Chapter 15 Computer Careers and Certification

 The assignment from
Mr Tri Djoko Wahjono, Ir., M.Sc.  

1. What Career Opportunities Are Available in the Computer Industry?
Career opportunities in the computer industry fall into several areas. In most medium and large businesses and government offi ces, staff in an IT department is responsible for keeping all computer operations and networks running smoothly. They also determine when and if the organization requires new hardware or software. Workers in the computer equipment field manufacture and distribute computers and computer-related hardware. Employees in the computer software field develop, manufacture, and support a wide range of software. People in the computer service and repair field provide preventive maintenance, component installation, and repair services to customers. Computer salespeople determine a buyer’s needs and match these needs to the correct hardware and software. Computer educators and corporate trainers teach students and employees how to use software, design and develop systems, write programs, and perform other computer-related activities. An IT consultant is a professional who draws upon his or her expertise in a specialized area of computers and provides computer services to clients.

2. What Are the Functions of Jobs in an IT Department?
Jobs in an IT department fall into six main areas. Management directs the planning, research, development, evaluation, and integration of technology. System development and programming analyzes, designs, develops, and implements new information technology and maintains and improves existing systems. Technical services evaluates and integrates new technologies, administers the organization’s data resources, and supports the centralized computer operating system and servers. Operations operates the centralized computer equipment and administers the network, including both data and voice commu nications. Training teaches employees how to use components of the information system or answers specifi c questions. Security develops and enforces policies designed to safeguard data and information from unauthorized users.

3. How Are Trade Schools Different from Colleges?
A trade school, also called a technical school, vocational school, or career college, offers programs primarily in the areas of programming, Web design and development, graphics design, hardware maintenance, networking, personal computer support, and security. Students learn specifi c skills instead of taking a broad range of science and humanities courses, which can result in time savings for students.

4. How Are the Various College Computer-Related Courses of Study Different?
Three broad disciplines in higher education produce the majority of entrylevel employees in the computer industry. Computer information systems (CIS), or information technology (IT), programs teach technical knowledge and skills and focus on how to apply these skills. Computer science (CS) programs stress the theoretical side of programming and operating systems. Computer engineering (CE) programs teach students how to design and develop the electronic components found in computers and peripheral devices.

5. How Can People Stay Current with Changing Technology?
Four primary ways to stay current with computer technology are professional organizations and personal networks, professional growth and continuing education activities, computer publications and Web sites, and certification. Professional organizations are formed by computer professionals with common interests and a desire to extend their profi ciency. The Association for Computing Machinery (ACM) is a scientifi c and educational organization dedicated to advancing knowledge and profi ciency of information technology. The Association of Information Technology Professionals (AITP) is a professional association of programmers, systems analysts, and information processing managers.  Maintaining a personal network of job-related contacts can help when seeking change in employment. Professional growth and continuing education include events such as workshops, seminars, conferences, conventions, and trade shows. The International Consumer Electronics Show (CES) is one of the larger technology trade shows, bringing together thousands of vendors and more than 110,000 attendees. Computer industry publications also help to keep people informed about the latest developments in the computer industry. Another source for information is Web sites that discuss or share opinions, analysis, reviews, or news about technology. Certifi cation is a process of verifying the technical knowledge of an individual who has demonstrated competence in a particular area. Computing professionals typically obtain a certifi cation by taking and passing an examination.

6. What Are the Benefits of Certification for Employers, Employees, and Vendors?
For employers, certification ensures quality workmanship standards and can help keep their workforce up to date with respect to computers and technology. For employees, certifi cation can enhance careers, provide better standing as industry professionals, and increase salaries. For vendors, certifi cation is a form of industry self-regulation that sets computer professionals’ competence standards and raises the level of expertise and knowledge in the IT industry as a whole.

