and, with a few taps of the keys, transformed 1700
shares of his own stock worth $1.50 per share, to the same number of shares in another company worth ten
times that much.
- A keyboard operator in Oakland California changed some delivery addresses to divert several
thousands of dollars worth of department store goods into the hands of accomplices.
- A ticket clerk at the Arizona Veterans Memorial Coliseum issued full-price basketball tickets for
admission, then used her computer to record the sales half-price tickets and pocketed the difference.
Computer Related Crimes

Lecture Manual
14
Disgruntled or militant employee could

- sabotage equipment or programs.
- Hold data or programs hostage
Competitors could
- sabotage operation
- engage in espionage
- steal data or programs
- photograph records, documentation, or CTR screen displays.
Data Control Worker could

- insert data
- delete data
- bypass controls
- Self information
Clerk / Supervisor
- forge / falsify data
- embezzle funds
- engage in collision with people inside or outside the company
System user could

- sell data to competitors
- obtain unauthorized information
Operator could
- copy files
- destroy files
User requesting reports

- sell information to competitors
- receive unauthorized information

Lecture Manual
15
Engineer could
- install “bugs”
- sabotage system
- access security information
Data conversion worker could

- change codes
- insert data
- delete data
Programmer could
- steal programs or data
- embezzle via programming
- bypass controls
Report distribution worker could

- examine confidential reports
- keep duplicates or reports
Transaction could
- sell report or duplicate to competitors
Glossary for Computer Crooks
Bomb
- a virus that sabotages a program to trigger damage based on certain conditions; it is usually set
to go off a later date – perhaps after the perpetrator left the company
Data Diddling
- changing data before or as it enters a system
Data Leakage
- removing copies of data from the system without a trace.
Piggybacking
- using another person’s identification code or using that person’s file before he or she has logged
off
Pirate

Lecture Manual
16
- a person who copies software illegally

Salami Technique
- using a large financial system to squirrel away small slices of money that may never be missed.
Scavenging
- searching trash cans for printouts and carbons containing not-for distribution information.
Trapdoor
- leaving, within a completed program, an illicit program that allows unauthorized unknown entry.
Trojan Horse
- a virus that covertly places illegal instructions in the middle of a legitimate program.
- it appears to do something useful but actually does something destructive in the background. An
example if the “Sex Ladies” hyper card stack on the Macintosh, which erases the hard disk while
you check the cheese cake.
Virus
- a piece of software that attached itself to the application files. When run, the application or file
provides a pathway to the virus to spread to your system files and other software, or from one
system to another.
Worm
- a virus that replicates and spreads.
Zapping
- using an illicitly acquired software package to bypass all security systems.
Who is the computer criminal?

He (we will use he here but of course he could be a she) is usually someone occupying position of
trust in an organization. Indeed he is likely to be regarded as a model employee. He has had no previous
law-breaking experience and, in fact, he will not see himself as a thief but as a “borrower”. He is apt to be
young, and to be fascinated with the challenges of beating the system. Contrary to expectations, he is not
necessarily a loner, he may operate well in conjunction with other employees to take advantage of the
systems weakness.
What Motivates a Computer Criminal?

- disgruntled employee, possibly a long time loyal employee out for revenge after being passed
over for a raise of promotion
- an employee suffering from personal or family problem.

Lecture Manual
17
- people are simply attracted to the challenge of the crime.
Types and methods of computer crime

- theft of computer time for development of software, either for personal use of with the intention
of selling it
- theft and destruction, or manipulation of programs or data
- alternation of data stored in a computer file.

Lecture Manual
18
Discovery and Prosecution

Prosecuting the computer criminal is difficult because discovery is often difficult. Many times the
crime simply goes undetected. In addition, crimes that are detected are – an estimated 85% of the time –
never reported to the authorities. By law, banks have to make a report when their computer system have
been compromised, but other business do not. Often, they choose not to report because they are worried
about their reputations and credibility in the community.
Even if a computer crime is detected, a prosecution is by no means assured. There are a number of
reasons for this. First, some law enforcement agencies do not fully understand the complexities of a
computer related fraud. Second, a few attorneys are qualified to handle computer crime cases. Third,
judges and juries are not always educated about computer and may not understand the value of data to a
company.
In short, the chances of committing computer crimes and having them go undetected are
unfortunately good. And the chances that, if detected, there will be no ramifications are also good. A
computer criminal may not go to jail, may not be found guilty if prosecuted and may not even be
prosecuted.
Security
- is a system of safeguards designed to protect a computer system and data from deliberate or
accidental damage or access by unauthorized persons. That means safeguarding the system
against such threats as burglary, vandalism, fire, natural disaster, theft of data from ransom,
industrial espionage and various forms of white collar crime.
Biometrics and High Tech Crimes
Biometrics
- the science of measuring body parts.
Examples:
Voice – using speech recognition capabilities, the computer recognizes your voice. This
method allows access from a phone; however, it is expensive and static can interfere.
Eyes - use laser beams that can scan the map of the blood vessels of one’s eye.
Fingerprints – this means of identification have worked for police for years. The technology is
unwidely however, unless the reading device is portable.
Lip print – after the user kisses the screen, the computer checks the kissers unique lip pattern
against those on file. This technology is still unproved and make up, cold sore chapped lips can
interfere with print recognition.

Lecture Manual
19
Identification and Access : Who Goes There?

Various means have been devised to give access to unauthorized people- without compromising the
system. These fall into four(4) categories: what you have, what you know, what you do, who you are.
What you have

You may have a key, badge, token, or a plastic card to give you physical access to the computer
room or locked up terminal. A card with a magnetized strip, for example, can give your access to your bank
account via a remote cash machine.
What you know

Standard what-you-know items are a system password or an identification number for your bank cask
machine. Cipher locks on doors require that you know the correct combination of numbers.
What to do
In our daily lives, we often sign documents as a way of providing who we are. Though a signature is
too difficulty to copy, forgery is not possible. For this and other reasons, signatures lend themselves to
human interaction better than machine interaction.
What you are

Now it gets interesting. Some security systems use biometrics, the science of measuring individual
body characteristics. Finger printing is old news, but voice recognition is relatively new. Even newer is the
concept of identification by the retina of the eye and the patterns of your lips, but all have drawbacks.
Disaster Recovery Plan

- is a method of restoring data processing operations.
- operations are halted by major damage or destruction.
Consortium
e.g.: Hot Site
- is a fully equipped computer center with hardware environment, controls, security, and
communication facilities.
Cold Site

Lecture Manual
20
- is an environmentally suitable empty shell in which a company can install its own computer
system.
The Disaster Recovery Plan should include:

Priorities
- a list of priorities identifies the programs that must be up and running first. A bank,
for example would give greater weight to account inquiries than to employee vacation planning.
Personnel Requirements
- the plan should compromise procedures for notifying employees of changes in location
and procedures.
Equipment Requirements
- a list of needed equipment and where it ban be obtained will speed recovery efforts.
Facilities
- most organization cannot afford consortium should include a list of alternative
computing facilities
Capture and Distribution
- this part of the plan outline show input and output data will be handled in different
environment.
Software Security
Software security has been an industry concern for years. Initially, there were many questions: who
owns a program? Is the owner the person who wrote the program or the company from which the author
wrote the program? What is to prevent a programmer from taking copies of programs from one job to
another? Or even simpler what is to prevent any user from copying personal computer software onto another
diskette?
Many of these perplexing questions have been answered. If a programmer is in the employ of the
organization, the program belongs to the organization, not the programmer. If the programmer is a
consultant, the ownership of the software produces should be spelled out specifically in the contract –
otherwise, the parties enter extremely murky legal water.
Data Security
There are five (5) critical planning areas for data security:

Lecture Manual
21
1. Determination of appropriate policies and standards. A typical statement of policy might read: “All
computer data and related information will be protected against alternation or destruction.
2. Development and implementation of security safeguards, such as passwords
3. Inclusion of security precautions at the development stage of new automated systems, rather than
after the system are in use.
4. Review of the state and federal laws related to security. This is particularly significant in banking.
5. Maintenance of historical records associated with computer abuse.
What steps can be taken to prevent theft or alternation of data? There are several data protection
techniques; these will not individually (or even collectively) guarantee security but at least they make a
good start.
Secured Waste
- discarded printouts, printer ribbons, and the like can be sources of information to unauthorized
persons. This kind of waste can be made secure by the use of shredders or locked trash barrels
Passwords
- are the secret word or number that must be typed on the keyboard to gain access to a
computer system. In some installation however, the password are changed so seldom that they become
known to many people. And some user even tape paper with the password written on it right on the
terminal. Good data protection system change password often and also compartmentalized information
by passwords, so that only authorized person can have access to certain data.
Internal Controls
- planned as a part of the computer system. One example is the transaction log. This is a file of all
access to certain data.
Auditor checks
- most companies have auditor to go over the financial books. In the course of their duties,
auditors frequently review computer programs and data. From a data security standpoint, auditors might
also check to see who has accesses data during periods when the data it is not usually used. They are
also on the look out for unusual numbers of corrected data entries, usually a trouble signs. What is more,
the availability of the off-the-shelf audit software – programs that assess the validity and accuracy of the

Lecture Manual
22
systems operations and output – promotes tighter security because it allows auditors to work
independently of the programming staff.
Cryptography
- data being sent over a communication line may be protecting by scrambling the messages –
that is putting them in code that can be broken only by the person receiving the message. The process of
scrambling the message is called encryption.
Applicant Screening
The weakest link in a computer system is the people in it. At the very least, employers should verify
facts that job applicants lists on their resumes to help weed out dishonest applicant before they are hired.
Separation of Employee Functions

Should a programmer also be the computer operator? That would put him/her in the position of being
not only write unauthorized programs, but also to run them. By limiting the employee duties so that
doubling up on job functions is not permitted, a computer organization can restrict the amount of
unauthorized access.
Built in Software Protection

Software can be built into operating system in ways that restrict access to the computer system. One
form of software protection system matches a number against a number assigned to the data being
accessed. If the person does not get access, he recorded that he or she tried to tap into some area to which
they were not authorized. Another form of software protection is the used profile – information is stored
about each user, including the file to which the user has legitimate access. The profile also includes each
person’s job functions, budget number, skills area of knowledge, access privilege, supervisor, and loss
causing to potential.

Lecture Manual
23
Lesson 3: Ethics in Information Society
Ethics
- Refers to the principles of right and wrong that individuals use to make choices to guide their
behavior.
- Is a concern of us humans who have freedom of choice? Ethics is a personal choice. When faced
with an alternative courses of action, how should one decide? What are main considerations in
making a rural decision?
Five Moral Dimensions of the Information Age
1. Information Rights and Obligations

- What information rights do individuals and organizations possess with respect to themselves?
What can they protect?
2. Property Rights and Obligations
- How will traditional intellectual property rights be protected in a digital society in which tracing
and accounting for ownership are difficult and ignoring such property rights is so easy?
3. Accountability and Control
- Who can and will be held accountable and liable for the harm done to individual and collective
information and property rights?
4. System Quality
- What standards of data and system quality should we demand to protect individual rights and the
safety of society?
5. Quality of Life
- What values should be preserved in an information- and knowledge-based society? Which
institutions should we protect from violation? Which cultural values and practices are supported
by the new information technology?
Intellectual Property
- is considered to be intangible property created by individuals or corporations

Lecture Manual
24
Copyright
- a statutory grant that protects creators of intellectual property from having their work copied by
others for any purpose during the life of the author plus an additional 70 years after the author’s
death
Patent
- grants the owner an exclusive monopoly on the ideas behind an invention for 20 years
Basic Concepts: Responsibility, Accountability and Liability
Ethical choices are made by responsible individuals. Responsibility is a characteristic of a mature

person and is the key element of ethical action. Responsibility means that action accepts the potential cost,
duties and obligations for the decisions one’s makes. Accountability is the characteristics or features of
system and social institutions – it means the safety checks are in place to determine who is to take
responsibility for an action. Systems and institutions in which is not possible to find out who took action are
not capable of ethical analysis or ethical actions. Liability is another feature. Liability extends concepts of
responsibility further to the area of laws. Liability is a characteristics or property of a political systems in
which other actors, systems or organizations in place, which permits individuals to recover the damage, do a
body of law to them.
The above concepts form the equation of ethical analysis of information systems and those who
manage them. Systems do not have impacts by themselves. Whatever information impacts is a product of
institutional organizational and individual actions and behavior. Responsibility for the consequences of
technology fall clearly on the institution, organizations and individual managers who use the technology.
Using the information technology in a socially responsible manner means that one can be held accountable
for the consequences of these actions. In an ethical political society, individuals and groups can recover
damage done to them through a set of laws.
Ethical Analysis
Whenever confronted with a situation that seem to present ethical issues, how should you analyze
and reason about the situation? Following is a 5-step process:
1. Identify and clearly describe the facts.
Find out who did, what to whom, and where, when and how? One will be surprised in many
instances at the errors in the initially reported facts and often one finds that simply getting the facts
straight help define the situation. It helps to get the parties involve in an ethical dilemma to agree
on the facts.

