Chapter 1: Concepts of Governance & Management of IS

Governance / Level of
Enterprise Governance IT
Corporate Managerial GEIT Internal Control
Dimensions Governance
Governance Activity
Best Strategic Key
Benefits (i) Corporate Governance or Benefits Why COSO
Practices Planning Governance Benefits
Conformance
Mgmt Control Practices VACCUUM (i) Reliable Assurance
IPL
RIMI ICE Related
mein (ii) Business Governance or Operational EACCM
SEM E-D-M Pighal Transperancy (ii) Preparation of FST
SHADI Performance Control
Gyi Enabler

IT Risk Mgmt
Key Mgmt
Key Mgmt
Practices for Key Mgmt Key Governance
IT Strategic Practices for
Role of IT Steering Evaluating Practices of Practices for
Planning Aligning IT Strategy Risk
IT Committee Whether Business Implementing evaluating Risk
Classification Strategy with Ent
Value Derived Risk Mgmt Mgmt
Strategy
from IT

IT is Functions (i) Characteristic (ii) Source

used to TR ACK
3 DAD Conduct
CAPtain
perform & Make EIRA Strategic E-D-M TE TMT E-D-M
APRil UP Loss HE 2 LP ATM
Business Priority Communication
Process Reports

Internal Audit (IIA) COBIT 5

Key Component lead
Sample Areas of Key Mgmt
to effective IT Sample Areas of Key Mgmt Requirement for
GRC for Practices for Needs
Governance/ Review of Practices of Implementation
Review by Assessing & Principles Benefits Components meet by Enablers
Evaluating IT Assessing & IT of GRC
Internal Evaluating system COBIT
Governance Managing Risks Complaince Program
Auditor of Internal Controls
Structure
Leader CROP DROP QT SOO PIC ORS2 ka AC
SAFE PIGER MIS PEPER ME - IAS FM PC Mgmt COCA cola P 3 ICSO
Process Methodology HER DROP GIRL
 Chapter 2: IS Concepts
Info System TPS
(i) Information (ii) System (iii) Components (iv) Major Area (v) Types of IS/
(i) Activities (ii) Components (iii) Features
Attributes / Classification Hardware Finance & AC Category of IS
Characteristic of Software Mrkt & Sales Operation Capturing
Information Data Prod/Mfg Mgmt Processing
WIDE IPSO LABS
Transport CAR People Stores Mgmt Strategic Generating
mein MRF ka.. Network HR Mgmt Knowledge Queries

OAS MIS
(i) Activities/ (iii) Broad (ii) Mis
(ii) Benefits (i) Characteristics (iii) Prerequisite (iv) Constraints (v) Limitations
Types of operation Groups conceptions
UR TURANT
FC Road mein Manager Chlte Effective MIS
AIR 2
PET Document Completely S E
3
Quality
CCD Chlte ja rha tha… requires STD
MAD BF Substitute

EIS ERP KMS CBS EMAIL

(ii) Characteristic (iii) Contents/ (i) Types of
(i) Characteristics (i) Components (ii) Benfits (i) Elements (i) Features
of Information Principles Knowledge
Top Executive ko used in EIS OPEN And Swapnil Patni Explicit
CUTE PARI INTERSIP PI TREE
decision.. FILL High Shut Coaching Classess Tacit

DSS Expert System

(i) Business (iii) Potential
(i) Characteristics (ii) Types of PL (iii) Components (iv) Examples (ii) Need (iv) Benefits
Applications Properties
DSS Friendly Marketing Expert Think
GPPL & SPPL DUMP ABCD CEO Structure AbCDE
OSCAR FMPG they are..

Application of IS CBIS Impact of IT

Types of IS at IT Crucial
(i) Knowledge manager should possess (ii) Roles of IS in (iii) Impt Implication on Difft
Characteristic Mgmt Level Tools
to operate Info System Enterprise process of IS in business Sectors
BIWI ka
FBI ka MD PDC ICU m AAM PIGI Fail TML E RPF Computer
Software
 Chapter 3: Proctection of IS
Info Security Policy IS Controls
Need for
Causes of Gap btwn Need to Impact of
Protection of Tools to Issues to Rules to Members Components/ Policy & Category of Controls lacking in
Protect IS & Degree of Protection Objective technology on
Info sytem implement address included of policy Content Hierachy Exposures computerized enviornment
Internal Control
Valid ABCD MIC 1.Reduce MAGIC ki Fantastic RAMADIP ki
WIDE TEA GPS DRESS IPL MTL UCO OIA
TRACK REST 2.Eliminate Knowledge Personal Dulhan

On Objective IS Security Access Control Mech Cyber Fraud

Classification of IS
Preventive Detective Corrective Compensatry Objective Sensitive Info Identification Impact Attacks Techniques
Characteristic Characteristic Characteristic To Reduce Authentication BPL valo ko ID dikhane pe
Strategic Boy SDLC VO Phishing
Identifying M 2 RF the CIA Authorization SEZ se HTC below NO Audit
VPN MIS U Friend Loss SMS
Error probablitiy Ticket Auth List Auth Discounted MRP miljata h

Physical Adv Data Integrity Enviornment

Financial Control
Loss in case of Possible Controls Electronic Policy Controls of
Classification of Category of Integrity Categorisation
violation of PerpetratorsLock Log PIM Other Lock over Environment
Information Controls of IS Resource
access path Cipher PIN CCTV Bio metric 2 Software, 1 Exposure
Former Manual
Employee Bolting Plst. Card Security Env 3, Back ABCD 2 I S 3
ABE PUra Online POST se kuch Aag Pani
ne STAND Electronic Identity Alarm Spcl CARD 5 Scale Grade up HIS DP
Damage Automatic bhi Input dhul mitti..
PIC li Bio Metric Badges Agreement

Logical Access Control

Computer Ways to Control Remote & Controls ARUNOM
Logical Access Related Issue Possible Technical Asynchronus
Crime Distributed data Application & Operating system access User Access
Paths & Revelations Violators Exposures Attacks Network Access Control User Respons.
Exposure Processing Application Monitoring control Mgmt
access control Controls Major Task Controls Controls Controls
S 2 DLC Piggy ne
Worm ne
DOT CAT Loss & PEEHU data ko wire NIT ka MAP LAL Handling SENSEble Log hi FB ki
ghode pe.. LIMCA RAPP UP
Blackmail se.. DUPATTA JUHU Security Policy smjh pate h

Managerial Control Application Control

Controls Processing (PVRD)
Mgmt sub
System Programming Mgmt Data Quality Assurance Mgmt Security Operation Mgmt Real Virtual
system Top Mgmt Processer
Development Control Resource Control Mgmt Control Data Processing Memory Memory
Control
Activites Functions Phases Mgmt Reason Control Control
Pyare Sache DON se CHuPna
AUDIT IDT Access Control
Ache DOST PLOC PC DC TOM ABCD QU IPL SECurity MuskiL hi nhi.. TERM REFER
Acceptance Mechnism

Application Control
Controls
App sub
Boundary Input (SC ka judge bhi BV ke samne kuch nhi) Database Output
systems Communication Control
Techniques Source Validation Control Batch Control Update Control
Data Coding Types of Component Internet
Control Types of Types of
Field Record File Control Batch Control Affecting working Multi SAS
Procedure Control Totals Exposure
Boundary CBI ka Pwd Control Reliablitiy Devices
SDLC Output
mein bhi Pin strong Financial, Gate khol
LCD pe Transcription Physical Internet Line PM Modi Media Report Retain
IPOD ka.. rehna chaiye VALID Hash & ke Bridge ke
SPA A Grade VRS LSD se Physical se Communicate
Check Document Raste Chala
ka.. Transposition Record Count Logical FLAT liya krte h SP SR
gya
 Chapter 4: BCP/DRP
Business Continuity Mgmt BCM Policy BC Planning
(ii) Advantages
(iii) Scope of B (ii) Life (iii) Goals of (iv) Key Objectives of the
(i) Related Terms of Business (iv) BCP Manual (i) Objective (i) Areas
Continuity Cycle BCP Contingency plan
Continuity
BRP
Business Contingency Documented BCP ko Successful bnane
Top Mgmt DRP
PATI Description of AKIRA RAjIV Weak CCD ke liye aur Complexity
BCP Process defines
Actions Crisis Mgmt Reduce krne k liye DDLj
BC Planning

Component of
Developing BC Plan BC Mgmt Process
BCM Process
(ii) Implementing B
(ii) Activities (iii) Key Tasks Continuity in
(iv) Factors on (iii) Documentation &
under Intial covered in Enterprise &
(i) Phases which methodology (i) Org Structure Records forming part of BC
Plan Testing & Vulnerability Maintenance
emphasizes MIS Develop Mgmt
Implementation Assessment Activities carried out
hota hai Testing
in implementation
aur Training se
PAI pai pdh liya par Org nominate
SIR ki DRP CAR ke sath DP
RPT nhi pdha toh Main person/team with
DI SCAM Development T.Une Integrate SRI TAR Baba Install PRISMA on APPLE
Test mein Implement appropriate
Team krdi
kaise krega authority

BCM Development &

BCM Information Collection Process BCM Testing & Maintainance
Implementation Process
(i) BIA (ii) (iii) Risk (i) Incident Mgmt (i) Testing (ii) Maintainance (iii) Reviewing BCM
(ii) BC Plan
Classification of Assessment Plan Objective Task Undertaken Arrangement
(Systematically assessing Critical Recover &
(Assessment of new Version vali Key Priorities &
potential impacts resulting Activities Manage intial maintain its
disruption to BMCC Back up RTP dena icai ki Capabilities of RASMI has
from various event) phase of incident activitiy in event
critical activities) Responsibility h chngd
of disruption

