PhilNITS (IT Passport Exam Preparation Book)
December 18, 2016 | Author: Dennis Ray G Dumaguin | Category: N/A
Short Description
Download PhilNITS (IT Passport Exam Preparation Book)...
Description
IT Passport Exam Preparation Book
CONTENTS About this Book ................................................................... 1 Overview of Examination .................................................... 4 Scope of Questions.............................................................. 8
IT Passport
Strategy ---------------------------------------------------------------------- 12
Chapter 1
Corporate and legal affairs............................ 14
1-1 Corporate activities ---------------------------------------- 15 1-1-1 1-1-2 1-1-3
Management and organization ............................................. 15 OR (Operations Research) and IE (Industrial Engineering) .... 21 Accounting and financial affairs .......................................... 37
1-2 Legal affairs --------------------------------------------------- 43 1-2-1 1-2-2 1-2-3 1-2-4 1-2-5
Intellectual property rights.................................................... 43 Laws on security .................................................................... 48 Laws on labor and transaction ............................................. 49 Other legislation, guidelines, and engineer ethics ............. 52 Standardization ...................................................................... 56
1-3 Chapter quiz --------------------------------------------------- 60
i
Chapter 2
Business strategy .......................................... 64
2-1 Business strategy management --------------------- 65 2-1-1 2-1-2 2-1-3 2-1-4
Business strategy techniques .............................................. 65 Marketing ................................................................................ 70 Business strategy and goal/evaluation ............................... 72 Business management systems .......................................... 74
2-2 Technological strategy management ------------- 75 2-2-1
Technological strategy planning and technology development planning ........................................................... 75
2-3 Business industry---------------------------------------------77 2-3-1 2-3-2 2-3-3 2-3-4
Business system.................................................................... 77 Engineering system ............................................................... 82 E-business .............................................................................. 83 Consumer appliances and industrial devices ..................... 85
2-4 Chapter quiz --------------------------------------------------- 86 Chapter 3
System strategy ............................................. 90
3-1 System strategy --------------------------------------------- 91 3-1-1 3-1-2 3-1-3
Concept of information systems strategy ........................... 91 Concept of business process ............................................... 92 Solution business .................................................................. 99
3-2 System planning ------------------------------------------- 102 3-2-1 3-2-2 3-2-3
Computerization planning................................................... 102 Requirements definition ...................................................... 104 Procurement planning and implementation ...................... 105
3-3 Chapter quiz ------------------------------------------------- 109
ii
IT Passport
Management --------------------------------------------------------------112
Chapter 4
Development technology ............................. 114
4-1 System development technology ----------------- 115 4-1-1 4-1-2
Process of system development ........................................ 115 Software estimation ............................................................. 125
4-2 Software development management techniques ---------------------------------------------------- 126 4-2-1
Software development process and methods .................. 126
4-3 Chapter quiz ------------------------------------------------- 129 Chapter 5
Project management ................................... 130
5-1 Project management ------------------------------------ 131 5-1-1 5-1-2
Project management............................................................ 131 Project scope management ................................................ 133
5-2 Chapter quiz ------------------------------------------------- 138 Chapter 6
Service management ................................... 140
6-1 Service management------------------------------------ 141 6-1-1 6-1-2 6-1-3 6-1-4
Service management ........................................................... 141 Service support .................................................................... 143 Service delivery.................................................................... 144 Facility management ........................................................... 146
6-2 System audit ------------------------------------------------- 147 6-2-1 6-2-2
System audit......................................................................... 147 Internal control ..................................................................... 150
6-3 Chapter quiz ------------------------------------------------- 152
iii
IT Passport
Technology ---------------------------------------------------------------- 154
Chapter 7
Basic theory ................................................. 156
7-1 Basic theory ------------------------------------------------- 157 7-1-1 7-1-2 7-1-3
Discrete mathematics .......................................................... 157 Applied mathematics ........................................................... 162 Theory of information .......................................................... 166
7-2 Algorithms and programming ----------------------- 171 7-2-1 7-2-2 7-2-3 7-2-4
Data structures..................................................................... 171 Algorithms ............................................................................ 174 Programming and programming languages ..................... 179 Markup languages ............................................................... 180
7-3 Chapter quiz ------------------------------------------------- 183 Chapter 8
Computer system ......................................... 186
8-1 Computer component ----------------------------------- 187 8-1-1 8-1-2 8-1-3
Processor ............................................................................. 187 Storage device ..................................................................... 190 Input/Output devices ........................................................... 199
8-2 System component --------------------------------------- 204 8-2-1 8-2-2
System configuration .......................................................... 204 System evaluation indexes ................................................. 208
8-3 Software ------------------------------------------------------- 212 8-3-1 8-3-2 8-3-3 8-3-4
OS (Operating System)........................................................ 212 File management.................................................................. 214 Development tools ............................................................... 218 OSS (Open Source Software) ............................................. 221
8-4 Hardware ------------------------------------------------------ 223 8-4-1
Hardware............................................................................... 223
8-5 Chapter quiz ------------------------------------------------- 229
iv
Chapter 9
Technology element .................................... 234
9-1 Human interface ------------------------------------------- 235 9-1-1 9-1-2
Human interface technology............................................... 235 Interface design ................................................................... 236
9-2 Multimedia ---------------------------------------------------- 240 9-2-1 9-2-2
Multimedia technology ........................................................ 240 Multimedia application ........................................................ 243
9-3 Database------------------------------------------------------- 247 9-3-1 9-3-2 9-3-3 9-3-4
Database architecture ......................................................... 247 Database design .................................................................. 250 Data manipulation ................................................................ 253 Transaction processing....................................................... 255
9-4 Network -------------------------------------------------------- 258 9-4-1 9-4-2 9-4-3
Network architecture ........................................................... 258 Communications protocols ................................................ 267 Network application ............................................................. 272
9-5 Security -------------------------------------------------------- 279 9-5-1 9-5-2 9-5-3
Information assets and information security .................... 279 Information security management ..................................... 284 Information security measures/information security implementation technology ................................................ 288
9-6 Chapter quiz ------------------------------------------------- 301 Practice exam .................................................................. 308 Practice exam 1................................................................................. 309 Practice exam 2................................................................................. 340 Practice exam 3................................................................................. 370
Index ................................................................................ 400
v
About this Book 1 Structure of this Book This book is comprised of the following sections.
Overview of Examination Scope of Questions This section describes the basic approach for the examination questions and the scope of the examination questions.
Chapter 1 Corporate and legal affairs Chapter 1 explains the basic knowledge of corporate activities and business management that business workers should possess, as well as legal compliance and corporate ethics.
Chapter 2 Business strategy Chapter 2 explains typical systems in each field including typical information analysis techniques and marketing techniques, business management systems, and technological strategies.
Chapter 3 System strategy Chapter 3 details business processes, methods to improve business operations, the flow of information system construction, the composition of a requirements definition aimed at computerization, and other items based on information systems strategy.
Chapter 4 Development technology Chapter 4 explains system development processes and test techniques, as well as software development processes and development methods.
Chapter 5 Project management Chapter 5 explains the processes of project management and techniques of project scope management.
Chapter 6 Service management Chapter 6 explains the basic roles and components of IT service management including the management of information system operations, service support, the concept of system environment development, and the basic principles of system audits.
1
Chapter 7 Basic theory
Chapter 7 explains the fundamental concepts of radixes, sets, probabilities, and statistics, as well as the digitization of information and algorithms.
Chapter 8 Computer system
Chapter 8 examines computer components, system components, hardware, and software, and explains each type of component and their characteristics.
Chapter 9 Technology element
Chapter 9 examines the characteristics of human interfaces and multimedia technology, basic knowledge about database design and networks, as well as security measures and other aspects.
Practice exam
The practice exam includes practice questions for the IT Passport Examination.
Answers and Explanations Booklet
The booklet contains answers and explanations for the chapter quiz (Chapters 1 to 9) and practice exam questions.
2 Notations Used in this Book The notations used in this book serve the following purposes.
Reference
*
A short summary of useful information or terminology, or a citation of a subchapter for an explanation. Supplementary notes or content to pay attention to
The text in this book may contain laws, standards and accounting rules that only apply in Japan.
3 Answers and Explanations Booklet The booklet at the end of this book contains answers and explanations for the chapter quiz and practice exam questions.
Practice exam 1 answers Q1.
d
Section
1-2 Legal affairs
Answer Explanation If used within the scope covered by the license agreement, then it does not violate the Copyright Act.
Q2.
d
Section
2-1 Business strategy management
Answer Explanation SWOT analysis is an analysis technique used for planning corporate strategies. The “S” stands for strengths, and “W” for weaknesses.
Q3.
a
Section
1-1 Corporate activities
Answer Explanation CSR (Corporate Social Responsibility) refers to the responsibilities that a corporations should fulfill to society. Many corporations publish their CSR approach through their Web page or publish a CSR report in order to earn the confidence of stakeholders.
Q4.
a
Section
2-1 Business strategy management
Answer Explanation The star of PPM is a product that requires investment with growth, but offers a high market growth rate and market share. b): Describes a dog. c): Describes a question mark. d): Describes a cash cow.
Q5.
b
Section
1-2 Legal affairs
Answer Explanation a): Under a dispatch contract, the client company has the right to issue instructions to the dispatch employee, but matters concerning the dispatch contract such as paid leave and overtime must be cleared first with the dispatching company. c): Even if erroneous entry of data into a product management system leads to the production of defective goods, the right to issue instructions lies with the client company. Therefore, the client company cannot blame the responsibility for the manufactured goods on the dispatching company. d): Instructing an employee to work overtime as if the person were an employee of the client company is a matter that concerns the dispatch contract, so the client company must obtain the approval of the dispatching company.
19
1 Section ●
Section
Sections that are applicable to this book.
3
1
Overview of Examination
Overview of Exam 1 Typical Examinees Individuals who have basic knowledge of information technology that all business workers should commonly possess, and who perform information technology related tasks, or are trying to utilize information technology in his/her tasks in charge.
2 Tasks and Roles Individuals who have basic knowledge of information technology that all business workers should commonly possess, and who perform information technology related tasks, or are trying to utilize information technology in his/her tasks in charge.Chapter 5 explains the processes of project management and techniques of project scope management. ① Understand information devices and systems to use, and utilize them. ② Understand the tasks in charge, identifies problems of those tasks, and act to provide required
solutions. ③ Perform acquisition and utilization of information safely. ④ Support task analysis and systemization activities under the guidance of superiors.
3 Expected Technology Level The following basic knowledge shall be required as a working person in order to determine information devices and systems, and to perform tasks in charge as well as facilitate systemization. ① Knowledge of computer systems and networks to determine the information devices and sys-
tems to use, and knowledge of how to utilize office tools. ② Knowledge of corporate activity and related tasks in order to understand the tasks in charge. Also, in order to identify issues of the tasks in charge and provide required solutions, systematic thinking and logical thinking as well as knowledge of problem analysis and problem solving methodologies shall be required. ③ Ability to act in accordance with relevant laws and regulations as well as various information security provisions in order to utilize information safely. ④ Knowledge of development and operations of information systems in order to support analysis and systemization of tasks.
5
4 Supplementary Explanation of Expected Technology Level The following basic knowledge shall be required as a working person in order to determine information devices and systems, and to perform his/her tasks in charge as well as facilitate systemization. ① Understand and utilize the information equipment and systems to be used:
• Capability to understand the performance, characteristics, and functions of the information devices used in the workplace and utilize them appropriately. • Capability to understand the significance of the operations and functions of OS settings and application software such as office tools used in the workplace and be able to utilize them. • Capability to utilize office tools and other application software and groupware used in the workplace considering efficiency in carrying out tasks. ② Understand the tasks in charge and the relevant problems, and execute requi-
site solutions: • Capability to organize processes related to the tasks in charge using methods such as task workflows, and to identify issues. • Capability to analyze data relating to the tasks in charge using simple analytical methods and information technology and identify issues. • For problematic issues identified, capability to consider solutions independently, and consider solutions by accepting the opinions of superiors and co-workers. ③ Collect and utilize information safely:
• Capability to utilize various kinds of information relating to the tasks in charge in compliance with laws and regulations. • Capability to understand the purpose of internal compliance programs and be able to conform to them. • Capability to prevent the leakage, loss or damage of information while utilizing internal information devices and systems, particularly through internet use. ④ Support computerization of tasks and systemization under the direction of su-
periors: • Capability to participate in the discussion concerning the investigation and organization of data relating to the tasks in charge under the direction of superiors. • Capability to participate in the discussion concerning the systematization of tasks in charge under the direction of superiors.
6
5 Configuration of the Examination Exam Duration
165 minutes
Exam Type
Multiple-choice (1 out of 4 choices) (1) Short question type (1 exam question contains 1 question) (2) Medium question type (1 exam question contains 4 questions. The questions examine knowledge and understanding from several viewpoints with regard to a single situational setting).
Number of Questions
100 questions, answers required for all questions (1) Short question type: 88 questions (2) Medium question type: 12 questions (3 exam questions consisting of 4 subquestions each)
Number of Questions per Field
7
Questions are asked according to the following ratio with regard to the 3 fields comprising the scope of questions: (1) Strategy field: about 35% (2) Management field: about 25% (3) Technology field: about 40%
Point Allocation
1,000 total points
Grading Method
According to raw points (points are allocated for each question, and allocated points for correct answers are totaled)
Pass criteria
A pass is granted when both (1) and (2) below are satisfied: (1) Total points (totaled from each field): more than 60% of maximum points (2) Points in each field: more than 30% of the maximum points in each of the 3 fields.