Lecture Manual
25
2. Define the conflict or dilemma and identify the higher order values involve.
Ethical, social and political issues always reference a higher value. The parties to a dispute all
claim to be pursuing higher values (e.g. freedom, privacy, protection of property, and the free
enterprise system). An ethical issues involves a dilemma who is diametrically opposed to a course of
action that support worthwhile values. The needs of companies to use marketing to become more
efficient and the need to protect individual privacy.
3. Identify the stakeholders.
Every issue has stakeholders; players of the game who have an interest in the outcome; who
have an interest in the situation; and usually who have vocal opinions. Find out the identity of every
group and what they want. This will be useful later when designing a solution.
4. Identify the options that you can reasonably take.
You may find that none of the options satisfy all the interest involve but that some options do
a better job than others. Sometimes arriving at a good or ethical solution may not always be
balancing of consequences to stakeholders.
5. Identify the potential consequence of your options.
Some options may ethically correct but disastrous from other’s point of view. Other options
may work in the instance, but not in other similar instances. Always ask yourself, what if I choose
this option consistently over time.
Once analysis is complete, review what ethical principles or rules to use to make a decision? What
higher order values should form your judgment?
Candidate Ethical Principles
Here are some ethical principles with the truth in many cultures that have survived throughout
recorded history:
1. Do unto others as you would have them do unto you (The Golden Rule).
Putting yourself into the place of others, and thinking of yourself as the object of the
decision, can help you think about “fairness” in decision making.
2. If an action is not right for everyone to take, then it’s not right for anyone. (Immanuel Kants
Categorical Imperative)
Ask yourself, “if everyone did this, could the organization or society survive?
3. If an action cannot be taken repeatedly, then it is not right to take at all (Descarte’s Rule of
Change)

Lecture Manual
26
This is the slippery slope rule: An action may bring about small change, now that is
acceptable, but if repeated would bring unacceptable changes in the long run. In the vernacular, it
might be stated as “once started down a slippery path you may not be able to stop”.
4. Take the action that achieves the higher or greater value (the Utilitarian Principle).
This rule assumes you can prioritize values in a rank order and understand the consequences
of various courses of action.
5. Take the action that produces the least harm, or the least potential cost ( Risk Aversion Principle).
Some actions have extremely high failure costs at very low probability or extremely high failure costs
of moderate probability.
6. Assume that virtually all tangible and intangible objects are owned by someone else unless there is a
specific declaration otherwise. (Ethical “no free lunch” rule). If something someone else has created
is useful to you, it has value, and you should assume the creator wants compensation for this work.

Lecture Manual
27
PART 2 : INFORMATION MANAGEMENT AND PROCESSES
Lesson 4: Computer Based Information System
Information Systems
- Is a system that collects, transform and transmits information in an organization. All

information system may use several kinds of information processing system to help it provide
information needed by the members of an organization.
- Software and hardware systems that support data-intensive applications.
- the system of persons, data records and activities that process the data and information in a
given organization, including manual processes or automated processes.
Examples of Information Systems

Business Information System
Management Information System
Marketing Information System
Kinds of Information System

Manual Information Processing System
Electronic Information Processing System
Computer Based Information System

- Is a system which uses the computer hardware, software, people and data resources of an
electronic information processing system to collect transmit information in an organization.
Components of Information Processing System

 Input
- Data and information from within the organization or from the societal environment are
entered into the system.
 Processing
- transform information into a variety of information products.
 Output
- Transmission is accomplished by operational information system (OIS)
Office communication are accomplished by automated office system (AOS).

Management reporting is accomplished by management information system (MIS).

Lecture Manual
28
Management decision support is accomplished by decision support system (DSS).

Automatic programmed decision making is accomplished by programmed decision system (PDS).
 Storage
- Data, information and models for analysis and decision making are stored in a particular
medium for retrieval and processing.
 Control
- The information resource management function monitors and adjust information system
performance for optimum efficiency and effectiveness.
Control
MANAGEMENT
Decision Support System

Management Information System
Automated Office System
Operational Information System
Programmed Decision System
People Production People

Money Marketing Money
Material Finance Material
Machine Personnel Machine
Land Other Processing Land
Facilities Facilities
Energy Energy
Information Information
Input Processing Output
The Business Firm as a System
Understanding the various types of computer based information system is necessary to effectively
use computers in managing a business. The figure illustrates the business firm as a business system which
consist of interrelated components which must be controlled and coordinated towards the attainment of
organizational goals (remember that managers see things in global manner) such as profitability and social
responsibility. In this simple model of business systems, economic resources (input) are transformed by
various organizational process (processing) into goods and services (output). Information system provide

Lecture Manual
29
information on the operations of the system (feedback) to management for the direction and maintenance
of the system (control).
Goals
and
Objective
s
INFORMATION Analysis and synthesis Decision
MIS / DSS
DATABASE
The business firm can also viewed as a subsystem of society and as a system composed of several
basic subsystem. A business firm is a subsystem of society and is surrounded and affected by the other
systems of the business environment. It exchanges inputs and outputs with its environment and therefore
can also be called adaptive system.
The concept of a business firm as both an open and adaptive system is very important, for it means
that a business firm can use its feedback and control components in two ways:
 It can monitor and regulate its operation to achieve its predetermined goals.
 It can monitor and change both its operation and its goals in order to survive in changing
environment.
A business firm must maintain proper interrelationships with other economic political and social
subsystems in its environment, including customer, suppliers, competitors, stockholders, labor unions,
financial institutions, governmental agencies and the community. Information systems must be developed to
help business firm shaped its relationship to each of these environmental systems.

Lecture Manual
30
Lesson 5: Information Requirements of Management
Management
- Is traditionally described as a process of leadership involving the functions of planning,
organizing, staffing, directing and controlling.
Manager’s Task
 Plans the activities of the organization

 Select its staff and personnel
 Organizes the business activities
 Direct the operations of the organization
 Controls its direction by evaluating feedback and making necessary adjustment
Management Functions
1. Planning
- Involves the development of long and/or short range plans that require the
formulation of goals, objectives, strategies, policies, procedures and standards. It also involves
the perception and analysis of opportunities, problems and alternative courses of action and the
design of programs to achieve selected activities.
2. Organizing
- Involves the development of structure which groups, assigns and coordinates activities
by delegating authority, offering responsibility and requiring accountability.
3. Staffing
- Involves the selecting, training and assignment of personnel to specific organizational activities.
4. Directing
- steering of the organization through communication and motivation or organizational
personnel.
5. Controlling
- involves observing and measuring organizational performance and environmental activities
and modifying the plans and activities of the organization when necessary.

Lecture Manual
31
Each management functions require the analysis and synthesis of information before specific decision
is made. This information must be accurate, timely, complete, concise and relevant. Of course, even the
best information cannot guarantee good decisions if managers do not have the ability to use it effectively.
This is why information must be presented in form, which is easy to use and understand.
What then are the types of information does management need? First of all it must be emphasized
that managers cannot possibly absorb all of the information that can be produced by information systems.
Therefore, system developers determine not only what information the management wants but also what
information the management needs. It is however, important to determine the factors which are important
in making each decisions like – what decisions must be mad, who should make them, and when, where and
how they should be made. After identifying these factors, only then can they identify the types of
information required to support each decision.
Desirable Qualities of Management Information
Managers are particularly interested with high quality information and not with the quantity of
information. High quality information must possess several major characteristics in order to effectively
support in the making of managerial decision. For example, the information must be:
 Timely
- Information must be provided when needed by the managers.
 Accurate
- Information must be free from errors
 Complete
- All information needed to make the decision must be provided
 Concise
- Only the information needed to make the decision must be provided. This avoids
flooding the managers with unnecessary information.
Finally the information requirements of management depend heavily on the management level
involves. The management system is subdivided into three major subsystems:
1. Strategic Management
2. Tactical Management
3. Operational Management
These subsystems are related to the traditional management levels. They are the following:

Lecture Manual
32
1. Top Management
2. Middle Management
3. Operating Management

Lecture Manual
33
Lesson 6: System Background definitions and classification
Background
A system is a set of interdependent components – (sub-entities) that creates a whole entity. The
components are dynamically linked (i.e. each one affects and is affected by other components). The
concept of a system is a broad one encompasses every facet of our lives – the solar system, educational
systems, transportation systems, information systems, organizations, society, the family and the body
systems. The linkages between entities make it a system. The way it is looked at, that is, the purpose/s one
describe to it, sets a boundary around the linked components that differentiates the system from its
environment.
Every organization is composed of subsystems, one of which is the information system. The
subsystem interacts and contributes to the common purposes of the organizations. The effectiveness of
these subsystems considered separately. This is describing by Aristotle’s statement – “the whole is greater
than the sum of its parts”.
One of the attributes of modern organization is their increasing complexity and specialization of
their subsystems. Each organization unit has its own objectives and can thus lose sight of how their activities
and goals interrelate with those of the organizations as a whole.
In a university for example, the Vice President for Academic Affairs wants to have a large inventory
or courses in order to satisfy large inventory of courses in order to satisfy student’s preferences. The Vice
President for Administration, on the other hand, wants to schedule courses with large enrollments in order
to minimize investments in classrooms and academic personnel. It is a conflict of different system. In this
situation, the systems approach is to consider the manner in which administration of university should view
the interrelationships of various subsystems of the university system.
Common Types of Systems
There is much different type of systems that we come into contact with during our day-to-day life.
It’s either a system or a component of a system (sub-system) or both. The following are the two general
classifications of systems:
 Natural System
- these system are not made by people; they exist in nature, and is further divided into
two basic sub categories:
1. Physical systems
- Prof. Yourdon gave these example under physical system

Lecture Manual
34
 Skellar System – galaxies, solar system and so on

 Geological System – rivers, mountain ranges and so on
 Molecular System – complex organization of atoms
2. Living System
- encompasses all of the natural animals and plants around us as well as our human race.
According to James Miller, “this category also includes hierarchies of individual living
organisms, for example, herbs, flocks, and tribes, social groups, companies and motion.
 Man-made System
- These are system that are constructed, organized and maintained by humans. These include
things such as social systems, transportation systems, and postal system.
Man-made system (and Automated System) interacts with living systems; for example
computerized pacemakers interact with the human heart. There are cases in which
automated systems are being designed to replace living systems; and in some cases
researchers are considering living system as components of automated systems. Living system
and man made system are often part and parcel of a larger meta-system. The more you
understand about them, the better MIS people you become.
Under this man made systems, only the automated systems will be given a focus, since
when someone speaks of information system nowadays it means the use of the technologies
available in the market. However, many companies have not gone far because they are still
using manual systems. It is believed that they are just waiting for tomorrow’s creative users
and MIS professionals to identify their potential need for computerization. Moreover, these
manual systems are symbol of opportunities to improve the company’s productivity through
the application of MIS technologies.
Categories of Automated Systems
Decision Support System

- Computer based designed to provide information to support specific decision-making
situations.
AI (expert systems)
- A set of computer programs that emulates the decision making capability of expert
based on facts provided to the system.
Online System
- Transactions are stored in a temporary storage and evaluated later

Lecture Manual
35
Example:
Ms. Long Collantes proposed the computerization of the student Information System of the Lagro
School of Business in Quezon City. The school administration agreed to her recommendation for Local Area
Network (LAN). Terminals are placed in the different departments. The server (main computer) is located at
the school registrar. When a student enrolls in a certain department an operator enters a data contained on
the enrolment sheet directly to the terminal and then stored to the department’s master file. And then, the
enrolment report are produced through the printer, which is an output device.
 Real time system
- The result of transaction should be communicated and recorded at the time the
transaction was made.
Example:
United Colors airline has created offices around Metro Manila and even in the nearby
provinces. Passenger or agencies buy their tickets from these officers. Reservations can also be made at
these off-site offices. Transactions are entered into a computer and will be transmitted right away to the
main office which houses the main computer.