Types of Issue to be Considered

Training, Awareness & Types of Back-
Types of Plan Alternate Contents of DRP / Steps for BRP-DCP Audit while drafting contract
Competency Process up
Processing Site with third party site

Full Emergency Hot Taj m emergency bomb blast hua, sara business dusri
(i) Competencies required location pe move kia, kaunsi inventory kha h iska doc
by Org kiya. Sbko aware aur train kiya tha. Sbko plan ke purpose SO what are the Number
Differential Recovery Cold
aur responsibility pta thi, resumption ke liye phone list se of Conditions for PPF
APRIL mein NRI ko Incremental Back-up Warm police, medical, insurance, airline ko cl kiya. H/w S/w Controls
Promote krna hai vendors se frse khride. Backup tha, recover hote tk
Mirror Test Reciprocal manual kaam kiya
 Chapter 5: Development of Systems
System Development Waterfall Prototype
Failure Accountant Features + - Phase + -
User Mgmt Development Roles Nadan AIR ka
GEET ka IDT Pdha Improve
DO Supports Behaviour jaanne
Inadequate bhi IPR revise kiya Unclear
SD US Return on CA Document OPC turnt usko STD se
PNR hota h fr sign off DEFENSE
cl kiya

Incremental Spiral RAD Agile Auditor Role SDLC Phases

+ - + - Feature + - Features + - Vhi purani
Puri Raat DAD
Sasti Dairy Fast SOLAR Difficult MSD SAM ki
RUDE ROI DEAR CEAT ALERT ne diye TIP
Milk GEMS BANTA TV AIMS CORRECT DASTAN

Preliminary Delination of Scope Feasibility System Requirement Analysis of Present

Fact Finding
Investigation Mthd Dimentions Aspects Study Collection-Present System
Police Officer Slip Document then DR IPCC Fail Clearly Rakhi ke BF systm-Proposed systm- DIDI ke HOM ka
DIOQ
cut kr di FRIday ko Interview hogya IDIOT ko uske.. Reprtng to Mgmt Overall Analysis
Roles System Design System Acquistion
SRS Content
Involved DB Designing UI Interface System Methods of Validating Validation of
Acq Std
Activities Input Output factor Vendor Proposals Vendor Proposals
SRS ne BV SPL SLP
Conceptual
ko.. DATA FC Road mein.. SCRET VLUP CPT Rprt ki Bnchmrkng MS BCP
DPS

System Development System Testing (UR IS Final)

Other Types of Unit Testing Final
Characteristic of Good Integration Testing System Testing
Aspects of Programing Classification/ Acceptance
Coded Program Category
Phases Languages Technique Manner Types
S D QA
oh baby UR RARE CDM LTD. HOSpitaL SP SP F BRT RSP Volume
DSC BGW

System Implementation (ET CS Activities) Post Implemenation Review & System Maintenance
Equipment System Change Over Change Over
Post Implemenation Review System Maintenance
Installation Strategies Activities
PIC DPPP SP ki Personal File DO Info Preventive SCRAP
 Chapter 6: Auditing Info System
Controls & Audit IS Audit
Change in
Need of IS Objective of IS Change in Category/ Skill of IS Functions of IS
Evidence Steps Standards & Best Practices
Audit Audit Evaluation Types Auditor Auditor
Collection
ISACA (GPS Cobit)
ISO 27001
DEPICA PPF- TU BBQ
AIEE DOSA EdLi SAS MISS Call Internal Audit Std IFRS
Value ARChi Policy
Std on Int Audit
ITIL

Performing IS Audit CAT

Preliminary Steps Risk Understanding Category of Types of
Advan Disadv ITF SCARF
Review based Audit Technology Risk Audit Tools
Removing Types of Info
BAS RAAT CAT Entering Data
KAMTI IDA Priority CID SADSE SISCA Effect Collected
Din Network Objective
TP RIT S 2 AMVED

Managerial System Programming

Role of IS Auditor Top Mgmt & IS Mgmt Application Control
Controls Development Mgmt
Physical Controls Activities Types of Audit Controls Major Concern
Environment
Access Boundary mein bhi I-POD
Control Pyare Sache
Control PLOC CGPa ka Communication kaam PC DC TOM
Ache DOST
RCD ACD krta hai

Application
Types of Operational Layer IT Risk Mgmt under Tactical
Audit Trail Security Tactical Layer Audit
Layer Audit Layer
Control
Objective Types Audit Issue Security Administration to
SIR ki MAD put in place
Accounting
STO AASRM
DRP Policy UPS
USA ki Risk Monitoring
Operational
 Chapter 8: Emerging Technologies
Cloud & Grid Cloud Computing
Issue Enviornment Services
Similarities Differences Goals Architecture Characteristic +
Security Adaptation/ Public SaaS
Front End Private PaaS
Very Popular CIA & IPS Implementation AB QU
SIMRan SF SCRA P
3
Middleware ki GST se Hybrid IaaS
(ASM)2 USE SHIT CA
Back End hui LADAI Community Other (SID)

Cloud Computing Environment

Private Public Community Hybrid
Characteritic + - Difference Characteritic + - Characteritic + - Characteritic + -
CAS PLUS MBA Mgmt PANDaL SA SA S NISHA SAP CPC Low CSR NAS SPAM HusBand SM

Cloud Computing Serivces

Green IT
SaaS IaaS PaaS
Different Different Other
Services Characteristics Services Characteristics Services Characteristics Best Practices
Instance Instance
Business
One & only NEDD
Doucment EAT CSNL MISS Web LADO OBAPA Client SID PRESS
SAMBHA Storage
NaaM

Mobile Computing BYOD

Components Benefits Issues Security Limitations + Threats
LB ne BR ko Loly Pop Issue Employee happy hai qki uska
CHS MUJRA khate dekha toh SAD HIS TIP Budget Reduce hogya aur INDiA
CIA LA
hogye Technology Efficieny hogyi

Web 2.O Web 3.O

Components of Web 2.O for Social Types & Behaviour of Social
Sectors / Fields Components
Network Network
RCB ke Fan MWF ko match dekhte hai SOCIAL SM2S2 SME SW
 Governance / Corporate Governance
Benefits
IPL mein SHADI
I Implementing & integrating desired business process into enterprise
P Provide stability
L Overcoming Limitation of org structure
S Enable effective & Strategic alligned decision making
H Helps in achieving enterprise objective
A Provides transparent decision rights & Accoutability framework
D Defining & Encouraging desirable behaviour in use of IT
I Improve customer satisfaction & Internal relationship

Best Practices
RIMI SEM
R Assingment of Responsibility
I Incorporating Hierarchy
M Mechanism for interaction & co-operation
I Appropriate Information flow internally
S Implementing Strong Internal Control System
E Special monitoring of risk Exposure
M Financial & Mgmt Incentives

GEIT
Key Governance Practicies
E-D-M
E Evaluate Governance system
D Direct Governance system
M Monitor Governance system

Benefits
ICE Pighal Gyi
I Consistent approach Integrated & Alligned with enterprise governance
C Confirms Compliances with legal & regulatory framework
E Ensure that IT related decision are made in line with the enterprise strategy
Pighal Ensure IT related Process are overseen effectively & transparently
Gyi Ensure the Governance requirements for Board member are met
 IT Governance
Benefits
VACCUUM Related Transparency Enabler
V Increased Value delivered through IT compliance
A Improve Agility in supporting business needs
C Better Cost performance
C Improve Compliance with relevant laws, regulation & policies
U More optimal Utilisation of resources
U Improve User satisfaction
M Improve Mgmt
Related Mitigate IT Related business risk
Transparency Improve Transparency
Enabler IT becoming an key Enabler rather than inhibitor (means: rokne vala) for change

Internal Control
As per COSO
EACCM
E Control Environment
A Risk Assessment
C Control Activities
C Information & Communication
M Monitoring
 IT
IT Steering Committee
Functions
3
TR ACK & Make Priority Report
Ensure long & short range plans of IT dept are in Tune with enterprise goals &
T
objective
R Review & approve major IT deployment projects
R Review status of IS plans
R Review & approve std, policies & guidelines
A Ensure Availability of viable communication system exist btwn IT & its users
C Facilitate & resolve Conflicts in deployment of IT
K Approve & monitor Key projects by measuring result of IT projects in terms of ROI
Make Make IS plan
Priority Set Priorities within the scope
Report Report to BoD on regular basis

IT Strategic Planning Classification

EIRA
E Enterprise Strategic Plan
I Info system strategic plan
R IS Requirement plan
A IS Application & Facilities Plan

Key mgmt practices for Aligning IT strategy with enterprise strategy

DAD Conduct Strategic Communication
D Understand Enterprise Direction
A Assess the current environment, capabilities & performance
D Define target IT capabilites
Conduct Conduct gap analysis
Strategic Define Strategic plan & road map
Communication Communicate IT strategy & direction

Key mgmt practices for Evaluating whether business value derived from IT
E-D-M
E Evaluate value optimization
D Direct value optimization
M Monitor value optimization
 Risk Mgmt
Key mgmt practices of implementing Risk mgmt
CAPtain APRil
C Collect data
A Analyze risk
P Maintain risk Profile
A Articulate risk
P Define risk mgmt action Portfolio
R Respond to risk

Strategies
TE TMT
T Tolerate / Accept
E Eliminate / Terminate
T Transfer / Share
M Mitigate / Treat
T Turn Back / Ignore