7. ow Can People Prepare for Certification?
Certification training options are available to suit every learning style. Self-study programs help professionals prepare for certification at their own pace and supplement other training methods. Online training classes, which are available on the Internet and on many company intranets, allow students to set their own pace in an interactive environment. Instructor-led training classes are available in a variety of forms, including seminars, boot camps, and academic-style classes. Web resources include the certifi cation sponsor’s Web site and individual Web sites. The certifi cation sponsor’s Web site can contain descriptions of certifi cations with FAQs and links to authorized training and testing centers. Detailed course objectives, training guides, sample test questions, chat rooms, and discussion groups often are included. Individuals also set up Web sites to offer their own views and tips on the testing process.

8. What Are the General Areas of IT Certification?
Certifications usually are classified based on the computer industry area to which they most closely relate: application software, operating systems, programmer/developer, hardware, networking, digital forensics, security, the Internet, and database systems.

9. What Are Some Specific IT Certifications in Each Certification Area?
Application software certifications, sometimes called end-user certifications, include Microsoft Certified Application Specialist (MCAS), Microsoft Certified Application Professional (MCAP), Microsoft Certified Desktop Support Technician (MCDST), Adobe Certified Associate, Adobe Certified Expert (ACE), Adobe Certified Instructor (ACI), and IBM Certified Professional for Lotus Software. Operating system certifications include IBM Certified Specialist, Microsoft Certified IT Professional (MCITP), Microsoft Certified Technology Specialist (MCTS), Novell Certified Linux Professional (CLP), Red Hat Certified Engineer (RHCE), Red Hat Certified Technician (RHCT ), and Sun Certified System Administrator (SCSA). Programmer/developer certifications include Certified Software Development Professional (CSDP ), IBM Certifi ed Solution Developer, Microsoft Certified Professional Developer (MCPD), Sun Certified Enterprise Architect (SCEA), Sun Certified Java Developer (SCJD), Sun Certified Java Programmer (SCJP), and Sun Certified Mobile Application Developer (SCMAD). Hardware certifications include A+, Dell Certified Systems Expert, and IBM eServer Certified Specialist. Networking certifications include Cisco Certified Network Associate (CCNA), Cisco Certified Network Professional (CCNP ), Cisco Certified Internetwork Expert (CCIE), Microsoft Certified Systems Administrator (MCSA), Network+, Novell Certified Administrator (CNA), Novell Certified Engineer (NCE), and Sun Certified Network Administrator (SCNA). Digital forensics certifications include Certified Computer Examiner (CCE ), Certified Computer Forensics Examiner (CCFE), Certified Electronic Evidence Collection Specialist (CEECS ), and Certified Information Forensics Investigator (CIFI ). Security certifications include Certified Information Systems Security Professional (CISSP ), Security Certified Network Architect (SCNA), Security Certified Network Professional (SCNP ), Security Certified Network Specialist (SCNS), and Systems Security Certified Practitioner (SSCP ). Internet certifications include Certified Internet Webmaster (CIW ) and Certified Web Professional (CWP ). Database certifications include IBM Certified Solutions Expert – DB2, IBM Certified Solutions Expert – Informix, Microsoft Certified IT Professional (MCITP), Oracle Certified Professional (OCP ), and Sybase Certified Professional.

Chapter 14 Enteeprise Computing

 The assignment from
Mr Tri Djoko Wahjono, Ir., M.Sc.  

1. What Are the Special Information Requirements of an Enterprise-Sized Corporation? A large organization, or enterprise, requires special computing solutions because of its size and geographical extent. Enterprise computing involves the use of computers in networks, such as LANs and WANs, or a series of interconnected networks to satisfy the information needs of an enterprise. Executive management, which includes the highest management positions in a company, needs information to make strategic decisions. Middle management, which is responsible for implementing the strategic decisions of executive management, needs information to make tactical decisions. Operational management, which supervises the production, clerical, and other nonmanagement employees, needs information to make an operational decision that involves day-to-day activities. Nonmanagement employees also need information to perform their jobs and make decisions. Managers use business intelligence (BI ), business process management (BPM ), and business process automation (BPA ) tools to focus on information that is important to the decision-making process.