Scope of Questions This section describes the basic approach for the examination questions and the scope of the examination questions.
Scope of Questions 1 Basic Approach for Examination Questions The following section summarizes the basic approach for questions that appear in the IT Passport Examination, in the respective fields of strategy, management, and technology. ① STRATEGY
Questions in the examination are designed to test knowledge in the following areas: fundamental terminology and concepts necessary to analyze computerization and corporate activities, as well as fundamental terminology and concepts described in information courses through post-secondary education and in general newspapers, books, and magazines. Also included are questions that test the fundamental knowledge of methods for solving problems by grasping and analyzing the work at hand, and the fundamental knowledge for utilizing office tools to analyze data and solve problems. ② MANAGEMENT
Questions in the examination are designed to test knowledge of fundamental terminology and concepts relating to systems development and project management processes. The exam does not include questions that test knowledge of specific and highly specialized terminology and concepts. Also included are questions that test the basic knowledge for considering the development of business environments such as using computers, networks, and office tools. ③ TECHNOLOGY
Questions in the examination are designed to test knowledge of fundamental terminology and concepts, and the logical thought process of the examinee. The examination does not include questions of a technical and highly specialized nature. Also included are questions that test the fundamental knowledge for safely using the systems on hand.
2 Scope of Questions Common Career/Skill Framework Strategy
Field Major Category Middle Category
9
1
Corporate and legal affairs
Scope of questions to be asked (Concept of exam questions)
1
Corporate activities
• Ask about the fundamental concepts about corporate activities and business management. • Ask about the techniques for analyzing familiar business tasks and resolving issues, the concept of PDCA, and operational planning using techniques such as Pareto charts. • Ask about the visual expressions used for understanding business tasks, such as workflow. • Ask about the fundamental concepts of accounting and financial affairs, such as financial statements and break-even points.
2
Legal affairs
• Ask about the familiar laws of workplaces, such as intellectual property rights (copyright, industrial property rights, etc.), Act on the Protection of Personal Information, Labor Standards Act, and Act for Securing the Proper Operation of Worker Dispatching Undertakings and Improved Working Conditions for Dispatched Workers. • Ask about the concepts and characteristics of software license, such as license types and license management. • Ask about the concepts of corporate rules and regulations, such as compliance and corporate governance. • Ask about the significance of standardization.
Common Career/Skill Framework Strategy
Field Major Category Middle Category 2
Technology
Management
3
4
Business strategy
System strategy
Development technology
Scope of questions to be asked (Concept of exam questions)
3
Business strategy management
• Ask about the fundamental concepts about typical management information analysis techniques and business management systems, such as SWOT analysis, PPM (Product Portfolio Management), customer satisfaction, CRM, and SCM. • Ask about the fundamental concepts relevant to marketing. • Ask about the typical information analysis techniques for planning business strategies. • Ask about the understanding of the use of office tools (software packages) such as spreadsheet software, database software, etc.
4
Technological strategy management
• Ask about the understanding of the significance and purpose of technology development strategy.
5
Business industry
• Ask about the characteristics of typical systems in various business fields such as e-commerce, POS systems, IC cards, and RFID application systems. • Ask about the characteristics of typical systems in the engineering filed and e-business. • Ask about the characteristics and trends of intelligent home appliances and embedded systems.
6
System strategy
• Ask about the significance and purpose of information system strategies and the concepts of strategic goals, business improvement, and problem solving. • Ask about the concepts of typical modeling in business models. • Ask about the effective use of groupware for communication and of office tools. • Ask about the purpose and concepts of increasing operational efficiency by using computers and networks. • Ask about the concepts of solutions through typical services. • Ask about the significance and purpose of the promotion and evaluation activities of system utilization.
7
System planning
• Ask about the purpose of computerization planning. • Ask about the purpose of the operational requirements definition based on the analysis of current state. • Ask about the fundamental flow of procurement, such as estimates, RFPs, and proposals.
8
System development technology
• Ask about the fundamental flow of the process of software development such as requirements definition, system design, programming , testing, and software maintenance. • Ask about the concepts of the estimate in software development.
9
Software development management techniques
• Ask about the significance and purpose of typical development methods.
5
Project management
10 Project management
• Ask about the significance, purpose, concepts, processes, and methods of project management.
6
Service management
11 Service management
• Ask about the significance, purpose, and concepts of IT service management. • Ask about the understanding of related matters such as help desks. • Ask about the concepts about system environment maintenance, such as computers and networks.
12 System audit
• Ask about the significance, purpose, concepts, and target of system audit. • Ask about the flow of system audit, such as planning, investigating, and reporting. • Ask about the significance, purpose, and concepts of internal control and IT governance.
13 Basic theory
• Ask about the fundamental concepts about radix including the characteristics and operations of binary numbers. • Ask about the fundamental concepts about sets, such as Venn diagrams, probability, and statistics. • Ask about the fundamental concepts of how to express information content, such as bits and bytes, and of digitization.
14 Algorithm and programming
• Ask about the fundamental concepts of algorithms and data structures, and how to draw flow charts. • Ask about the roles of programming. • Ask about the types and fundamental usage of markup languages, such as HTML and XML.
7
Basic theory
10
Common Career/Skill Framework Technology
Field Major Category Middle Category 8
9
11
Computer system
Technical element
Scope of questions to be asked (Concept of exam questions)
15 Computer component
• Ask about the fundamental configuration and roles of computers. • Ask about the performance and fundamental mechanism of processors, and the types and characteristics of memory. • Ask about the types and characteristics of storage media. • Ask about the types and characteristics of input/output interfaces, device drivers, etc.
16 System component
• Ask about the characteristics of system configurations, of the types of processing, and of the types of usage. • Ask about the characteristics of client/server systems. • Ask about the characteristics of Web systems. • Ask about the concepts of system performance, reliability, and economic efficiency.
17 Software
• Ask about the necessity, functions, types, and characteristics of OSs. • Ask about the concepts and use of basic functions of file management, such as access methods and search methods, and the fundamental concepts of backups. • Ask about the characteristics and fundamental operations of software packages, such as office tools. • Ask about the characteristics of OSS (Open Source Software).
18 Hardware
• Ask about the types and characteristics of computers. • Ask about the types and characteristics of input/output devices.
19 Human interface
• Ask about the concept and characteristics of interface design, such as GUI and menus. • Ask about the concepts of Web design. • Ask about the concepts of universal design.
20 Multimedia
• Ask about the types and characteristics of encodings such as JPEG, MPEG, and MP3. • Ask about the purpose and characteristics of application of multimedia technology, such as VR (Virtual Reality ) and CG (Computer Graphics). • Ask about the characteristics of media, and compression and decompression of information data.
21 Database
• Ask about the significance, purpose, and concepts of database management systems (DBMS). • Ask about the concepts of data analysis and design, and the characteristics of database models. • Ask about the manipulation methods such as data extraction. • Ask about database processing methods such as exclusive control and recovery processing.
22 Network
• Ask about the types and configurations of LAN and WAN regarding networks, and the roles of Internet and LAN connection devices. • Ask about the necessity of communication protocols, and the roles of typical protocols. • Ask about the characteristics and fundamental mechanism of the Internet. • Ask about the characteristics of e-mail and Internet services. • Ask about the understanding of the types and characteristics, accounting, and transmission rates of communication services, such as mobile communication and IP phones.
23 Security
• Ask about the fundamentals of information security from the viewpoint of safe and secure activities in a network society. • Ask about the information assets, the purpose of risk management, and the concepts of information security policy. • Ask about the concepts, types, and characteristics of technological security measures, such as measures against computer viruses. • Ask about the concepts, types, and characteristics of physical and human security measures, such as entrance/exit control and access control. • Ask about the types and characteristics of authentication technologies such as ID, password, callback, digital signature, and biometric authentication. • Ask about the mechanisms and characteristics of encryption technology such as public keys and private keys.
STRATEGY
Chapter 1 Corporate and legal affairs ....... 14 Chapter 2 Business strategy ..................... 64 Chapter 3 System strategy........................ 90
Chapter
1
Corporate and legal affairs Chapter 1 explains the basic knowledge of corporate activities and business management that business workers should possess, as well as legal compliance and corporate ethics.
1-1 Corporate activities ............................ 15 1-2 Legal affairs ........................................ 43 1-3 Chapter quiz ....................................... 60
1-1
Corporate activities 1-1-1 Management and organization It is important to have an overall understanding of a corporation in terms of business activities, objectives, and relevant laws in order to recognize and resolve issues in responsible business areas, and facilitate the execution of operations. 1
Corporate activities
In conducting corporate activities, it is important to clearly understand the importance of existence of the corporation and its values. If these are not clearly defined, the course of corporate activities becomes uncertain. No matter how hard each employee in their responsible business area works, such efforts will lack efficiency if they are not properly guided. Understanding the goals and responsibilities that a corporation should designate will lead to well-balanced corporate activities.
Reference
CSR Abbreviation for “Corporate Social Responsibility.” Reference
SRI Abbreviation for “Socially Responsible Investment.” Reference
Disclosure of financial results A corporation should endeavor to disclose financial results and other useful information in a timely and appropriate manner to stakeholders, including shareholders and investors. Improving management transparency by such disclosures makes it possible to build trust and enhance corporate value.
15
(1)Corporate philosophy and corporate objective The purpose of corporate activities is to earn profits and contribute to society. Accordingly, corporations adopt a “corporate philosophy” and “corporate objective” in which to conduct its activities. Corporate philosophy and corporate objective are universal ideals that essentially do not change. However, the environment surrounding a corporation is undergoing significant changes in terms of social climate, technology, and other factors. In order to fulfill its corporate philosophy and objective, a corporation must – from a long-term perspective – develop the capability to adapt to such changes. (2)Corporate social responsibility “CSR (Corporate Social Responsibility)” refers to the responsibilities that a corporation should fulfill to society. Many corporations promote their CSR approach through their websites, or publish a CSR report in order to earn public interest and stakeholder trust. Corporations must endeavor to create business from the perspective of all stakeholders, and not solely for the pursuit of profit. As evidenced by the existence of the term “corporate citizen,” corporations are expected to act as productive members of society. Doing so leads to earning public confidence and creating new corporate values.
The most basic responsibilities of a corporation are conducting corporate activities in a law-abiding manner, achieving regulatory compliance, and providing products and services that combine functionality with safety. Moreover, CSR is increasingly expected to encompass such aspects as environmental initiatives, social welfare activities, and local community cooperation as corporations explore their approach to social contribution.
Management resources
●People From a corporate perspective, the term “people” refers to employees (human resources). People are the most important resource for all corporate activities. Enhancing human resources by imparting each employee with the corporate philosophy and objective, and training them in a manner that is consistent with these values can lead to increased profits. ●Materials From a corporate perspective, the term “materials” refers to products and merchandise. In the manufacturing industry, it also refers to production facilities. Although seemingly unrelated, the services industry is also dependent on a variety of materials such as computers, printers, and copy machines to facilitate corporate activities. Some materials are essential and others are non-essential. It is important to clearly identify those materials that are essential and non-essential to the corporate activities of a corporation.
Corporate and legal affairs
The three major elements that are essential to the management of a corporation and serve as corporate resources are “people, materials, and money.” More recently, “information” has been cited as a fourth element.
Chapter 1
2
●Money From a corporate perspective, the term “money” refers to funds. Money is required to purchase and make materials, and secure people. Money is an essential resource to fund the execution of corporate activities. ●Information From a corporate perspective, the term “information” refers to documents and data that enable a corporation to make correct decisions and remain competitive. The effective use of information can lead to improved productivity, added value, innovative ideas for activities planning, and other positive results.
16
Reference
Business objective A “business objective” is a medium- or long-term goal that is set in order to fulfill the corporate philosophy or corporate objective. Reference
Management resources for business management Management resources within the context of business management refer to people (human resources), materials (assets), money (finances) and information (information management).
3
Business management
“Business management” involves coordinating and integrating management resources (people, materials, money, and information) in order to fulfill the objectives of the corporation. It is important to maximize the use of resources that are available to the corporation and produce results. To achieve this, corporations set business objectives and manage them using a “PDCA (Plan, Do, Check, Act)” cycle. “PDCA” is a fundamental approach for business management that involves the execution of a four-step cycle of “Plan, Do, Check, Act” to continuously improve product quality and work. Repeated execution of PDCA refines and enhances business management. Plan Determine what to improve and how.
Act
Do
Implement measures to improve results from “Check.”
Execute activities according to “Plan.”
Check Evaluate results from “Do.”
4 Reference
Formal organization A “formal organization” is a collective entity that is clearly defined by an organizational purpose or company rules. Formal organizations include companies and institutions.
Reference
Informal organization An “informal organization” is a collective entity that is not clearly defined by organizational rules or regulations, although it has an overall purpose.
17
Organizational structure of a corporation
A “corporation” is an organizational entity that engages in economic activities such as production, sales, and provision of services typically for the purpose of making profit. In the narrow sense, it refers to a private corporation such as a “stock company” or “limited liability company.” In the wider sense, it also includes public corporations in which the government has a stake. An “organization” is a collective entity that has been assembled and integrated into a system to achieve a common purpose. (1)Structure of a corporation A corporation is an organization that is structured according to task in order to conduct operations efficiently. There are various forms of organizations including functional organizations, divisional system organizations, matrix organizations, and project organizations.