Lecture Manual
36
Lesson 7: Information Systems: Challenges and Opportunities
Emergence of the Global Economy
Globalization of the world’s industrial economies greatly enhances the value of information to the
firm and offers new opportunities to business. Today, information systems provide the communication and
analytic power that firms need for conducting trade and managing business on the global scale. Controlling
the far-plug global corporation – communicating with distributors and suppliers, operating 24 hours a day in
different national environments, servicing local and international reporting needs – is a major business
challenge that requires powerful information system responses.
Globalization and information technology also brings new threat to domestic business firms: because
of global communication and management systems, customers now can shop in a worldwide market place,
obtaining price and quality information reliability, 24 hours a day. This phenomenon heightens competition
and forces firm to play in open, unprotected worldwide markets, firms need powerful information and
communication systems.
The New Role of Information Systems in Organization
Information system cannot be ignored by managers because they play such a critical role in
contemporary organization, Digital Technology is transforming business organizations. The entire cash flow
of most Fortune 500 companies is linked to information systems. Today’s systems directly affect how
managers decide, how senior managers plans, and in many cases what products and services are produced
(and how).
The Widening Scope of Information Systems
There are growing interdependence between business, strategy, rules and procedures on one hand,
and information systems software, hardware, databases, and telecommunication on the other. A change in
any of these components often requires changes in other components. This relationship becomes critical
when management plans for the future. What a business would like to do in five years is often dependent on
what its system will be able to do? Increasing market share, becoming the high quality or low cost producer,
developing new products, and increasing employee productivity depend more and more on the kinds of
quality information systems in the organization.
A second change in the relationship of information systems and organizations result from the growing
complexity and scope of systems projects and applications. Building systems today involves a much larger

Lecture Manual
37
part of the organization than it did in the past. Whereas early systems bring about managerial changes (who
has what information about whom, when, and how, often) and institutional “core” changes (what product
and services are produced under what condition).
In the 1950’s, employees in the treasurer’s office, a few part-time programmers, a single program, a
single machine, and a few clerks might have used a computerized payroll system. The change from a manual
to a computerized system was largely technical – the computer system simply automated a clerical
procedure such as check processing. In contrast, today’s integrated human resource system (which include
payroll processing) may involve all corporate division, the human resources department, dozen of full time
programmers, a flock of external consultants, multiple machines (or remote computers linked by
communication networks, and perhaps hundreds of end users in the organization who use payroll data to
make calculations about benefits and pensions and to answer a host of other questions. The data, instead of
being located in and controlled by the treasurer’s office, a re now available to hundreds of employees via
desktop computers each of which is as powerful as the large computers of the mid 1980’s. The
contemporary system embodies both managerial and institutional changes.
The Network Revolution and Internet
One reason why system plays a larger role in organizations; and why they affect more people, is the
soaring power and declining cost of the computer technology that is at the more of information systems.
Computing power has been doubling every 18 months, so the performance of the microprocessors has
improved 25,000 times since their invention 26 years ago.
The world’s largest and the most widely used network is the internet. The internet is an
international network of networks that are both commercially and publicly owned. The internet connects
hundreds of thousands of different networks from around the world. Millions of people working in science,
education, government, and business transactions with other organizations use the internet around the
globe.
The internet is extremely elastic. If networks are added or removal of failure occurs in parts of the
system, the rest of the internet continues to operate. Through special communication and technology
standards, any computer can communicate with virtually private individuals linked using ordinary telephone
lines. Companies and private individuals can use the internet to exchange business transactions, text
messages, graphic images, and even video and sound, whether they are located next door or on the other
side of the globe. The internet is creating a new “universal” technology platform upon which to build all
sorts of new product, services, strategies, and organizations. It’s potential for reshaping the way
information systems are used in business and daily life is vast and rich, and it is just beginning to be
trapped. By eliminating many technical, geographic and cost barriers obstructing the global flow of

Lecture Manual
38
information, the internet is accelerating the information revolution, inspiring new uses of information
systems and new business models.
What can you do with the Internet?
Function Description
Communicate and collaborate Send electronic mail messages, transmit documents and data,
participate in electronic conferences
Access information Search for documents databases, and library card catalogues,
read electronic brochures, manuals, books and advertisements.
Participate in discussions Join interactive discussions groups; conduct primitive voice

transmission
Obtain information Transfer computer files and text, computer program, graphics,
animation and videos.
Find entertainment Play interactive video games; view short video clips; read
illustrated and even animate magazines and books.
Exchange business transaction Advertise, sell, and purchase goods and services.
Of special interest to organization and managers in the internet capability know as the World Wide
Web, because it offers so many few possibilities for doing business. The World Wide Web is a system with
universally accepted standards for storing, retrieving, formatting, and displaying information in a networked
environment. Information is stored and displayed as electronic pages that can contain text, graphics,
animations, sounds, and video. These Web pages can be linked electronically to other web pages, regardless
of where they are collected, and viewed by any type of computer. By clicking on highlighted words or
buttons or web page, one can link to relate pages to find additional information, software programs, or still
more links to other points on the web. The web can serve as the foundation for new kinds of information.
The web pages created by an organization or individual are called Web site. Business are creating
web site with stylish typography, colorful graphics, push-button interactivity, and often sound and video to
widely disseminate product information, to broadcast advertising and messages to customers, to collect
electronic orders and customer data, and increasingly to coordinate far plug sales forces and organizations
on a global scale.
New Options for Organizational Design

Information systems can become powerful instruments for making organization more competitive and
efficient. Information Technology can be used to redesign and reshape organizations, transforming their
structure, scope of operations, reporting and control mechanisms, work practices, work flows, products and

Lecture Manual
39
services. We now describe some major organizational design options that information technology has made
available.
 Flattening Organizations
Today, the large, bureaucratic organizations that developed before the expensive growth of
information technology are often inefficient slow to change and uncompetitive. Some of these organizations
have downsized, reducing the number of employees and the number of levels in their organizational
hierarchies.
Flatter organizations have fewer levels of management, with lower-level employees being given
greater decision making authority. These employees are empowered to make more decision than in the
past, they no longer work standard 9 to 5 hours, and they no longer necessarily work in an office. Moreover,
such employees may be scattered geographically, sometimes working half a world away from managers.
Modern information systems have made such changes possible. They can make more information
available to line workers so they can make decisions that previous had been made by managers. Networks of
computers have made it possible for employees to work together as a team, another feature of flatter
organizations. With emergence of global networks such as the internet, team members can collaborate
closely even from distant locations.
 Separating Work from Location

It is now possible to organize globally while locally; information technology such as e-mail, the
internet, and video conferencing to the desktop permit tight coordination of geographically dispersed
workers across time zones and cultures. Entire part or organizations can disappear. Inventory (and
warehouse to store it) can be eliminated as suppliers tie into firm’s computer systems and deliver just in
needed and just in time.
Modern communications technology has eliminated distance as a factor for many types of work in
many situations. Sales person can spend more time in the fields – with customers – and yet have more up-to-
date information with them while carrying much less paper. Many employees can work remotely from their
homes or cars, and companies can reserve at a much smaller central office for meeting clients or other
employees.
Companies are not limited to physical locations or their own organizational boundaries for providing
products and services. Networked information systems are allowing companies to coordinate their
geographical capabilities and even coordinate with other organizations as virtual corporation (or virtual
organizations) sometimes called networked organizations). Virtual organizations use networks to link
people, assets and ideas, allying with suppliers and customers (and sometimes even competitors) to create
and distribute new products and services without being eliminated by traditional organizational boundaries

Lecture Manual
40
or physical location. One company can take advantage of the capabilities of another company, without
actually physically linking to that company.
 Increasing Flexibility of Organization

Modern communications technology has enabled many organizations in more flexible ways, increasing
the ability of those to respond to changes in the marketplace and to take advantage of new opportunities.
Information systems can give both large and small organizations additional flexibility to overcome some of
the limitations posed by their size.
How Information Technology Increases Organizational Flexibility?
1. Small Companies
Desktop machines, inexpensive computer-aided design (CAD) software, and computer-controlled
machine tools provide the precision, speed and quality of giant manufacturers.
Information immediately accessed by the telephone and communication links eliminates the need
for research staff and business libraries.
Managers can more easily obtain the information they need to manage larger numbers of
employees in widely scattered locations.
2. Large Companies
Custom manufacturing systems allow large factories to offer customized products in small
quantities.
Massive database of customers purchasing records can be analyzed so that large companies
can know their customers need and preferences as easily as local merchants.
Information can be easily distributed down the ranks of the organizations to empower lower-
level employees and work group to solve problems.
 Redefining Organizational Boundaries and Electronic Commerce

Networked information system can enable transactions such as payments and purchase orders to
be exchanged electronically among different companies, thereby reducing the cost of obtaining products
and services form outside the firm. Organizations can also share business data, catalogues, or mail message
through such systems. These networked information system can create new efficiency and new relationship
between an organization, its customers and suppliers thus redefining their organizational boundaries and the
way they conduct business.

Lecture Manual
41
System linking in a company to its customers, distributors, or suppliers are termed inter-
organizational systems because they automate the flow of information across organizational boundaries.
Such systems follow information or processing capabilities of the organization to improve the performance
of another to improve relationship among organization.
Inter-organizational Systems that provide services to multiple organizations by linking many
buyers and sellers create an Electronic Market. Through computer and telecommunications, these systems
function like electronic middlemen with lowered cost for typical market place transactions such as selecting
supplies, establishing prices, ordering goods, paying bills. Buyers and sellers can compete purchase and sale
transactions digitally regardless of their locations.
The internet is creating a global electronic market place where vast array of goods and services
are being advertised bought, and exchange world wide. Companies are furiously creating eye-catching
electronic brochures, advertisements, product manuals and order from the World Wide Web. All kinds of
products and services are available on the web, including fresh flowers, books, real estate, musical
recording, electronic streaks and automobiles.
 Reorganizing Work Flows

Since the first uses of information technology in business, information systems have been
progressively replacing manuals work procedures with automated work procedures, work flows and
processes. Electronic work flows have reduced the cost of operations in many companies by displacing paper
and manual routines that the companies that accompany it. Improve work flow management customer
services has enable many corporations not only to cost cut significantly but also to improve customer
services at the same time. Redesigned work flows can have a profound impact on organizational efficiency
and can lead to new organizational structure, products and services.
 The Changing Management Process

Information Technology is recasting the process of management. Providing powerful new capabilities
to help managers strategize and plan, organize, lead and control. For instance, it is now possible for
managers to obtain information on organizational performance down to the level of specific transactions
from just about anywhere in the organization anytime. This new intensity of information makes possible far
more precise planning, forecasting and monitoring. Information technology has also opened new possibilities
for leading. By distributing information through electronic networks, the new managers can effectively
communicate frequently with thousands of employees and even manage far-plug forces and teams – task
which would be impossible in face-to-face traditional organizations.
 New People Requirement

Lecture Manual
42
Managers must deal with people issues because the changes brought about by information technology
definitely require a new kind of employee. Employees need to be highly trained in the past as work shifts
from production goods to production services and more tasks become automated. High on this skill set the
ability to work in an electronic environment; the ability to digest new information and knowledge, and act
upon that information; and the ability and willingness to learn new software and business procedures. The
new global worker, whether in factories or offices, is a multitalented college graduate who is exceptionally
productive because of an ever-changing set of skills and competencies.

Lecture Manual
43
Lesson 8: Challenge of Information Systems: Key Management Issues
One message of this lesson is that despite, or perhaps because of the rapid development of computer
technology, there is nothing easy or mechanical about building workable information system. Building,
operating and maintaining information systems are challenging activities for a number of reasons. Managers
should heed five key challenges:
1. The Strategic Business Challenge: How can business use information technologies to design
organization that are competitive and effective?
Technical change moves much faster than human and organization are changing. The power
of computer hardware and software has grown much rapidly than the ability of organizations to apply
and use its technology. To stay competitive, many organizations actually need to be redesigned. They
will need to use information technology to simplify communication and coordination, eliminate
unnecessary work; and eliminate the inefficiencies of outmoded organizational structures. If
organizations merely automate what they are doing today, they are largely missing the potential of
information technology. Organizations need to rethink and redesign the way they design, produce,
deliver and maintain goods and services.
2. The Globalization Challenge: How can firms understand the business and systems requirement of
global economic environment?
The rapid growth in international trade and emergence of a global economy call for
information systems that support both producing and selling goods in many different countries. In the
past, each regional office of a multinational corporation focused on solving its own unique information
problems. Given language, culture and political differences among countries, this focus frequently
resulted in chaos and failure of central management controls. To develop integrated multinational
information systems, businesses must develop global hardware, software and communication standards
and create cross-cultural accounting and reporting structures.
3. The Information Architecture Challenge: How can organizations develop information architecture
that supports their global business goals?
Creating a new system now means much more than installing a new machine in the basement.
Today, this process typically places thousands of terminal or PC’s on the desk of employees who have
little experience with then, connecting the device to powerful communication networks, rearranging
social relations in the office and work locations, changing reporting patterns and redefining business
goals. Briefly, new systems today often require redesigning the organization and developing new

Lecture Manual
44
information architecture. Information architecture is a particular form that takes in an organization to

achieve selected goals or functions. Information architecture includes the extent to which data and
processing power are centralized or distributed. Although technical personnel typically operate the
computer systems base, general management must decide not to allocate the resources it has assigned
to hardware, software and telecommunications. Resting upon the computer system application. Because
managers and employees directly interact with these systems, it is critical for the success of the
organization that these systems meet business functional requirements now and in the future.
4. The Information Systems Investment Challenge: How can organization determine the business value
of information systems?
A major problem raised by the development of powerful, inexpensive computers involves not
technology but rather management and organizations. It’s one thing to use information technology to
design, produce, deliver, and maintain new products. It’s another thing to make money doing it. How
can organizations obtain a sizeable pay off from their investment in information system?
Engineering massive organizational and system changes in the hope of positioning a firm
strategically is complicated and expensive. Is this an investment pay off? How can you tell? Senior
management can be expected to ask these questions: are we receiving the kind or return in investment
from the system that we should be? Do our competitors get more? Although understanding the cost and
benefit of building a single system is difficult enough, it is daunting to consider whether the entire
system effort is “worth it”. Imagine then, how a senior executive must think when presented with a
major transformation in information architecture – a bold venture in organizational change costing
millions of dollars and taking many years.
5. The Responsibility and Control Challenge: How can organization design systems that people can
control and understand?
How can organizations ensure that their information are sued in a ethically and socially
responsible manner? Information systems are so essential to business, government and daily life that
organizations must take special steps to ensure that they are accurate, reliable, and secure. Automated
or semi-automated systems that malfunction or are poorly operated can have extremely harmful
consequences. A firm invites disaster if it uses systems that do not work as intended, that do not deliver
information in a form that people can interpret correctly and use, or that have control rooms where
controls do not work or where instruments give false signals. The potential for massive fraud, error,
abuse, and destruction is enormous. Information system must be designed so that they function as
intended and so that humans can control the process. When building and using information systems,
organizations should consider health, safely, job, security, and social well being as carefully as they do

Lecture Manual
45
their business goals. Managers will need to ask: Can we supply high quality assurance standards to our
information systems that respect people’s right of privacy while still pursuing our organization’s goal?
Should information systems monitor employees? What do we do when an information system designed to
increase efficiency and productivity eliminates people’s job?

