COURSE CODE: CAP 417

COURSE NAME:
Planning and Managing IT
Infrastructure
HOMEWORK 4

Submitted To– Submitted By-

Lect. Pankaj Sharma Surendra
MCA 4th SEM
D3804A15
10806601
Declaration:
I declare that this assignment is my individual work. I have not copied from any other
student’s work or from any other source except where due acknowledgment is made
explicitly in the text, nor has any part been written for me by another person.
Student’s Signature:
surendra
Evaluator’s comments:
_____________________________________________________________________
Marks obtained: ___________ out of ______________________
Content of Homework should start from this page only:
PART A:

Q.1) like hardware is developed by following some architecture, similarly

software is developed by following some architecture? Take suitable
examples to discuss the various architectures for the development of the
software?
Answer: The architecture of the hardware is developed on the basis of the
models which are created by the ISO and software also. There are much
architecture that is used to develop the software and hardware. There
architecture having some steps for developing the software and hardware.
The software creation is depending on the type of the application which you
want to create.
For example, the client/server architecture can support a wide variety of
systems across many different industries, and a typical office building can
house many different kinds of businesses. Thus, we might start by looking for
software components that support a wide variety of application areas in the
same way that network architectures or building components.
Every organization have to follow any kind of architecture for developing
the hardware and software. These kind of architecture is called enterprise
architecture. Enterprise architecture is the way or the set of rules or models
that help us to develop the technical implementation or an organization.
The software architecture of computing system is the structure or structures
of the system, which comprise software components, the externally visible
properties of those components, and the relationships between them. The
term also refers to documentation of a system's software architecture.
Documenting software architecture facilitates communication between
stakeholders, documents early decisions about high-level design, and allows
reuse of design components and patterns between projects.
Software architecture is commonly organized in views.

There are various architecture for developing the software:

• Centralized Architecture:
Software Application resides on a Central Server. For full redundancy, the
computer system is backed up by another system. The system allows access
and forward events to other consoles on network. The centralized
Architecture for distributed application, which may involve multiple
processes and depends on one central process to serialize all events.
Serialization is necessary to make sure that actions performed by multiple
participants in a conversation are in a single consistent order, so that all
participants will perceive a consistent view of the order of events.

Advantages of centralized Architecture

• Developers can use powerful development tools to develop reusable
application components, instead of using more limited stored procedure
languages.
• Administrators can replicate application components to run on multiple
machines simultaneously. This spreads client loads across multiple machines
and enables higher availability, scalability, and performance. Application
component replication (as opposed to data replication) is not possible with
two-and-a-half–tiered architectures, because stored procedures must run in a
single database.

Client-server architecture:

Under the structure of the client-server architecture, a business's computer

network will have a server computer, which functions as the "brains" of the
organization, and a group of client computers, which are commonly called
workstations. The server part of the client-server architecture will be a large-
capacity computer, perhaps even a mainframe, with a large amount of data
and functionality stored on it. The client portions of the client-server
architecture are smaller computers that employees use to perform their
computer-based responsibilities.

Service Oriented Architecture (SOA):

Service Oriented Architecture (SOA) is a business-centric IT architectural

approach that supports integrating your business as linked, repeatable
business tasks, or services. With the Smart SOA approach, you can find value
at every stage of the SOA continuum, from departmental projects to
enterprise-wide initiatives.
So the hardware architecture is depending on the type of organization need
and the budget of the organization. Because the hardware architecture is the
collection of the hardware includes the wire, server configuration,
commercial system.

Q.2) Software architecture and enterprise architecture plays an

important role in the overall functioning of an enterprise and this
architecture should be well planned? Comment on the statement and site
some real world examples to illus tare their importance in an
organization?
Answer:
Enterprise architecture (EA) is a rigorous description of the structure of an
enterprise, its decomposition into subsystems, the relationships between the
subsystems, the relationships with the external environment, the terminology
to use, and the guiding principles for the design and evolution of an
enterprise. This description is comprehensive, including enterprise goals,
business functions, business process, roles, organizational structures,
business information, software applications and computer systems.
Practitioners of EA call themselves "enterprise architects." An enterprise
architect is a person responsible for developing the enterprise architecture
and is often called upon to draw conclusions from it. By producing enterprise
architecture, architects are providing a tool for identifying opportunities to
improve the enterprise, in a manner that more effectively and efficiently
pursues its purpose.
The term "enterprise" is used because it is generally applicable in many
circumstances, including

o Public or Private Sector organizations

o An entire business or corporation
o A part of a larger enterprise (such as a business unit)
o A conglomerate of several organizations, such as a joint venture or
partnership
o A multiply-outsourced business operation