2. What Information Systems and Software Are Used in the Functional Units of an Enterprise?
An information system is a set of hardware, software, data, people, and procedures that work together to produce information. In an enterprise, the individual functional units have specialized requirements for their information systems. Accounting and fi nancial systems manage transactions and help budget, forecast, and analyze. A human resources information system (HRIS) manages human resources functions. An employee relationship management ( ERM ) system automates and manages communications between employees and the business. Computer-aided design (CAD) assists engineers in product design, and computer-aided engineering (CAE) tests product designs. Computer-aided manufacturing (CAM) controls production equipment, and computer-integrated manufacturing (CIM) integrates operations in the manufacturing process. Material Requirements Planning (MRP) uses software to help monitor and control processes related to production. A quality control system helps an organization maintain or improve the quality of its products or services and typically includes quality control software. A marketing information system serves as a central repository for marketing tasks. Sales force automation (SFA) software equips salespeople with the electronic tools they need. Distribution systems control inventory, manage and track shipping, and provide information and analysis on warehouse inventory. Customer interaction management (CIM) software manages day-to-day interactions with customers. Web site management programs collect data to help organizations make informed decisions regarding their Web presence. Security software enables the IT department to limit access to sensitive information.

3. What Information Systems Are Used throughout an Enterprise?
Some general purpose information systems, called enterprise-wide systems, are used throughout an enterprise. An office information system (OIS) enables employees to perform tasks using computers and other electronic devices. A transaction processing system (TPS) captures and processes data from dayto- day business activities. A management information system (MIS) generates accurate, timely, and organized information, so that users can make decisions, solve problems, supervise activities, and track progress. A decision support system (DSS) helps users analyze data and make decisions. An expert system captures and stores the knowledge of human experts and then imitates human reasoning and decision making. Customer relationship management (CRM) systems manage information about customers. Enterprise resource planning (ERP) provides centralized, integrated software to help manage and coordinate the ongoing activities of an enterprise. A content management system (CMS) is a combination of databases, software, and procedures that organizes and allows access to various forms of documents and fi les.

4. What Are Types of Technologies Used throughout an Enterprise?
Technologies used throughout an enterprise include the following items. A portal is a collection of links, content, and services presented on a Web page and designed to guide users to related to their jobs. A data warehouse is a huge database that stores and manages the data required to analyze historical and current transactions. An enterprise’s communications infrastructure consists of hardware (such as wired and wireless network connections and devices, routers, fi rewalls, and servers), software (such as e-mail, instant messaging, VoIP, and server management), and procedures for using and managing hardware and software. An extranet allows customers or suppliers to access part of an enterprise’s intranet. Web services allow businesses to create products and B2B interactions over the Internet. Many enterprises employ a serviceoriented architecture (SOA) to allow better communications and services between diverse information systems. A document management system (DMS) allows for storage and management of a company’s documents. A workflow application assists in the management and tracking of the activities in a business process from start to finish. A virtual private network (VPN) provides users with a secure connection to a company’s network server.

5. What Are Virtualization, Cloud Computing, and Grid Computing?
Virtualization is the practice of sharing or pooling computing resources, such as servers and storage devices. Server virtualization provides the capability to divide a physical server logically into many virtual servers; storage virtualization provides the capability to create a single logical storage device from many physical storage devices. Cloud computing is an Internet service that provides computing needs to computer users. Grid computing, which often is used in research environments, combines many servers and/or personal computers on a network to act as one large computer. Cloud and grid computing usually charge a fee based on usage or processing time.

6. What Are the Computer Hardware Needs and Solutions for an Enterprise?
Enterprise hardware allows large organizations to manage and share information and data using devices geared for maximum availability and effi ciency. Enterprises use a variety of hardware types to meet their large-scale needs. A RAID (redundant array of independent disks) is a group of integrated disks that duplicates data and information to improve data reliability. Network attached storage (NAS) is a server that provides storage for users and information systems attached to the network. A storage area network (SAN) is a highspeed network that provides storage to other servers. An enterprise storage system uses a combination of techniques to consolidate storage so that operations run effi ciently. A blade server, sometimes called an ultradense server, packs a complete computer server on a single card, or blade, rather than a system unit. A thin client is a small, terminal-like computer that mostly relies on a server for data storage and processing.