Lecture Manual
46
Lesson 9: Information Technology Architecture
Information Technology structure is a conceptual design or blue print that includes the four (4) major
components:
Technology Platform
- The amount of computer system, application software, and telecommunication
networks that provides a computing and communications structure or platform that supports the
use of information technology business.
Data Resources
- these includes many types of operational and specialized databases, including data
warehouse, analytical databases and external data banks which store and provide data and
information for business processes and managerial decision support.
Application Portfolio
- Business application of information technology are taken as a devised portfolio of
information systems that support key business function as well as cross-functional business
processes. An application portfolio includes support for inter-organizational business linkages,
managerial decision making and user computing and collaboration and strategic initiatives for
competitive advantage.
Information Technology Organization

- The organizational structure of the information system function and the distribution of
the information system specialist among corporate headquarters and business units can be
designed or redesigned to meet the changing strategies of a company. The resulting information
technology organizational design depends on the managerial philosophy, business / IT strategies
formulated during the strategic planning process.
Information Architecture is the particular shape or form that information technology takes in an
organization to achieve selected goals or function. Information architecture covers the extent to which data
and processing power are centralized or distributed. These components: technology platform, data
resources, application portfolio and IT organization – are the elements that managers will have to deal with
or develop. Although the technical personnel typically operate the technical platform, it is the general
management that must decide how to allocate the resources to hardware, software and

Lecture Manual
47
telecommunications. Resting upon this technology platform is the application portfolio. It is critical for the
success of the organization that these systems meet business functional requirement now and in the future.
Some MIS scholar prefer to use the term “IT infrastructure” rather than architecture, thereby set on
the computer and communications technologies as the technical foundation of the organization’s
information systems. Technical knowledge and skills convert these components into information technology
services, which then provide the foundation for organizations information technology systems.
Hereby are typical questions regarding information technology architecture facing today’s managers:
Should the corporate sales data and function be distributed to each corporate remote site or
should they be centralized at headquarters?
Should the organization purchase stand-alone PC’s or build a more powerful centralized
mainframe with an integrated telecommunications utility to link remote sites or relies or
external providers such as the telephone company?
Each under the best circumstances, combining knowledge of systems and the organizations is itself a
difficult task, for many organization, this is even made more difficult by fragmented and incompatible
computer hardware, software, telecommunication networks and information systems. Integrating all these
technology, applications, data and IT organization into a coherent IT architecture is great challenge for most
organizations who want to achieve competitive advantage.

Lecture Manual
48
Lesson 10: Information System Planning
Information systems planning for an organization is an endeavor that tries to organize the
identification and development of information systems for organizations. It manages and “systematizes”
how the required information systems are identified and conceptualized. It develops a plan for the coherent
technical development and implementation of these systems to enable the organization to use appropriate
modern and cost effective technology to deliver those information systems to the organizations.
In the Philippines, the National Computer Center mandated the development of the Information
Systems Plans for Agencies planning to develop information systems and acquire information technology.
This was in order for the agencies to have a firm organizational and technological basis for the development
of their information systems. The plan therefore ensures that the acquisition of technology is both
technologically sound and cost-effective.
Components of Information Systems Plan
1. Organizational Analysis
- This part takes off from the organizations corporate or business plan. It describes the nature
of business of the organization and contains its vision, mission and goals. In some cases, the key
result areas of the organizations are identified.
2. Information Systems Framework
- This part identifies, enumerates and describe the totality of information systems needed by
the organizations as a whole to be able to achieve its mission. The information system are also
arranged or grouped according to management levels or functional area.
Each of the information systems identified according to their concept of operations, identifying
their inputs, processes and outputs. The source and user organizational units are also identified.
3. Information Technology Strategy
- This part identifies the technologies that will deliver the concept of operation of the
information systems identified. This component of the plan lays how the information systems are
going to be developed; what are the standard operating system to be used and the hardware
platform to be utilized; how both the hardware and software components of the information system
are to be developed.
Included in this strategy are also the recruitment, training and staffing of IT manpower when
necessary.

Lecture Manual
49
4. Investment Plan
- This part outlines all the resources requirement of plan implementation and the
corresponding peso value of these resources such as hardware, software and network material and
equipment. It also includes development cost and salaries of the IT personnel required. In this
manner, the agencies have a total picture of the total investment cost in Information Technology.
One should be able to compare investment in other resources that will contribute to the
internal efficiency and effectiveness of the organization.
Thus, when an organization makes an Information systems plan, the following activities are
undertaken:
Organizational Analysis or Agency Situation
Information Requirements Determination or Information Systems
Technology Architecture Design or IT Strategy
Investment Planning or Development and Investment Program

Lecture Manual
50
Lesson 11: Case Analysis Methodology
Components of a Case Analysis

1. Statement of a Problem
- Should focus on the identification of the issue or concern that needs to be addressed.
This could have enough background to establish the condition or situation that needs to be
addressed. Short term and long term problems should be identified whenever necessary. The
statement of the problem could be stated as a question that will be answered by the alternative
course of action (number 3).
2. Analysis
- should enumerate problems concerning the project. In detail, it will enumerate problems
about the fact that are pertinent to the problematic situation, and the factors that will affect the
course of action to make in order to address the problem. This section should also contain any
assumption being made regarding the case.
3. State the alternative course/s of action

- Should enumerate as many alternatives available. As an alternative, the status quo
will always address the question being asked in the statement of the problem. In addition to the
status quo, there should at least be 2 or more alternatives. Grading will be based on the quality of
the alternatives rather than quantity.
4. Recommended situation or rationale

- Should contain the argument/reason for choosing the recommended alternative. Short
term and long term solution should be determined whenever applicable.
5. Implementation
- Will contain how the solution will be implemented. This is a step-by-step plan of
action on how to implement the solution, including conditions or constraints for the implementation.

Lecture Manual
51
Lesson 12: Information System Controls
Information system controls are method and devices that try to ensure accuracy, validity and
property of information system activities. Controls must be developed to ensure correct data entry,
processing techniques, storage methods and information systems.
The controls needed for information system security. Specific types of controls can be grouped into
three (3) major categories:
Information System Control
Procedural Control
Physical Facility Control
Information System Control
They are designed to monitor and maintain the quality and security of the input, processing, output
and storage activities of an information system.
Example:
Processing
Controls
Input Controls Software Controls

Output Controls Hardware Controls
Security Codes Checkpoints Control Totals
Data Entry Screens Security Codes
Error Signals Control Listing
Control Totals End User Feedback
Storage
Storage
Controls
Controls
Security Codes
Back up Files
Library Procedures
Database Administration

Lecture Manual
52
Processing Controls
Once data is entered correctly to the computer system, it must be processed properly. Processing
controls identify errors in arithmetic calculations and logical operations. They are also used to ensure that
data are not lost or go unprocessed. Processing controls can include hardware control and software controls.
1. Hardware Controls
These are special check built into the hardware to verify the accuracy of computer
processing. Examples of hardware checks are:
Malfunction detection circuitry within the computer or telecommunications processor that
monitor their operations. For example, parity checks are made to check for the lost correct
number of bits in every byte of data processed or transmitted on a network. Another example
is echo checks, which require that it transmitted on a network. Other examples are redundant
circuitry checks, arithmetic sign checks and CPU timing and voltage checks.
Redundant Components. Multiple read-write heads on magnetic tape and disk devices check
and promote the accuracy of reading and recording.
Special-Purpose Microprocessor and associates circuitry. May be used to support remote
diagnostics and maintenance. These allow offsite technicians to diagnose and correct some
problems via telecommunication link to a computer.
2. Software Controls
Software controls are designed to ensure that the right data is being processed. For example,
the operating systems checks the internal file labels contain information identifying file as well as
provide control totals for the data in the file. These internal file labels allow the computer to ensure
that the proper storage file is being used and that the proper data in the file have been processed.
Another type of software control is the establishment of check points during the processing of
a program. Checkpoints are intermediate points within a program being processed where immediate
totals, listings or “dumps” of data are written on magnetic tape or disk or listed on a printer.
Checkpoints minimize the effect of processing errors since processing can be restarted from the last
checkpoint rather than from the beginning of the program. They also provide an audit trail, which `.
Many input, processing, output and storage controls may be provided by a specialized system
software packages called system security monitors. System security monitors are programs that
monitor the use of computer system and protect its resources from unauthorized access to the
system. Identification codes and passwords are frequently used for this purpose. Security monitors
controls the use of hardware, software and data resources of a computer. For example, authorized

Lecture Manual
53
used may be restricted to the use of certain devices, programs, and data field. Such program
monitors the use of the computer to assist in maintaining the security systems.
Output Controls
Output controls are developed to ensure that information products are accurate and complete and
are promptly transmitted to authorized users. Some types of output controls are similar to input control
methods. For example, output documents are reports logged, identified with route slips and visually verified
by input/output control personnel. Control totals on output are compared with control totals generated
during the input an
D processing stages. Control listings can be produced that provide a check of all output produced.
Pre-numbered forms can be used to control the loss of important output document such as stock
certificates or payroll check form. Distribution list ensure that only authorized users receive output. Access
to the output of real time processing system is controlled, by security codes that identify users who can
receive output and type of output they are authorized to receive. End users who receive output should be
contracted for feedback on the quality of the output. This is an important function of system maintenance
and quality assurance function.
Storage Controls
How do we protect data resources? First, responsibilities for files of computer programs and
organizational database control may be assigned to a librarian or data base administrator. They are
responsible for maintaining and controlling access to the libraries and databases and file may be protected
from unauthorized and accidental use of security programs that require proper identification before they
can be used. Normally, the operating system or the security monitor protects the databases of real time
processing system from unauthorized use of processing accidents. Password and other security codes are
frequently used to allow access to authorized users only. A catalog of authorized users is provided to the
computer system to identify eligible users and determine which type of information they are authorized to
receive.
Typically, a three-level password system is used: First, an end user logs on to the computer system
by keying in his/her unique identification code or user ID. The end user is then asked to enter a password in
order to gain access into the system. Finally, to access an individual file, a unique file name must be
entered. In some systems, the password to read the contents of a file is different from that required to
write a file (change in contents). This feature adds another level of protection to stored data resources.

Lecture Manual
54
However, for even stricter security, passwords can be scrambled or encrypted to avoid their theft or
improper use.
Many firms may also use back up files, which are duplicate files or data or programs. Such file may
be stored off premises, which are in a location away from the computer center, sometimes in special
storage vaults in remote locations. Many real time processing systems use duplicate files that are updated
by telecommunication links. Files are also protected by fire retention measure, which involves storing
copies of the master file and transaction files from previous periods. If current files are destroyed; the files
from previous periods are used to control purposes. Thus master files from several recent periods of
processing (known and child, parent, grandparent files, etc.) may be kept for back up purposes.)
Physical Facility Controls
Physical facility controls are methods that protect physical facilities and their contents from loss and
destruction. Computer centers as hazards as accidents, natural disaster, sabotage, vandalism, unauthorized
use, industrial espionage, destruction and theft of resources. Therefore, physical safeguards and various
control procedures are necessary to protect the hardware, software and vital data resources of computer
using organizations.
Encryption
Password messages, files and other data can be transmitted in scrambled form and
unscrambled by computer system for authorized user only. This process is called encryption.
Typically, it evolves using a special mathematical algorithm, or key to transform digital data into a
scrambled code before it is transmitted and to decode the data when it is retrieved. Special
microprocessor and software packages can be used for encryption process. There are several
encryption standards, including DES (Data Encryption Standard) and Skipjack algorithm of the US
government proposed Clipper encryption microprocessor ship.
Firewall
Another important method for control and security of telecommunications network are
firewall computers. A network form intrusion by serving as a safe transfer joint form access to and
from other networks. It screens all network traffic and only allows authorized transmission in and out
of the network. Firewalls have become an essential component of organization connecting to the
internet, because of its vulnerability and lack of security.
Firewalls can detect but not completely prevent, unauthorized access only form
trusted locations on the internet to a particular computer inside the firewall. Or it may allow only
“safe” information to pass. For example, a firewall may permit user to read e-mail from remote
locations but not run certain programs. In other cases, it is impossible to distinguish safe use of a

Lecture Manual
55
particular network service from unsafe use and so all requests must be blocked. The firewall may
then provide substitutes for come network services (such as e-mail or file transfer) that perform
most of same function but are not vulnerable to penetration.
Procedural Controls
Administrative controls: formalized standards, rules, procedures and disciplines to ensure that the
organization controls are properly executed and enforced.
Segregation of Functions: principle of internal control to divide responsibilities to minimize the risk
of errors and manipulation of organizations assets.
Input Controls: procedures to check data for accuracy and completeness when they enter the
system, data conversion, including output authorization.
Quality assurance (QA) in systems development has evolved from inspection method and procedures
into system of control. QA is characterized by the requirement of conformance to formal procedures.
Contents of an IS Documentation: User and Technical
User Documentation Technical Documentation

Data presentation instructions System flowchart
Data entry instructions File lay-outs
Sample input forms/screens Record lay-outs
Sample reports/output lay-out List of Programs/Modules
Data input instructions Program structure charts
Security profiles Narrative program/module description
Functional description of system Source program listing
Work Flows Module cross reference
Responsible User contact Error condition/actions
Error detection procedures Abnormal termination log
List/description of controls Hardware/operating system requirements
Accountabilities Job set-up requirements
Processing procedure narrative Job run schedules
Report distribution
Job control language listings
Back-up/recovery procedure
File access procedures
ISO

Lecture Manual
56
(International Organization for Standardization)
ISO
 The organization responsible for many standards which benefits the world.
Definition
 ISO (International Organization for Standardization) is the world's largest developer and publisher of
International Standards.
Standards
 ISO created standards on the fields of agriculture, construction, mechanical engineering, medical
devices up to information technology.
What are standards for?