Sales department
Production department
Human resources department
Line (direct) department
Accounting department
Staff (indirect) department
The staff department includes the following departments: ●Human resources, accounting, general affairs, and information systems. The line department includes the following departments: ●Sales, production, and materials.
Corporate and legal affairs
Management
Reference
Staff department and line department
Chapter 1
●Functional organization A “functional organization” is structured by job function such as manufacturing, sales, marketing, accounting, and human resources. This type of organization’s key characteristic is that it enables the pursuit of specialization and efficiency in each job function, which in turn allows each organization to produce high quality results. At the same time, there is a tendency for boundaries to develop between each functional organization, and issues can arise from departments acting in their best interest. A functional organization is comprised of a “line (direct) department” and a “staff (indirect) department.” A line department is directly involved in the areas of earning profit such as sales, production, and materials. A staff department supports the line department in areas such as human resources, accounting, and general affairs.
●Hierarchical organization A “hierarchical organization” is an organization form with a hierarchical structure so that there is typically one chain of command. For example, in a hierarchical organization, there are a number of departments below the president. Below these departments are sections that are responsible for different business segments. This organization’s key characteristic is that it facilitates the spread of corporate policies throughout the organization. Board of directors
Management department
Human resources
General affairs
Sales department
Corporate sales
Consumer sales
Manufacturing department
Plant X
Plant Y
●Divisional system organization A “divisional system organization” is separated along the lines of product, region, or market with each business division having its own staff department, either partially or in entirety. This organization’s key characteristic is that since each business division is capable of performing a broad base of functions, it is possible to issue unified directions so as to rapidly accommodate shifting market needs.
18
In principle, each business division conducts its own accounting, and is responsible for operating business and generating profits independently. Management
X business division
Y business division
Z business division
Production Sales Accounting
Production Sales Accounting
Production Sales Accounting
●Matrix organization A “matrix organization” is an organization form often employed by major enterprises and global corporations, and is structured along multiple chains of command such as function and region or function and product. Since this organization takes the form of multiple managers overseeing the persons that do the work, there is potential for confusion in the chain of command. At the same time, departmental boundaries are eliminated due to the sharing of work. Development department
Planning department
Research department
Marketing department
Project X
Project Y
Project Z
●Company system organization A “company system organization” refers to a structure that separates business divisions, and administrates the departments as independent companies. This increases the autonomy of the organization and enhances its ability to adapt to its environment. The organizational structure is similar to the divisional system organization, but under the company system organization, there is greater freedom and discretion to make human resources decisions. Board of directors
Company X
Sales
19
Plant
Company Y
Sales
Plant
Company Z
Sales
Plant
●Project organization A “project organization” is temporarily structured along the lines of personnel who have various specialized capabilities, and is separate from a standing organization. It is only intended as a temporary organization and is disbanded once the purpose is achieved.
Project X
Planning department
(2)Departmental structure The corporate organization is comprised of “departments” that are separated by the content of work they are responsible for. To facilitate computerization, it is necessary to have a precise grasp of where a department is positioned within the corporation. The departmental structure and content of work are summarized below. Department
Content of work
Human resources (Labor)
Hire and train personnel, and assign them to departments. Engage in various types of work that is employee-related.
Accounting (Finances)
Manage the funds that support the business infrastructure of the corporation. In addition to procuring and administrating funds, in some corporations the accounting department also manages corporate assets and evaluates the business results.
General affairs
Coordinate between the departments and perform administrative management.
Information systems
Develop and manage information systems within the corporation. Staffed with specialists such as system engineers, programmers, and systems operation engineers.
Marketing
Perform market research.
Research and development
Provide technical development and research for new products.
Sales (Marketing)
Sell the products or services supplied by the corporation directly to the customer. Typically includes payment collection.
Production (Manufacturing)
Manufacture products. In some corporations, production also incorporates the function of the materials department.
Materials (Purchasing)
Procures materials required for product manufacturing and business operations.
Corporate and legal affairs
Research department
Marketing department
Chapter 1
Development department
20
1-1-2 OR (Operations Research) and IE (Industrial Engineering)
Reference
OR “OR” is a set of scientific techniques for determining and implementing business plans in a corporation, which has emerged as a field of applied mathematics and computing. Drawing widely from techniques and tools of science, it is a method for analyzing the problems involved in a given task and discovering the optimal solution. Abbreviation for “Operations Research.” Reference
IE “IE” is a method for streamlining the processes involved in “manufacturing”, “construction”, etc. More specifically, it uses a variety of methods to study the time involved in a task, to plan and manage daily schedules, to manage costs, etc. It is widely used on the production field as a technique for improving operations. Abbreviation for “Industrial Engineering.”
“OR (Operations Research)” is a method for analyzing and solving problems that arise in business administration. “IE (Industrial Engineering),” Meanwhile, is a method for improving problems that arise in the production field or services. Because of the great impact that people, materials, money, and information have on the conduct of business activities, it is important to analyze, solve, and improve problems that arise at both the managerial level and the field level. 1
Understanding operations
Various kinds of charts and diagrams are used in OR and IE to analyze, solve, and improve work issues. The followings are used to understand operations. Illustrating the flow of work
Workflow
Explicating the structure of problems
Association diagram, tree diagram, affinity map
Expressing relationships
Matrix diagram, matrix data analysis
Expressing trends over time
Z graph
Expressing distributions
Distribution diagram, portfolio
Used in planning and management
Gantt chart
●Workflow A “workflow” shows tasks as linked chains of actions. Using a workflow makes it possible to recognize which department is carrying out what task, and what relationships there are between which departments. Customer Orders product
Sales Receives order Books order
Marketing
21
Accounting
Checks inventory Requests product shipment
Receives product Issues payment
Warehouse
Checks product Ships product Settles payment for product
Simple task
Lack of concentration
: Effect
Work efficiency deteriorates Increase of malfunctions
Increase in mistakes
New person added
Procedure deteriorates
Obsolete infrastructure
Corporate and legal affairs
Increase in chatter
: Cause
Chapter 1
●Association diagram An “association diagram” indicates by arrows relationships between “causes and effects” or “goals and methods” to explicate the structure of a problem. This is useful when a problem that needs solving is well-established, but the causes behind it are convoluted. This method may go through several rounds of revisions by multiple team members who will approach the problem from different angles, effectively getting at the root of the problem, and helping to find a solution.
●Tree diagram A “tree diagram” is a method for hierarchically expressing a chain of “goals and means” in order to discover ways to solve a problem. The process of creating a tree diagram and the completed results can provide specific policies and actions for resolving the problem. Means for “staffing measures”
Staff education Staffing measures Improved allocation
Improve work efficiency
Introduce new model Goal
Equipment measures Re-examine operations
Means for “improving work efficiency”
Means for “equipment measures”
22
●Affinity diagram An “affinity diagram” is a way of summarizing mutual affinities between data, organizing data into named groups, and analyzing data. It can elucidate vague problems and clarify trouble-spots.
Declining sales Product
Negotiations with customers Not making proposals that respond to customer needs
Few products in line with needs
Not knowing key decision-makers High prices compared to competitors
Not following up periodically
●Matrix diagram A “matrix diagram” organizes elements to be analyzed into rows and columns, marks their relationships at their intersections to define the existence and form of a problem, and sparks ideas that lead to solutions. Viewing these intersections as starting points for ideas is an effective way to solve problems.
23
Company name
Skill
Service
Delivery date
Cost
Company A
Excellent
OK
Good
Bad
Company B
OK
Good
Good
OK
Company C
Bad
OK
Bad
Excellent
Company D
Excellent
OK
Bad
Good
Company E
Good
Excellent
OK
Good
●Matrix data analysis “Matrix data analysis” is a method for organizing data properties when it is possible to express the interrelationships among multiple data matrices as numerical data. It makes it possible to grasp the characteristics of each element when a large volume of data makes the overall picture difficult to understand.
Trainee A
Administrative skill
Technical Administrative skill skill 5 9 7
8
9
2
D
4
7
E
1
9
Average
5.2
7.0
E
If focusing on technical skills, choose B, C
A B D
5 C
10 5 5.2 (average)
Technical skill
●Z graph A “Z graph” expresses trends over time, and is named after the “Z” shape that the lines assume. For example, this graph shows revenues, cumulative revenues, and moving totals (cumulative over past year). If the moving-total trend line is rising, then sales results are solid; if the line is dropping, then results are poor.
Corporate and legal affairs
B C
10
Chapter 1
Skill table
Sales results table This year Nov Dec Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Sales
90
70
70
50
90 110
80 100
70
60
80
90 100
80
790 840
Moving total
820 840 860 880 890 910 930 940 940 940 950 960 970 980
Amount
Total
70 120 210 320 400 500 570 630 710 800 900 980
1200
1000
800
600
Profit Total
400
Moving total 200
0 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
Period
24
●Distribution diagram A “distribution diagram” represents the number of elements that fall into each quadrant to show their distribution. For example, this graph charts the profitability of products against their sales continuity. Profitability Product C
Product D
Product E
Continuity Product A Product B
Management science method “Management science method” is the use of arithmetic methods to solve problems as they apply to business. Time-series analysis can be used to predict future sales by analyzing past product sales trends, while portfolio analysis and investment-calculation models can be used to make decisions.
●Portfolio A “portfolio” is a graph that represents distributions. For example, in the graph shown here, each area visually represents sales volume and market share.
Sales volume
Reference
Area B
Area C
Area A
Area D
Market share
●Gantt chart A “Gantt chart” indicates by horizontal bars to represent work schedules and results. The horizontal axis is marked to indicate hours, days, months, etc., and individual tasks or projects are stacked vertically. 1 Plan Design Operation
25
2
3
4
5
6
7
8
(week )
2
Job analysis and operational planning
Tables and charts are used to analyze data, and making graphs can help to improve business processes. The methods used for job analysis and operational planning are summarized below.
Expressing the order of tasks and number of days
Arrow diagram
Expressing distributions
Scatter diagram, histogram
Comparing and balancing multiple elements
Radar chart
Expressing the status of a process
Control chart
Expressing big/small relationships
Bar chart
Expressing proportions of a whole
Pie chart
Expressing trends over time
Line chart
Expressing predictions
Regression analysis
●Pareto chart A “Pareto chart” shows total values for multiple elements arranged in decreasing order as a bar chart, overlaid with a line chart showing cumulative values for all elements. For example, in the chart shown here, household appliances are arranged by sales volumes, running from personal computers down to washing machines. Unit sales
Corporate and legal affairs
Pareto chart, ABC analysis
Chapter 1
Expressing the impact of a job
Cumulative unit sales
60
140
50
120
40
100 Cumulative values of bars
30 20
80 60 40
Washing machine
Refrigerator
Television
0
Telephone
0 Air conditioner
20 Personal computer
10
26
●ABC analysis An “ABC analysis” is a method for clarifying the importance or priority of multiple elements (products, etc). This is useful in numerous aspects of business administration, including sales strategy and management, inventory control, etc. It uses the Pareto chart, with elements arranged in decreasing order of priority, and divided into three categories: A, B, C. In general, the top 70% group is group A, the 70–90% group is group B, and the remainder is group C. For example, in the example chart, personal computers and air conditioners combined make up 70% of sales, so those two products compose Group A, suggesting that product management should give greater weight to them. Unit sales Total units sold=130
100%
120
90% 80%
100
70% A (Important) 70%
80
60% 50%
60
40% 40
30% 20%
20
10% 0
0%
Personal Air Telephone Refrigerator Washing Television computer conditioner machine
Group A
Group B
Group C
Personal computer Telephone Refrigerator Air conditioner Television Washing machine
Reference
Critical path A “critical path” in schedule planning, is the path down the middle of the schedule that takes the greatest number of days. Because any critical-path activity falling behind will cause the entire schedule to fall behind as well, those activities demand special management attention.
●Arrow diagram An “arrow diagram” is a method for preparing better activity plans. It organizes the sequential relationships between tasks and the days required indicated by arrows. It is also used as a PERT chart. For example, the diagram here shows that task E can begin once both tasks C and D are complete.
3 Task B
Reference
PERT Abbreviation for “Program Evaluation and Review Technique.”
27
Task D
3 days 4 days
1
Task A 5 days
2
Task C 5 days
4
Task E 2 days
5
No correlation Sales of magazines
Sales of hot beverages
Temperature
Negative correlation
Temperature
Temperature
●Radar chart A “radar chart” is used to compare and balance multiple elements. For example, this chart shows the balance between scores a student received on tests in various subjects.
“Correlation” refers to a relationship between two properties such that as the value for one increases, the other decreases. When the relationship between these two is nearly linear, the two properties are said to be correlated.
Corporate and legal affairs
Sales of cold beverages
Positive correlation
Reference
Correlation
Chapter 1
●Scatter diagram A “scatter diagram” plots two property values on the X- and Y-axes to show the correlation between two kinds of data. For example, the positive correlation graph plots volume of cold beverage sales against temperature, showing that as temperature increases, sales of cold beverages increases. The negative correlation graph plots hot beverage sales against temperature, showing that as temperature increases, sales of hot beverages decrease. The no correlation graph plots magazine sales against temperature, showing that the two are not related.
English
Composition
100 80 60 40 20
Biology
Mathematics
Japanese
Japanese history
28
Reference
Control chart scheme Plotting the measured data will reveal process irregularities when points fall outside the bounds or are clustered on one side of the centerline.
