Importance of RAD Model

Rapid Application Development (RAD) is an incremental software process model that emphasizes a short development cycle, the RAD model is a "high-speed" adaptation of the waterfall model, in which rapid development is achieved by using a component-based construction approach.   RAD model enables rapid delivery as it reduces the overall development time due to the reusability of the components and parallel development. RAD works well only if high skilled engineers are available and the customer is also committed to achieve the targeted prototype in the given time frame

RAD and prototyping both are conceptually very close. Both have as their goal the shortening of time typically needed in a traditional SDLC between the design and implementation of the information system. Ultimately, both RAD and prototyping are trying to meet rapidly changing business requirements more closely.

Object-oriented software tools, reusable software, prototyping, and fourth-generation language tools are helping systems builders create working systems much more rapidly than they could using traditional systems-building methods and software tools. The term rapid application development is used to describe of time. RAD can include the use of visual programming and other tools for building graphical user interfaces, iterative prototyping of key system elements, the automation of program code generation, and class teamwork among end uses and information systems specialists. Simple systems often can be assembled from prebuilt components. The process does not have to be sequential, and key parts of development can occur simultaneously.

Read More

Importance of Spiral Model

Some people consider the life cycle to be spiral, in which we constantly cycle through the phases at different levels of details as shown in figure. The spiral model is a realistic approach to the development of large-scale systems and software in the light of risks involved. Spiral model demand a direct consideration of technical risks at all stages of the project and if, properly applied, should reduce risks before they become problematic. This Spiral model is a combination of iterative development process model and waterfall model with a very high emphasis on risk analysis. ... It allows incremental releases of the product or incremental refinement through each iteration around the spiral

 

The life cycle can also be thought of as a circular process in which the end of the useful life of one system leads to the beginning of another project that will develop a new version or replace an existing system altogether. The concept of operations is the product of the first iteration, and the requirement are the principal product of the second. In the third iterations, system development produces the design, and the fourth enables testing. With each iteration the risk analysis weights different alternatives in light of the requirements and constraints and prototyping verifies feasibility or desirability before a particular alternative is chosen. When risks are identified the project manager must decide how to eliminate or minimize the risk. If your management demands fixed-budget development (generally a bad idea), the spiral can be a problem : as each circular cycle (planning, analysis, design and implementation) is completed, project cost is revisited and revised. 

Read More

Traditional Systems Life Cycle (Waterfall)

Traditional Systems Lifecycle (Waterfall)

The lifecycle methodology is a very formal approach to building a system, dividing systems development into formal stages that must take place in a sequential order. All the activities in each stage must be completed before the next stage can begin.

The goal of the Traditional System Life Cycle is to keep the project under control and assure that the information system produced, satisfies the requirements. The traditional system life cycle divides the project into four phases, i.e. 

1. Planning
2. Analysis
3. Design
4. Implementation

SDLC aims o produce high quality systems that meet or exceed customer expectations, based on customer requirements, by delivering systems which move through each clearly defined phase, within scheduled time-frames and cost estimates.

In many ways, building an information systems is similar to building a hospital. First, the hospital (or the information system) starts with a basic idea. Second, this idea is transformed into a simple drawing that is shown to the customer (owner of the hospital) and refined (often through several drawing, each improving on the other) until the customer agrees that the picture depicts what owner of the hospital wants (customer).

Planning:

The planning phase is the fundamental process of understanding why an information system should be built and determining how the project team will go about building it. The first phase of SDLC, in which an organizations total information system needs are analyzed and arranged, and in which a potential information systems project is identified and an argument for continuing or not continuing with the project is presented.  

Analysis:

The second phase of SDLC in which the current system is studied and alternative replacement systems are proposed. The analysis phase answers the questions of who will use the system, what the system will do, and where it will be used. During this phase, project team investigates any current system identifies improvement opportunities, and develops a concept for the new system.