 Good value or service in relation to time, cost and effort.
Importance
What are standards for?
Quality, environmental friendliness, safety, reliability, efficiency, and interchangeable at
economical cost
Stages of Creating Standards

 Proposal Stage
 Preparatory Stage
 Committee Stage
 Enquiry Stage
 Approval Stage
 Publication Stage
 Review Stage
 Withdrawal Stage
Benefits
 Provide Technological, economic, social benefits
 Business – worldwide competence
 Innovators – predefined terms, compatibility, and safety guides to speed up to market

Lecture Manual
57
 Customers – broad choice of offers

 Government- citizen’s safety, environmental safety
 Consumers- quality, safety, reliability
 Planet - environment
 Everyone - quality
Benefits
Trade officials
For trade officials, International Standards create "a level playing field" for all competitors on those
markets. The existence of divergent national or regional standards can create technical barriers to trade.
International Standards are the technical means by which political trade agreements can be put into
practice.
HISTORY OF ISO
The organization which today is known as ISO began in 1926 as the International Federation of the
National Standardizing Associations (ISA). This organization focused heavily on mechanical engineering. It
was disbanded in 1942 during the Second World War but was re-organized under the current name, ISO, in
1946.
ISO Standardization Process

Each member body who has an interest in the work of a committee is entitled to be a
member of that committee.
Six Stages
1. Proposal stage
2. Preparatory stage
3. Committee stage
4. Enquiry stage
5. Approval stage
6. Publication stage
Each standard goes through a six stage process before being published as an ISO standard. The first stage is
the proposal stage in which a need for a standard is determined and members are identified who are willing
to work on it. The standards then enters the preparatory stage where a working draft of the standard is
developed. When the working draft is completed, it enters the committee stage and is sent out for

Lecture Manual
58
comments until a consensus is reached. The output of this stage is the Draft International Standard (DIS).
The DIS then enters the enquiry stage where it is circulated among all member bodies and then voted upon.
If a DIS does not receive 75% of the vote, it returns to lower stages and work on it continues. If it passes the
enquiry stage, it becomes a Final Draft International Standard and enters the approval stage. During this
stage it will again circulate through all member bodies for a final vote and again it must pass this stage with
75% of the vote. If the standard passes this stage, it enters the publication stage and is sent to the ISO
Central Secretariat for publication.
ISO Structure
How ISO Develops Standards

 The item must receive the majority support of the participating members of the ISO technical
committee.
 Policy development committees
 Developing countries (DEVCO)
 Consumers (COPOLCO)
 Conformity assessment (CASCO)
Who Develops ISO
 Technical committees, (subcommittees or project committees).
 The chair is formally appointed by the Technical Management Board.
Public Access
Most ISO members have some form of public review procedures for making proposed workitems and
draft standards known and available to interested parties. The ISO members then take account of any
feedback they receive in formulating their position on the proposed work item or on the draft standard.
Consensus
"Consensus" is officially defined (in ISO/IEC Guide 2) as "general agreement, characterized by
the absence of sustained opposition to substantial issues by any important part of the concerned interests
and by a process that involves seeking to take into account the views of all parties concerned and to
reconcile any conflicting arguments". The definition notes, "Consensus need not imply unanimity“.
Voting

Lecture Manual
59
For a document to be accepted as an ISO International Standard, it must be approved by at least

two-thirds of the ISO national members that participated in its development and not be disapproved by
more than a quarter of all ISO members who vote on it.
Appeals
ISO national member bodies have the right of appeal to a parent technical committee on the decision
of subcommittee, to the Technical Management Board on a decision of technical committee and to the ISO
Council on a decision of the Technical Management Board. Appeals may relate to procedural, technical or
administrative matters. The appeals process relating to ISO's standardization work in general and to JTC 1's
work in particular is described respectively in the ISO/IEC Directives and in the ISO/IEC JTC 1 Directives.
Principal Officers
President
Dr. Boris Aleshin
(2012) - Russian Federation
Vice-President (policy)
Mr. Sadao Takeda
(2013) - Japan
Vice-President (technical management)

Dr. Elisabeth Stampfl-Blaha
(2013) - Austria
Treasurer
Mr. Julien Pitton
(2013) - Switzerland
Secretary-General (chief executive officer)

Mr. Rob Steele
ISO Central Secretariat

Lecture Manual
60
IEEE
Institute of Electrical and Electronic Engineers
The Institute of Electrical and Electronics Engineers (IEEE, read I-Triple-E) is a non-profitprofessional
association headquartered in New York City that is dedicated to advancing technological innovation and
excellence. It has more than 400,000 members in more than 160 countries, about 45% of whom reside
outside the United States.
HISTORY
The IEEE corporate office is on the 17th floor of 3 Park Avenue in New York City
The IEEE is incorporated under the Not-for-Profit Corporation Law of the state of New York in the United
States. [4] It was formed in 1963 by the merger of the Institute of Radio Engineers (IRE, founded 1912) and
the American Institute of Electrical Engineers (AIEE, founded 1884).
The major interests of the AIEE were wire communications (telegraphy and telephony) and light and power
systems. The IRE concerned mostly radio engineering, and was formed from two smaller organizations, the
Society of Wireless and Telegraph Engineers and the Wireless Institute. With the rise of electronics in the
1930s, electronics engineers usually became members of the IRE, but the applications of electron tube
technology became so extensive that the technical boundaries differentiating the IRE and the AIEE became
difficult to distinguish. After World War II, the two organizations became increasingly competitive, and in
1961, the leadership of both the IRE and the AIEE resolved to consolidate the two organizations. The two
organizations formally merged as the IEEE on January 1, 1963.
Notable Presidents of IEEE and its founding organizations include Elihu Thomson (AIEE, 1889–1890),
Alexander Graham Bell (AIEE, 1891–1892), Charles Proteus Steinmetz (AIEE, 1901–1902),Lee De Forest (IRE,
1930), Frederick E. Terman (IRE, 1941), William R. Hewlett (IRE, 1954),Ernst Weber (IRE, 1959; IEEE, 1963),
and Ivan Getting (IEEE, 1978).
IEEE's Constitution defines the purposes of the organization as "scientific and educational, directed toward
the advancement of the theory and practice of Electrical, Electronics, Communications and Computer
Engineering, as well as Computer Science, the allied branches of engineering and the related arts and
sciences."[1] In pursuing these goals, the IEEE serves as a major publisher of scientific journals and organizer
of conferences, workshops, and symposia (many of which have associated published proceedings). It is also a
leading standards development organization for the development of industrial standards (having developed
over 900 active industry technical standards) in a broad range of disciplines, including electric power and
energy, biomedical technology and healthcare, information technology, information assurance,
telecommunications, consumer electronics, transportation, aerospace, and nanotechnology. IEEE develops
and participates in educational activities such as accreditation of electrical engineering programs in

Lecture Manual
61
institutes of higher learning. The IEEE logo is a diamond-shaped design which illustrates the right hand grip
rule embedded in Benjamin Franklin's kite, and it was created at the time of the 1963 merger.
IEEE has a dual complementary regional and technical structure – with organizational units based on
geography (e.g., the IEEE Philadelphia Section, IEEE South Africa Section ) and technical focus (e.g., the
IEEE Computer Society). It manages a separate organizational unit (IEEE-USA) which recommends policies
and implements programs specifically intended to benefit the members, the profession and the public in the
United States.
The IEEE includes 38 technical Societies, organized around specialized technical fields, with more than 300
local organizations that hold regular meetings.
The IEEE Standards Association is in charge of the standardization activities of the IEEE.
Publications
IEEE produces 30% of the world's literature in the electrical and electronics engineering and computer
science fields, publishing well over 100peer-reviewed journals.
The published content in these journals as well as the content from several hundred annual conferences
sponsored by the IEEE are available in the IEEE online digital library for subscription-based access and
individual publication purchases.
In addition to journals and conference proceedings, the IEEE also publishes tutorials and the standards that
are produced by its standardization committees.
Educational activities
The IEEE provides learning opportunities within the engineering sciences, research, and technology. The
goal of the IEEE education programs is to ensure the growth of skill and knowledge in the electricity-related
technical professions and to foster individual commitment to continuing education among IEEE members,
the engineering and scientific communities, and the general public.
IEEE offers educational opportunities such as IEEE eLearning Library, the Education Partners Program,
Standards in Education and Continuing Education Units (CEUs).
IEEE eLearning Library is a collection of online educational courses designed for self-paced learning.
Education Partners, exclusive for IEEE members, offers on-line degree programs, certifications and courses
at a 10% discount. The Standards in Education website explains what standards are and the importance of
developing and using them. The site includes tutorial modules and case illustrations to introduce the history
of standards, the basic terminology, their applications and impact on products, as well as news related to
standards, book reviews and links to other sites that contain information on standards. Currently, twenty-
nine states in the United States require Professional Development Hours (PDH) to maintain a Professional
Engineering license, encouraging engineers to seek Continuing Education Units (CEUs) for their participation

Lecture Manual
62
in continuing education programs. CEUs readily translate into Professional Development Hours (PDHs), with 1
CEU being equivalent to 10 PDHs. Countries outside the United States, such as South Africa, similarly require
continuing professional development (CPD) credits, and it is anticipated that IEEE Expert Now courses will
feature in the CPD listing for South Africa.
IEEE also sponsors a website designed to help young people understand better what engineering means, and
how an engineering career can be made part of their future. Students of age 8–18, parents, and teachers
can explore the site to prepare for an engineering career, ask expert’s engineering-related questions, play
interactive games, explore curriculum links, and review lesson plans. This website also allows students to
search for accredited engineering degree programs in Canada and the United States; visitors are able to
search by state/province/territory, country, degree field, tuition ranges, room and board ranges, size of
student body, and location (rural, suburban, or urban).
Standards and development process

IEEE is one of the leading standards-making organizations in the world. IEEE performs its standards making
and maintaining functions through the IEEE Standards Association (IEEE-SA). IEEE standards affect a wide
range of industries including: power and energy, biomedical and healthcare, Information Technology (IT),
telecommunications, transportation, nanotechnology, information assurance, and many more. In 2005, IEEE
had close to 900 active standards, with 500 standards under development. One of the more notable IEEE
standards is the IEEE 802 LAN/MAN group of standards which includes the IEEE 802.3 Ethernet standard and
the IEEE 802.11 Wireless Networking standard.
Membership and member grades

Most IEEE members are electrical and electronics engineers, but the organization's wide scope of interests
has attracted people in other disciplines as well (e.g., computer science, mechanical and civil engineering)
as well as biologists, physicists, and mathematicians.
An individual can join the IEEE as a student member, professional member, or associate member. In order to
qualify for membership, the individual must fulfil certain academic or professional criteria and abide to the
code of ethics and bylaws of the organization. There are several categories and levels of IEEE membership
and affiliation:
 Student Members: Student membership is available for a reduced fee to those who are enrolled in an
accredited institution of higher education as undergraduate or graduate students in technology or
engineering.
 Members: Ordinary or professional Membership requires that the individual have graduated from a
technology or engineering program of an appropriately-accredited institution of higher education or have
demonstrated professional competence in technology or engineering through at least six years of

Lecture Manual
63
professional work experience. An associate membership is available to individuals whose area of expertise
falls outside the scope of the IEEE or who does not, at the time of enrollment, meet all the requirements for
full membership. Students and Associates have all the privileges of members, except the right to vote and
hold certain offices.
 Society Affiliates: Some IEEE Societies also allow a person who is not an IEEE member to become a
Society Affiliate of a particular Society within the IEEE, which allows a limited form of participation in the
work of a particular IEEE Society.
 Senior Members: Upon meeting certain requirements, a professional member can apply for Senior
Membership, which is the highest level of recognition that a professional member can directly apply for.
Applicants for Senior Member must have at least three letters of recommendation from Senior, Fellow, or
Honorary members and fulfill other rigorous requirements of education, achievement, remarkable
contribution, and experience in the field. The Senior Members are a selected group, and certain IEEE officer
positions are available only to senior (and Fellow) Members. Senior Membership is also one of the
requirements for those who are nominated and elevated to the grade IEEE Fellow, a distinctive honor.
 Fellow Members: The Fellow grade of membership is the highest level of membership, and cannot be
applied for directly by the member – instead the candidate must be nominated by others. This grade of
membership is conferred by the IEEE Board of Directors in recognition of a high level of demonstrated
extraordinary accomplishment.
 Honorary Members: Individuals who are not IEEE members but have demonstrated exceptional
contributions, such as being a recipient of an IEEE Medal of Honor, may receive Honorary Membership from
the IEEE Board of Directors.
 Life Members and Life Fellows: Members who have reached the age of 65 and whose number of years
of membership plus their age in years adds up to at least 100 are recognized as Life Members – and, in the
case of Fellow members, as Life Fellows.
Awards
Through its awards program, the IEEE recognizes contributions that advance the fields of interest to the
IEEE. For nearly a century, the IEEE Awards Program has paid tribute to technical professionals whose
exceptional achievements and outstanding contributions have made a lasting impact on technology, society
and the engineering profession.
Funds for the awards program, other than those provided by corporate sponsors for some awards, are
administered by the IEEE Foundation.
Medals
 IEEE Medal of Honor