●Control chart A “control chart” expresses the status of work processes using a line chart. For example, the chart here shows irregular points based on the following criteria: • Any points outside the control bounds, either high or low • If there are six or more points in a row above or below the centerline, the sixth point and beyond. Based on these criteria, there are three points judged to be irregular in the example chart. Irregularity out of bound Upper control bound
Upper limit
Centerline
Median data value
Lower control bound
Lower limit Irregularity biased to one side of median
●Histogram A “histogram” is a method for representing the number of elements in each group as a bar graph, dividing totaled data into some number of groups. A histogram can reveal an overall picture of the data, the central position, range of variation, etc. For example, this chart shows the results of a survey of cellular phone owners in a certain city broken down by age group, revealing that cellular phones are most common among people aged 21-30, followed by people aged 10-20, then 31-40, and that they were least common among people aged 51 and over. Number of people
Number of cellular phone owners (City X)
50 40 30 20 10 ∼
∼
∼
29
∼
10 or less
10
21
31
41
20
30
40
50
51 Age bracket or more
●Bar graph A “bar graph” is a graph to compare multiple elements each other. For example, sales results for each sales executive, or proceeds of sales for several months can be compared.
First quarter sales
Units: Yen 800,000
600,000 500,000
Sales Department 1
400,000
Sales Department 3
200,000 100,000 0 April
May
June
●Pie chart A “pie chart” represents the proportion or share of each element that makes up a whole. For example, pie charts might be used to show the relative shares of sales of various products, or the age-group breakdowns to a survey.
Corporate and legal affairs
Sales Department 2
300,000
Chapter 1
700,000
Distribution of cellular phone owners (City X) 1% 5% 11%
25%
Teens Twenties Thirties Forties
16%
Fifties 24% 18%
Sixties Other
30
●Line chart A “line chart” typically shows a numerical value along one axis an elapsed time along the other, with a line connecting points plotted at each time marker, giving this graph its name. It is used to represent trends over time, as with changes during the course of a year.
Minimum temperature by region (2009)
℃ 25 20 15
Region A Region B
10
Region C 5 0 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
Reference
●Regression analysis “Regression analysis” expresses a correlation between two kinds of data that are plotted on a scatter diagram, using a straight line to show the relationship. If the two kinds of data are “x” and “y,” then the linear regression can be expressed as “y=ax+b.” In this case, “a” is the “slope” of the linear regression, and “b” is the “y-intercept.” For example, in this graph, if the annual average temperatures can be predicted, beverage sales can also be predicted, which would help determine quantities of products to order. A linear regression is a straight line with the shortest distance to each point, which is calculated using the “least-squares method.”
Least-squares method
y
y=ax+b
Cold-beverage sales profit
The “least-squares method” draws a straight line that has the smallest total value for the squares of the distances between plotted points and the regressed line.
Linear regression
x Temperature
31
3
Decision-making
In order for a company to turn a profit, it needs to operate efficiently and contain costs. The following methods can be used to efficiently make decisions that solve problems.
Inefficient
Corporate and legal affairs
Work methods (Cause)
Chapter 1
(1)Cause and effect diagram A “cause and effect diagram” maps the effects (results) that are creating work problems along with the apparent causes (factors) that relate to them in a diagram that resembles a fish’s skeleton. It is also referred to as a “fishbone diagram.” It is useful for laying out and summarizing multiple causes. For example, in the diagram here, the causes that have led to a degradation in quality have been laid out as a system of four factors (work methods, materials, machinery, and staff), and this makes the relationship among factors evident. Materials (Cause) Rejects Quality degradation (Effect) Deterioration Equipment (Cause)
Negligence Breakdowns
Short-staffing
Staff (Cause)
(2)Simulation A “simulation” is an experiment that mimics actual circumstances based on a realistic prediction of conditions. The methods for conducting simulations are summarized below. ●Linear programming “LP (Linear Programming)” is a model used for a particular kind of problem-solving, finding the most effective way to allocate resources under a certain set of constraints. ●Queueing theory “Queueing theory” is a model for analyzing customer waiting-time and line length in service situations such as bank-teller windows, based on customer arrival time, the number of windows, and average service duration. Waiting period and the number of people in line can be expressed as an expectation value. (3)Inventory control Inventory control is the foundation of business management for a company. If inventory is excessive or inadequate, supply and demand go out of balance, and too much inventory puts pressure on all the company’s resources, increasing costs. This makes it especially important to maintain appropriate inventory levels as part of inventory control. The methods for inventory control are summarized below.
Reference
LP Abbreviation for “Linear Programming.”
Reference
Expectation value An “expectation value” is the average value that is obtained after multiple trials. For example, rolling dice some number of times can be expected to produce an average value.
32
●Kanban system The “Kanban system,” also referred to as the “JIT (Just-In-Time) system” is a manufacturing system popularized by Toyota as a method to procure the item that is needed in the quantity needed at the time it is needed. It keeps intermediate warehousing to a minimum by matching the current production step to the production status of later steps (which use the part), and procuring the parts needed from previous steps (parts makers and suppliers). “Kanban” refers to the statement of work that details the delivery times and quantities of components, which is carried from the end of later steps to the beginning of former steps in order to manage production. Reference
MRP Abbreviation for “Material Requirements Planning.” Reference
Net required quantity
●Economic ordering quantity “Economic ordering quantity” is a method for calculating the optimal quantity to order when stocking inventory. Minimizing the “ordering cost” and “inventory carrying cost” associated with stocking inventory is an important part of running a business to maintain profitability. Appropriate ordering quantities help maintain an inventory that incurs the lowest cost possible. Ordering cost
Expenses associated with a single order. Individual orders for large quantities lower ordering cost, and therefore, overall cost.
Inventory carrying cost
The expenses required to maintain an inventory including inventory management. This cost rises with large inventory volumes or long periods in inventory.
Total inventory cost
Total of inventory carrying cost and ordering cost.
Cost
“Net required quantity” is the quantity of new parts needed in an order.
●MRP (Materials Requirement Planning) “MRP (Materials Requirement Planning)” is a method in manufacturing planning for calculating the net required quantity of a part that needs to be procured. In MRP, the total quantity of parts that will be required under the manufacturing plan is calculated, and the net required volume is obtained by subtracting the amount that can be placed in inventory.
Total inventory cost
Inventory carrying cost
Ordering cost
Economic ordering quantity
33
Volume ordered
Reference
Example
Order Number of orders Ordering cost Inventory size carrying cost
Total inventory cost
2
20,000÷(2×500) =20
20×6,000 =120,000
2×15,000 =30,000
120,000+30,000 =150,000
3
20,000÷(3×500) =14
14×6,000 =84,000
3×15,000 =45,000
84,000+45,000 =129,000
4
20,000÷(4×500) =10
10×6,000 =60,000
4×15,000 =60,000
60,000+60,000 =120,000
20,000÷(5×500)
8×6,000 =48,000
5×15,000 =75,000
48,000+75,000 =123,000
5
=8
Corporate and legal affairs
The procedure for calculating the order volume (number of lots) that will minimize total inventory costs is summarized below. ① Figure the number of orders Quantity used ÷ (quantity ordered × pieces per lot) — round up fractions ② Figure the total ordering cost Number of orders placed × ordering cost ③ Figure the inventory carrying cost Order size × carrying cost per lot ④ Figure total inventory cost Total ordering cost + inventory carrying cost
A “lot” is a unit of quantity used in production and shipping. It refers to a grouping of the same product.
Chapter 1
Obtain the ordering quantity that minimizes total inventory costs under the following conditions [Conditions] (1) Orders are by lots, where one lot consists of 500 pieces. (2) Inventory carrying costs are proportionate to volume per order, where one lot costs ¥15,000. (3) Ordering costs are 6,000 yen per order. (4) The volume that will be used during the period is 20,000 pieces.
Lot
Therefore, the order size that results in the lowest overall costs is 4 lots. ●Inventory valuing method An “inventory valuing method” is a method for valuing inventory—resources on hand—as assets by replacing them with their cash equivalent. The typical valuation methods are summarized below. Category
Description
First-in first-out method
Considers oldest products to be sold and calculates inventory value of products in stock at end of period (new products in inventory).
Last-in first-out method
Considers newest products to be sold and calculates inventory value of products in stock at end of period (old products in inventory).
Av e r a g e c o s t method
Calculates inventory value at end of period based on average cost of goods on hand.
Specific identification method
Calculates inventory value at end of period based on actual costs for each particular item.
34
Example Figure out the inventory valuation the end-of-period using first-in first-out or last-in first-out methods. Assumes items stocked first have been shipped
First-in first-out method Purchase Units Unit Shipped Invenprice tory Reference
Statutory useful life “Statutory useful life” refers to the years of service established by the Finance Ministry of Japan based on its “Years of Service for Fixed Assets Including Machinery, Buildings, and Equipment.” In the tax code and other regulations, years of service are also established for different categories of assets. Reference
Acquisition cost “Acquisition cost” is the price required to purchase the equipment. This is the total amount, which may include handling fees, etc. Reference
Residual value “Residual value” is the expected value of an asset after the statutory useful life have passed. It is typically 10% of the acquisition cost. Reference
Undepreciated balance “Undepreciated balance” is the acquisition cost less the depreciation expense. Reference
Depreciation rate “Depreciation rate” is a fixed rate corresponding to the statutory useful life, given in the tax code. Reference
Guaranteed rate “Guaranteed rate” is a fixed rate corresponding to the statutory useful life; used to calculate the guaranteed depreciation amount.
35
Assumes items stocked last have been shipped
Last-in first-out method
Inventory Shipped Invenvaluation tory
Inventory valuation
Beginning 3 units 10 3 units 0 units inventory yen
3 units 3 units × 10 yen = 30 yen
April
1 unit
11 yen
1 unit
0 units
1 unit
1 unit ×11 yen = 11 yen
June
2 units
12 yen
1 unit
1 unit
2 units
2 units ×12 yen = 24 yen
July
3 units
13 yen
3 units 3 units × 13 1 unit yen = 39 yen
September 4 units
14 yen
4 units 4 units × 14 4 units 0 units yen = 56 yen
Ending inventory
1 unit × 12 yen = 12 yen
2 units 2 units × 13 yen = 26 yen
8 units 107 yen
91 yen
Therefore, inventory valuation is 107 yen using the first-in first-out method, and 91 yen using the last-in first-out method. (4)Depreciation Machinery, buildings, and other fixed assets reduce asset value over time. This is called “depletion.” The tax code stipulates that this depletion be calculated in a certain way, and spread out over accounting periods. This is called “depreciation.” Two methods for figuring depreciation are the “straight-line method” and the “declining-balance method.” Revisions to the Japanese tax code in 2008 changed depreciation methods so that for equipment acquired after April 1, 2008, a new depreciation method could be applied that allows for depreciation down to a residual value of 1 yen. Methods of depreciation
Description
Formula for calculating depreciation
Straightline method
The purchase price is depreciated by a fixed amount every accounting period.
■ Equipment
acquired March 31, 2008 or before: (acquisition cost – residual value) ÷ Useful life ■ Equipment acquired April 1, 2008 or after: acquisition cost × depreciation rate corresponding to useful life (revised)
Decliningbalance method
In this method of depreciation, the original acquisition cost minus the full depreciation expenses up to that point are taken as the Undepreciated balance, and the asset is depreciated by a fixed percentage rate every period.
■ Equipment
acquired March 31, 2008 and before: Undepreciated balance × depreciation rate corresponding to useful life ■ Equipment acquired April 1, 2008 and after: Undepreciated balance × depreciation rate corresponding to useful life (revised) * In Japan, the limit on the amount depreciated = acquisition cost × useful life corresponding to a guaranteed rate. * However, if the calculation of the depreciation expense is smaller than the limit on the amount depreciated, then the depreciation expense for that period is recomputed as follows. Undepreciated balance × useful life corresponding to revised depreciation rate – 1 yen
4
Problem-solving methods
The basic methods for solving problems are summarized below. ●Brainstorming “Brainstorming” is a method for a group of people to generate new ideas by exchanging opinions according to certain rules, and produce a solution. The rules for brainstorming are as follows. No criticizing
Description Do not criticize or find fault with the opinions of other people. Criticizing and fault-finding inhibit the free flow of ideas, which is to be avoided. Try to produce as many different opinions as possible in a short period of time. The greater the quantity, the more likely a good solution will be found.
No constraints
Speak freely without being bound by existing ideas or fixed ideas. A tangent off of a major or minor theme may be hiding a breakthrough idea.
Combine and piggyback
Join together two ideas or improve upon someone else’s idea. These can be expected to produce new ideas.
Points to consider for making brainstorming sessions run smoothly are summarized below. • The group should include 5–8 participants. • All members should be at the same level in the hierarchy, with no subordinate/superior relationships to promote free expression of opinions. • The location should be a conference room that members can relax in. • The leader should create an atmosphere that elevates the enthusiasm of all members to draw out ideas and opinions. • If it runs for more than one hour, take a break.
Reference
Gordon method The “Gordon method” is a method for generating ideas through brainstorming. This differs from brainstorming in that participants are not actually aware of the issues. Since there are no preconceptions, there is more freedom to explore new ideas and concepts than in a conventional brainstorming session. Reference
KJ method “KJ method” is a method for expressing group membership and clarifying problem areas. Using brainstorming techniques, a variety of different ideas are generated, each noted on its own card, and similar cards are grouped together.