Key Governance Practices for evaluating Risk mgmt

E-D-M
E Evaluate Risk Mgmt
D Direct Risk Mgmt
M Monitor Risk Mgmt

Risk
Sources
2
HE LP ATM
H Human behaviour
E Economic circumstances
E Natural Events
L Commercial & Legal relationship
P Political circumstances
A Individual Activities
T Technology & technical issue
M Mgmt Activities & controls

Characteristics
UP Loss
U Uncertainity of loss
P Probability
Loss Loss potential
 COBIT 5
Principle
ME - IAS
M Meeting stakeholder needs
E Covering enterprise End to End
I Applying a single Integrate framework
A Enabling a holistic Approach
S Separating Governance from Mgmt

Components
FM PC Mgmt
F Framework
M Maturity models
P Process descriptions
C Control objective
Mgmt Mgmt Guidelines

Benefits
SOO PIC HER
S For all Size & sector
O Enable enterprise in achieving their Objective
O Create Optimal value from IT
P Policy development & good practice
I Increase user satisfaction
C Complaince with relevant laws, regulations & policies
H Enable IT to be governed in a Holistic manner
E Takes full End to End business
R Manage IT related Risk

Key Mgmt Practices of IT compilance

COCA cola
C Identify external Complaince requirement
O Optimize response to external requirement
C Confirm external complainces
A Obtain Assurance of external compliances

Requirement for Implementation of GRC Program

ORS ka DROP
2

O Using process Oriented approach

R Identifying Regulatory & compliance landscape
S Setting out key parameter on which success will be measured
S Using uniform & Structured approach which is auditable
D Defining clearly what GRC requirements are applicable
R Reviewing current GRC status
O Determining most Optimal Approach
P Adopting global best Practices
 Needs meet by COBIT
AC GIRL
A Assurance activities
C CSR Reporting
G Governane & Mgmt of enterprise IT
I Information security
R Risk Mgmt
L Legal & regulatory compliance

Enablers
P ICSO
3

P Principles, policies & framework

P Process
P People, skills & competencies
I Information
C Culture, ethics & behaviour
S Services, Infrastructure & applications
O Organisation structure
 Internal Audit
Evaluating IT Governance structure & Practices by Internal Auditor / Key component lead to effective
IT Governance
Leader CROP Process
Leader Leadership
C Controls
R Risks
O Org Structure
P Performance measurement / monitoring
Process Processess

Sample area of Review by Internal Auditor

SAFE PIGER
S Scope
A Address Adequacy of risk mgmt process
F Evaluate Fraud & Fraud risk
E Evaluate Risk Exposure
P Risk mgmt Process
I Interpretation
G Governance
E Enterprise Ethics
R Risk mgmt

Sample area of review of Assessing & Managing risk

DROP QT Methodology
D Different kinds of IT risks
R Root cause analyses & risk mitigation measures
O Risk mgmt Ownership & Accountability
P Defined & Communicated risk tolerance Profile
Q Quantitative and/or qualitative risk measurement
T Timely reassessment & risk action plan
Methodology Risk assessment Methodology

Key Mgmt Practices for assessing & evaluating system of Internal control
MIS PEPER
M Monitoring Internal Control
I Identify & report control deficiency
S Scope assurance initiative
P Plan assurance initiative
E Execute assurance initiative
P Perform control self assessment
E Ensure that assurance provider are independent & qualified
R Review business process controls effectiveness
 Information System
Information
Attributes
Transport CAR mein MRF ka Valuable, Valid, Adequate & Updated Quality ka tyre kyu Fix krne ka
Purpose hota h
Transport Transperancy
C Completeness
A Availability
R Rate
M Mode
R Reliability
F Format
Valuable Valuable
Valid Valid
Adequate Adequate
Updated Updated
Quality Quality
Fix Frequency
Purpose Purpose

System
Classification
WIDE
W Working / Output
I Interactive Behaviour
D Degree of Human Intervention
E Element

TPS
Components
IPSO
I Input
P Processing
S Output
O Storage

Features
LABS
L Large Volume of Data
A Automation basic operations
B Benefits easily measurable
S Source of Input
 OAS
Activities
FC Road mein CCD
F Filing, Search, Retrival
C Calculation
Road Recording utilization of resources
C Document Capture
C Document Creation
D Receipts & Distribution

Benefits
AIR
2

A Ensure Accuracy
I Improve Communication
R Reduce Cost
R Reduce Cycle Time

Broad Groups
PET Documents
P Text Processing System
E Electronic Message Communication System (Email, Fax, Voicemail)
T Teleconferencing & Video Conferencing System
Document Electronic Document Mgmt System

E-Mail Features
PI TREE
P Portability
I Integration with other IS
T Electronic Transmission
R Broadcasting & Rerouting
E Economical
E Online Development & Editing
 MIS
Characteristics
Manager Chalte Chalte ja rha tha Meduwada, Samosa, IceCream, Chessee, Lolypop kha rha tha
Manager Mgmt Oriented
Chalte Common Database
Chalte Common Data Flow
Meduwada Mgmt Directed
Samosa Sub System Concepts
IceCream Integrated
Chessee Computerized
Lolypop Long Term Planning
Mis-Conceptions
UR Completely MAD BF
U Study of MIS = Use of Computer
R Any Reporting System is MIS
Completely Any Computer based IS is MIS
M Mgmt Technique
A Accuracy
D More Data = More Information
B Bunch of Technology
F File Structure
Pre-requisite
Effective MIS requires STD
Effective Evolution
MIS Control & Maintenance of MIS
S Qualified System & Mgmt Staff
T Top Mgmt Support
D Database
Constraints
SE
3

S Selecting Sub System

S Non Standardization
S Non Availability of Support from staff
E Non Availability of Expert
Limitation
TURANT Quality Substitute
T Frequent chng in Top Mgmt
U Quickly Update
R Reduce Effectiveness where culture of hoarding Information exist
A Quantitative Factors like Attitude, Emotions
N Non Programmed decisions
T Tailor made information package
Quality Quality depends on Input
Substitute Not a Substitute
 EIS
Characteristics
Top Executive ko decision lena tha uske pass Time bht kum tha isiliye vo DSS ke pass gya vaha pe
usne Internal & External data ka summarised form mein online analysis kiya
Top Serves Top Mgmt
Time Timely Information
DSS Easily be given as a DSS
Internal & External Capable of accessing both Internal & External data
Summarised Extract Summary data with drill down
Online Analysis Extensive Online Analysis Tool

Characteristics of Info used in MIS

FILL High
F Future Oriented
I Informal Sources
L Low Level of Details
L Lack of Structure
High High Degree of Uncertainity

Contents/Principles/Indicators/Components to be included in EIS

OPEN And Shut
O Balanced view of organisation Objective
P Performance Indicator
E Easy to understand & Collect
N Must Evolve to meet Changing Needs of Organisation
And Available to all
Shut Share Ownership
 ERP
Components
Swapnil Patni Coaching Classess
Swapnil Software
Patni Process
Coaching Customer Mindset
Classess Change Mgmt

Benefits
CUT E PAR I
2 2

C Customer Satisfaction
U Uniform Process
T Turn Collection faster
T Track actual cost
E Improve Effeciency & Workflow
P Consolidated Picture
A Activity Based Costing
R Reduce Redundant Data & Process
R Reduce Inventory Cost
I Single Integrated System

CBS
Elements
INTERSIP
I Interest Calculation
N Opening New Account
T Maintaining record of Transactions
E Establishing Criteria
R CRM Activites
S Making & Servicing Loans
I Interest Rate
P Processing Payments & Cheques
 DSS
Characteristics
DSS Friendly OSCAR
D Focus on Decision making
S Support at all levels
S Support Group Decisions
Friendly User Friendly
O Evolve Over time
S Also for Structured Problem
C Used for Decision instead of Communication
A Flexible & Adaptable
R Support decision making rather than Replace them

Components
DUMP
D Database
U User
M Modelbase
P Planning Langauage

Examples
ABCD
A Cost Accounting
B Budget Variance
C Capital Budgeting
D General Decision
 Expert System
Need
CEO
C Cannot easily find & keep expert
E Expensive & Scare
O Only handle few factors

Benefits
Expert Think they are not Emotional but they have Strategic Knowledge
Expert As a real life Expert
Think Assist novices in Thinking
Not Emotional Not Emotional
Strategic Strategic Tool
Knowledge Preserve Knowledge

Potential Properties
Structure AbCDE
Structure Structure
A Availability
C Complexity
D Domain
E Expertise

Application of IS
Roles of IS
PDC
P Support org business Processes & operations
D Support business Decision Making
C Support Strategic Competitive Advantage
Knowledge Manager Should Possess
FBI ka MD
F Foundation Concepts
B Business Applications
I Info Technology
M Mgmt Challenges
D Development Process
Important Implication of IS
ICU mein AAM
I Generating Innovative Ideas
C Survive & thrive in highly Competitive Envt.
U Unusual Situation
A Achieve org. goals
A To formulate strategy of Action
M Making Right decision at right time
 Impact of IT on Different Sector
Recognised Employees Provident Fund
Recognised Wholesale & Retailing
Employees E Business
Provident Public Sector
Fund Finance

IT Crucials Tools
BIWi ka Computer Software
BI Business Intelligence
W Website
Computer Computer Systm, Scanner, laptop, printer, etc
Software Software & Packages

Types of Info System at Mgmt Level

TML
T Top level strategic Info
M Middle level Tactical Info
L Low level operational Info
 Need for protection of IS
Valid TRACK
Valid Valid
T Timely
R Reliable & Relevant
A Accurate
C Complete
K Consistent