Lecture Manual
64
 IEEE Edison Medal

 IEEE Founders Medal (for leadership, planning, and administration)
 IEEE James H. Mulligan, Jr. Education Medal
 IEEE Alexander Graham Bell Medal (for communications engineering)
 IEEE Simon Ramo Medal (for systems engineering)
 IEEE Medal for Engineering Excellence
 IEEE Medal for Environmental and Safety Technologies
 IEEE Medal in Power Engineering
 IEEE Richard W. Hamming Medal (for information technology)
 IEEE Heinrich Hertz Medal (for electromagnetics)
 IEEE John von Neumann Medal (for computer-related technology)
 IEEE Jack S. Kilby Signal Processing Medal
 IEEE Dennis J. Picard Medal for Radar Technologies and Applications
 IEEE Robert N. Noyce Medal (for microelectronics)
 IEEE Medal for Innovations in Healthcare Technology
 IEEE/RSE Wolfson James Clerk Maxwell Award
 IEEE Centennial Medal
Technical field awards

 IEEE Biomedical Engineering Award
 IEEE Cledo Brunetti Award (for nanotechnology and miniaturization)
 IEEE Components, Packaging, and Manufacturing Technologies Award
 IEEE Control Systems Award
 IEEE Electromagnetics Award
 IEEE James L. Flanagan Speech and Audio Processing Award
 IEEE Andrew S. Grove Award (for solid-state devices)
 IEEE Herman Halperin Electric Transmission and Distribution Award
 IEEE Masaru Ibuka Consumer Electronics Award
 IEEE Internet Award
 IEEE Reynold B. Johnson Data Storage Device Technology Award
 IEEE Reynold B. Johnson Information Storage Systems Award
 IEEE Richard Harold Kaufmann Award (for industrial systems engineering)
 IEEE Joseph F. Keithley Award in Instrumentation and Measurement
 IEEE Gustav Robert Kirchhoff Award (for electronic circuits and systems)
 IEEE Leon K. Kirchmayer Graduate Teaching Award

Lecture Manual
65
 IEEE Koji Kobayashi Computers and Communications Award

 IEEE William E. Newell Power Electronics Award
 IEEE Daniel E. Noble Award (for emerging technologies)
 IEEE Donald O. Pederson Award in Solid-State Circuits
 IEEE Frederik Philips Award (for management of research and development)
 IEEE Photonics Award
 IEEE Emanuel R. Piore Award (for information processing systems in computer science)
 IEEE Judith A. Resnik Award (for space engineering)
 IEEE Robotics and Automation Award
 IEEE Frank Rosenblatt Award (for biologically and linguistically motivated computational paradigms
such as neural networks
 IEEE David Sarnoff Award (for electronics)
 IEEE Charles Proteus Steinmetz Award (for standardization)
 IEEE Marie Sklodowska-Curie Award (for nuclear and plasma engineering)
 IEEE Eric E. Sumner Award (for communications technology)
 IEEE Undergraduate Teaching Award
 IEEE Nikola Tesla Award (for power technology)
 IEEE Kiyo Tomiyasu Award (for technologies holding the promise of innovative applications)
Recognitions
 IEEE Haraden Pratt Award
 IEEE Richard M. Emberson Award
 IEEE Corporate Innovation Recognition
 IEEE Ernst Weber Engineering Leadership Recognition
 IEEE Honorary Membership
Prize paper awards

 IEEE Donald G. Fink Prize Paper Award
 IEEE W.R.G. Baker Award
Scholarships
 IEEE Life Members Graduate Study Fellowship in Electrical Engineering was established by the IEEE in
2000. The fellowship is awarded annually to a first year, full time graduate student obtaining their masters
for work in the area of electrical engineering, at an engineering school/program of recognized standing
worldwide.

Lecture Manual
66
 IEEE Charles LeGeyt Fortescue Graduate Scholarship was established by the IRE in 1939 to
commemorate Charles Legeyt Fortescue's contributions to electrical engineering. The scholarship is awarded
for one year of full-time graduate work obtaining their masters in electrical engineering an ANE engineering
school of recognized standing in the United States.
Societies
IEEE is supported by 38 societies, each one focused on a certain knowledge area. They provide specialized
publications, conferences, business networking and sometimes other services.
 IEEE Aerospace and Electronic Systems Society
 IEEE Antennas & Propagation Society
 IEEE Broadcast Technology Society
 IEEE Circuits and Systems Society
 IEEE Communications Society
 IEEE Components, Packaging & Manufacturing Technology Society
 IEEE Computational Intelligence Society
 IEEE Computer Society
 IEEE Consumer Electronics Society
 IEEE Control Systems Society
 IEEE Dielectrics & Electrical Insulation Society
 IEEE Education Society
 IEEE Electromagnetic Compatibility Society
 IEEE Electron Devices Society
 IEEE Engineering in Medicine and Biology Society
 IEEE Geoscience and Remote Sensing Society
 IEEE Industrial Electronics Society
 IEEE Industry Applications Society
 IEEE Information Theory Society
 IEEE Instrumentation & Measurement Society
 IEEE Intelligent Transportation Systems Society
 IEEE Magnetics Society
 IEEE Microwave Theory and Techniques Society
 IEEE Nuclear and Plasma Sciences Society
 IEEE Oceanic Engineering Society
 IEEE Photonics Society
 IEEE Power Electronics Society

Lecture Manual
67
 IEEE Power & Energy Society

 IEEE Product Safety Engineering Society
 IEEE Professional Communication Society
 IEEE Reliability Society
 IEEE Robotics and Automation Society
 IEEE Signal Processing Society
 IEEE Society on Social Implications of Technology
 IEEE Solid-State Circuits Society
 IEEE Systems, Man & Cybernetics Society
 IEEE Ultrasonics, Ferroelectrics & Frequency Control Society
 IEEE Vehicular Technology Society
Technical councils
IEEE technical councils are collaborations of several IEEE societies on a broader knowledge area. There are
currently seven technical councils:
 IEEE Biometrics Council
 IEEE Council on Electronic Design Automation
 IEEE Nanotechnology Council
 IEEE Sensors Council
 IEEE Council on Superconductivity
 IEEE Systems Council
 IEEE Technology Management Council
Technical committees
To allow a quick response to new innovations, IEEE can also organize technical committees on top of their
societies and technical councils. There are currently two such technical committees:
 IEEE Committee on Earth Observation (ICEO)
 IEEE Technical Committee on RFID (CRFID)
Organizational units
 Technical Activities Board (TAB)
IEEE Foundation
The IEEE Foundation is a charitable foundation established in 1973 to support and promote technology
education, innovation and excellence.

Lecture Manual
68
It is incorporated separately from the IEEE, although it has a close relationship to it. Members of the Board
of Directors of the foundation are required to be active members of IEEE, and one third of them must be
current or former members of the IEEE Board of Directors.
Initially, the IEEE Foundation's role was to accept and administer donations for the IEEE Awards program,
but donations increased beyond what was necessary for this purpose, and the scope was broadened. In
addition to soliciting and administering unrestricted funds, the foundation also administers donor-designated
funds supporting particular educational, humanitarian, historical preservation, and peer recognition
programs of the IEEE.As of the end of 2009, the foundation's total assets were $27 million, split equally
between unrestricted and donor-designated funds.
Copyright policy
The IEEE requires authors to transfer their copyright for works they submit for publication.
The IEEE generally does not create its own research. It is a professional organization that coordinates
journal peer-review activities and holds subject-specific conferences in which authors present their
research. The IEEE then publishes the authors' papers in journals and other proceedings, and authors are
required to give up their exclusive rights to their works.
Section 6.3.1 IEEE Copyright Policies – subsections 7 and 8 – states that "all authors…shall transfer to the
IEEE in writing any copyright they hold for their individual papers", but that the IEEE will grant the authors
permission to make copies and use the papers they originally authored, so long as such use is permitted by
the Board of Directors. The guidelines for what the Board considers a "permitted" use are not entirely clear,
although posting a copy on a personally-controlled website is allowed. The author is also not allowed to
change the work absent explicit approval from the organization. The IEEE justifies this practice in the first
paragraph of that section, by stating that they will "serve and protect the interests of its authors and their
employers".
The IEEE places research papers and other publications such as IEEE standards behind a "pay wall", although
the IEEE explicitly allows authors to make a copy of the papers that they authored freely available on their
own website. As of September 2011, the IEEE also provides authors for most new journal papers with the
option to pay to allow free download of their papers by the public from the IEEE publication website.
IEEE publications have received a Green rating the from SHERPA/RoMEO guide for affirming "authors and/or
their companies shall have the right to post their IEEE-copyrighted material on their own servers without
permission" (IEEE Publication Policy 8.1.9.D[25]). This open access policy effectively allows authors, at their
choice, to make their article openly available. Roughly 1/3 of the IEEE authors take this route.
Some other professional associations do not impose the same requirements on authors. For example, the
USENIX association requires that the author only give up the right to publish the paper elsewhere for 12

Lecture Manual
69
months (in addition to allowing authors to post copies of the paper on their own website during that time).
The organization operates successfully even though all of its publications are freely available online.

Lecture Manual
70
SEI
Software Engineering Institute
Software Engineering Institute (SEI) is a private researching university in established in 1984 by the U.S.
Department of Defense in 1984. Its headquarters is located inside the 140-acre (0.57 km2) Carnegie Mellon
University Main Campus in Pittsburgh, Pennsylvania, United States. SEI’s Satellite Offices are located in
Arlington, VA, Los Angeles, CA and Frankfurt, Germany.
Carnegie Mellon University

Carnegie Mellon or simply CMU is a private university that is well known for its high quality researches.
Because of this, CMU receives good funding from private organizations and majorly funded by the U.S.
department of Defense reaching up to $315 million on research like in 2006 with the greatest portion to the
School of Computer Sciences ($100.3 million) Software Engineering Institute ($71.7 million), Carnegie
Institute of Technology ($48.5 million), Mellon College of Science ($47.7 million) and receiving $277.6
million of their total funding from the government.
SEI Founding and Areas of Focus

Since its founding, its funding majorly comes from the U.S. Department of Defence. The Carnegie Mellon
Software Engineering Institute (SEI) works closely with defence and government organizations, industry, and
academia even private organizations to continually improve their software-intensive systems. Its researches
or areas of focus are divided into several areas: Management practices, Engineering Practices, Acquisition
practices, Security and Special programs.
Some of its efforts produced the following well known framework, with its Management practices it has
developed the Capability Maturity Model (CMM) for Software in 1887 and upgraded it to Capability Maturity
Model Integration (CMMI) in 1991 and in 2007, introduced the Resiliency Engineering Framework model. They
developed tools such as SEI Architecture Trade-off Analysis Method (ATAM) method, the SEI Framework for
Software Product Line Practice, and the SEI Service Migration and Reuse Technique (SMART) for its
Engineering practices.
In its Security research, the SEI CERT Program or CERT Coordination Center exists and is working with US-
CERT to produce the Build Security In (BSI) website, which provides guidelines for building security into
every phase of the software development lifecycle. The SEI has also conducted research on insider threats
and computer forensics. Results of this research and other information now populate the CERT Virtual
Training Environment. The CERT Coordination Center (CERT/CC) was created at the Software Engineering

Lecture Manual
71
Institute in November 1988 at DARPA's direction when world-wide governments began to call, as a result of
the Morris worm. SQUARE
Other U.S. patented developments by the Carnegie Mellon University are Architecture Tradeoff Analysis
Method (ATAM) which resulted in “reduced risk in schedule and cost, improved documentation and
communication, and a higher quality product for the warfighter”.
The Carnegie Mellon Software Engineering Institute (SEI)

• Vision
Leading the world to a software-enriched society
• Mission
Our mission is to advance software engineering and related disciplines to ensure the development and
operation of systems with predictable and improved cost, schedule, and quality.
• Our Strategy
To achieve this mission, our strategy is to openly engage a broad-based community with a focus on
improving the effects of software in the world. We create usable technologies, apply them to real problems,
and amplify their impact by accelerating broad adoption.
• Our Core Values
The SEI’s core values are integrity, excellence, and impact. These core values are the foundation of
everything we do at the SEI. They hold us together when the forces of change push and pull us this way and
that.
Brief History
Since 1984, the SEI has served the U.S. nation as a federally funded research and development center based
at Carnegie Mellon University, an organization that is well known for its highly rated programs in computer
science and engineering. Because of this, Carnegie Mellon University has become familiar with funded
researches and as part of Carnegie Mellon, the SEI operates at the leading edge of technical innovation. The
SEI staff has advanced software engineering principles and practices and has served as a national resource in
software engineering, computer security, and process improvement.
Some of its recent achievements are: the publishing of SEI insider threat research efforts were published.
The CERT forensics team creates a powerful new set of tools and methods to help law enforcement capture
crucial digital evidence for some high-profile cases, and SEI begins work in the area of software assurance in
2008. While in 2009, the SEI launches CMMI for Services (CMMI-SVC) to help service providers reduce costs,
improve quality, and improve the predictability of schedules.