Corporate and legal affairs
Quantity over quality
“Brainstorming” is a combination of the words “brain” and “storm.” It refers to the spontaneous thinking of ideas.
Chapter 1
Rule
Reference
Brainstorming
36
Reference
Buzz session “Buzz” refers to enthusiastic chatter.
●Buzz session A “buzz session” is a method for holding unstructured discussions and collecting ideas in a small group of people. In a buzz session, a discussion proceeds as follows. Break into groups
Participants are broken into small groups of 5–8 people.
Assign roles
Each group decides on a leader and note-taker.
Discussion within group
Each group has a discussion on a theme, lasting about 10 minutes.
Decide on a position
Each group takes a position on its theme.
Presentation of positions
The leader of each group presents the group’s position.
1-1-3 Accounting and financial affairs “Accounting” refers to recording, calculating, and organizing profit and loss events. This process is referred to as a “financial affair,” and the results are managed using several types of “financial statements.” 1
Sales and profit
Managers of a corporation always need to be aware of “sales” and “volume of sales” in the course of their business activities. Towards that end, they aim to manage “profit” and “loss,” adjust inventories, and achieve maximum profit for little cost.
37
(1)Expense “Expense” refers to the money that a corporation must pay in order to carry out business activities. The major categories of cost are summarized below.
Variable cost
Expenses that vary with profit including the cost of goods sold, product shipping, etc.
Fixed cost
Expenses that do not vary with profit including cost of equipment, labor, etc.
Selling, general and administrative expense
All expenses involved in manufacturing products and sales including the cost of operating sales, general administration, etc. Also referred to as “operating expenses.”
(2)Profit “Profit” is the amount of money left after subtracting expenses from sales. There are several ways to calculate profit in accountancy. The typical methods of calculating profit are summarized below. Gross profit
Profit calculated by subtracting cost of goods sold from sales. Gross profit = sales – cost of goods sold
Operating income
Profit calculated by subtracting Selling, general and administrative expense from gross profit. Operating income = gross profit – Selling, general and administrative
Ordinary income
Operating income plus non-operating income, less non-operating expenses. Ordinary income = operating income + non-operating income – non-operating expenses
These forms of profit are calculated in an “income statement.” (3)Break-even point The “break-even point” is where sales and expenses are equal, resulting in zero profit or loss. This is referred to as “break-even revenues.” The break-even point is calculated so that it is possible to identify a “profitable line,” where any revenues above the break-even point can turn in a profit. Break-even revenues can be calculated as follows.
Reference
Non-operating income “Non-operating income” is interest received, dividends, and other income received apart from the operation of the business.
Corporate and legal affairs
The original cost of purchasing materials and manufacturing products.
Chapter 1
Cost
Reference
Non-operating expenses “Non-operating expenses” are interest paid and other expenses incurred apart from the operation of the business.
Reference
Income statement Refer to “1-1-3 2 ( 2 ) Income statements.”
Unit contribution margin
Break-even revenues = fixed cost ÷ (1 – (variable cost ÷ revenues)) Unit variable cost
Unit variable cost
The proportion of revenues accounted for by variable cost. variable cost ÷ revenues
Unit contribution margin
The proportion of revenues accounted for by profit. 1 – unit variable cost
38
Reference
Marginal profit “Marginal profit” is the profit remaining after subtracting variable cost from revenues. Reference
Target income “Target income” is the amount of profit sought from the manufacture and sale of a product. Setting a target income is useful for break-even point calculations, including how many units need to be sold. For example, to calculate the breakeven point based on a target income, calculate the marginal profit + target income. In other words, fixed cost + target income = (unit revenue – unit variable cost) × units sold. From that, units sold = (fixed cost + target income) ÷ (unit revenue – unit variable cost).
Example With revenues of 1 million yen, variable cost of 800,000 yen, and fixed cost of 100,000 yen, calculate the unit variable cost, the unit contribution margin, and break-even revenues. ●Unit variable cost 800,000 ÷ 1,000,000 = 0.8 Expresses that 1 yen of sales incurs 0.8 yen of variable cost. ●Unit contribution margin 1 – 0.8 = 0.2 Expresses that 1 yen of sales contributes 0.2 yen of profit. (0.2 yen includes profit and fixed costs.) ●Break-even revenues 100,000 ÷ 0.2 = 500,000 The break-even point is where profit is zero, which makes all contributing profits fixed costs. To calculate break-even revenues from fixed cost, divide fixed cost by the unit contribution margin. In this case, with revenues of 500,000 yen being the break-even point, exceeding that value results in a profit, and failing to meet it results in a loss. Revenues Profit (100,000)
1 million yen
Total cost
Amount
Break-even point (500,000)
0.8
(fixed + variable cost)
Variable cost (800,000)
1 Loss
0.2
Fixed cost (100,000)
Sales volume If revenue at the break-even point is set to 1, then the ratio of variable cost and fixed cost is equal to the ratio of unit variable cost to unit contribution margin, or 0.8 : 0.2.
39
2
Types of financial statements and their purposes
In financial accounting, a corporation prepares a “financial statement” to report its financial status to interested parties, including shareholders, banks, vendors, and public institutions. The following are examples of financial statements. ABC trading company
XYZ bank Reference
B/S Abbreviation for “Balance sheet.”
Assets
(1)Balance sheet A “balance sheet” shows a corporation’s financial status at a certain point in time. On a balance sheet, debits or “assets” appear on the left, and credits or “liabilities” appear on the right. The process of checking whether the final totals of assets and liabilities agree is called a “balance check.” A balance sheet has the following tabular format. Titles
Amount
(Assets) Cash:
Titles
Amount
(Liabilities) 1,000,000 yen
Accounts receivable:
50,000 yen
Inventory:
60,000 yen
Debt:
70,000 yen
Accounts payable:
40,000 yen
Total liabilities:
110,000 yen
(Owner’s Equity)
Total assets:
1,110,000 yen
“Assets” are items such as cash or property. They include buildings such as shops and offices, automobiles, products, and other “debits” that can be cashed in.
Major accounting titles of asset ●Current assets
Corporate and legal affairs
Reference
Financial statement
Chapter 1
Checks state of business operations
Example: Cash, securities, accounts receivables, etc.
●Fixed assets • Tangible assets Example: Land, buildings, fixtures, etc. • Intangible assets Example: Patent rights, leasehold rights, goodwill
●Deferred assets
Capital stock:
800,000 yen
Retained earnings:
200,000 yen
Total owner’s equity:
1,000,000 yen
Total liabilities & owner’s equity:
1,110,000 yen
A balance sheet treats everything, including products as if transacted in terms of monetary value. Even if a rental agreement is pending, it is not subject to recording since no money has changed hands at this point.
Example: Franchise fees, development costs, corporate bond issuance fees, etc. Reference
Liabilities “Liabilities” are items such as debt. They refer to any “credits” that need to be paid.
Major accounting titles of liability ●Current liabilities Example: Notes payable, accounts payable, short-term debt, etc.
●Fixed liabilities Example: Corporate bonds, long-term debt, accrued employee retirement benefit, etc. Reference
Net assets “Net assets” is total assets less total liabilities.
40
Reference
P/L Abbreviation for “Profit & Loss statement.” Reference
ROE (Return On Equity)
Income statement
“ROE (Return On Equity)” is the rate of profitability per unit of assets or shareholder equity. It shows a ratio of net income ( the return ) against capital (shareholder’s equity) for the number of shares of stock issued. In short, it answers the question of how much profit is being returned for the money entrusted to the company by shareholders, as an index of managerial efficiency. ROE = Net income ÷ shareholder’s equity × 100
From: 1 April 200X To: 31 March 200X
Reference
Current ratio “Current ratio” is an index that shows to what extent current assets exceed current liabilities. The current ratio, as a percentage is given by the formula (current assets ÷ current liabilities) × 100. Higher values are indicative of stable corporate management. Reference
Profitability “Profitability” is an index expressing how much capital is used and how much profit is produced. Profitability = gross profit margin × total asset turnover, where gross profit margin = profit ÷ revenues and total asset turnover = revenues ÷ assets. The higher the value, the greater the profitability.
41
(2)Income statement (P/L) An “income statement” or “P/L (Profit & Loss statement)” shows a corporation’s profits and losses for a fixed period. Disclosing expenses (losses) and income (profits) makes it possible to ascertain the state of the corporation’s finances.
(units: million yen)
Sales
1,000
Cost of goods sold
650
Gross profit
350
Selling, general and administrative expense
200
Operating income
150
Non-operating income
30
Non-operating loss
50
Ordinary income
130
Extraordinary profit
10
Extraordinary loss Pre-tax profit
20 120
Corporate taxes, etc.
50
Net income
70
(3)Cash-flow statement A “cash-flow statement” represents the flow of cash over a fixed period, by how much cash was on hand at the start of the period, and how much is left at the end. Preparing a cash-flow statement clarifies where money is going, and by looking at it alongside a P/L and B/S, it should be possible to manage funds predictably and formulate a fund-management plan for more efficient business management.
Other forms of bookkeeping
3
Apart from required financial statements, the following are forms of bookkeeping used for corporate financial management.
Titles
Amount
Titles
1,000
Amount
Cash
1,000
(2)General ledger A “general ledger” in corporate accounting plays a fundamental role, as it is necessary for settling accounts. It is a place to organize transactions into accounting title. For example, 1,000 yen worth of office supplies purchased with cash would be recorded as follows. Cash Titles
Amount
Titles
Amount
Supplies Expense
1,000
Supplies expense Titles
Amount
Cash
Titles
Amount
1,000
(3)Trial balance sheet A “trial balance sheet” is a table showing the credits and debits for each title of account, showing balance totals, without P/L or B/S sections. These figures are used as a check when preparing financial statements. Also referred to as “total trial balance sheet.” Balance
Debit
Accounting title
700,000
1,300,000
Cash
600,000
150,000
500,000
Accounts payable
350,000
200,000
Accounts receivable
600,000
400,000
1,000,000
1,000,000
850,000
850,000
3,400,000
2,250,000
Capital stock 800,000
800,000
600,000
2,250,000
3,400,000
Accounting title An “accounting title” is a journal item that appears in a financial statement as a title. These include cash, expenses, product, accounts payable, accounts receivable, etc. “Accounts payable” is a term used for purchases by the company, where payment is to be paid in the future; “accounts receivable” are purchases from the company where payment is to be received in the future.
Balance
Retained earning Sales
600,000
Credit
Reference
Corporate and legal affairs
Supplies Expense
Chapter 1
(1)Journal book A “journal book” is where all transactions are ordered and entered by date, and every journal page is tabulated on a single statement. For example, 1,000 yen worth of office supplies purchased with cash would be recorded as follows.
Purchase
42
1-2
Legal affairs 1-2-1 Intellectual property rights
Reference
Business model patent A “business model patent” refers to a patent for a model or method of business. Advancements in IT in particular have led to the adaption of IT into business methods, enabling corporations to substantiate what they do as a business and where they make profit. A new business method is first recognized when it is submitted for a patent application and is successfully approved. The Japan Patent Office calls these patents “business method patents.”
“Intellectual property rights” are rights that are afforded to protect creations that arise from the intellectual and creative activities of persons. Intellectual property rights can be organized into the categories summarized below. Copyright Rights to protect the creative expressions of authors
Intellectual property rights
Copyright and property rights
・Scope of protection: Programs, databases, websites, design content collection, cinematic work, etc. ・Term of protection: 50 years from author’s death (50 years from publication by a corporation, 70 years from release of cinematic work) ・Registration of rights: Not required
Industrial property rights Rights to protect the use and ownership of industrial products ࣬Scope of protection: Ideas, inventions, designs, marks, and product names, etc. ࣬Term of protection: 10 to 20 years ࣬Registration of rights: Required
1
Moral rights
Patent rights
Utility model rights
Design rights
Trademark rights
Copyright
A “copyright” is a right that protects the creative expressions of authors. Copyrights were originally established to protect the rights of authors who created works such as paintings and stories. Following the widespread use of computers, the scope of copyrights was expanded to include programs and data. Copyrights are distinct from intellectual property rights in that copyrights protect the creative expressions of authors, while industrial property rights protect ideas. In addition, a copyright becomes effective immediately upon creation of any work. An application or registration is unnecessary to obtain the rights. Copyrights are broadly categorized into “moral rights” and “copyright and property rights.”
43
(1)Moral rights “Moral rights” are rights that are exclusively held by the author in order to protect their feelings, sentiments, and conscience. Moral rights belong solely to the author, and generally cannot be transferred or inherited. In addition, the term of protection is considered to continue in perpetuity. The most common examples of moral rights are summarized below. Description Right to decide timing and method of publication.
Right of real name announcement
Right to decide use of real name and its display at time of publication.
Right of avoidance of modification
Right to prevent unauthorized alteration of work.
Corporate and legal affairs
Right of publication
Chapter 1
Moral rights
Section omitted without authorization If changes are made unilaterally
Published without obtaining the consent of the author, it is an infringement book
Author’s manuscript
of the right of avoidance of modification.
Editor
(2)Copyright and property rights “Copyright and property rights” are rights that protect any property related to the author’s work. Copyright and property rights are commonly referred to as simply “copyrights.” As a rule, the term of protection is 50 years from the death of the author, or 50 years from publication by the corporation. From the perspective of property, copyright and property rights can be transferred or inherited either partially or in entirety. The most common examples of copyright and property rights are summarized below. Copyright and property rights
Description
Right of reproduction
Right to reproduce work in the form of copies, photographs, and audio and visual recordings.