7. What Are High Availability, Scalability, and Interoperability?
The availability of hardware to users is a measure of how often it is online. A high-availability system continues running and performing at least 99 percent of the time. Scalability is the measure of how well computer hardware, software, or an information system can grow to meet an enterprise’s increasing performance demands. An information system often must share information, or have interoperability, with other information systems within the enterprise.

8. Why Is Computer Backup Important, and How Is It Accomplished?
A backup duplicates a fi le or program to protect an enterprise if the original is lost or damaged. A full, or archival, backup copies all of the programs and fi les in a computer. A differential backup copies only fi les that have changed since the last full backup. An incremental backup copies only fi les that have changed since the last full or incremental backup. A selective, or partial, backup allows users to back up specifi c fi les. Continuous data protection (CDP), or continuous backup, is a backup plan in which data is backed up whenever a change is made. Backup procedures specify a regular plan of copying and storing data and program fi les.

9. What Are the Steps in a Disaster Recovery Plan?
A disaster recovery plan describes the steps a company would take to restore computer operations in the event of a disaster. A disaster recovery plan contains four components. The emergency plan specifi es the steps to be taken immediately after a disaster strikes. The backup plan stipulates how a company uses backup fi les and equipment to resume information processing. The recovery plan identifies the actions to be taken to restore full information processing operations. The test plan contains information for simulating disasters and recording an organization’s ability to recover.

Chapter 13 Programming Language and Program Development

 The assignment from
Mr Tri Djoko Wahjono, Ir., M.Sc.  

1. How Are Machine Languages Different from Assembly Languages? 

A programming language is a set of words, abbreviations, and symbols that enables a programmer, often called a developer, to communicate instructions to a computer. A machine language uses a series of binary digits, or combinations of numbers and letters that represent binary digits, and is the only language a computer directly recognizes. With an assembly language, a programmer writes instructions using symbolic instruction codes, which are meaningful abbreviations.  

2. What Is the Purpose of Procedural Programming Languages, and What Are the Features of C and COBOL? In a procedural language, or thirdgeneration language (3GL), a programmer writes instructions that tell a computer what to accomplish and how to do it. Programmers use English-like words to write instructions, which simplifi es the program development process for the programmer. A compiler or an interpreter translates the 3GL source program into machine language object code or object program that a computer can execute. Standard procedural languages include C and COBOL. C is a powerful language that requires professional programming skills and is used for business and scientifi c problems. It runs on almost any type of computer or operating system. COBOL (COmmon Business-Oriented Language) is a programming language designed for business applications that uses English-like statements that are easy to read, write, and maintain.

3. What Are the Characteristics of Object-Oriented Programming Languages and Program Development Tools? 

Programmers use an object-oriented programming (OOP) language or object-oriented program development tool to implement object-oriented design. A program that provides a user-friendly environment for building programs often is called a program development tool. An object is an item that can contain both data and the procedures that read or manipulate the data. A major benefi t of OOP is the ability to reuse and modify existing objects, allowing programmers to create applications faster. Often used in conjunction with OOP, RAD (rapid application development) is a method of developing software in which a programmer writes and implements a program in segments instead of waiting until the entire program is completed. OOP languages include Java, C11, and C#. Java uses a just-in-time ( JIT) compiler to convert bytecode into machine-dependent code that is executed immediately. The  Microsoft .NET framework, or .NET, allows almost any type of program to run on the Internet or an internal business network, as well as stand-alone computers and mobile devices. C11 is an object-oriented extension of the C programming language. C# is based on C11 and has been accepted as a standard for Web applications and XMLbased Web services. F# is a new programming language that combines the benefi ts of an object-oriented language with the benefi ts of a functional language. Visual Studio is Microsoft’s suite of program development tools that assists programmers in building programs for Windows, Windows Mobile, or operating systems that support .NET. Visual Studio includes the programming languages Visual Basic, Visual C11, and Visual C#. A visual programming language uses a visual or graphical interface, called a visual programming environment (VPE), for creating all source code. Two other program development tools include Delphi and PowerBuilder.