Software architecture is commonly defined in terms of structural elements

and relationships. Structural elements are identified and assigned
responsibilities that client elements interact with through "contracted"
interfaces.
The software architecture of a program or computing system is the structure
or structures of the system, which comprise software components, the
externally visible properties of those components, and the relationships
among them.
Software architecture is combination of following concerns:

• Not Fail
• Extensible to extent.
• Easily Maintained.
• Easily debuggable.
• Loosely coupled among integrated components/modules.
• Platform independent if possible.
• Documented enough so that can be viewed in papers.
• Optimizable coding

Q.3) Ethics play an important role for the functioning of any

organization. Comment on the statement and discuss the various ethics
and ethical officer in case of an IT company?
Answer:
Business ethics (also known as corporate ethics) is a form of applied ethics or
professional ethics that examines ethical principles and moral or ethical
problems that arise in a business environment. It applies to all aspects of
business conduct and is relevant to the conduct of individuals and business
organizations as a whole. Applied ethics is a field of ethics that deals with
ethical questions in many fields such as medical, technical, legal and business
ethics.
Ethics play the most important role in any business, and they are the key to
its success. We all hear of business ethics and standards all the time. Have
you ever wondered what defines these ethics and standards? Every company
expects a standard pattern of behavior from their employees on some
common grounds. They draw a line for behavior, and the employee cannot
cross that line.
Companies that have very high standards of ethics invariably start their code
by saying all employees should be treated with dignity and respect.
Employees are not allowed to give falsified information to anyone. These are
some of the main elements of business ethics.
Having a listed set of codes and rules helps a business to be more effective in
their business practices. There would be several departments in a business
like finance, sales, marketing, HR and so on. If they do not have ethics and
moral codes in place, employees can take the power given to them as granted.
Morals and ethics defined by a business to their employees act like a moral
police. Once an employee knows and understands that certain act would
warrant a severance on non ethical grounds, they will refrain from doing it.

PART B:

Q.4) various ethics standards are set for the ethical officer of a
corporate? What are those standards and what are the potential
advantages of following those standards?
Answer:
Principles, which when followed, promote values such as trust, good
behavior, fairness, and/or kindness. There is not one consistent set of
standards that all companies follow, but each company has the right to
develop the standards that are meaningful for their organization. Ethical
standards are not always easily enforceable, as they are frequently vaguely
defined and somewhat open to interpretation ("Men and women should be
treated equally," or "Treat the customer with respect and kindness."). Others
can be more specific, such as "Do not share the customer's private
information with anyone outside of the company."
• Determine corporate values
• Create ethics & compliance training programs
• Guide employees in making the right decision
• Create reporting systems
• Investigate reports of unethical activity
• Report to executive management and the Board of Directors
Duties of the Ethics Officer
The duties of the city Ethics Officer include, but are not limited to the
following:

1. Develop policies, programs and strategies to deal with all ethics-related

matters;

2. Develop training and education programs in coordination with the General

Counsel and the Jacksonville Ethics Commission;
3. Assist in the selection of Department Ethics Officers;

4. Assist departmental and agency ethics officers in training and education;

5. Conduct meetings with any or all of the departmental and agency ethics
officers as well as senior management to discuss or provide advice on ethics
issues;

6. Obtain copies of all reports and disclosures made pursuant to state law by
persons subject to the Code if such reports and disclosures are substantially
similar to reports and disclosures required under the Code and if a person
may rely on such state report or disclosure pursuant to Section 602.455 to
eliminate filing similar information under the Code;

7. Maintain a directory of where all reports and disclosures filed pursuant to

the Code may be obtained;

8. Encourage compliance with the spirit and letter of ethics laws;

9. Review the Code and other applicable laws and regulations periodically
and recommend any appropriate changes to the Ethics Commission;