Design:

The third phase of SDLC in which the system chosen for development in systems analysis is first described independently of any computer platform, (logical design) and is then transformed into technology – specific details (physical-design) from which all programming and system construction can be accomplished. The design phase decides how the system will operate in terms of the hardware, software, and network infrastructure that will be in place; the user interface, forms, and reports that will be used; and the specific programs databases, and files that will be needed. Although most of the strategic decisions about the system are made in the development of the system concept during the analysis phase, the steps in the design phase determine exactly how the system will operate.

Implementation:

The final phase is SDLC is the implementation phase, during which the system is actually built (or purchased, in case of packaged software design). This is the phase that usually gets the most attention, because for most systems it is the longest and most expensive single part of the development process. This phase has three steps.

(i) First step – System construction

(ii)   Second step – Installation of system process

(iii)   Third step – Support plan for the system

The system life cycle is still used for building large complex system that require a rigorous and formal requirements analysis, predefined specifications, and tight controls over the systems – building process. However, the systems life cycle approach can be costly, time consuming, and inflexible. Although systems builders can go back and forth among stages in the life cycle, the systems life cycle is predominantly a "Waterfall" approach in which tasks in one stage are completed before work for the next stage begins. The Waterfall model, sometimes called the classic-life cycle, suggests a systematic sequential approach to software development that begins with customer specification of requirements and progress through planning, modeling, construction, and deployment culminating in – on – going support of the completed software.

The waterfall model can be very useful in helping developers layout what they need to do. Its simplicity makes it easy to explain to customers who are not familiar with software development; it makes explicit with intermediate products are necessary in order to begin the next stage of development. Many other, more complex models are really just embellishments of the waterfall, incorporating feedback looks and extra activities.

Read More

The Response Techniques to maintain Information Security

The response is a reaction after something is done to disturb security or something constituting a reply or a reaction to safe data/information.

Response Techniques : (i) Backups (ii) Incident Response team (iii) Computer Forensics 

Backups:

Data backups are an essential element of good storage security and overall business resilience, but they're often the source of many security woes. In fact, a significant percentage of security breaches can be attributed to the mismanagement of data backups. Many storage professionals responsible for backups believe that the mere existence of a process for replicating sensitive data is all that's needed to keep the organization secure.

Data/Information backup services provide companies the protection they need to keep all of their data secure. With these services in place, businesses can confidently access, review, and safeguard their data – and their customers' data – from both accidental and malicious data loss events.

Incident Response Team

Too often information security incident response plans, disaster recovery and business continuity plans are not aligned with the overall corporate crisis management process. Now, more than ever, an organisation must be able to quickly respond to a security breach, both from a tactical response and via a strategic corporate message. It is essential  to have response team in any organisation for above purposes.

Similar efforts go into building, managing, exercising and maintaining both security incident response plans and overall corporate crisis management plans. The struggles organizations encounter, while developing these plans, also tend to be similar. Building awareness, understanding roles and responsibilities, allocating time and resources (financial and human), can all be impediments to sound response plans.

There are two types of security Incident response teams (IRTs) within an organization, a strategic team and a tactical team. The strategic team focuses on the overall direction of top management of organisation. It is notified by the tactical team about every incident and determines whether executive management needs to be notified. If the incident impacts a large percentage of the organisation (e.g., a distributed denial of service attack), the strategic team will be notified and the head of that team will alert the executives.

Computer Forensics

Although it is most often associated with the investigation of a wide variety of computer crime, computer forensics may also be used in civil proceedings. The discipline involves similar techniques and principles to data recovery, but with additional guidelines and practices designed to create a legal audit trail. Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. Evidence from computer forensics investigations is usually subjected to the same guidelines and practices of other digital evidence.

Read More

Detection Techniques can help maintain Information security

Detection techniques can help to maintain Information Security. Precautions can be taken at early stage.

A security breach is any incident that results in unauthorised access to computer data, applications, network or devices. It results in information being accessed without authorisation. Typically, it occurs when an intruders is able to bypass security mechanisms.