4. What Are the Uses of Other Programming Languages and Other Program Development Tools? 

A 4GL (fourth-generation language) is a nonprocedural language that enables users to access data in a database. A popular 4GL is SQL, a query language for relational databases.An application generator creates source code or machine code from a specifi cation of the required functionality. A macro, which is a series of statements that instructs an application how to complete a task, allows users to automate routine, repetitive tasks. 

5. What Are Web Page Program Development Techniques Such as HTML and XHTML, XML and WML, Scripting Languages, DHTML, Ruby on Rails, Web 2.0 Development, and Web Page Authoring Software? 

Web developers use a variety of techniques to create Web pages. HTML (Hypertext Markup Language) is a special formatting language that programmers use to format documents for display on the Web. XHTML (extensible HTML) is a markup language that includes features of HTML and XML. XML and WML are popular formats used by Web developers. A scripting language is an interpreted language that programmers use to add dynamic content and interactive elements to Web pages. Popular scripting languages include JavaScript, Perl, PHP, Rexx, Tcl, and VBScript. Dynamic HTML (DHTML) is a type of HTML that allows developers to include more graphical interest and interactivity in a Web page. Ruby on Rails (RoR or Rails) is an open source framework that provides technologies for developing object-oriented, databasedriven Web sites. Web 2.0 Web sites often use RSS 2.0 and Ajax. Developers use Web page authoring software to create sophisticated Web pages. Four popular Web page authoring programs are Dreamweaver, Expression Web, Flash, and SharePoint Designer.

6. How Are Popular Multimedia Authoring Programs Used? Multimedia authoring software allows developers to combine text, graphics, animation, audio, and video into an interactive presentation. Popular authoring software includes ToolBook and Director. ToolBook has a graphical user interface and uses an object-oriented approach so that programmers can design multimedia applications using basic objects. Director has powerful features that allow programmers to create highly interactive multimedia applications. 

7. What Are the Six Steps in the Program Development Life Cycle? 

The program development life cycle (PDLC) is a series of steps programmers use to build computer programs. The program development life cycle consists of six steps: (1) analyze requirements, (2) design solution, (3) validate design, (4) implement design, (5) test solution, and (6) document solution.

8. How Is Structured Design Different from Object-Oriented Design? 

In structured design, a programmer typically begins with a general design and moves toward a more detailed design. A programmer starts with the program’s major function, called the main routine or main module, and breaks it down into smaller sections, called subroutines or modules. Structured design results in programs that are reliable and easy to read and maintain, but it does not provide a way to keep the data and the program together and can result in redundant programming code. With object-oriented (OO) design, the programmer packages the data and the program (or procedure) into a single unit, an object. Objects are grouped into classes. A detailed class diagram represents each object, its attributes (data), and its methods (procedures). The programmer translates the methods into program instructions.

9. What Are the Basic Control Structures and Design Tools Used in Designing Solutions to Programming Problems? 

A control structure, also known as a construct, depicts the logical order of program instructions. A sequence control structure shows one or more actions following each other in order. A selection control structure tells the program which action to take, based on a certain condition. Two types of selection control structures are the if-then-else control structure, which yields one of two possibilities (true or false), and the case control structure, which can yield one of three or more possibilities. The repetition control structure enables a program to perform one or more actions repeatedly as long as a certain condition is met. The two forms of the repetition control structure are: the do-while control structure, which tests a condition at the beginning of the loop, in a process called a pretest, and continues looping as long as a condition is true; and the do-until control structure, which tests a condition at the end of the loop, in a process called a posttest, and continues looping until the condition is true. Some design tools include a program fl owchart, or simply flowchart; pseudocode; and the UML (Unifi ed Modeling Language).

Chapter 12 Information System Development

 The assignment from
Mr Tri Djoko Wahjono, Ir., M.Sc.  