10. Act as the liaison between the Ethics Commission and the officers and
employees of the city;

The aim of these guidelines is to enable the social researcher’s individual

ethical judgements and decisions to
be informed by shared values and experience, rather than to be imposed by
the profession. The guidelines therefore seek to document widely held
principles of research and to identify the factors which obstruct their
implementation. They are framed in the recognition that, on occasions, the
operation of one principle will impede the operation of another, that social
researchers, in common with other occupational groups, have competing
obligations not all of which can be fulfilled simultaneously. Thus, implicit or
explicit choices between principles will sometimes have to be made.
Q.5) IT and E-Business has the major impact on the each and every part
of business and in our lives and it has revolutionized the way business
are done but it has also brought cyber crime threats to security of
computers and other security issues ? Comment on the statement and by
taking some suitable real world examples write down the various
security related problems and cyber crime and some measures to prevent
cyber crime?
Answer:
The implications of all this for business are far-reaching. They suggest that there is
a need for major changes in thinking about cyber-security and in planning and
implementing security measures. These are particularly important if e -commerce is
to reach its full potential and if individual companies are to avoid significant losses
as a result of criminal activities. Perhaps the most important changes are in
thinking. This has two distinct but overlapping dimensions: security has to be
understood in b road rather than narrow terms, and security can no longer be an
after-thought, but needs to be part of intelligence, planning, and business strategy.
With this in mind, there are several specific recommendations that need to be
considered carefully by firms in the high-tech sector.
1. Recognize the real problem is crime, not hacking
Organized crime and cyber-crime are becoming an increasingly salient component
of the business environment. Disruption, denial of service, and web site
defacements will continue to be problems, but exploitation of access to information
systems for profit is likely to become more pervasive. The trend towards accessing
business systems, highlighting security holes, and offering one’s services for a
significant fee, for example, is a thinly veiled form of extortion. As such, it is very
difficult from traditional hacking that is designed to highlight security problems and
ways of dealing with them as simply a demonstration of expertise.
2. Business intelligence needs to include criminal intelligence analysis
Indeed, criminal intelligence analysis needs to be integrated fully into business
intelligence; risk assessment needs to incorporate criminal threats; and cybersecurity
needs to be conceptualized as part of a broader security problem that cannot be
understood or dealt with in strictly technical terms. Defending against
such contingencies requires that high-tech firms develop broad security programs
that incorporate cyber-security into a much broader program. Cyber-security
needs to be one component of a broader security program that includes
personnel, physical assets, the provision of services, and financial assets. An
arrangement in which the security officer is responsible for cyber-security as part
of a comprehensive mandate is likely to be more effective and appropriate than
one in which cyber-security is seen as a distinct portfolio separate from other
components of security.
3. Beware of infiltration
If cyber-extortion is likely to be a growing problem, another danger is that the hightech
industry is vulnerable to infiltration by organized crime, especially when
seeking foreign partners. Consequently, the kind of due diligence exercise that has
long been common in the banking sector needs to be extended to other industries.
For bankers “know your customer” has become standard practice. For the hi-tech
business, it is perhaps even more important to know your partners, especially
when they are from another country.
Be sensitive to money laundering opportunities
Companies offering financial services on the Internet – and particularly those
offering mechanisms to facilitate financial transactions – need to take steps to
identify opportunities for money laundering. Once this is done, they need to
introduce safeguards to close loopholes and prevent money laundering. The more this is
done by the firms themselves, the less likely they are to be embarrassed
and the less likely they will be subject to government regulation.
5. Develop partnerships and information-sharing arrangements
Another response to the growing overlap between organized crime and cybercrime
is to develop a working partnership with government and law enforcement
agencies. Once again, there are precedents for this in other sectors. In recent
years, the major oil companies, although very competitive with one another,
established information sharing arrangements and worked very closely with law
enforcement to minimize infiltration by organized crime figures and criminal
companies.

Responding to the challenge

Given the difficulty in identifying cybercriminals and the virtual
impossibility of bringing judicial action against the perpetrator of a crime that
was committed in cyberspace, there is slim hope of any government body
taking action to reduce the impact of cybercrime. The onus is therefore on the
brand owners to protect their own names, reputations and profits. But how?