Lecture Manual
72
Its contract with the U.S. government was renewed in June 2010 for a five-year contract extension, with a
face value of $584 million. Today it has more than 500 employees and increasing.
Some of its Special programs include its SEI Partner Network which helps the SEI disseminate software
engineering best practices. Organizations and individuals in the SEI Partner Network are selected, trained,
and licensed by the SEI to deliver authentic SEI services, which include courses, consulting methods, and
management processes. Other programs and activities given focus by the SEI include sponsoring
Conferences, SEI courses that help bring state-of-the-art technologies and practices from research and
development into widespread use, Affiliate Programs and its Membership Programs.

Lecture Manual
73
W3C (World Wide Web Consortium)
 The main international standards organization for the World Wide Web.
 It is the committee which creates, reviews, and approves the technical specifications for the languages
and protocols which form the architecture of the World Wide Web.
 It is an international community where Member organizations, a full-time staff, and the public work
together to develop Web standards.
 Its primary activity is to developing protocols and guidelines that ensure long-term growth for the Web.
History W3c was founded by Tim Berners-Lee which was also the person who developed the World Wide
Web. W3C was founded at Massachusetts Institute of Technology Laboratory for Computer Science in
cooperation with CERN (European Organization for Nuclear Research). W3C was hosted by several
institutions around the world namely:
 Institut national de recherche en informatique et en automatique (INRIA) (April 1995)  Keio
University (September 1996)
 European Research Consortium for Informatics and Mathematics (ERCIM) (January 2003)  World
Offices (September 2009)
 Australia, Netherlands, Luxembourg, and Belgium, Brazil, China, Finland, Germany, Austria,
Greece, Hong Kong, Hungary, India, Israel, Italy, South Korea, Morocco, South Africa, Spain, Sweden, and
the United Kingdom and Ireland the W3C has three long-term goals
1. Universal Access - To make the Web accessible to all by promoting technologies that take into account
the vast differences in culture, education, ability, material resources, and physical limitations of users on
all continents.
2. Semantic Web - to develop a software environment that permits each user to make the best use of the
resources available on the Web.
3. Web of Trust - to guide the Web's development with careful consideration for the novel, legal,
commercial, and social issues raised by this technology.
W3C Mission The W3C mission is to lead the World Wide Web to its full potential by developing protocols and
guidelines that ensure the long-term growth of the Web.
Principles of W3C
 Web for All One of W3C's primary goals is to make these benefits available to all people, whatever
their hardware, software, network infrastructure, native language, culture, geographical location, or
physical or mental ability.

Lecture Manual
74
 Web on Everything The number of different kinds of devices that can access the Web has grown
immensely. W3C Vision W3C's vision for the Web involves participation, sharing knowledge, and
thereby building trust on a global scale.
 Web for Rich Interaction the Web was invented as a communications tool intended to allow anyone,
anywhere to share information.W3C standards have supported this evolution thanks to strong
architecture and design principles.
 Web of Data and Services
The Web has transformed the way we communicate with each other. In doing so, it has also modified the
nature of our social relationships. People now "meet on the Web" and carry out commercial and personal
relationships, in some cases without ever meeting in person. W3C recognizes that trust is a social
phenomenon, but technology design can foster trust and confidence. As more activity moves on-line, it will
become even more important to support complex interactions among parties around the globe
• Web of Trust People of W3C - Tim Berners-Lee-founder of W3C. - Dr. Jeffrey Jaffe – CEO of W3C. - Staff of
technical experts- help coordinate technology development and manage the operations of the Consortium. -
W3C Members and invited experts - provide energy to the groups that write W3C's Web standards. - Broader
Web community - review and provides input on specifications.
Organizational Structure
There are two ways to think about how W3C is organized:
1. in administrative terms
2. In process terms Revenue Model W3C sources of revenue include:
 W3C Member dues
 Research grants and other sources of private and public funding
 Sponsorship and donations International Participation W3C's global efforts includes:
 Liaisons with national, regional and international organizations around the globe.
 The Offices Program, which promotes adoption of W3C recommendations among developers,
application builders, and standards setters, and encourage inclusions of stakeholder
organizations in the creation of future standards by joining W3C.  Translations
of Web standards and other materials from dedicated volunteers in the W3C
community.
 talks around the world in a variety of languages on Web standards by people closely
involved in the creation of the standards.
 W3C's Internationalization Activity helps ensure that the Web is available to people. Patent

Lecture Manual
75
Policy The W3C Patent Policy is designed to:

 Facilitate the development of W3C Recommendations by W3C Working Groups;
 Promote the widespread implementation of those Recommendations on a Royalty-Free (RF) basis;
 Address issues related to patents that arise during and after the development of a Recommendation.
Sponsorship and Donations
 Gold Package
 Silver Package Supporters Program
 Premier supporters Supporter Contribution Adobe System Software
 Major supporters Supporter Contribution YesLogic, makers of Prince XML Prince XML
Disruptive Innovations, makers of the BlueGriffon Web editor HTTP PUT add-on to BlueGriffon
• Contributing Supporters
 Adammer LLCI
 MRE Ltd
 aqk webhosting, Elgin QC
 Stack Exchange
 Bicicletando
 Pristine Detailing Services, Inc. / Media Network Links, Inc.
 Klicktivisten GmbH
W3C Jobs Web Technologies Specialist Responsibilities:

• Will provide guidance to technical working groups on the design and evolution of the Web
infrastructure;
• assist working groups in publishing specifications
• And build support among user and vendor communities for Web
Systems Administrator Responsibilities: • Systems Administration • User Support • Systems development Web
Accessibility Specialist Responsibilities: • develop technical guidance • develop framework for increased
international cooperation • related technical guidance
Web Accessibility Engineer Responsibilities: • manage the progress of accessibility solutions • provide staff
support to accessibility working groups and task forces • and develop and document accessibility
requirements for HTML W3C Fellows • Hiroki Yamada (Internet Academy) • Shinji Ishii (NTT) • Felix Sasaki
(DFKI) Important benefits for the members: • The opportunity to interact and work directly with the leading
companies, organizations, and individuals in the Web world. • The ability to provide strategic direction to

Lecture Manual
76
the Consortium through review of W3C Activity proposals and operational policies • Participation in W3C
Working Groups, where specifications and guidelines are developed, and in W3C Interest Groups, where
discussions are conducted • the opportunity to interact and work directly with the leading companies,
organizations, and individuals in the Web world. • The ability to provide strategic direction to the
Consortium through review of W3C Activity proposals and operational policies • Participation in W3C
Working Groups, where specifications and guidelines are developed, and in W3C Interest Groups, where
discussions are conducted • Access to a full-time staff of experts in Web technology. • Creation of Incubator
Groups • Member Submissions, for consideration as future Consortium work • Sponsorship and marketing
opportunities such as those for W3C10 • Access to the Member Web site • A seat on the W3C Advisory
Committee • Access to Member-only mailing lists, hosting discussions on work underway in the Consortium
• Use of the W3C Member logo on your Web site • Promotion of Member talks and presentations about W3C
work on the W3C home page • Promotion of Membership and participation W3C via the home page
testimonial program • Discounts for W3C Member employees at select conferences • Additional sponsorship
opportunities that provide visibility of your organization's support for open standards
ANSI (American National Standard Institute)
As the voice of the U.S. standards and conformity assessment system, the American National
Standards Institute (ANSI) empowers its members and constituents to strengthen the U.S. marketplace
position in the global economy while helping to assure the safety and health of consumers and the
protection of the environment.
The Institute oversees the creation, promulgation and use of thousands of norms and guidelines that
directly impact businesses in nearly every sector: from acoustical devices to construction equipment, from
dairy and livestock production to energy distribution, and many more. ANSI is also actively engaged in
accrediting programs that assess conformance to standards – including globally-recognized cross-sector
programs such as the ISO 9000 (quality) and ISO 14000 (environmental) management systems.
History:
The history of the American National Standards Institute (ANSI) and the U.S. voluntary standards
system is dynamic and evocative of the market-driven spirit that continues today.
In 1916, the American Institute of Electrical Engineers (now IEEE) invited the American Society of
Mechanical Engineers (ASME), the American Society of Civil Engineers (ASCE), the American Institute of
Mining and Metallurgical Engineers (AIME) and the American Society for Testing Materials (now ASTM
International) to join in establishing an impartial national body to coordinate standards development,
approve national consensus standards, and halt user confusion on acceptability. These five organizations,

Lecture Manual
77
who were themselves core members of the United Engineering Society (UES), subsequently invited the U.S.
Departments of War, Navy and Commerce to join them as founders.
ANSI was originally established as the American Engineering Standards Committee (AESC). According
to Paul G. Agnew, the first permanent secretary and head of staff in 1919, AESC started as an ambitious
program and little else. Staff for the first year consisted of one executive, Clifford B. LePage, who was on
loan from a founding member, ASME. An annual budget of $7,500 was provided by the founding bodies.
A year after AESC was founded; it approved its first standard on pipe threads. Its next major project
was undertaken in 1920 when AESC began the coordination of national safety codes to replace the many
laws and recommended practices that were hampering accident prevention. The first American Standard
Safety Code was approved in 1921 and covered the protection of the heads and eyes of industrial workers. In
its first ten years, AESC also approved national standards in the fields of mining, electrical and mechanical
engineering, construction and highway traffic. AESC was very active in early attempts to promote
international cooperation and in 1926 hosted the conference that created the International Standards
Association (ISA), an organization that would remain active until World War II and that would eventually
become the International Organization for Standardization (ISO).
Mission:
To enhance both the global competitiveness of U.S. business and the U.S. quality of life by promoting
and facilitating voluntary consensus standards and conformity assessment systems, and safeguarding their
integrity.
Founded: October 19, 1918
ANSI Board of Directors Officers:
The members of the ANSI Nominating Committee are appointed to recommend candidates for seats on the
ANSI Board of Directors and the Board’s leadership. The candidates they recommend will represent diversity
and a balance of interests from the ANSI Federation.
Annual Budget: $22 million

Affiliations:
ANSI is the official U.S. representative to the International Organization for Standardization (ISO)
and, via the U.S. National Committee, the International Electro technical Commission (IEC). ANSI is also a
member of the International Accreditation Forum (IAF). Regionally, the Institute is the U.S. member of the
Pacific Area Standards Congress (PASC) and the Pan American Standards Commission (COPANT). ANSI is also
a member of the Pacific Accreditation Cooperation (PAC) and via the ANSI-ASQ National Accreditation Board
(ANAB), a member of the Inter American Accreditation Cooperation (IAAC).
Member Benefits, Categories, and Levels

Lecture Manual
78
Benefits:
Active participation in ANSI and its programs provides access rights to information and business
intelligence that is not available elsewhere, discounts on many products and services, and the opportunity
to build relationships that empower members with a voice and influence over the standardization and
conformity assessment decisions that directly affect their business. ANSI has four (4) distinct Member
Forums that provide members with the opportunity to actively engage and further develop their
involvement as desired: Company, Government, Consumer Interest, and Organizational.
Categories:
ANSI has six (6) types of members: Company, Government, Organizational, Educational, International, and
Individual.
Company Member (C)

A corporation, partnership or other entity that is created under the laws of the United States or any State
thereof and that is engaged in industrial or commercial enterprise or professional, educational, research,
testing or trade activity. Any affiliate, division or joint venture of a corporation, company, firm or
partnership may, at the discretion of the ANSI Board of Directors, be eligible for membership.
Government Member (G)
A department or agency of the United States government or of any state, interstate or regional authority or
agency, or any local or county subdivision of such entities interested in the work of the Institute.
Organizational Member (O)
A not-for-profit scientific, technical, professional, labor, consumer, trade or other association or
organization that is involved in standards, certification or related activities.
Educational Member (E)
A domestic, not-for-profit institution of higher learning, not otherwise eligible for membership, which is
interested in the development of voluntary standards.
International Member (Int)
An entity that is engaged in the activities of an organizational, company or educational member but that is
not created under the laws of the United States or any state thereof. International members do not have
voting rights.
Individual Member (Ind)

An individual member shall be a United States citizen interested in the development of standards or related
activities, who is not eligible for membership under any other membership category.
Levels:

Lecture Manual
79
Full Membership
Benefits include unlimited representatives per membership, full participation and access rights and up to
20% discount on selected standards purchased through ANSI.
Basic Membership
Benefits include one representative per membership, limited participation and access rights and up to 10%
discount on selected standards purchased through ANSI.