Cause of Gap btwn need to protect IS & Degree of Protection

WIDE TEA
W Widespread use of Technology
I Interconnectivity of System
D Devolution of Mgmt & Control
E Elimination of Distance, time & space as contraints
T Technology Changes
E External Factors such as legislative, legal or regulatory requirements
Attractiveness of conducting unconventional Electronic attacks over more conventional
A
physical attacks

IS Security
Objective
CIA
C Confidentiality
I Integrity
A Availability

What info are Sensitive

S BF
S Strategic Plan
B Business Operations
F Finances
 IS Security Policy
Tools to implement Policy
GPS
S Standard
G Guidelines
P Procedure

Issue to Address by Policy

DRESS
D Definition of IS
R Reason why IS is important, its goals & principles
E Brief Explantion of security policies, principles, standards, & compliance requirements
S Definition of all relevant Security Responsibility (IS Security)
S Reference to Supporting documents

Rules to be included
IPL
I Prevent Inappropriate use or waste of resources
P Preserve & Protect info form any unauthorized modification, access or disclosure
L Limit or eliminate potential legal liability

Members of Policy
MTL
M Mgmt Member
T Technical Group
L Legal Expert

Components or Content of Good Info Security Policy

ABCD MIC REST
A Monitoring & Auditing requirements
B BCP
C IT Communication
D Purpose, scope & Intended user of Document
M Mgmt & Access Control
I Security Infrastructre
C Legal Compliance
R Incident Response mechanism
E Physical & Enviornmental Securtiy
S Security Org. Structure
T Description of Technology

Policy & Hierarchy

UCO
U ser Security Policy
U User Security Policy
Acceptable usage policy
O rg. Security Policy
Org Info. Security Policy
O
Network & System security
Info. Classification policy
C Condition for connection
 IS Controls
Objective
Reduce or if possible eliminate causes of exposure to potential loss

Category of Exposure
OIA
O Error or Omissions
I Improper Authorization & Improper Accountability
A Inefficient Activity

Controls lacking in computerized enviornment

MAGIC ki Fantastic Knowledge
M Lack of Mgmt understanding of IS Risk & Related Controls
A Absence or Inadequate IS control framework
G Absence or weak General Controls & IS Controls
I Inappropriate Technology implementation
C Complexity of Implementation of Controls in distributed computing enviornment
Fantastic Lack of Control Features
Knowledge Lack of Awareness & Knowledge

Impact of Technology on Internal Control

RAMADIP ki Personal Dulhan
R Delegation of Authority & Responsibility
A Comparing recorded Accountability with Assets
M Adequate Mgmt Supervision
A Authorization Procedure
D Adequate Documents & Records
I Independent checks on performance
P Physical control over assets & record
Personal Competent & Trustworthy Personnel
Dulhan Segregation of Duties

Classification of Controls
NO Audit
N Nature of IS Resources (i) Environmental (ii) Physical (iii) Logical
O Objectives (i)Preventive (ii) Detective (iii) Corrective (iv) Compensatory
Audit Audit Function:- (i) Managerial (ii) Application
 Classification of controls on the basis of On Objective
Preventive Control
Characteristic
VPN
V Clear cut understanding about Vulnerabilities of Asset
P Understanding Probable threats
N Provision of Necessary Controls for probable threats

Detective Control
Characteristic
MIS U
Established Mechanism to refer the reported unlawful activities to appropriate person or
M
group
I Interaction with preventive control to prevent such acts from accuring
S Surprise checks by Supervisior
Clear Understanding of lawful activity so that anything which deviates from these to be
U
reported as unlawful

Corrective Control
Characteristic
Identifying M RF Error
2

Identifying Identifying the root cause of problem

M Minimizing the impact
M Modifying the processing system to minimize future occurance of incident
R Providing Remedy to problems discovered by detective control
F Getting Feedback from preventive & detective controls
Error Correcting Error arising from a problem
 Classification of Control on the basis of Nature of IS Resources

1. Phyiscal Access Controls

Loss in case of Violation of Access Path
ABE PUra Damage
A Abuse of data processing resources
B Blackmail
E Embezzlement
P Public disclousre
U Unauthorized entry
Damage Damage or threat to document or equipments

Possible Perpetrators
Former Employee ne jane se phle sabki STAND PIC li
Former Employee Former Employee
S On Strike Employee
T Threatened by disciplinary action or dismissal
A Addicted to substance or gambling
N Notified for termination
D Discontented (i.e. Dissatisified)
P Experiencing financial or emotional Problems
I Accidental Ignorant
C Interested or informed outsider such as Competitors

Advantages of Electronic lock over Biometric Lock

Special CARD
Special Through Special internal code, cards can be made to identify correct individual
C Card entry can be easily deactiviated in event of lost or stolen
A Administrative process becomes more simplier
R Individuals access needs can be Restricted
D Degree of Duplication is reduced

2. Environment Controls
Categorization of IS Resources
HIS DP
H Hardware & Media
I Info system supporting Infrastructure or facilities
S Supplies
D Documentation
P People

Controls
Aag, Pani, Dhul-Mitti, Bijli, Bhukmp-Sunami
Aag Fire Controls
Pani Water Controls
Dhul-Mitti Pollution Control
Bijli Power Spikes
Bhukmp-Sunami Natural Disasters
 3. Logicial Access Controls
Path
DOT
D Dial Up Port
O Online Terminal
T Telecommunication Network

Related Issue & Revelations

CAT
C Computer Crime Exposure
A Asynchronus Attackes
T Technical Exposure

Computer Crime Exposure

S DLC Loss & Blackmail
2

S Sabotage
S Spoofing
D Disclosure of confidential, sensitive or embarrasing information
L Legal repercussion
C Loss of Credibility or Competitive Edge
Loss Financial Loss
Blackmail Blackmail

Possible Violators
PEEHU
P IS Personnel
E Employee
E Former Employee
H Hackers
U End Users

Technical Exposure
Worm ne Ghode pe baith ke round round krke Data ke upar Bomb feka aur Darwaje ko Salami di
Worm Worm
Ghode Trojan Horse
Round round Rounding down
Data Data Diddling
Bomb Bomb
Darwaje Trap Door
Salami Salami Techniques

Asynchronous Attacks
Piggy ne Data ko Wire se lapet diya toh uski SaS margyi
Piggy Piggybacking
Data Data Leakage
Wire Wire tapping
S Denial of Service
S Subversive Threats (i) Invasive tap (ii) Inductive tap
 Ways to control remote & distributed data processing application
NIT ka MAP
Location which sends data should attach Needed control info that helps the receving location
N
to verify the genuiness & integrity
I When Identical copies exist ensure that all copies contains same info
T Having a Terminal lock can assure physical security to some extent
Terminal & Computer operation at remote locations should be Monitored carefully &
M
frequently for violation
A Applications should be controlled appropriately
P Proper control mechanism over system documentation & manuals

Logical Access Control Types

ARUNOM
A A pplication & Monitoring System Access Controls
R User R esponsibilities
U U ser Access Mgmt
N N etwork Access Control
O O perating System Access Control
M M obile Computing

Application & Monitoring System Access Controls

LIMCA
L Event Logging
I Sensitive System Isolation
M Monitor system use
C Clock synchronization
A Info Access restriction

User Responsibilities
UP
U Unattended user equipment
P Password use

User Access Mgmt

RAPP
R User Registration
A Review of user Access Rights
P Previlege mgmt
P User Password mgmt

Network Access Control

SENSEble Log hi FB ki Policy smjh pate hai
S Segg of Network
E Enforced path
N Network connection & routing control
S Security of Network services
E Encryption
Log Recording of Transaction Log
F Firewall
B Call Back Devices
Policy Policy on use of network service
 Operating System Access Control
Major Task
Handling JUHU Security
Handling Handling Interrupts
J Scheduling Jobs
U Maintaining Usage Records
H Managing Hardware & Software Resources
U Enabling multiple User resource sharing
Security System Security

Controls
LAL DUPATTA
L Terminal Log in procedure
A Access control list
L Limitation of connection
D Duress Alarm
U Use of system Utilities
P Password mgmt system
A Access Token
T Terminal Time out
T Automated Terminal identification
A User Identification & Authentication
 Classification of Controls on the basis of Audit Function

1. Managerial Control
Types of Mgmt sub systems / Types of Controls
Pyare sache ache DOST
Pyare P rogramming mgmt
Sache S ystem development mgmt
Ache Quality A ssurance mgmt
D D ata Resource Mgmt Control
O O peration Mgmt
S S ecurity Mgmt
T T op mgmt

Programming mgmt
Phases
PC DC TOM
P Planning
C Control
D Design
C Coding
T Testing
OM Operation & Maintenance

System development mgmt

Activities
AUDIT Test & Acceptance
A System Authorization activities
U User specification activites
D Technical Design activities
I Internal auditor participation
T Program Testing
Test & Acceptance User Test & Acceptance procedure

Quality Assurance mgmt

Reason why this control is required
IPL ki SECurity tight krne se uski quality improve hogi
I Improving quality of IS is a worldwide trend
P Org are taking more ambitious Projects when they build software
L Org are concerned about their Liability if produce & sell defective software
Org are increasingly producing Safety-critical system as user & becoming more demanding
S
in terms of quality of software
User are becominng more demanding in terms of their Expectations about good quality of
E
software
Poor quality software can be Costly in case of strategic projects like missed deadline, poor
C
customer satisfaction
 Data Resource Mgmt Control
Control Activities
ABCD QU
A Access Control
B Backup Control
C Concurrency Control
D Definition Control
Q Quality Control
U Update Control