Right of translation
Right to translate or rearrange work.
Right of public rental
Right to provide reproductions of work (excluding cinematic work).
Right of public transmission
Right to broadcast work, or engage in automatic transmission of information from a server based on requests from the public.
Reference
Neighboring rights “Neighboring rights” are rights that are held by those who play a vital role in the communication of work, such as performers and broadcasters. Unauthorized acts such as making an audio recording of a live concert performance, is an infringement of neighboring rights. The term of protection for neighboring rights is 50 years from the live performance. Reference
Right of screening
Right to screen cinematic work.
Reproduction of white papers
Right of recitation
Right to communicate the work such as through recitation.
White papers are reports that are published by organizations such as federal and local government institutions, and independent administrative agencies. For this reason, reproduction of white papers is permitted for items such as explanatory documents unless explicitly prohibited.
44
(3)Intellectual property rights for websites Article 10-1 of the Copyright Act does not contain any reference to websites in giving concrete examples of works. However, Article 2-1-1 of the Copyright Act defines work as “a production in which thoughts or sentiments are expressed in a creative way and which falls within the literary, scientific, artistic, or musical domain.” Accordingly, if a website is expressed in a creative way, it is thought to be protected as a work. When requesting an outside party to prepare a website, it is important to clearly state who the copyright belongs to. Care must also be taken to ensure that information contained in websites does not infringe on the copyrights of others. 2
Legislation concerning industrial property rights
“Industrial property rights” are afforded for the monopolized use of ideas, inventions, designs, and logo marks for industrial products, and to protect against imitations. These rights fall under the jurisdiction of the Japan Patent Office. The types of industrial property rights are summarized below. Industrial property right
Trade secrets “Trade secrets” under the Unfair Competition Prevention Act include knowhow, customer lists, marketing manuals, terms of business, and systems design documents that have not been disclosed to the public. The term refers to trade or technical information that is managed within a corporation as a secret.
45
Related legislation
Term of protection
Patent rights
Ideas and inventions
Patent Act
20 years from application
Utility model rights
Idea or contrivance relating to the shape or structure of an article
Utility Model Act
10 years from application
Design rights
Design or decoration of an article
Design Act
20 years from registration
Trademark rights
Trademarks including marks and product names that denote a product
Trademark Act
10 years from registration (Extendable)
3 Reference
Scope of protection
Unfair Competition Prevention Act
The “Unfair Competition Prevention Act” prescribes the regulations for acts of unfair competition. Specifically, it deals with areas such as theft of trade secrets and ideas, imitation of goods, and circulation of rumors in a way that is disadvantageous to a competitor. When competition through such unfair acts is neglected and permitted to exist, it erodes the principle of fair competition in the market, which may cause confusion in the marketplace and result in significant damages to the consumers. Whereas intellectual property rights exist to protect proprietary rights, the Unfair Competition Prevention Act was enacted from the standpoint that such rights only exist if a fair market has been secured. Accordingly, the purpose of the Unfair Competition Prevention Act is to control illegal acts that are detrimental to fair competition.
Major acts of unfair competition are summarized below.
Chapter 1
• Using a famous brand belonging to another party for advertising purposes. • Marketing an imitation product that is identical to the real product within three years from the day it was marketed. • Acquiring and using confidential information of another company such as technical manufacturing information and customer information through unfair means such as fraud or theft. • Providing false information about the origin, quality, contents, manufacturing method, application, and quantity of goods. • Circulating falsified facts or rumors that damage the business reputation of another competitor. • Acquiring and abusing the domain name of a famous corporation before it is officially created.
Corporate and legal affairs
The Unfair Competition Prevention Act allows for injunctions to be made against infringing persons, and provides measures for restoring the reputation of the business. It also facilitates the seeking of damages based on the estimated amount of damages, and the filing of a criminal case in the event of infringement. 4
Software license
A “software license” refers to the right to use software, and is granted by the software maker to the purchaser. (1)Software and copyright Software is protected under the Copyright Act. Any illegal copying of software is a clear copyright infringement and considered a criminal act. The scope of protection under the Copyright Act is summarized below. Area
Scope of protection
Not protected
Programs and related
• Programs (Source programs, object programs, application program, operating systems)
• Solutions for programs • Algorithms • Languages for creating programs • Rules
Data and related
• Databases
• Data
Multimedia and related
• Websites • Still images from design content collection • Moving images from design content collection • Audio clips from design content collection
Reference
Public domain software “Public domain software” refers to software in which the copyrights have been disclaimed. Since the creator disclaims all rights, those who obtain the software may use it free of charge or alter the software at will. Reference
Digital watermarking “Digital watermarking” is the process of embedding digital information such as images and audio with special information to the extent that it does not affect the integrity of the quality. Digital watermarking is used to protect copyrights by guarding against unauthorized copying and alteration.
46
(2)Prohibition of copying software Reproducing software without the permission of the copyright holder is strictly prohibited. Commercial software usually contains an agreement when purchased. The right (license) to use the software is granted only if the purchaser consents to the contents of the agreement such as the scope of use. In general, copying software is permitted only for backup purposes. Reference
Free software and shareware “Free software” is software that is distributed free of charge. “Shareware” is software that can be purchased for a low fee if the user likes the software after trying it. Copyrights for free software, shareware, and programs created through outsourcing belong to the creator. Reproduction, redistribution, or alteration is prohibited unless there is a special agreement in place.
(3)License agreement A “license agreement” refers to an agreement to purchase a software license. The contents of the license may vary depending on the number of computers involved. When a corporation or school installs software in volume, it is sometimes called a “volume license agreement.” The right of use for a software agreement is usually restricted to a single computer or a single user, but in the case of a license agreement, a single software package can be used for a designated number of computers (or users). In effect, this makes the price lower than purchasing a software package for every computer, and it also eliminates waste in the form of packaging and manuals. The contents of the agreement may vary depending on the software maker. 5
Other rights
Certain rights are recognized in practical application based on legal precedence, even if the rights do not exist as written legislation. These rights are summarized in the following sections. (1)Privacy rights “Privacy rights” are rights that afford persons the ability to withhold details about their personal life in order to protect their character. Actions such as eavesdropping on personal conversations, surveillance of personal behavior, and disclosure of details about personal life are considered an infringement of privacy. Privacy rights are based on “respect for the individual” under the Japanese Constitution. Protection of personal data is specifically covered under the “Act on the Protection of Personal Information.” (2)Portrait rights “Portrait rights” are rights that protect the likeness of persons captured through media such as photographs, video tape recordings, and portraits. Copyrights for photographs, video tape recordings, and drawings belong to the person who originally took or drew the image. However, privacy rights for the likeness of persons belong to the individual who is the subject of the likeness. Any publication without the consent of the subject is an infringement of portrait rights. Portrait rights are recognized for all individuals, and not just famous persons.
47
(3)Publicity rights “Publicity rights” protect the right to secure (economic) profits from a name or portrait, and are recognized for persons such as entertainers, celebrities, and athletes. Consequently, use of the name or portrait of a famous person without consent is an infringement of publicity rights.
Reference
Security Refer to “Chapter 9-5-3 Information security measures and information security implementation technology.”
●Act on the Prohibition of Unauthorized Computer Access The “Act on the Prohibition of Unauthorized Computer Access” was enacted in 1999. The purpose of this legislation is to prohibit unauthorized computer access. Under the legislation, unauthorized computer access of the kind described below is defined as a crime and subject to regulation. ① Act of inputting an identification code for another person without permission Use of the user ID or password of another person without permission for the purpose of impersonating an authorized user and removing restrictions on use, in order to enable the use of a computer. ② Act of inputting information or a command other than an identification code Use of an open port or security hole, and use of an unauthorized method for the purpose of intruding on a system and removing restrictions on use, in order to enable the use of a computer. Penal provisions for actions ① and ② : Penal servitude of not more than one year or fine of not more than 500,000 yen ③ Act of facilitating unauthorized computer access Supplying a user ID or password of another person to a person other than the authorized user or administrator for the purpose of facilitating unauthorized computer access. Penal provisions for action ③ : Fine of not more than 300,000 yen
Corporate and legal affairs
The increasing prevalence of computer-related crime has led to increased emphasis on legislation concerning security. The “Act on the Prohibition of Unauthorized Computer Access” is a typical example of legislation that concerns security.
Chapter 1
1-2-2 Laws on security
Reference
Identification code An “identification code” is used to identify a person, such as a user ID and password, fingerprint, voiceprint, and iris pattern. Reference
Port A “port” refers to an interface that a computer uses as a gateway for network communications. Reference
Protective measures against unauthorized computer access Article 5 of the Unauthorized Computer Access Law recommends that access administrators take measures to protect against unauthorized computer access. Specifically, access administrators should take the following measures. • Comprehensively manage user IDs and passwords • Close security holes (security oversights) • Use encryption and digital signatures • Set access privileges
48
1-2-3 Laws on labor and transaction Legislation concerning labor and transactions exist for the purpose of providing conditions for labor and transactions. 1
Laws on Labor
The following sections describe examples of legislation that concern labor. (1)Labor Standards Act The “Labor Standards Act” is the basic piece of legislation that concerns labor. In accordance with Article 27-2 (Working Conditions) of the Constitution of Japan, the Labor Standards Act prescribes the minimum standards for working conditions that are needed. Working conditions for everyday work must meet the standards prescribed in the Labor Standards Act such as eight hours work per day, working overtime, payment of compensation, and annual paid leave. ●Background of Labor Standards Act Issues such as shorter working hours, adoption of two full days off per week, full use of annual paid leave, and reduction of overtime labor are major issues in Japan. For various reasons including competition with other companies in the same sector, transaction practices, and excessive service, it is difficult for individual companies to improve the situation through their efforts alone. A legal system was therefore created in order to provide an environment that facilitates further progress in shortening labor hours. ●Purpose of Labor Standards Act The purpose of the Labor Standards Act is to protect workers, who are in a socially and economically disadvantaged position compared with employers. ●Scope of application for Labor Standards Act The Labor Standards Act applies to all nationalities and industries, and is applicable when employing even a single worker who is not a relative. The legislation protects workers but not employers (business operators). ●Prohibited actions and penal provisions The Labor Standards Act provides the following penal provisions if an employer uses a worker under standards below what is prescribed in the Labor Standards Act. Prohibited Act
49
Penal Provisions
Forced labor
Imprisonment of not less than one year and not more than 10 years, or a fine of not less than 200,000 yen and not more than 3,000,000 yen
Intermediate exploitation or violation of minimum age
Imprisonment of not more than one year, or a fine of not more than 500,000 yen
Violation of equal treatment or equal wages for men and women
Imprisonment of not more than six months, or a fine of not more than 300,000 yen
Violation of contract period or clear indication of working conditions
Fine of not more than 300,000 yen
The Labor Standards Act is a piece of legislation whose purpose is to protect the rights of all employed working persons, including full-time employees, dispatched staff, and part-time workers. The Dispatched Workers Act is distinguished from the Labor Standards Act in that it focuses on the “rights of dispatched workers” who are not entirely covered by existing legislation. (3)Confidentiality agreement A “confidentiality agreement” is an agreement in which a party who may be exposed to confidential information agrees not to use information obtained through the course of duties for other than the specified purposes, and agrees not to leak the information to a third party. This type of agreement is also called an “NDA (Non-Disclosure Agreement).” It is common to exchange a confidentiality agreement when dispatching a worker or outsourcing work. The main elements of a confidentiality agreement are summarized below. • Specific information covered • Method of management • Terms for disclosure to third parties when outsourcing • Permissibility or prohibition of reproduction • Purpose of use • Obligation to return or destroy materials
Dispatching and Contracting “Dispatching” refers to engaging a worker who is employed by the dispatching company to perform labor for the client under the instructions of the client. Dispatching company
Employment relationship
Dispatch contract
Worker
Client
Instruction relationship
“Contracting” refers to engaging a worker who is employed by the contractor to perform labor for the client under the instructions of the contractor. Contractor
Employment relationship Instruction relationship
Service contract
Corporate and legal affairs
• Re-examination of limitation for dispatching period • Re-examination of employment system for dispatched workers by client company • Expansion of dispatch work • Re-examination of the work of the person responsible from the dispatching company • Re-examination of the duties of the person responsible from the client
Reference
Chapter 1
(2) Dispatched Workers Act ( Act for Securing the Proper Operation of Worker Dispatching Undertakings and Improved Working Conditions for Dispatched Workers.) The “Dispatched Workers Act” is officially known as the “Act for Securing the Proper Operation of Worker Dispatching Undertakings and Improved Working Conditions for Dispatched Workers.” The purpose of this legislation is to set forth the rules to observe for dispatching companies and client companies in order to protect the working rights of dispatched staff. The Dispatched Workers Act was revised in June 2003. The content of the revisions are summarized below.
Client
Worker
Reference
Temporary Transfer A “temporary transfer” occurs when a person is temporarily transferred to a subsidiary or other affiliated company, or a business partner while remaining a registered employee of the original company. There are two types of temporary transfers. One is a “retention of employment” method in which the person has an employment contract with both the transferring company and the company being transferred to. The other is a “transfer of employment” method in which the person only has an employment contract with the company being transferred to. Reference
NDA Abbreviation for “Non-Disclosure Agreement.”