Lecture Manual
80
Malcolm Baldrige
History
The Foundation for the Malcolm Baldrige National Quality Award was created to provide the private
sector a means of accomplishing the following Award objectives: a) raise sufficient funds to establish an
endowment which, when supplemented by fees from Award applicants, would permanently fund the
Program; b) oversee the investment of endowment funds; c) review Program accomplishments; d) disburse
required funds to the National Institute of Standards and Technology (NIST); and e) review the plan and
approve associated funds requirements for subsequent years to ensure a successful Award program.
The Foundation has no oversight of the Baldrige program and has no involvement in the award
process.
Originally, three types of organizations were eligible: manufacturers, service companies and small
businesses. In 1998, the President and the U.S. Congress approved legislation that made education and
health care organizations eligible to participate in the Award Program in 1999. Finally, in 2006 the President
and the U.S. Congress approved legislation that made non-profit organizations (including charities, trade
and professional associations, and government agencies) eligible to participate in the Award Program in
2007. The award promotes excellence in organizational performance, recognizes the achievements and
results of U.S. organizations, and publicizes successful performance strategies. The award is not given for
specific products or services.
Leaders of prominent organizations have been selected to serve as Foundation Trustees to ensure
that the Foundation’s objectives of supporting the Award process are accomplished. In addition, a broad
cross-section of organizations from throughout the United States provides financial support to the
Foundation.
Mission
• To improve the competitiveness and performance of U.S. organizations for the benefit of all U.S.
residents, the Baldrige Performance Excellence Program is a customer-focused federal change agent that
• Develops and disseminates evaluation criteria
• Manages the Malcolm Baldrige National Quality Award
• Promotes performance excellence
• Provides global leadership in the learning and sharing of successful strategies and performance
practices, principles, and methodologies
Vision
• To be the partner of choice for excellence in every sector of the economy
Core Values

Lecture Manual
81
• Deliver a consistently positive customer experience

• Value and empower our workforce
• Think and act ethically
• Think and act strategically
Definition
Annual award for the US firms which have "excelled in quality management and quality
achievement." Two awards may be give in each of three categories of manufacturing company, Service
Company, and small business.
• The Baldrige Program is the nation's public-private partnership dedicated to performance excellence.
• Raises awareness about the importance of performance excellence in driving the U.S. and global
economy
• Educates leaders in businesses, schools, health care organizations, and government and nonprofit
agencies about the practices of best-in-class organizations
• Recognizes national role models and honors them with the only Presidential Award for performance
excellence
• The Malcolm Baldrige National Quality Award (MBNQA) is presented annually by the President of the
United States to organizations that demonstrate quality and performance excellence.
• Three awards may be given annually in each of six categories:
Manufacturing
Service Company
Small business
Education
Healthcare
Nonprofit
• The Malcolm Baldrige national quality award recognizes US organizations in the business, healthcare,
education, and nonprofit sectors for performance excellence.
• The Baldrige Award is the only formal recognition of the performance excellence of both public and
private U.S. organizations given by the President of the United States. It is administered by the Baldrige
Performance Excellence Program, which is based at and managed by the National Institute of Standards and
Technology, an agency of the U.S. Department of Commerce.
• The Baldrige National Quality Program and the associated award were established by the Malcolm
Baldrige National Quality Improvement Act of 1987 (Public Law 100–107). The program and award were
named for Malcolm Baldrige, who served as United States Secretary of Commerce

Lecture Manual
82
• The award promotes awareness of performance excellence as an increasingly important element in

competitiveness. It also promotes the sharing of successful performance strategies and the benefits derived
from using these strategies.
Program Impacts
• According to Building on Baldrige: American Quality for the 21st Century by the private Council on
Competitiveness, “More than any other program, the Baldrige Quality Award is responsible for making
quality a national priority and disseminating best practices across the United States.”
• The Baldrige Program's net private benefits to the economy as a whole were conservatively
estimated at $24.65 billion. When compared to the program's social costs of $119 million, the program’s
social benefit-to-cost ratio was 207-to-1.
• In 2007, 2008, 2009, and 2010, Leadership Excellence magazine placed the Baldrige Program in the
top 10 best government/military leadership programs in the United States based on seven criteria.
• Since the program’s inception in 1987, more than 2 million copies of the business/nonprofit,
education, and health care versions of the Criteria for Performance Excellence have been distributed to
individuals and organizations in the United States and abroad.
Criteria for Performance Excellence

The Criteria work as an integrated framework for managing an organization. They are simply a set of
questions focusing on critical aspects of management that contribute to performance excellence:
• Leadership
• Strategic planning
• Customer focus
• Measurement, analysis, and knowledge management
• Workforce focus
• Operations focus
• Results
The Criteria serve two main purposes:

• Identify Baldrige Award recipients to serve as role models for other organizations
• Help organizations assess their improvement efforts, diagnose their overall performance
management system, and identify their strengths and opportunities for improvement
Based on annual surveys conducted by the Baldrige Panel of Judges, Baldrige Award applicants—including
those who have received the Award—note the following benefits:

Lecture Manual
83
Benefits of applying
• Accelerated improvement efforts: The application process is an effective tool in itself. It accelerates
and goes beyond internal self-assessments by bringing a rigorous, objective, external viewpoint to the
organization’s internal improvement process.
• Energized employees: Pursuing a common goal motivates employees, resulting in energized
improvement efforts.
• An outside perspective: Five to eight trained experts review each application. As a group, they spend
a minimum of 300 hours reviewing each application, and site-visited applicants receive more than 1,000
hours of review.
• Learning from the feedback: Each applicant receives an objective, non-prescriptive written
assessment of its strengths and opportunities for improvement based on an examination of its Award
application against the Baldrige Criteria for Performance Excellence.
• Aligned efforts and resources: Discover how to align your organization’s efforts more closely to
achieve its goals. The linkages among the requirements of the seven Baldrige Criteria Categories can help
your organization achieve better coordination and consistency among plans, processes, information,
resource decisions, actions, results, analysis, and learning.
• An integrated approach to management: Management benefits from the big-picture systems
perspective embedded in the integrated structure of the Core Values and Concepts, the Baldrige Criteria,
and the Scoring Guidelines. This perspective helps your organization channel activities in consistent
directions, ensuring unity of purpose while supporting agility, innovation, and decentralized decision
making.
• Focus on results: 450 of the 1,000 points in the Baldrige scoring system are allocated to results, one
of seven Baldrige Criteria Categories, proving that results are the bottom line in the Baldrige process. This
results focus helps your organization determine the most critical areas to measure, create and balance value
for key stakeholders, and improve performance in key areas such as customer engagement, process
performance, product performance, student learning, and health care outcomes.
• Enhanced certification and accreditation efforts: Recent iterations of standards from organizations in
widely varying fields—such as those from the International Organization for Standardization, the Joint
Commission, and the North Central Association of Colleges and Schools—are compatible with the Baldrige
Criteria. In some cases, a Baldrige application may be substituted for an assessment.
• Role-model status and pride: Baldrige Award recipients tell the Baldrige Program that applying for
the Award is not about winning. One benefit of receiving the Award, however, is that the organization and
its community develop a tremendous sense of pride. Baldrige Award recipients share their stories and best
performance practices with thousands of people around the country and the world. And Baldrige Award

Lecture Manual
84
recipients help improve the competitiveness of U.S. organizations by inspiring them to improve their
performance.

Lecture Manual
85
CMMI
CMMI or Capability Maturity Model Integration is a process improvement model developed by the Software
Engineering Institute, at Carnegie Mellon University.
• CMMI was developed by the CMMI project, which aimed to improve the usability of maturity models
by integrating many different models into one framework. The project consisted of members of industry,
government and the Carnegie Mellon Software Engineering Institute (SEI). The main sponsors included the
Office of the Secretary of Defense (OSD) and the National Defense Industrial Association.
• Structure of CMMI:
– Maturity levels
– Process areas
– Goals
– Practices
• Contains process areas for:
– Project management
– Process management
– Support
– Discipline-specific process areas
CMMI development team

Membership from
– Industry
– U.S. government
– Software Engineering Institute
Membership characteristics
– Average of about 21 years’ experience
– From organizations with solid process improvement credentials
Financing from DoD
CMMI can be used for:

• Software Engineering Discipline
• Hardware Engineering Discipline
• System Engineering Discipline
• And above disciplines with the addition of Integrated Product and Process Development

Lecture Manual
86
And
• Other disciplines by carefully specifying corresponding practices
CMMI Consists of Process Areas

• A Process Area is a cluster of related practices in an area that, when implemented collectively,
satisfies a set of goals considered important for making significant improvement in that area.
• Examples of process areas related to software development
-Project Planning
-Requirement management
-Configuration Management
-Risk Management
• These PA’s are organized in two ways
-Continuous Representation: PAs by Categories
-Staged Representation: PAs by Maturity Level
Why use CMMI?

CMMI provides guidance for improving your organization’s processes and your ability to manage the
development, acquisition, and maintenance of products or services.
CMMI places proven approaches into a structure that

• helps your organization examine the effectiveness of your processes
• establishes priorities for improvement
• helps you implement these improvements
What is CMMI for Services?
• CMMI for Services is a CMMI constellation that covers the activities required to manage, establish,
and deliver services. As defined in the CMMI context, a service is simply an intangible, non-storable product
• CMMI for Services has been developed to be compatible with this broad definition, and its goals and
practices are therefore potentially relevant to any organization concerned with the delivery of services,
including enterprises in sectors such as defense, information technology, health care, finance, and
transportation
• Referenced frameworks and standards: ITIL, ISO20000, IT Service CMM, and COBIT
What is a capability maturity model?
• A capability maturity model IS

Lecture Manual
87
– A MODEL for an organization’s process maturity

– A framework for reliable and consistent assessments
– A software-industry, community-owned guide
– A mechanism for identifying & adopting best practices
– A rare example of national consensus
• A capability maturity model is NOT
– A prescription or standard
• Actual processes belong to organization, not SEI
– A technology, language, or methodology
A maturity model can be viewed as a set of structured levels that describe how well the behaviors, practices
and processes of an organization can reliably and sustainably produce required outcomes. A maturity model
may provide, for example:
• A place to start
• The benefit of a community’s prior experiences
• A common language and a shared vision
• A framework for prioritizing actions.
• A way to define what improvement means for your organization.
A maturity model can be used as a benchmark for comparison and as an aid to understanding - for example,
for comparative assessment of different organizations where there is something in common that can be used
as a basis for comparison. In the case of the CMM, for example, the basis for comparison would be the
organizations' software development processes.
Two Representations
Staged Representation
• A systematic, structured way to approach process improvement one step at a time.
• Achieving each step is a foundation for the next step.
• There are five levels of maturity.
Continuous Representation
• A flexible approach to improve process performance. The organization may choose to improve a
single PA or a group of PA’s.
• Organization may improve each PA at different rates.
• There are six levels of process capability.
Two Kinds of Practices
Practices are activities that must be performed in each process area.
There are two kinds of practices:
• Specific Practices:

Lecture Manual
88
• Generic Practices:
CMMI can be used for:
• Software Engineering Discipline
• Hardware Engineering Discipline
• System Engineering Discipline
• And above disciplines with the addition of Integrated Product and Process Development
And other disciplines by carefully specifying corresponding practices
Common process notations
– Data flow diagrams
– Flowcharts
– Decision trees
– check lists
– Task descriptors (narratives)
– Activity diagrams (UML)
– Functional flow block diagrams
CMMI Overview
Provides maximum flexibility for organizations to choose which processes to emphasize for improvement.
• Capability level is measured separately for each process area
• Capability levels build on each other within a process area

Lecture Manual

Part 1: Work Patterns Lesson 1: Computers On The Job: How Workers Use Computers

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Part 1: Work Patterns Lesson 1: Computers On The Job: How Workers Use Computers

Uploaded by

Copyright:

Available Formats

1

PART 1 : WORK PATTERNS

Lesson 1: Computers on the Job: How Workers use computers

Personal Computer in the Workplace

Evolution of Personal Computer Use

ITEC 85 – Quality Consciousness, Habits and Processes

The Impact of Personal Computers

Where PC’s are Almost a Job Requirement

ITEC 85 – Quality Consciousness, Habits and Processes

How Computers Change the Way We Worked

The Name of the Game is Speed

ITEC 85 – Quality Consciousness, Habits and Processes

The Portable Worker

ITEC 85 – Quality Consciousness, Habits and Processes

ITEC 85 – Quality Consciousness, Habits and Processes

ITEC 85 – Quality Consciousness, Habits and Processes

Storage and Retrieval Software

ITEC 85 – Quality Consciousness, Habits and Processes

Vertical Market Software

ITEC 85 – Quality Consciousness, Habits and Processes

Lesson 2: Security, Privacy and Ethics

What Is Computer Security and Privacy?

ITEC 85 – Quality Consciousness, Habits and Processes

Most of the components of a computer are designed to operate within a

ITEC 85 – Quality Consciousness, Habits and Processes

Measures for Protection from Natural Threats

Natural threats can cause considerable damage to your

ITEC 85 – Quality Consciousness, Habits and Processes

Threats from Human Actions

ITEC 85 – Quality Consciousness, Habits and Processes

Computer Related Crimes

ITEC 85 – Quality Consciousness, Habits and Processes

Disgruntled or militant employee could

Data Control Worker could

System user could

User requesting reports

ITEC 85 – Quality Consciousness, Habits and Processes

Data conversion worker could

Report distribution worker could

Glossary for Computer Crooks

ITEC 85 – Quality Consciousness, Habits and Processes

- a person who copies software illegally

Who is the computer criminal?

What Motivates a Computer Criminal?

ITEC 85 – Quality Consciousness, Habits and Processes

- people are simply attracted to the challenge of the crime.

Types and methods of computer crime

ITEC 85 – Quality Consciousness, Habits and Processes

Discovery and Prosecution

Biometrics and High Tech Crimes

ITEC 85 – Quality Consciousness, Habits and Processes

Identification and Access : Who Goes There?

What you have

What you know

What you are

Disaster Recovery Plan

ITEC 85 – Quality Consciousness, Habits and Processes

The Disaster Recovery Plan should include:

ITEC 85 – Quality Consciousness, Habits and Processes

ITEC 85 – Quality Consciousness, Habits and Processes

Separation of Employee Functions

Built in Software Protection

ITEC 85 – Quality Consciousness, Habits and Processes