Operation Mgmt
Controls
D ON se CHuPna MushkiL hi nhi
2

D Documentation & Program library

D Data preparation & Entry
O Mgmt of Outsourced operation
N Network Operations
C Computer operation
H Help desk / Technical support
P Production control
M Capacity planning & performance Monitoritng
L File Library

Security Mgmt Control

IDT
I Insurance
D DRP
T Threat Identification

Top mgmt
Functions
PLOC
P Planning (i) Preparing (ii) Types of Plan (iii) Role of Steering committee
L Leading (i) Motivating & Leading (ii) Communicating
O Organising (i) Resourcing (ii) Staffing
Controlling (i) Overall control of IS Function (ii) Control of IS Activities (iii) Control over IS
C
servies
 2. Application Control
Types of Application subsystem / Types of Application controls
Boundary mein bhi I-POD ka Communication kaam krta hai
Boundary Boundary
I I nput
P P rocessing
O O utput
D D atabase
Communication Communication

Boundary Controls
CBI ka Password Pin strong rhna chaiye
C Cryptography
B Biometric Devices
I Identification Card
Password Password
Pin PIN

Input Controls
Superme Court ka judge bhi apni BV ke saamne kuch nhi
S S ource Document
C Data C oding
B B atch
V V alidation

Source Documents
Control Procedure
SPA
S Use source document in Sequence
P Use Pre-numbered source document
A Periodically Audit

Data Coding
Types of Error
Transcription Errors
Addition 83276 - 832766
Trunction 83276 - 8327
Substitution 83276 - 83266
Transposition Errors
Single 12345 - 21345
Multiple 12345 - 32145

Batch
Types of controls
Phyiscal Control
Logical Control

Control Tools
Financial Totals
Hash Totals
Document / Record Count
 Validation Control
Field Checks
LCD pe A grade ka Valid Picture dekhne ka
L Limit Checks
C Cross Check
D Check Digit
A Arithmetic Check
Valid Valid Code
Picture Picture Check

File Control
VALID Check
V Version Usage
A File updating & maintenance Authorisation
L Labelling
I Before & after Image & logging
D Data file Security
Check Parity Check

Record Control
VRS
V Valid Sign
R Reasonableness
S Sequence

Processing Control
Controls
PVRD
P P rocessor control
V V irtual memory control
R R eal memory control
D D ata processing control

Processor Control
TERM
T Timing control
E Error detection & correction
R Component Replication
M Multiple Execution states

Virtual Memory Control

Identification
Authentication
Authorization (i) Ticket Oriented (ii) List Oriented

Data Processing Controls

REFER
R Run-to-run totals
E Edit checks
F Field Intialization
E Exception reports
R Reasonableness verfication
 Output Controls
Controls
SDLC Output Retain
S Spooling
D Report Distribution & Collection control
L Storage & Logging of sensitive, critical forms
C Control over printing
Output Logging of Output program execution
Retain Retention controls

Database Control
Update Control
Multi SAS
Multi Process Multiple transaction for a single record in the correct order
S Sequence check btwn transaction & master files
A Ensure All records on files are processed
S Maintain a Suspense A/c
Report Control
SPSR
S Standing data
P Print run-to-run control totals
S Print Suspense Account entries
R Recovery Control

Communication Controls
Types of Exposure
LSD
L Data can be Lost or corrupted through component failure
S Hostile party could seek to Subvert (i.e. destroy) data
D Transmission impairment can cause Difference btwn data sent & rcvd

Controls
Internet Line se Physical FLAT liya
Internet Internet working control
Line Line error control
Physical Physical control
F Flow control
L Link control
A Channel Access control
T Topological control

Physical component affecting reliability of communication system

PM Modi Media se Communicate karte hai
P Port Protective device
M Multiplexer & concentrator
Modi Modem
Media Transmission Media
Communicate Communication Lines

Internetworking Devics
Gate khola aur Bridge ke Raaste chala gya
(i) Gateway (ii) Bridge (iii) Router
 Data Integrity
Classification of Information
Top Secret
Highly Confidential
Proprietary
Internal Use Only
Public

Category of Integrity Controls

Online POST se kuch bhi Input
Online Online data entry control
P Processing (Data processing) & Storage Control
O Output Controls
S Source data Controls
T Data Transmission Control
Input Input validation routines

Policy
2 Software + 1 Environment + 3 Back up
Software Virus Signature Updating
Software Software testing
Environment Division of Enviornment
Back up Offsite Backup
Back up Quarter end & Year end Back up
Back up Disaster Recovery (BCP)

Financial Controls
ABCD IS
2

A Authorization
B Budget
C Cancellation of Document
D Dual Control
I Input / Output verification
S Safekeeping
S Sequentially numbered documents
 Cyber Frauds

Impact
SDLC Loss
S Sabotage
D Disclosure of confidential, Sensitive or Embarrasing Info
L Legal Repercussions
C Loss of Credibility or Competitve Edge
Loss Finacial Loss

Cyber Attacks
VO Phishing SMS
V Virus Malicious Code
O Other like Eavesdroping, email forgery, cracking, etc
Phishing Phishing
S Network Scanning
M Malware Propogation
S Spam

Cyber Techniques
BPL valo ko ID dikhane pe SEZ se HTC ka mobile below Discounted MRP miljata hai
B Logic Time Bomb
P Piggybacking
L Data Leakage
I Internet Terrisom
D Data Diddling
S Scavenging
E Social Engineering Technique
Z Super Zapping
H Hacking
T Trap Door
C Cracking
Discounted Denial of Service Attacks
M Masquerading or Impersonation
R Round Down
P Password Cracking
 Business Continuity Mgmt
Advantage of Business Continuity
PATI
P Planned response to disruption
A Proactively Assess the threat scenario & potential risks
T Able to demonstrate a response through process of regular Testing & Training
I Minimize the Impact on enterprise

BCM Policy
Objective
AKIRA
A Critical services & Activities undertaken will be identified
K Plans will be developed to ensure continuity of Key services & activities
I Invocation of Incident mgmt & BC plans can be managed
Incident mgmt plan & BC plans are subject to ongoing testing, Revision & updation as
R
required
A Planning & mgmt responsibility are Assigned to member of relevant senior mgmt team

Business Continuity Planning

Life Cycle
RAjIV
R Risk Assessment
A Determination of recovery Alternatives
I Recovery plan Implementation
V Recover plan Validation

Goals of BCP
Weak CCD
Weak Indentify Weakness & Implement a disaster prevention program
C Facilitate effective Co-ordination of recovery tasks
C Reduce Complexity of recovery effort
D Minimize Duration of serious disruption to business operation

Key objectives of Contingency Plan

BCP ko Successful bnane ke liye aur Complexity reduce krne ke liye DDLj
B Continue critical Business operation
C Facilitate effective Co-ordination of recovery task
P Provide safety & well being of people on premises
Success Establish mgmt Succession & emergency powers
Complexity Reduce Complexity of recovery effort
D Minimize Duration of serious disruption
D Minimize immediate Damage & losses
L Identify critical Lines of business
 Developing BC Plan
Methodology
CAR ke sath DP TUne Integrate krdi
Providing mgmt with Comprehensive understanding of total efforts required to develop
C
& maintain an effective recovery plan
A Obtaining commitment from Appropriate mgmt to support & participate in the effort
R Defining Recovery requirements
D Documenting the impact of extented loss to operations & key business functions
P Focusing on disaster Prevention & impact minimization
T Selecting proper BC Team
U Developing BC plan that is Understandable, easy to use & maintain
Defining how BC consideration must be Integrated into ongoing business planning &
Integrate
system development processes

Phases
PAI pai pdha par RPT nhi pdha toh Main Test mein Implement kaise krega
P Pre planning Activities
A Vulneability Assessment & General definition of requirement
I Business Impact Analysis (BIA)
R Detailed Definition of Requirement
P Plan development
T Testing program
Main Maintenance program
Test Initial plan Testing & Plan Implemenatation

Key task under Vulnerability Assessment

SIR ki DRP Development Team
S A thorough Security Assessment
Enable project team to Improve any existing emergency plans & disaster prevention
I
measures
R Reporting finding & recommendation resulting from assessment to steering committee
D Defining the scope
RP Analyze, recommend & purchase Recovery Planning & maintenance software
Develop Develop a Plan framework
Team Assemble project Team & conduct awareness program

Activities under Intial Plan Testing & Implementation

DI SCAM
D Defining the test program
I Identifying test team
S Structuring the test
C Conducting test
A Analyze test result
M Modifying plans as appropriate
 BCM Process
Components
MIS Develop hota hai Testing & Training se
M Mgmt Process
I Info Collection process
S Strategy process
Develop Development & Implementation process
Testing Testing & Maintenance process
Training Training process

BCM Mgmt Process

Activities carried out in implementation
CID valo ne TRUMP ko election mein gadbadi krte hue pakad liya
C Managing Cost & Benefit associated
I Involving all stakeholders
D Defining scope
T Testing of program on regular basis
R Defining Roles & responsibilities
U Reviewing & Updating BC capability, risk assessment & BIA
M Maintaining appropriateness of BC Program
P Convert Policies & Strategies into action

Documentation & Records forming part of BC Mgmt

Install PRISMA on APPLE iphone
Install Incident log
P BC Plan
R Risk Assessment Report
I BIA Report
S BC Strategies
M Overall & Specific incident Mgmt plan
A Aims & objectives of each funtion
A Activities undertaken by each function
P BC Policy
P Testing Program
L Local authority risk register
E Exercise schedule & results
 BCM Testing & Maintenance
Testing
Objective
BMCC Backup
To ensure there sources such as Business processes, systems, personnel, facilities & data
B
are obtainable & operational
M To ensure success or failure of BC training are Monitored
C To ensure recovery procedure are Complete & workable
C To ensure Competence of personnel
Backup To ensure manual recovery procedure & IT Backup systems are current