1. What Is System Development, and What Are the System Development Phases? 

An information system (IS) is hardware, software, data, people, and procedures that work together to produce quality information. System development is a set of activities used to build an information system. System development activities often are grouped into larger categories called phases. This collection of phases sometimes is called the system development life cycle (SDLC). Many SDLCs contain five phases: planning; analysis; design; implementation; and operation, support, and security.

2. What Are Guidelines for System Development? 

System development should follow three general guidelines: (1) group activities into phases; (2) involve the users, which includes anyone for whom a system is being built; and (3) define standards, which are sets of rules and procedures an organization expects employees to accept and follow.

3. Why Are Project Management, Feasibility Assessment,

Documentation, and Data and Information Gathering Techniques Important? Project management is the process of planning, scheduling, and then controlling the activities during system development. The goal of project management is to deliver an acceptable system to the user in an agreed-upon time frame, while maintaining costs. For larger projects, project management activities often are separated between a project manager and a project leader. Some organizations use extreme project management. The project leader identifies the scope of the project, required activities, time estimates, cost estimates, the order of activities, and activities that can take place simultaneously. The project leader records this information in a project plan. Feasibility is a measure of how suitable the development of a system will be to the organization. A systems analyst typically uses four tests to evaluate feasibility of a project: operational feasibility, which measures how well the proposed system will work; schedule feasibility, which measures whether established project deadlines are reasonable; technical feasibility, which measures whether the organization has or can obtain the hardware, software, and people to deliver and then support the system; and economic feasibility, also called cost/benefit feasibility, which measures whether the lifetime benefits of the proposed system will be greater than its lifetime costs. Documentation is the collection and summarization of data and information and includes reports, diagrams, programs, or other deliverables. A project notebook contains all documentation for a single project. To gather data and information, systems analysts and other IT professionals review documentation, observe, survey, interview, participate in joint-application design ( JAD) sessions, and research.

4. What Activities Are Performed in the Planning Phase? 

The planning phase for a project begins when the decision-making body for the organization, called the steering committee, receives a project request. During the planning phase, four major activities are performed: (1) review and approve the project requests, (2) prioritize the project requests, (3) allocate resources such as money, people, and equipment to approved projects, and (4) form a project development team for each approved project.

5. What Is the Purpose of Activities Performed in the Analysis Phase? 

The analysis phase consists of two major activities: (1) conduct a preliminary investigation, sometimes called the feasibility study, to determine the exact nature of the problem or improvement and decide whether it is worth pursuing, and (2) perform detailed analysis. Detailed analysis involves three major activities: (1) study how the current system works; (2) determine the users’ wants, needs, and requirements; and (3) recommend a solution. Detailed analysis sometimes is called logical design. Most systems analysts use either a process modeling or object modeling approach to analysis and design.

6. What Are Tools Used in Process Modeling? 

Process modeling, sometimes called structured analysis and design, is an analysis and design technique that describes processes that transform inputs into outputs. Tools used for process modeling include the following. An entity-relationship diagram (ERD) graphically shows the connections among entities in a system. An entity is an object in the system that has data. A data flow diagram (DFD) graphically shows the fl ow of data in a system. Key elements of a DFD are a data flow, which shows the input or output of data or information; a process, which transforms an input data fl ow into an output data fl ow; a data store, which is a holding place for data and information; and a source, which identifies an entity outside the scope of the system. The project dictionary, sometimes called the repository, contains all the documentation and deliverables of a project. Techniques used to enter items in the project dictionary include structured English, a decision table and/or a decision tree, and a data dictionary.

7. What Are Tools Used in Object Modeling? 

Object modeling, sometimes called object-oriented (OO) analysis and design, combines the data with processes that act on the data into a single unit, called an object. Object modeling can use the same tools as those used in process modeling, but the UML (Unified Modeling Language) has been adopted as a standard notation for object modeling and development. Two common tools in the UML are the use case diagram and the class diagram. A use case diagram graphically shows how actors interact with the information system. An actor is a user or other entity, and the use case is the function that the actor can perform. A class diagram graphically shows classes and one or more lower levels, called subclasses, in a system. Lower levels (subclasses) contain attributes of higher levels (classes) in a concept called inheritance.