Detection : the action of stopping something after detection of security breach

1. Audit Logs
2. Intrusion Detection System
3. Honeypots

An audit log is a record of events and changes. IT devices across your network create logs based on events. Audit logs are records of these event logs, typically regarding a sequence of activities or a specific activity. Audit logs don't always operate in the same way. Event-based logs usually contain records describing system events, application events, or user events. 

Audit logs enable your security team to reconstruct events after a problem occurs. The documentation provides your security administrator with the information needed to recover rapidly from an intrusion. Security Audit Log to record security-related system information such as changes to user master records or unsuccessful logon attempts. 

An Intrusion Detection System (IDS) is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered. It is a software application that scans a network or a system for harmful activity or policy breaching. A hardware appliance or software designed to detect, alert on, and report malicious attacks and unauthorised misuse on a network or host. An IDS does not do anything about the attach, it simply raises and alert.

Honeypot is a host-based IDS where the entire system is created solely to monitor, detect, and capture security threats against. or it can be defines as  A honeypot is a computer or computer system intended to mimic likely targets of cyberattacks. It can be used to detect attacks or deflect them from a legitimate target. It can also be used to gain information about how cybercriminals operate.  Those honeypots can alert the security team when someone is poking around where they should not, he says. While honeypots have been used widely by researchers to study the methods of attackers, they can be very useful to defenders as well.

Read More

Prevention Techniques to maintain security

Information Security is concerned with protecting information and information resources. Information can be protected with the help of elements are : Prevention, Detection and Response 

Prevention: the action of stopping something from happening or arising.

(i)  Access Controls

(ii) Firewalls

(ii) Encryption

Access control is a method of guaranteeing that users are who they say they are and that they have the appropriate access to information of organisation. At a high level, access control is a selective restriction of access to information. It consists of two main components: authentication and authorisation. Access control is a security technique that regulates who or what can view or use resources in a computing environment. ... Physical access control limits access to campuses, buildings, rooms and physical IT assets.

A firewall is a security device — computer hardware or software — that can help protect your network by filtering traffic and blocking outsiders from gaining unauthorized access to the private data/information on your computer. ... Firewalls can provide different levels of protection. A firewall can be implemented in either hardware or software form, or a combination of both. Firewalls prevent unauthorized Internet users from accessing private networks connected to the internet, especially intranets.

Encryption is the process of converting information or data into a code, especially to prevent unauthorized access. Data or information, encryption translates data or information into another form, or code, so that only people with access to a secret key (formally called a decryption key) or password can read it.  The plaintext is the original form of message and Encrypted data is commonly referred to as ciphertext.

Read More

Phases of System Development Methodology

It is a methodology for systematically organizing the best ways to develop systems efficiently. It includes, for example, descriptions of work to be performed at each phase of the development process and drafted documents. System development methodology consists of eight phases. A system development methodology refers to the framework that is used to structure, plan, and control the process of developing an information system