Maintenance
Tasks undertaken
new Version vali RTP dena icai ki Responsibility hai
Version Implement Version control procedure
R Determine maintenance Regime to ensure plan remains up-to-date
T Indentify BCP maintenance Triggers
P Determine maintenance Process
Responsibility Determine ownership & Responsibilities for maintaing various BCP strategies

Reviewing BCM Arrangements

Key Priorities & Capabilities of RASMI has Changed

Key All Key product & services have been identified & included in enterprise BCM strategy

Priorities Enterprise BCM policies, strategies, framework & plans accurately reflect its Priorities
Capabilities Enterprise BCM competence & its BCM Capabilities are effective
R BCM procedure have been effectively communicated to Relevant staff
A Enterprise has an ongoing training program for BCM training & Awareness
S Enterprise BCM Solutions are effective & up-to-date
M Enterprise BCM Maintenance & exercising programs have been effectively implemented
I BCM strategies & plans Incorporated improvements identified during incident
Changed Change control processes are in place & operate effectively

Training, Awareness & Competency process

Competencies required by organisation
APRIL mein NRI ko Promote krna hai
A Actively listen to others, their ideas, view & opinions
P Provides support in difficult or challenging circumstances
R Responds constructively to difficult circumstances
I Demonstrates personal Integrity
L Adopts Leadership style appropriately to match the circumstances
N Encourages & actively responds to New ideas
R Encourages taking of calculated Risk
I Consults & Involves team member to resolve problem
Promote Promotes a positive culture of health, safety & environment
 Contents of DRP / Steps for BRP-DCP Audit
Taj m emergency bomb blast hua, sara business dusri location pe move kia, kaunsi inventory kha h
iska doc kiya. Sbko aware aur train kiya tha. Sbko plan ke purpose aur responsibility pta thi,
resumption ke liye phone list se police, medical, insurance, airline ko cl kiya. H/w S/w vendors se frse
khride. Backup tha, recover hote tk manual kaam kiya
Emergency Emergency Procedure
Location Location of data, program files, source & object codes, back up media
Inventory Checklist for Inventory
Aware Awareness & Education activities
Plan Description of purpose & scope of Plan
Responsibilites Responsibilities of Individual
Resumption Resumption procedure
List List of phone numbers
Medical Medical procedure
Insurance Insurance papers & claim
Airlines Details of Airlines, hotel & transport arrangement
Vendor List of Vendor
Backup Backup location
Manual Alternate Manual procedure to be followed

Reciprocal Agreement
Issue to be considered while drafting
So what are the number of Conditions for Public Providend Fund (PPF) Controls
So How Soon the site will be made available subsequent ot disaster
Number Number of org that will be allowed to use the site concurrently
Conditions Conditions under which site can be used
P Period during which site can be used
P Priority to be given to concurrent users
F Facilities & services site provider agrees to make available
Controls What Controls will be in place
 System Development
Failure
New Technology
User Related Issue
Mgmt Related Issue
Develop Related Issue
User Related issue
Inadequate PNR
Inadequate Inadequate testing & user training
P Lack of user Participation
N Shitifing user Needs
R Resistance to change
Mgmt Related issue
SD
S Lack of senior mgmt Support & involvment
D Development of strategic system
Developer Related issue
US
U Overworker or Undertrained development staff
S Lack of Standard project mgmt & system development methodology

Accountant Roles
Return on CA
Return Return on Investment
C Computing cost of IT implementation & Cost benefit analysis
A Skills expected from Accountant
 System Development Methodology
Pyara WARIS
Pyara Prototype
W Waterfall
A Agile
R RAD
I Incremental
S Spiral

Waterfall

Features
DO Document
D Project is Divided into sequential phases
O Implementation of entire system at One time
Document Extensive use of written Documents

Advantages
Supports OPC
Supports Supports less experience project teams
O Order sequence helps to ensure Quality, reliability, adequacy, etc
P Progess of system development is measurable
C Enables to Conserve resources

Disadvantages
GEET ka Bhi IPR hota hai
G Promotes Gap btwn user & developer
E Excessive documentation
E Depends upon Early identification & specification of requirement
T System performance cannot be Tested unless fully coded
B Project progress forward with minimal Backward movement
I Critisised to be Inflexible, slow & costly
P Problems are often not discovered until testing
R Difficult to Respond to the environmental changes
 Prototype

Phases
IDT pdha Revise kiya fir Sign off
I Identify info system requirements
D Develop initial prototype
T Test & Revise
Sign off Obtain user Sign off

Advantages
Improve Unclear DEFENSE
Improve Improve user participation
Unclear Especially useful for resolving Unclear objectives
D Encourage innovation & flexible Design
Potential exist for Exploiting knowledge gained in early iteration as later iteration
E
developed
F Provide quick implementation of incomplete but Functional application
E Helps to Easily identify, confusing or difficult fucntions
N Result in better fulfilment of user Needs & requirements
S A very Short time period is normally required to develop & starts experimenting
E Early detection & elimination of error

Disadvantages
Nadan AIR ka Behaviour jaanne usko turnt STD se cl kiya
Nadan Identification on Non-functional elements is difficult to document
A Approval process & controls are not strict
I Incomplete or inaqeduate problem analysis may occur
R Requirements may change frequently
Behaviour May cause Behavioural problems with system users
S May not have Sufficient checks & balances incorporated
T Designer may prototype Too quickly, without sufficient upfront user need analysis
D Only be successful if users are wiling to Devote significant time
 Incremental

Features
RIM
R Overall Requirement are defined before proceeding
Intial software concept, requirement analysis, design of architecture & system core are
I
defined using waterfall, following by interative prototyping
M Series of Mini-waterfalls are performed

Advantages
Sasti Dairy Milk GEMS
Sasti More flexible & less costly to change scope & requirement
Dairy Moderate control is maintained through use of written Documentation
Milk Hels to Mitigate intergration & architectural risks earliers
G Allows delivery of series of implementation that are Gradually more complete
E Potential exist for Exploiting knowledge gained in early iteration as later iteration
developed
M Gradual implemenatation providies ability to Monitor effect of incremental changes
S Stakeholder can be given concrete evidence of project status

Disadvantages
RUDE
R Each phases of interaction is Rigid
U Problems may arise because all requirements are not gathered Upfront for entire software
D As some modules are completed much earlier than other well Defined interface are
E Difficult to demonstrate Early success to mgmt
 Spiral

Features
NPFS
N New system requirements are defined in as much detail as possible
P Preliminary design is created for new system
F First prototype is constructed from preliminary design
Second prototype is evolved by a fourfold procedure by evaluating first prototype in
S
terms of Strength, weakness & risks

Advantages
ROI
R Enhances the Risk avoidance
O Helpful for Optimal development of software iteration based on project risk
I Incorporates waterfall, prototype & incremental methodologies

Disadvantages
DEAR
D No firm Deadlines, cycles continues with no clear termination condition
E It is challenging to determine Exact composition of development methodology to use
Skilled & experianced project manager are required to determine how to Apply it to any
A
given project
R Highly customized to each project, thus quite complex & limits its Reuseability
 RAD

Features
Fast BANTA
Fast Objective is Fast development with high quality & relatively low investment cost
B Attempts to reduce inherent project risk by Breaking a project into smaller segment
A Aims to provide high quality system quickly
N Emphasis is on fulfilling business Needs
T Emphasis is on reducing requirement to fit the Timebox (i.e Deadline)
A Active user requirement is essential

Advantages
SOLAR TV
S Holds great level of committed from Stakeholder
O Operation version of application is available much earlier
L Tends to produce system at Lower cost
A Provides Ability to raipd change system design as demanded by user
R Initial Reviews are possible
T Leads to Tighter fit btwn user requirement & system specification
V Concentrates on essential system elements from user Viewpoint

Disadvantages
Difficult AIMS
Difficult Tendency for Difficult problems to be pushed to the future
A Fast speed & low cost may Adversly affect system quality
I May lead to Inconsistent design within & across system
M May end up with More requirements than needed
S May call for violation of programming Standards
 Agile

Features
MSD is always CORRECT
M Working software is the principal Measure of progress
S Simplicity
D Working software is Delivered frequently
C Customer Satisfaction
O Self Organizing team
R Regular adaptation to change environment
R Welcome changing Requirement
E Continue attention to technical Excellance & good design
C Face to face Communication is best form of communication
T Projects are built around motivated individuals, who should be Trusted

Advantages
CEAT
C Face to face Communication & continous inputs
E End results is generally high quality & satisfied customer
A Have Adaptive team which enables to respond to changing environment
T Document is crisp & to the point to save Time

Disadvantages
ALERT
A Difficult to Assess the efforts required at the beginning
L Lack of emphasis on necessary designing & documentation
E Extremly light on documentation
R Requires more re-work because of lack of long term planning
Project can easily be Taken off track if customer representative is not clear about final
T
outcome
 SDLC
Advantages from IS perspective
PERT
IS Auditor can have clear understanding of various Phases of SDLC on the basis of
P
document created during each phases
IS Auditor can provide an Evaluation of methods & technique used through various
E
development phases
R IS Audito on examination can state in its Report about the compliance by IS Mgmt
IS Auditor, if has Technical knowledge & ability of different areas of SDLC can be a guide
T
during various phases

Phases of SDLC
Puri Raat DAD ne diye TIP
Puri Preliminary Investigation
Raat System Requirement Analysis
D System Design
A System Acquistion
D System Development
T System Training
I System Implementation
P Post Implementation Review & Maintenance
 Preliminary Investigation
Police Officer ne Slip cut diya FRIday ko
Police Identification of Problem
Officer Identification of Objectives
Slip Delineation of Scope
F Feasibility Study
R Reporting Results to mgmt
I Internal control aspects