8. What Activities Are Performed in the Design Phase?

The design phase consists of two major activities: (1) if necessary, acquire hardware and software and (2) develop all of the details of the new or modified information system. Acquiring necessary hardware and  software involves identifying technical specifications, soliciting vendor proposals, testing and evaluating vendor proposals, and making a decision. Detailed design includes developing designs for the databases, inputs, outputs, and programs. During detailed design, many systems analysts use a prototype, which is a working model of the proposed system. Computer-aided software engineering (CASE) products are tools designed to support one or more activities of system development.

9. Why Is Program Development Part of System Development? 

During the design phase, an organization can purchase packaged software, which is mass-produced, copyrighted, prewritten software. If suitable packaged software is not available, however, a company may opt for custom software, which is application software developed at the user’s request to match the user’s requirements exactly. Programmers write custom software from the program specification package created during the analysis phase, following an organized set of activities known as the program development life cycle.

10. What Activities Are Performed in the Implementation Phase? 

The purpose of the implementation phase is to construct, or build, the new or modified system and then deliver it to the users. System developers perform four major activities in this phase: (1) develop programs, (2) install and test the new system, (3) train users, and (4) convert to the new system.

11. What Activities Are Performed in the Operations, Support, and Security Phase? 

The purpose of the operation, support, and security phase is to provide ongoing assistance for an information system and its users after the system is implemented. The operations, support, and security phase consists of three major activities: (1) perform maintenance activities, (2) monitor system performance, and (3) assess system security. Organizations today often have a chief security officer (CSO) who is responsible for physical security of an organization’s property and people and also is in charge of securing computing resources. The CSO develops a computer security plan, which sum marizes in writing all safeguards that protect the organization’s information assets.

Chapter 11 Computer Security and Safety, Ethic, and Privacy

 The assignment from
Mr Tri Djoko Wahjono, Ir., M.Sc.  

1. What Are Computer Security Risks, and What Are the Types of Cybercrime Perpetrators?

A computer security risk is any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability. Any illegal act involving a computer is a computer crime; the term cybercrime refers to online or Internet-based illegal acts. Perpetrators of cybercrime include: hacker, cracker, script kiddie, corporate spy, unethical employee, cyberextortionist, and cyberterrorist.

2. What Are Various Internet and Network Attacks, and How Can Users Safeguard against These Attacks?

A computer virus is a potentially damaging program that affects, or infects, a computer negatively by altering the way the computer works without the user’s knowledge or permission. A worm is a program that copies itself repeatedly, using up resources and possibly shutting down the computer or network. A Trojan horse is a program that hides within or looks like a legitimate program. A rootkit is a program that hides in a computer and allows someone from a remote location to take full control of the computer. To take precautions against this malware, do not start a computer with removable media in the drives or ports. Never open an e-mail attachment unless you are expecting the attachment and it is from a trusted source. Disable macros in documents that are not from a trusted source. Install an antivirus program and a personal fi rewall. Stay informed about any new virus alert or virus hoax. To defend against a botnet, a denial of service attack, improper use of a back door, and spoofing, users can install a firewall, install intrusion detection software, and set up a honeypot.

3. What Are Techniques to Prevent Unauthorized Computer Access and Use? 

Unauthorized access is the use of a computer or network without permission. Unauthorized use is the use of a computer or its data for unapproved or illegal activities. Organizations can take measures such as implementing a written acceptable use policy (AUP), a firewall, intrusion detection software, an access control, and an audit trail. Access controls include a user name and password or passphrase, a CAPTCHA, a possessed object, and a biometric device.

4. What Are Safeguards against Hardware Theft and Vandalism? 

Hardware theft is the act of stealing computer equipment. Hardware vandalism is the act of defacing or destroying computer equipment. The best preventive measures against hardware theft and vandalism are common sense and a constant awareness of the risk. Physical devices and practical security measures, such as locked doors and windows, can help protect equipment. Passwords, possessed objects, and biometrics can reduce the risk of theft or render a computer useless if it is stolen.