1. Survey Phase:  The survey phase is also sometimes called a preliminary investigation or feasibility study. The purpose of the survey is threefold. First, the survey phase answers the question. "It this project wroth looking at" To answer this question, the survey phase must define the scope of this project and the perceived problems, opportunities, and directives that triggered the project. Assuming the project is worth looking at, the survey phase must also establish the project team and participants, the project budget, and the project schedule.
2. Study Phase: The study phase identified and analyzed both the business and technical problem domains for specific problems, causes and effects. First, the project team, must gain an appropriate understanding of the business problem domain. Second, we need to answer the question," Are these problems (opportunities and directives) worth solving?" Finally, we need to determine if the system is worth developing. the study phase provides the system analyst and project team with a more thorough understanding of the problems, opportunities, and/or directives that triggered the project. In the process, they frequently uncover new problems and opportunities.
3. Definition Phase: The definition phase identifies and analyses business requirements that should apply to any possible technical solution to the problems. Essentially, the purpose of requirements analysis is to identify the DATA, PROCESS, INTERFACE, GEOGRAPHY requirements for the users of a new system. Most importantly, the purpose is to specify these requirements without expressing computer alternatives and technology details; at this point, keep analysis at the business level.
4. Configuration Phase: The configuration phase identifies and analyzes candidate technical solutions that might solve the problem and fulfill the business requirements. The result in the feasible application architecture. There are almost always multiple candidate solutions to any set of business requirements. The purpose of the configuration phase is to identify candidate solutions, analyze these candidate solutions, and recommended a target system that will be designed and implemented. 
5. Procurement Phase: The procurement phase (optional) identifies and analyzes hardware and software products that will be purchased as part of the target solution. The purpose of the procurement phase is to research the information technology marketplace, solicit vendor proposals, and recommend (to management) the proposal that best fulfills the business and technology requirements. Why include this phase in a methodology? The selection of hardware and software takes time. Much of that time can occur between order and delivery. This time lag must be figured into the methodology to schedule the subsequent life cycle phases.
6. Design Phase: The design phase specifies the technical requirements for the target solution. Today, the design phase typically has significant overlap with the construction phase. The purpose of the design phase is to transform the business requirements from the definition phase into a set of technical design blueprints for construction. 
7. Construction Phase: The construction phase builds and tests the actual solution (or interim prototype of the solution). The purpose of the construction phase is twofold (i) to build and test a functional system that fulfills business and design requirements, and (ii) to implement the interfaces between the new system and existing production systems.
8. Delivery Phase: The delivery phase puts the solution into daily production. The purpose of the delivery phase is to install, deploy, and place the new system into operation or production. During system development, by-products are stored in the following data stores:

1. A repository is a place where documentation about the system is store.
2. The database is where actual business data will be stored.
3. The program library is where application software will be stored.

System support is the ongoing maintenance of a system after it has been placed into production. This includes program maintenance and system improvement.

Read More

Information Security

Information Security refers to the processes and methodologies which are designed and implemented to protect the print, audio, video, digital, or any other form of confidential, private, and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption.

Definitions of information security are suggested below: Preservation of confidentiality, integrity, availability, reliability accountability, and authenticity of the information or in other words, the protection of information from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. The fundamental principles of information security are confidentiality, integrity, and availability. 

1. Confidentiality – means information is not disclosed to unauthorized individuals, entities and process. 
2. Integrity – means maintaining the accuracy and completeness of data. 
3. Availability – means information must be available when needed.

In any organisation, Information Security is the process of protecting the intellectual property of an organisation. Information security is a risk management discipline or protection of information.

Information is created, processed, stored, transmitted, and destroyed, free from threats in any organisation. Threats to information or information systems belong to organisation may be categorized and a corresponding security goal may be defined for each category of threats. 

A set of security goals, identified as a result of a threat analysis. The currently relevant set of security goals may include: confidentiality, integrity, availability, privacy,"Information security is the protection of information and minimises the risk of exposing information to unauthorised parties.

Information system-related security risks are those risks that arise from the loss of confidentiality, integrity, or availability of information or information systems and reflect the potential adverse impacts to organisational operations (including mission, functions, image, or reputation), organisational assets, ...

To begin risk assessment, take the following steps:

1. Find all valuable assets across the organization that could be harmed by threats in a way that results in a monetary loss. ...
2. Identify potential consequences. ...
3. Identify threats and their level. ...
4. Identify vulnerabilities and assess the likelihood of their exploitation.

Read More

System Development Methodology

System development methodologies are frequently confused with the system development life cycle. System development methodology in software engineering is a framework that is used to structure, plan, and control the process of developing an information system. System development methodology can be defined as : 

A methodology is the physical implementation of the logical life cycle that incorporates.