Delination of Scope
Dimensions
DR IPCC Fail hogya
D Data to be process
R Reliability requirement
I Interfaces
P Performance requirement
C Contraints
C Control requirements
Fail Functionality requirement

While eliciting info to delinate scope, aspects needs to kept in mind

Clearly IDIOt
Clearly Development org has to Clearly quantify economic benefits to the user org
I Impact of the solution on the org
D Different users may represent problems & required solution in difference manner
Initiator of project may be a member of senior mgmt, actual user may be from operating
I
levels
Not only economic benefit but several Other factors are there that have to be given
Ot
weightage too

Methods
Document then Interview
Document Reviewing Internal Document
Interview Conducting Interview

Feasibility Study
Rakhi ke BF ko uske makeup ki cost ki vajha se hua Economical LOST
Rakhi Resource
B Behavioural
F Finance
Economical Economical
L Legal
O Operational
S Schedule / Time
T Technical
 System Requirement
Collection of information
Analysis of present system
Analysis of proposed system
Reporting to the mgmt

Fact Finding
DIOQ
D Documents
I Interview
O Observation
Q Questionaries

SRS Contents
SRS ne apni BV ko diya IIFA award
SRS SRS review
B Behavioural description
V Validation criteria
I Introduction
I Info description
F Functional description
A Appendices

Analysis of Present system

DIDI ke HOM ka Overall analysis
D Reviewing Data files
I Analyzing Inputs
D Reviewing methods, procedure & Data communication
I Reviewing Internal Control
H Reviewing Historical Aspects
O Analyzing Outputs
M Modeling the existing system
Overall Undertaking Overall analysis of existing system

Roles involved in SDLC

SPL SLP DATA
S Steering Committee
P Project manager
L Project Leader
S System analyst / Business analyst
L Module Leader / Team Leader
P Programmer / Developer
Data Database Administrator
D Domain specialist
A Quality Assurance
T Testers
A IS Auditor
 System Design
ADD UPSI
A Architectural Design
D Design of Data
D Design of Database
U User Interface Design
P Physical Design
S System Operation platform
I Internal Design control

DB Designing
Activities
Conceptual DPS
Conceptual Conceptual Modeling
D Data modeling
P Physical layout design
S Storage structure design

User Interface design

Factors affecting input/output form design
FC road mein jayenge TV dekhenge FM sunenge
F Format
C Content
T Timelines
V Volume
F Form
M Media
 System Acqusition

Acqusition standard focuses

SCRET
S Ensuring Security, reliability & functionality already built into product
C Ensuing manager acquring products Compatible with Existing system
R Request for proposals soliciting bids from vendors
E Establishing acqusition standard
T Invitation to Tender soliciliting bids from vendor

Consideration for Acqusition

VLUP
V Vendor selection
L Geographical Location of vendor
U Evaluation of User feedback
P Presentation by selected vendor

Factors to be considered towards evaluation of vendor proposals

MS BCP
M Maintainability of each proposed system
S Support from vendor
B Cost & Benefit of each proposed system
C Compatibility of each proposed system
P Performance capability of each proposed system

Methods of validating the proposals

CPT Report ki Benchmarking
C Checklist
P Point scoring analysis
T Testing
Report Public Evaluation Report
Benchmarking Benchmarking
 System Development

Characteristic of Good Coded program & application

ohh baby UR RARE
U Usability
R Reliability
R Robustness
A Accuracy
R Readability
E Efficiency

Other aspects of System Developments

CDM LTD
C Program Coding Standard
D Program Debugging
M Program Maintenance
L Pogramming Language
T Testing
D Documentation

Types of Programming Language

HOSpitaL
H High Level GPPL
O Object Oriented planning language
S Scripting language
L Logic programming languages
 System Testing

Different Levels of Testing

UR IS Final
U Unit Testing
R Regration Testing
I Integration Testing
S System Testing
Final Final Testing

Unit Testing
Categories of tests
SP SP F
S Stress Test
P Performance Test
S Structural Test
P Parallel Test
F Functional Test
Unit Testing Techniques / Classification
Static Testing
DSC
D Desk Check
S Structured walk Through
C Code Inspection
Dynamic Analysis Testng
BGW
B Black box testing
G Grey box testing
W White box testing

Integration Testing
BRT
B Bottom-up Integration
R Regression Testing
T Top-down Integration

System Testing
RSP Volume
R Recovery Testing
S Security Testing
P Performance Testing
Volume Volume or Stress Testing

Final Testing
QA
Q Quality Assurance Testing
A User Acceptance Testing (i) Alpha Testing (ii) Beta Testing
 System Implementation

Equipment Installation
PIC
P Preparation of Site
I Installation of new hardware/software
C Equipment Checkout

System Change-over Strategies

DPPP
D Direct Implementation/Abrupt change-over
P Phased changeover
P Pilot changeover
P Parallel changeover

System Change over Activities

SP ki Personal File
S System Conversion
P Procedure Conversion
Personal Scheduling Personnel & Equipment
File File Conversion
 Post Implemenatation Review & System Maintenance

Post Implemenatation Review

DO Info
D Development Evaluation
O Operation Evaluation
Info Information Evaluation

System Maintenance
Preventive SCRAP
Preventive Preventive Maintenance
S Scheduled Maintenance
C Corrective Maintenance
R Rescue Maintenance
A Adaptive Maintenance
P Perfective Maintenance
Auditor's Role in SDLC
Vhi Purani SAM ki DASTAN
Vhi Version control on programs
Purani Established Project team with all infrastructure & facilities
S Development is carried over as per Standard, functional specification
A Adequate Audit trails are provided in system
M Appropriateness of Methodologies selected
D Documented policy & procedures
A Appropriate Approvals are being taken at identified mile-stones
S Source code is properly secured
T Separate Test environment for development/test/production/test plans
A Business owner testing & Approval before system going live
N Design Norms & naming conventions are as per standards
 Controls & Audit
Need of IS Audit
DEPICA Value
D Org cost of Data loss
E High cost of computer Error
P Maintenance of Privacy
I Cost of Incorrect decision making
C Controlled evolution of computer use
A Cost of computer Abuse
Value Value of hardware, software & Personnel

Objectives of IS Audit
AIEE
A Asset safeguarding
I Data Integrity
E System Effectivness
E System Efficiency

Change in Evidence collection

DOSA EdLi
D Absence of input Document
O Lack of availability of printed Output
S Data retention & Storage
A Non-availability of Audit Trail
E Audit Evidence
L Legal Issue

Change in Evaluation
SAS
S System generated transaction
A Automated transaction processing
S Systematic error
 IS Audit
Categories/Types
MISS Call
M Mgmt of IT & enterprise architecture
I Info processing facilities
S System & Application
S System Development
Call Telecommunications, Intranets & Extranets

Steps in IS Audit
PPF ARChi
P Scoping & Pre-Audit Survey
P Planning & Preparation
F Fieldwork
A Analysis
R Reporting
C Closure

Skill set of IS Auditor

TU BBQ Policy
T Ability to understand Technical & manual controls relating to business continuity
U Good Understanding of info risk & controls
B Good knowledge of professional stds & Best practices of IT control & security
B Sound knowledge of Business operations, practices & compliance requirements
Q Should posses requisite professional & technical Qualification & certification
Policy Knowledge of IT Strategies, Policies & procedural controls

Functions of IS Auditor
IFRS
I Inadequate IS controls
F IT related Frauds
R Inefficient use of Resources
S Ineffecitve IT Strategies, policies & practices
 Performing IS Audit
Preliminary Review
KAMTI
K Knowledge of business
A Legal consideration & Audit Standard
M Risk assessment & Materiality
T Understanding the Technology
I Understanding Internal Control System

Steps for Risk based Audit

IDA Priority
I Inventory IS in use & categorize them
D Determine which systems impact critical functions
A Assess what risk affect this system & severity of impact
Priority Based on above assessment decide audit Priorities

Understanding Technology
BAS RAAT din Network
B Analysis of Business Processes
A Level of Automation
S Studying IT policies, standard, guidelines & procedure
R Role of IT in the success of business
A Understanding technology Architecture
A Understanding extended enterprise Architecture
T Knowledge of various Technologies & their advantages & limitations
Network Studying Network diagram to understand physical & logical network connectivity

Category of Risk
CID
C Control
I Inherent
D Detection
 CAT
Advantages
CAT Objective
C Surprise test Capabilities
A Timely, comprehensive & detailed Auditing
T Training for new users
Objective Info to system staff on meeting of Objective

Disadvantage
SADSE
Auditor should obtain resource requirement to Support development. Implementation,
S
operation & maintenance
A CAT used where Audit trail is less visible & cost of error & irregularities are high
D CAT are more likely to be used if auditor involved in Development work
CAT unlikely to be effective unless they are implemented in application system that is
S
relatively Stable
Auditor need knowledge & Experience of working with computer system to use CAT
E
effectively & efficiently

Types of Audit Tools

SISCA
S Snapshots
I Integrated Test Facility (ITF)
S System Control Audit Review File (SCARF)
C Continous & Intermittent Simulation (CIS)
A Audit Hooks

ITF
Entering Data (Method)
Time Pass (TP)
T Tagging live transaction
P Test data specially Prepared
Removing Effect (Method)
RIT
R Reverse effect of ITF transaction
I Identify & Ignore
T Trivial entries