Create accountability – realise that the problem is large and multi-

disciplinary; addressing it successfully requires a co-ordinated response from
professionals in many departments including legal, IT, security, brand and
product management, or online commerce business units. Make sure your
company is clear about who needs to be involved and who will lead the
effort.
Put the problem into perspective – think clearly through the costs
associated with online brand abuse for your company – they’re probably
bigger than you think. Aside from direct losses, consider damage to brand
equity and business reputation.

Use the latest tools to fight the problem – some companies offer
technologies and services to help corporations fight and overcome these
issues. Waiting for your customers to inform your company about specific
abuses or searching your brand names is not enough.

Be relentless – companies that actively police online brand abuse and

respond to it make themselves unattractive to online criminals. Banks that
actively monitor and respond to phishing attacks often experience a dramatic
decrease in ongoing attacks as the criminals seek out easier targets.

Whilst everyone knows that the business impact of the internet is growing,
comparatively few recognise that the opportunities for cybercrime are also
growing, and exponentially.

Brand owners have a clear economic incentive to take action, with their
heavily invested reputations under attack from a sophisticated and well
organised set of cybercriminals intent on profiting from their good name at
every turn.
Q.6) there are various types of attacks possible on the information a
company contains; make a list of these attacks by taking suitable
examples?
Answer:

Introduction:
This is age of information technology if there is some profit but also the fear
of many security attacks by the hackers or crackers. Today is the person is
doing his work through using the modern technology.

The first half of 2008 has seen an explosion in threats spread via the web, the
preferred vector of attack for financially-motivated cybercriminals. On
average, Sophos detects 16,173 malicious WebPages every day - or one every
five seconds. This is three times faster than the rate seen during 2007.

The corporate information security is divided into two parts;

1. Information Domains: Understanding corporate security is about
understanding what the key assets in the company are. Today, the key
asset is often information. But information alone is not enough;
knowledge of how to use valuable information is needed to provide a
competitive edge. The value of information may depend on being secret
and accurate.
Three "information domains" are defined:
Physical
Social/Personal
Logical or Network
2. Domain Interfaces:
Each of these domains contains interfaces to the outside world.

Threats
The domain interfaces can be subject to various types of threats, for example:

Logical or Network:
(0) Telephone/voicemail security is often forgotten about; threats involve
attackers telephoning cheaply internationally, listening to voicemail messages
and possibly unauthorized access to the Intranet (if an interface to the Intranet
exists).
(1) Dial-up networks can be an easy entry point for attackers, as they are
often less well protected or monitored than Internet connections. Typical
attacks are identity spoofing leading to unauthorized access. Analog
connections are easier to eavesdrop.

(2) The Internet connection offers a way to communicate with millions of

people globally, but is difficult to control due to it's complex and dynamic
nature. A wide range of attacks are possible: eavesdropping, identity
spoofing, denial of service.

(3) Connections to vendors/partners are often not secured enough, due to lack
of time/resources, or belief in security through obscurity. They can be used as
an attack point by Partner organizations (Partners don't always stay
partners...) and also for attackers who have already penetrated the Partner's
network.
Threats: unauthorized access, denial of service.

(4) Wide area networks are used to extend the corporate Intranet to many
remote areas. The cabling probably passes through public zones. The
complexity of Wide Area Networks can serve as a deterrent to attackers, but
is it enough? How much can you trust network providers? The main threats
are eavesdropping, denial-of-service and possibly identity spoofing.

Social / Personal:
(5) Social engineering can be used to trick personnel into divulging
information or providing access.

(6) Helpdesks may also be subject to social engineering, providing modem

numbers, passwords etc. unwittingly to unauthorized persons.

The other key threats are misuse of privileges, illegitimate use and mistakes.

Physical:
(7) Many people who are not employees will have access to buildings in one
way or another. Threats include theft, damage and copying.
(8) Sensitive information, if not securely disposed of, will yield a valuable
resource to attackers. The main threat is unauthorized access to information.

Other physical threats include laptop theft, natural disasters and loss of media
during transport.

These threats can result in critical information being lost, copied, deleted,
accessed or modified, or services no longer functioning (loss of
confidentiality, integrity or availability).