50
(4)Types of agreements There are various types of agreements concerning work aside from confidentiality agreements. ●Mandate contract A “mandate contract” is an agreement that is established when the delegated party consents to undertaking the work entrusted to it by the delegating party. The completion of work is not always the purpose of the mandate contract. Accordingly, the agreement provides for compensation if certain processes are executed. A mandate contract is an agreement that is based on a relationship of mutual trust and as such, the delegated party may not entrust the work to a third party without the consent of the delegating party. ●Service contract A “Service contract” is an agreement in which the ordering party requests the contractor to undertake work, and pays compensation when the work is completed. The purpose of a service contract is to complete the work and as such, compensation is not paid if the contractor is unable to produce results (deliverables). As a rule, the contractor may use subcontractors to perform the work. ●Employment agreement An “employment agreement” is a promise made by a corporation or other entity to pay compensation in exchange for an individual to supply labor to the company. The employer has a duty to clearly state the wages, working hours, and other working conditions when entering into the agreement. There are a number of employment patterns such as a “full-time employee,” “contract employee,” and “part-time employee.” The patterns of employment have become increasingly diversified, and more individuals are working for various companies by entering into employment contracts as a dispatch employee. 2
Laws on Transactions
The following sections are examples of legislation that concern transactions. (1)Subcontract Act Under a situation in which work is contracted to a subcontractor, the contracting company is in a stronger position relative to the subcontractor. As a result, it is not uncommon for subcontractors to be treated unfairly such as by delaying payment of proceeds or providing only partial payment, which serves only the interests of the contracting company. The “Subcontract Act,” officially known as the “Act against Delay in Payment of Subcontract Proceeds, Etc. to Subcontractors,” was enacted in order to protect the interests of subcontractors by improving such circumstances and regulating fair transactions for subcontracting. The Subcontract Act was revised in April 2004 to expand the scope of the legislation to cover contracting for the creation of information-based products such as software, programs, databases, and Web content. The revised legislation also strengthens the penal provisions for violations.
51
Reference
PL Abbreviation for “Product Liability.”
Chapter 1
(2)Product Liability Act The “PL (Product Liability Act)” is a piece of legislation that sets forth the liability for damages of manufacturers if there is injury or loss to the life, body, or property of the consumer of a product due to a defect in the product. Prior to the introduction of the Product Liability Act, liability for damages to victims required proof that the accident was caused by the negligence of the manufacturer. However, with the introduction of the Product Liability Act, it is only necessary to show proof that the accident was caused by a defect in the product in order for the liability for damages to exist.
Corporate and legal affairs
1-2-4 Other legislation, guidelines, and engineer ethics In addition to complying with legislation prescribed under civil and criminal law, it is necessary to act in compliance with codes, guidelines, and criteria for engagement set forth within organizations. 1
Compliance
“Compliance” refers to achieving compliance with all rules including legislative systems, corporate ethics, and codes of conduct. Corporate activities are expected to comply with relevant legislation and regulations, but there is seemingly no end to scandals that arise due to a lack of moral judgment or inadequate sense of crisis. Scandals also occur because of response that places the interests of the corporation first, and due to insufficient recognition of criminal activity or social responsibility. The preponderance of scandals has accelerated the introduction of legislative systems for internal controls in Japan, reflecting the trend in other countries. Corporations must implement internal controls and compliance management in order to engage in healthy corporate activities that do not work against the interests of stakeholders such as investors, business partners, and customers. Internal controls and compliance are often confused with each other, but compliance is one of the purposes of internal controls. (1)Act on the Protection of Personal Information The “Act on the Protection of Personal Information” is a piece of legislation that sets forth the duties to be observed by business operators handling personal information in order to protect the rights and interests of individuals, while taking into consideration the practicality of personal information. The legislation was brought into effect in April 2005, and imposes penal provisions against regulatory violations by business operators that handle personal information.
Reference
Compliance In Japan, compliance refers to “regulatory compliance.”
Reference
Internal control Refer to “Chapter 6-2-2. Internal control.” Reference
Personal information “Personal information” refers to information that can be used to identify a specific individual such as a name, date of birth, or address. Information about occupation, personal income, family, and health condition are also forms of personal information. Reference
A business operator handling personal information “A business operator handling personal information” is defined as a business operator using a database with personal information on more than 5,000 individuals. Business operators that handle personal information on 5,000 individuals or less, and civilians with personal information on more than 5,000 individuals are not covered.
52
●Background of Act on the Protection of Personal Information Computers and the Internet continue to play an ever-increasing role in daily life and work. Meanwhile, there are increased opportunities for the handling of personal information, such as through the use of online shopping and auction sites by individuals, and management of customer information and human resources information collected by organizations. Under the circumstances, incidents involving the leakage of personal information are occurring with great frequency. Individuals whose personal information is leaked must deal with the threat of having to cope with various issues such as nuisance telemarketing calls, large amounts of direct mail, and misleading payment notices. In response to these threats, the Japanese government passed and enacted the “Act on the Protection of Personal Information” in May 2003. Increased computerization of society Spread of Internet
Many incidents of information leakage
Act on the Protection of Personal Information enacted in May, 2003
●Prohibited acts and penal provisions The acts outlined below are prohibited under the Act on the Protection of Personal Information. • Handling of personal information beyond its intended purpose of use. • Acquisition of personal information by unauthorized means. • Failure to notify or publish the purpose of use at the time of acquiring personal information. • Management that exposes personal information to the risk of leakage, loss, or damage. • Failure to supervise the employees of the organization handling personal information or trustees (wherein employees engage in acts such as freely removing personal information to the outside). • Provision of personal information to a third party without the consent of the person. • Failure to act on a request from the person to disclose, correct or stop using personal information. • Failure to disclose personal information to the person. • Failure to act on a request from the person to revise the personal information, where the request is based on factual inaccuracies in the personal information. • Failure to cease the use of personal information or provision to a third party, despite a request from the person. • Collection of charges that are not within the scope considered reasonable for the disclosure of personal information.
If a business operator engages in prohibited actions, the competent ministers, which comprise ministers of authorities having jurisdiction over the business of the organization may demand improvement. If the violations continue even after an order is issued, the business operator is subject to imprisonment of not more than six months, or a fine of not more than 300,000 yen. In addition, if a business operator is asked by a competent minister to file a report concerning the handling of personal information, and either fails to file the report of files a false report, the business operator incurs a fine of not more than 300,000 yen. 53
These penal provisions are imposed against the representative of the organization or the individual that committed the violation.
Reference
Provider Refer to “Chapter 9-4-3 Network Application.”
Corporate and legal affairs
(3)Service Providers Law The “Service Providers Law” is officially called the “Act on the Limitation of Liability for Damages of Specified Telecommunications Service Providers and the Right to Demand Disclosure of Identification Information of the Senders.” The purpose of this legislation is to set forth the limitation of liability for damages (immunity) of service providers, in the event of the release of personal information, or publication of slander through a website existing on a rental server operated by a specified telecommunications service provider. The legislation also gives infringed persons the right to demand disclosure of the name and other identification information for the sender.
Chapter 1
(2)Nuisance e-mail law The “Nuisance E-mail Law,” officially called the “Act on Regulation of Transmission of Specified Electronic Mail,” was enacted in order to prevent problems surrounding the mass sending of e-mails to many and unspecified persons, such as of direct mail and advertising.
(4)Standards Various codes and standards exist concerning information security at corporations, including those summarized in the following sections. ●Standards for Measures against Computer Viruses The “Standards for Measures against Computer Viruses” outline measures to prevent infection from computer viruses, and measures for identification, deletion and recovery in case of infection. ●Standards for Measures against Unauthorized Access to Computers The “Standards for Measures against Unauthorized Access to Computers” outline measures for protection, identification, prevention, recovery, and recurrence prevention against unauthorized access to information systems. The standard addresses protection against unauthorized access from the perspective of follow-up response, education, and auditing, in addition to management. ●System Management Standards The “System Management Standards” outline the measures that should be taken by corporations with information systems. The standard includes more than 280 items of criteria for checking, and sets forth a broad range of guidelines concerning all aspects of information systems from IT strategy to planning, development, operation, maintenance, and common processes of information systems.
54
Reference
Netiquette “Netiquette” is a compound word formed from “net” and “etiquette.” Reference
Encryption Refer to “Chapter 9-5-3 Information security measures and information security implementation technology.” Reference
Compression Refer to “Chapter 9-2-1 Multimedia technology.” Reference
Chain e-mail “Chain e-mail” is an e-mail form of a chain letter. Chain e-mail is widely and repeatedly sent in a chain with instructions to send the content of the e-mail to many and unspecified persons.
(5)Information ethics “Information ethics” are information morals and manners that should be observed in an information society. In modern society, where information is obtainable through many means, there is a need to be aware of rights such as intellectual property rights, copyrights, and privacy rights. The Internet occupies an important position today as a place for handling information, and provides a level of anonymity that tends to give rise to ethical issues, which makes it necessary to observe “netiquette” in particular. ●Netiquette “Netiquette” is a form of etiquette that is used on networks. The following are some rules of netiquette. • Use encryption to send e-mail that is to be kept confidential. • Indicate your name or other personal identification in public e-mails. • Refrain from sending large volumes of data. Send compressed data. • Do not send multiple unspecified e-mails such as advertisements. • Do not send chain e-mails. • Do not use characters that are specific to a computer such as single-byte katakana characters and special symbols. • Do not handle images that are morally indecent. • Do not slander other persons.
2
Corporate governance
In recent years, corporate and government scandals are surfacing one after another, and scandals similar to those in the past are recurring. Despite the considerable fallout that can result such as loss of customers and profit, sharp decline in share prices, and bankruptcy, there is no indication of scandals decreasing. These scandals not only damage the image of corporations, but they also damage the interests of stakeholders including investors, business partners, and customers. Under these circumstances, there is a growing need for corporations to achieve transparency and clarify their responsibilities, as well as promote them to internal and external persons. “Corporate governance” sets forth principles for continually monitoring corporate activities, and checking the transparency and health of management to provide a framework that prevents scandals within management and organization. Corporate governance is attained through a number of methods including the appointment of appropriate external directors, enhancement of the framework for information disclosure, and strengthening of the auditing department.
55
The main purposes of corporate governance are as follows.
3
Crisis communication “Crisis communication” is a communication method based on making appropriate decisions rapidly when disclosing information to the mass media about developments and response measures in case of a scandal or crisis situation. Chapter 1
• Check and stop reckless behavior that is in the self-interest of upper management. • Check and stop illegal acts involving the organization. • Secure the transparency, health and compliance of management. • Secure comprehensive accountability toward stakeholders. • Achieve rapid and appropriate information disclosure. • Clarify the responsibilities of upper management and business managers at each level.
Reference
Request for information disclosure by administrative organs
Corporate and legal affairs
The “Information Disclosure Act,” officially called the “Act on Access to Information Held by Administrative Organs,” provides all individuals with the right to request disclosure of any administrative document held by administrative organs. Under the legislation, any individual may file an information disclosure request in order to inspect a document prepared by an administrative organ. However, documents that contain non-disclosure information cannot be inspected, including documents containing personal information that can be used to identify a specific individual, and information that could trespass on property rights if disclosed.
1-2-5 Standardization Standardization organizations formulate “standardization” plans for various purposes such as improving quality, reducing costs, and improving commonality and efficiency. 1
Standardization
“Standardization” is the process of formulating standards for the convenience and unanimity of work, and is effective in preventing diversification and complexity. Standards are formulated by international standardization organizations, the leading example of which is the “ISO (International Organization for Standardization),” and national standardization organizations. Standardization is widely used for applications such as the description method and development method in design documents that are used in the manufacturing industry and software development. Use of standardization raises the skill level of employees and product quality, and facilitates the advancement of work activities. Consequently, standardization is considered to provide major economic advantages and benefits for consumers.
Reference
Standardization organizations Standardization organizations can comprise international standardization organizations and national standardization organizations. These organizations do not have a profit motive. Standardization organizations promote standards such as the common use of data between software through the publication of recommendations and reference information.
56
2
Standardization organizations and specifications
The following are typical international standardization organizations and national standardization organizations.
Reference
ISO Abbreviation for “International Organization for Standardization.” Reference
NGO Abbreviation for “Non-Governmental Organization.” Reference
JIS Q 9001 “JIS Q 9001” is the JIS version of the ISO 9001 standard used in Japan. “JIS Q 9001” specifies the requirements for quality management systems. As a document for quality management systems, JIS Q 9001 includes requirements for quality policies and quality targets of organizations, and quality manuals. Under JIS Q 9001, documentation is executed appropriately based on the size of organization, type of activities, and complexity of processes.
Reference
JIS Abbreviation for “Japan Industrial Standards.” JIS sets forth the standards for the classification, shape, dimensions, and construction of all industrial products. The JIS symbol is applied to JIS-certified products.
57
(1)International Organization for Standardization The “ISO (International Organization for Standardization)” is a civil non-government organization that sets forth international standards in a broad range of areas for the purpose of facilitating the international circulation of goods and services. The following are descriptions of some of the typical international standards and specifications set forth by the ISO. *The ISO number indicates the document number of each respective standard.