SCARF
Types of Info Collected
S AMVED
2

S Statistical Sample
S Snapshot & Extened records
A Application system error
M Performance Measurement
V Policy & Procedural Variances
E System Exception
D Profiling Data
 Roles of IS Auditor
Phyiscal Access Control
RCD
R Risk Assessment
C Control Assessment
D Review of Documents

Environemental Control
ACD
A Audit planning & Assessment
C Audit of Enviornmental Control
D Documentation

Managerial Controls
Controls
Pyare Sache Ache DOST
Pyare Programming mgmt controls
Sache System development mgmt control
Ache Quality Assurance mgmt control
D Data resource mgmt control
O Operation mgmt control
S Security mgmt control
T Top mgmt & IS mgmt control

Top Mgmt & Controls

Activities
PLOC
P Planning
L Leadership
O Organising
C Controlling

System Development Mgmt Controls

Types of Audit
CGPa
C Concurrent Audit
G General Audit
P Post implementation audit

Programming mgmt control

Major concern auditor should address
PC DC TOM
P Planning
C Control
D Design
C Coding
T Testing
OM Operation & Mgmt
 Application Controls
Controls
Boundary mein bhi IPOD ka Communication kaam krta hai
Boundary Boundary
I Input
P Processing
O Output
D Database
Communication Communication

Audit Trails
Objective
DRP
D Detecting Unauthorised Access
R Reconstructing Events
P Personal Accountability

Application Security Controls

Approach clear understanding required of
SIR ki MAD Policy
S Source of data input to & output from the application
I Various Interfaces of application under audit
R Roles, descriptions, user profiles & user groups that can be created in an application
M Various Method that can be used to login application
A Business process for which Application has been designed
D Design used to control various login methods
Policy Policy of org for user access & supporting std
 Types of Layer
STO
S Strategic Layer
T Tactical Layer
O Operation Layer

Operation Layer
Audit Issue
UPS
U User Access Rights
P Password Control
S Seg. of duties

Tactical Layer
Security Administration to put in place
USA ki Risk Monitoring
U Timely Update to user profile
S Interface Security
A Audit logging & monitoring
Risk IT Risk mgmt

IT Risk Mgmt under Tactical Layer

AASRM
A Assessing risk over key application controls
A Conducting a regular security Awareness program on application user
Enabling application users to perform a Self assessment checklist questionnaire to gauge
S
user understanding about application security
Reviewing application patches before deployement & regularly monitoring critical
R
application log
M Monitoring peripheral security in terms of updating antivirus software
 Cloud & Grid
Similarities
SiMRAn
S Scalable
M Multitenancy & Multitasking
R Resources are shared
A Agreement

Difference
SF
S Storage of data
F Focuses

Cloud Computing
Goals
SCRA P
3

To Scale the IT ecosystem quickly, easily & cost effectively based on the evolving
S
business needs
C To Consolidate IT infrastructure into a more integrated & manageable environment
R To Reduce costs related to IT energy / power consumption
A To access services & data from Anywhere
A To access services & data from Anytime
A For Availability of resources when needed
To create a highly efficient IT ecosystem, where resources are Pooled together & cost are
P
aligned with what resources are actually used

Architecture
Front End
Back End
Middleware

Characteristic
Very Popular (ASM)
2

Very Virtualisation
Popular Performance
A Agility (Responsiveness)
A High Availability & Reliability
S High Scalability
S Services in pay-per-use mode
M Multisharing
M Maintenance
 Security Issue
CIA & IPS ki GST se hui LADAI
C Confidentiality
I Integrity
A Availability
I Identification
P Privacy
S Software Isolation
G Governance
S Application & Security
T Trust
L Legal Compliances
A Architecture
D Data Stealing
A Audit
I Incident Response

Adaptation Issue / Implementation Issue / Pertinent Issue

USE SHIT
U Unexpected Behaviour
S Security issue
E Enviornment Friendly
S Software Development in cloud
H Hidden cost
I Introperability
T Threshold policy

Advantages
AB QU CA
A Access to Information
B Back up & Recovery
Q Quick deployment
U Unlimited Storage
C Cost efficiency
A Automatic software integration

Environment
Public
Private
Hybrid
Community

Services
Software as a Service (SaaS)
Platfrom as a Service (PaaS)
Infrastructure as a Service (IaaS)
Other (i) Data as a Service (DaaS) (ii) Identity as a Service (IDaaS) (iii) Security as a Service (SECaaS)
 Cloud Computing Environment
Private Cloud
Characteristic
CAS
C Central Control
A Weak SLAs
S Secure

Advantages
PLUS
P Privacy to user
L High Level of security
U Improve average server Utilisation
S Small in size, controlled & managed by organsiation

Disadvantage
BMW
B Budget
M May have to invest in buying
W Weak SLAs

Difference btwn On-premise pvt cloud v/s Outsourced pvt cloud

Mgmt PANDaL
Mgmt Management
P Performance
A SLA
N Network
D Security & Data privacy
L Location
 Public Cloud
Characteristic
SA SA S
S Highly Scalable
A Affordable
S Less Secure
A Highly Available
S Stringent SLAs

Advantages
NISHA
N No limit for Number of user
I No need for establishing Infrastructure
S Strict SLAs
H Deliver Higly scalable & reliable application
A Affordable cost

Disadvantages
SAP
S Security Assurance
A Org Autonomy are not possible
P Privacy

Community Cloud
Characteristic
CPC
C Collaborative & Distributed maintenance
P Partially secure
C Cost Effective

Advantages
Low CSR
Low Low cast pvt cloud
C Collaborative work
S Better Security than public cloud
R Sharing of Responsibility amony organisation

Disadvantages
NAS
N Not suitable in cases where no collaboration
A Autonomy of org is lost
S Security features are not good as private cloud
 Hybrid Cloud
Characteristic
SPAM
S Scalable
P Partially secure
A Stringet SLA
M Management of cloud is complex

Advantages
HusBand
H Highly scalable
B Better security than public

Disadvantages
SM
S Security feature are not as good as public cloud
M Complex to Manage

Cloud Computing Services

Software as a Service (SaaS)
Services
Business Document NaaM
Business Business Service
Document Document Mgmt
N Social Network
M Mail Services

Characteristic
One & only SAMBHA
One One to many
S Support multiple device
A Web Access
M Centralized Management
B Better Scalability
H High availability
A API Integration

Different Instance
EAT
E Email as a Service (EaaS)
A API as a Service (APIaaS)
T Testing as a Service TaaS)
 Infrastructure as a Service (IaaS)
Serivces
CSNL
C Compute
S Storage
N Network
L Load Balancers

Characteristic
MISS Web
M Centralized Management
I Infrastructure are shared
S Elastic & dynamic Scaling
S Metered Services
Web Web access to resources

Different Instance
Storage NEDD
Storage Storage as a Service (STaaS)
N Network as a Service (NaaS)
E BackEnd as a Service (BaaS)
D Desktop as a Service (DTaaS)
D Database as a Service (DBaaS)

Platform as a Service (PaaS)

Services
LADO
L Programming Languages
A Application Frameworks
D Database
O Other tools

Characteristics
OBAPA Client
O All in One
B Built-in Scalibility
A Web Access to the development platform
P Collaborative Platform
A Offline Access
Client Diverse Client tools

Other Services
SID
S Security as a Service (SECaaS)
I Identity as a Service (IDaaS)
D Data as a Service (DaaS)
 Mobile Computing
Components
CHS
C Mobile Communication
H Mobile Hardware
S Mobile Software

Benefits
MUJRA
M Improve Mgmt effectiveness
U Enable mobile sales personnel to Update work order status in real-time
J Provide remote access to corporate database at Job location
R Provide mobile workforce with Remote access to work order details
A Facilitates access to corporate services & information at Anytime from anywhere

Issues
Lal Bahadur sharstri ne BRet lee ko Loly Pop khate dekha toh SAD hogye
Lal Location Intelligance
Bahadur Bandwidth
B Business Challenges
R Reliability, coverage, capacity & cost
Loly Integration with Legacy mainframe & emerging clien/server applications
Pop Power consumption
S Security Issue (CIA LA)
A Revising technical Architecture
D End-to-end Design & performance

Security Issue
CIA LA
C Confidentiality
I Integrity
A Availability
L Legitimate
A Accountability

Limitation
HIS TIP
H Potential Health hazard
I Human Interface with devices
S Security standards
T Transmission interference
I Insufficient bandwidth
P Power consumption
 Green IT
Best Practices
PRESS
P Paper consumption reduce
R Recycle
E Conserve Energy
S Make environmentally Sound purchase decisions
S Develop a Sustainable green computing plan

Bring Your Own Device (BYOD)

Benefits
Employee happy hai qki unka Budget Reduce hogya aur technology efficiency hogyi
Employee Happy Employees
Budget Lower IT Budgets
Reduce IT Reduces support requirements
Technology Early adoptation of new Technology
Efficiency Increased employee Efficiency

Threats
INDiA
I Implementation Risk
N Network Risk
D Device Risk
A Application Risk
 Web 2.O
Component of Web 2.O for social network
RCB ke Fan MWF ko match dekhte hai
R RSS-generated syndication
C Communities
B Blogging
F Folksonomy
M Mash-ups
W Wiki
F File sharing / Podcasting

Types & Behaviour of Social Network

SOCIAL SM S
2 2

S Study Circle
O Others
C Social Contact Network
I Social Network for Investor
A Fine Arts
S Sporting Network
M Military & Police Network
M Mixed Network
S Specialist Group
S Shopping & Utility Service Network

Sectors / Field
SME
S Social Media
M Marketing
E Education

Web 3.O
Components
SW
S Semantic Web
W Web Services