1. Step-by-step activities of each phase.
2. Individual and groups roles to be played in each activity
3. Deliverables and quality standards for each activity and 
4. Tools and techniques to be used for each activity.

Two points are important. First, a time methodology should encompass the entire system development life cycle.  Second most modern methodologies incorporate the use of several development tools and techniques. In reality, SDLC and system development methodology are one and the same. The intent of the life cycle is to plan, execute, and control a system development project. It defines the phases and tasks that an essential to systems development, no matter what type or size system you may try to build. 

The following principles should underlie all system development methodologies.

• Get the owner and users involved 
• Use a problem-solving approach. The life cycle is such an approach.
• Establish phases and activities.
• Establish standards for consistent development and documentation.
• Justify systems as a capital investment.
• Don't be afraid to cancel the project or revise scope.
• Divide and conquer
• Design systems for growth and change

Read More

The Role and Tasks of System Analyst

The role and tasks of a systems analyst are as:

• The systems analyst plays a key role in information systems development projects. The system analyst assists and guides the project team so that the team develops the right system in an effective way.
• A system analyst facilitates the study of business problems and needs to determine how the business system and information technology can best solve the problem and accomplish improvements, for the business.
• A system analyst uses a system problem-solving approach called a System development life cycle. It includes steps for project planning, problem analysis, requirement analysis, solutions analysis, solution design, solution construction, solution implementation, and solution refinement.
• The system perspective of the system analyst extends beyond technology to include people, data, processes, interfaces, and networks.
• Systems analysts act as facilitators who co-ordinate system and application development with uses, management, and other information technologists.
• Systems analysts require a broad knowledge and skill technology, computer programming knowledge and skill set including a working knowledge of systems and technology, computer programming, general business, problem-solving, interpersonal communications, interpersonal relations, flexibility and adaptability, character and either, and formal system analysis and design.

An organization and technology have become more complex, most large organization, now build project teams that incorporate several analysts with different, but complementary, areas of specialization. 

Read More

System Development Life Cycle

In systems engineering, information systems and software engineering, the Systems Development Life Cycle (SDLC), also referred to as the application development life-cycle, is a process for planning, creating, testing, and deploying an information system.

The concept of the systems development life cycle applies on hardware, software and a combination of both. The system can be build with the help of hardware only, software only, or a combination of hardware and software.

Software Development Life Cycle (SDLC) is a process used by the software developer to design, develop, and test high-quality software. The SDLC aims to produce high-quality software that meets customer expectations, reaches completion within times and cost estimates.

Why SDLC is important for developing a software system?

1. provides a basis for project planning, scheduling, and cost estimating
2. provides a framework for a standard set of activities.
3. provides a mechanism for project development/ tracking and control along with project planning.

Software Development Life Cycle is a process that composed of a number of clearly defined and distinct work phases that are used by an information technology resource, such as systems engineering and system developers to plan for design, build, test, and deliver information systems.

In many ways, building an information system is similar to building a hospital. First, the hospital (or the information system) starts with a basic idea. Second, this idea is transformed into a simple drawing that is shown to the customer (owner of the hospital) and refined (often through several drawings, each improving on the other) until the customer agrees that the picture depicts what the owner of the hospital wants (customer).

Third, a set of blueprints is designed that presents much more detailed information about the hospital (e.g. the type of water faucets, where the telephone jacks will be placed). Finally, the hospital is built following the blueprints and often with some changes and decisions made by the customer as the hospital is erected. 

Similarly, when developing information systems, most organizations use a standard of steps called the systems development life cycle (SDLC) at the common methodology for system development. SDLC has a similar set of four fundamental phases : 

1. System Planning

2. System Analysis

3. System Design

4. System Implementation,

Different projects may emphasize different parts of the SDLC or approach the SDLC phases in different ways, but all projects have elements of these four phases. Each phase is itself composed of a series of steps, which rely on techniques that produce deliverables (specific documents and files that provide understanding about the project).

Read More