5. How Do Software Manufacturers Protect against Software Piracy? 

Software piracy is the unauthorized and illegal duplication of copyrighted software. To protect themselves from software piracy, manufacturers issue a license agreement and require product activation.

6. How Does Encryption Work, and Why Is It Necessary?

Encryption prevents information theft and unauthorized access by converting readable data into unreadable characters. To read the data, a recipient must decrypt, or decipher, it into a readable form. An encryption algorithm, or cypher, converts readable plaintext into unreadable ciphertext. Encryption is used to protect information on the Internet and networks.

7. What Types of Devices Are Available to Protect Computers from System Failure? 

A system failure is the prolonged malfunction of a computer. A common cause of system failure is an electrical power variation such as noise, an undervoltage, or an overvoltage. A surge protector, also called a surge suppressor, uses special electrical components to smooth out minor noise, provide a stable current fl ow, and keep an overvoltage from reaching the computer and other electronic equipment. An uninterruptible power supply (UPS) contains surge protection circuits and one or more batteries that can provide power during a temporary loss of power.

8.What Are Options for Backing Up Computer Resources?

A backup is a duplicate of a file, program, or disk that can be used to restore the file if the original is lost, damaged, or destroyed. Users can opt for a full backup or a selective backup. Some users implement a three-generation backup policy that preserves three copies of important files: the grandparent, the parent, and the child. Others use RAID or continuous backup. Most operating systems and backup devices include a backup program.

9. What Risks and Safeguards Are Associated with

Wireless Communications? Wireless access poses additional security risks. Intruders connect to other wireless networks to gain free Internet access or an organization’s confi dential data. Some individuals intercept and monitor communications as they transmit. Others connect to a network through an unsecured wireless access point (WAP), sometimes using the techniques of war driving or war flying. Some safeguards include firewalls, reconfiguring the WAP, and ensuring equipment uses a wireless security standard, such as Wi-Fi Protected Access (WPA) and 802.11i.

10. How Can Health-Related Disorders and Injuries Due to Computer Use Be Prevented? 

A computer-related repetitive strain injury (RSI) can include tendonitis and carpal tunnel syndrome (CTS). Another health-related condition is eyestrain associated with computer vision syndrome (CVS). To prevent health-related disorders, take frequent breaks, use precautionary exercises and techniques, and use ergonomics when planning the workplace. Computer addiction occurs when the computer consumes someone’s entire social life.

11. What Are Issues Related to Information Accuracy, Intellectual Property Rights, Codes of Conduct, and Green Computing? 

Computer ethics govern the use of computers and information systems. Issues in computer ethics include the responsibility for information accuracy and the intellectual property rights to which creators are entitled for their works. An IT (information technology) code of conduct helps determine whether a specific computer action is ethical or unethical. Green computing reduces the electricity and environmental waste while using a computer.

12. What Are Issues Surrounding Information Privacy?

Information privacy is the right of individuals and companies to deny or restrict the collection and use of information about them. Issues surrounding information privacy include the following. An electronic profile combines data about an individual’s Web use with data from public sources, which then is sold. A cookie is a file that a Web server stores on a computer to collect data about the user. Spyware is a program placed on a computer that secretly collects information about the user. Adware is a program that displays an online advertisement in a banner or pop-up window. Spam is an unsolicited e-mail message or newsgroup posting sent to many recipients or newsgroups at once. Phishing is a scam in which a perpetrator attempts to obtain personal or financial information. The concern about privacy has led to the enactment of many federal and state laws regarding the disclosure of data. As related to the use of computers, social engineering is defined as gaining unauthorized access or obtaining confidential information by taking advantage of the trusting human nature of some victims and the naivety of others. Employee monitoring uses computers to observe, record, and review an employee’s computer use. Content filtering restricts access to certain materials on the Web.