●ISO 9000 Series The “ISO 9000 Series” is a set of standards that describe the requirement specifications for quality control management systems. ISO 9000 is not a standard for the products themselves. Rather, it is a standard for evaluating quality management to determine how corporations engage in quality management for products. ISO 9000 was said to have been originally developed to secure the success of the Space Shuttle program run by NASA (U.S. National Aeronautics and Space Administration), with the aim of standardizing production to manufacture products of high reliability. ●ISO 14000 Series The “ISO 14000 Series” is a set of standards that describe the specifications for environmental management systems. ISO 14000 is not a standard for the products themselves. Rather, it is a unified global standard for determining the extent to which corporations engage in environmentally friendly management. Under ISO 14000, organizations implement PDCA (Plan, Do, Check, Act) cycles in order to continuously engage in environmental conservation initiatives. ISO 14000 was formulated in response to the adoption of the “Rio Declaration on Environment and Development” and “Agenda 21” comprehensive action plan for the environment, at the United Nations Conference on Environment and Development (Earth Summit) in 1992. The intention was to provide a framework for continuous improvement of the environmental impact of corporate activities. ●ISO 15408 The “ISO 15408” is a standard for objectively evaluating the security quality of IT products and systems that are subject to security evaluation. ISO 15408 certifies that there are no issues with security quality by checking and testing the security functions and quality of individual information processing products and information processing systems. Checking and testing covers content such as design documents, program source code, test results, and manuals. The JIS version of ISO 15408 is called “JIS X 5070.”
Networking and distribution of computer systems has led to an increasing emphasis on security for information systems. This has created the need to evaluate and certify the level of security built into individual information processing products for database management, firewalls, and IC cards, and for information processing systems such as Internet banking and authentication services.
(3)IEEE (Institute of Electrical and Electronics Engineers) The “IEEE (Institute of Electrical and Electronics Engineers)” is a body that engages in research and development of standards for electronic components and communications schemes. The “IEEE 802 Committee” is a subcommittee that develops LAN standards. The “IEEE 802.3 Committee” and “IEEE 802.11 Committee” are subcommittees that develop standards for Ethernet LANs and wireless LANs respectively.
Reference
Security policy and risk management
Corporate and legal affairs
(2)IEC (International Electrotecnical Commission) The “IEC (International Electrotechnical Commission)” is a body that develops international standards in the electrical and electronic fields.
Chapter 1
●ISO/IEC 17799 “ISO/IEC 17799” provides standards for implementing security management, comprising both a standard (international standardization specification) for implementing IT security management, and a system for IT security management. The British Standards Institute (BSI) developed the BS 7799 standard in 1999, and in response, ISO developed the “ISO/IEC 17799” standard as an international standard. BS 7799 is a standard specification for information security management systems (ISMS). In Japan, the “JIS X 5080” standard was developed in 2002 based on guidelines from the ISO specifications. The Japan Information Processing Development Corporation (JIPDEC) defines ISMS as “a system for information security (by which) the organization can determine the necessary security level, make up plans and distribute its assets based on its own risk assessment in addition to technical countermeasures against each individual issue.” JIPDEC also operates an “ISMS Conformity Assessment System” in which third party organizations certify the ISMS of corporations for conformity with ISO/ IEC 17799. An “ISMS” is a comprehensive framework for corporations and organizations to manage information appropriately, and maintain and improve security through the setting of controls based on a security policy. The ISMS framework also provides for implementing risk management and engaging in continuous and regular review of the framework.
Refer to “Chapter 9-5-2 Information security management.”
Reference
IEC Abbreviation for “International Electrotechnical Commission.” Reference
IEEE Abbreviation for “Institute of Electrical and Electronics Engineers.” Reference
W3C Abbreviation for “World Wide Web Consortium,” which is an international organization that develops many Web standards. Reference
LAN Refer to “Chapter 9-4-1 Network systems.”
58
3
Examples of IT standardization
The following are examples of standardization in IT. Reference
Barcode A “barcode” is an identifier that uses bars and spaces of varying widths to represent numbers and characters. A barcode is a one-dimensional code in which data is only read in a horizontal direction. Reference
JAN (Japan Article Number) code Abbreviation for “Japan Article Number” code. There is a standard 13-digit version and a shortened 8-digit version.
Reference
QR (Quick Response) code Abbreviation for “Quick Response code.”
●JAN (Japan Article Numbering) code The “JAN (Japan Article Numbering) code” is a JIS standard barcode comprising 13 digits. From left to right, the JAN code comprises a 2-digit country code, 5-digit manufacturer code, 5-digit product code, and single digit check code. JAN code is commonly used today at the cash registers of retail stores such as supermarkets and convenience stores, and is printed on all kinds of product packages. The JAN code is simply passed over a barcode reader to input the product name and price at the cash register. Below the barcode is a numbered code. If the barcode cannot be read, the numbered code can be manually entered using a keyboard. Sample of JAN code
●QR (Quick Response) code A “QR (Quick Response) code” is a JIS standard two-dimensional code. While a barcode can only read information in the horizontal direction, the QR code contains information in both the horizontal and vertical directions, enabling the code to hold more information than a barcode. A QR code is also referred to as a “two-dimensional barcode symbology.” The QR code contains a cutout symbol on three corners to enable quick and accurate reading in any 360 degree direction. Sample of QR code
59
1-3
Chapter quiz
*See page 2 in the “Answers and Explanations” booklet for the correct answers.
1-1
1-2
Divisional organization Functional organization Project organization Matrix organization
A list of activities for a project plan is shown below. Which of the following represents it as an arrow diagram? [List of activities] Activity
Preceding activities
A
None
B
None
C
A
D
A, B
a)
Corporate and legal affairs
a) b) c) d)
Chapter 1
Which of the following is the organization that is established by selecting personnel from related departments, who have the required skills and experiences, to perform system development?
b) A
A C
C D
B
D
A
C
A
C
B
D
B
D
c)
B
d)
60
In the figure illustrated below, categories of defective electronic components are arranged in a bar graph in descending order of the number of defective components, and the cumulative ratio of the number of defective components is shown in a line graph. What is this type of figure called?
Number of defective components
150
100
80 100 60
40 50
Cumulative ratio (%)
1-3
20
0
0 A
B
C
D
E
Defect category
a) b) c) d)
1-4
Cause-and-effect diagram Matrix diagram Pareto chart Venn diagram
Which of the following should be inserted in the blank box A of the income statement shown below? Here, the shaded boxes are intentionally left blank. Income Statement Unit: 100 billion yen Sales Cost of goods sold
100 75 25
Selling, general and
15
administrative expense
10 Non-operating income
2
Non-operating expense
5
A
7
Extraordinary profit
0
Extraordinary loss
1
Net profit before tax
6
Corporate income tax, etc.
2 4
a) b) c) d) 61
Gross profit Operating profit Ordinary profit Current term net profit
1-5
Among the actions involving a commercially available book of landscape pictures without obtaining the author’s permission, which of the following is illegal under the Copyright Act? a) b) c) d)
1-6
Taking a photograph of the same object as a photograph you like Cutting out a photograph from the book and putting it on the wall of your room Placing and publishing a photograph from the book on your Web page Describing comments about the photograph book in your blog
When you create a webpage, which of the following uses of published work is legal to do without asking the copyright holder? a) Modifying an illustration appeared in a magazine and using it for your own corporate advertising on the webpage b) Scanning a pattern created by a famous designer in a curtain catalog, changing the color, and using it on the webpage because it is a fitting background graphic c) Scanning a photo released in a newspaper and using it on the webpage to provide upto-date information d) Using statistical data published in a white paper on trade as the basis for creating a chart on the webpage to illustrate vehicle sales volume
1-7
Which of the following is considered unauthorized access under the Act on the Prohibition of Unauthorized Computer Access? a) Having access to a shared server and copying a software package illegally without permission b) Having access to a computer via the Internet by using other people’s passwords c) Posting accessible information that libels others on the Internet d) Having access to a website with obscene pictures
1-8
Which of the following explains the Labor Standards Act? a) A law that guarantees minimum wages for the stability of lives and the improvement in manpower quality b) A law enacted to improve the welfare of part-time workers c) A law about businesses that dispatches workers with the required skills to companies d) A law that regulates minimum standards for labor conditions, such as working hours, breaks, and vacations
62
1-9
Company X, which is “a business operator handling personal information,” held a seminar for individual customers to promote the sales of their products, which included a questionnaire for the participants at the end. The questionnaire sheet stated that the purpose for obtaining personal information was to offer information about future products; the company asked for the customer’s name, address, telephone number, and whether or not they wanted the information. Which of the following actions by Company X is illegal in light of the Act on the Protection of Personal Information? a) A list of customers was created from the collected questionnaires, and direct mails were sent to the customers who wanted information about products. b) The collected questionnaires and the customer list created after the seminar were stored in a locker with a key, except when they were necessary. c) For sales promotion of the product by Company Y, which is an associated company of Company X, Company X handed the customer list created from the collected questionnaires over to Company Y based on the judgment of Company X. d) A customer who had wanted information about products contacted Company X to change the address, so Company X changed the customer list after verifying the identity of the customer and the desire to receive further information.
1-10
Which of the following describes the characteristics of the QR code in the figure shown below?
a) It compresses and symbolizes an image and is used for communication of information. ) b It contains only about 10 bytes of information and is used for encryption of commercial product codes. ) c It is a kind of two-dimensional bar code and can record much information, including alphanumeric characters, Kanji characters, etc. ) d It is the code developed for use in IC tags and can be used for noncontact-based merchandise management.
63
Chapter
2
Business strategy Chapter 2 explains typical systems in each field including typical information analysis techniques and marketing techniques, business management systems, and technological strategies.
2-1 2-2 2-3 2-4
Business strategy management ........ 65 Technological strategy management ... 75 Business industry ............................... 77 Chapter quiz ....................................... 86
2-1
Business strategy management 2-1-1 Business strategy techniques A “business strategy” is a plan with a long-term perspective for the business development of the corporation. Its goal is to develop a competitive edge over other companies and enable it to adapt to any changes occurring around it. Corporations formulate their business strategies using the steps summarized below.
1
Manifestation of corporate philosophy
Specify the corporation’s raison d'etre and action guidelines, etc.
Manifestation of corporate goals
Specify the final destination of the corporation.
Definition of corporate domain
Define the corporation’s position in the market.
Determination of business strategy
Set a course for the future that will enable the corporation to adapt to changes and survive.
Business information analysis techniques
In order to determine a business strategy, it is necessary to understand the full capabilities of the corporation, and analyze its current situation and position. Data analysis techniques for determining business strategy are summarized below.
Reference
Internal environment “Internal environment” refers to various aspects of a corporation including human resources, business strength, product appeal, selling power, technological strength, brand, competitiveness, financial standing, etc.
65
(1)SWOT analysis A “SWOT (Strengths, Weaknesses, Opportunities, Threats) analysis” is an evaluation method that analyzes the strengths, weaknesses, opportunities, and threats of a corporation. Strengths to capitalize on and weaknesses to overcome are further clarified by analyzing the “internal environment” of the corporation.
Opportunities to take advantage of and threats to address are identified by analyzing the “external environment” surrounding the corporation. A SWOT analysis is also used to determine marketing plans and crisis management policies. It is considered an ideal analysis technique when formulating a business strategy. Threats
Strengths
What societal opportunities bring out the strengths of our corporation?
Can societal threats be overcome using the strengths of our corporation?
Weaknesses
What societal opportunities do the weaknesses of our corporation present?
Can any threats be overcome using the weaknesses of our corporation?
Category
Description
Star
Businesses and products that are profitable but require investment. Businesses and products that have a high rate of return and have matured, but need funds to maintain their place in the market.
Cash cow
Businesses and products that generate profit with little investment. Mature businesses and products that have a high rate of return with minimal investment (funding) due to large market share. Over-investment should be avoided.
Question mark
Businesses and products that are not profitable, but can be expected to grow in the future with additional investment. The growth rate is high but significant investment (funding) is needed due to small market share. For businesses and products that can be expected to grow in the future, a strategy to turn them into a “star” is required.
Dog
Businesses and products with low potential that should generally be withdrawn. Businesses and products that have declined, and have both low outflow of investment and low inflow of funds. Unless income greater than the investment can be expected, it may be necessary to withdraw or scale down the businesses and products.
↑ Market growth ↓ Low High
Star Growth expected → Maintain
Question mark, problem child Intensifying competition → Nurture
Cash cow Mature field/stable profit → Harvest
Dog Stagnant/declining → Withdraw
“External environment” refers to government, economy, social conditions, law, marketability, price changes, customer trends, rival companies, etc.
Reference
PPM Abbreviation for “Product Portfolio Management.” Reference
Product life cycle A “product life cycle” refers to the four stages a product goes through from the time of its release as it appears on the market until sales end and it disappears from the market. The four stages are summarized below. Introduction stage: A period during which much investment goes into sales promotion strategies in order to increase sales. Growth stage: The sales peak is reached and rival products increase. A period during which plans to differentiate the product from its rivals are implemented. Maturity stage: The sales peak has passed and growth in de-mand has slowed down. A period of investment to maintain the product’s place in the market. Decline stage: Sales have become stag-nant. A period during which the product is either withdrawn from the market or reinvested in according to the needs of the market.
Business strategy
(2)PPM (Product Portfolio Management) “PPM (Product Portfolio Management)” is a technique for business analysis that divides the businesses and products the corporation handles into four categories: “star,” “cash cow,” “question mark,” and “dog.” They are plotted on a graph with market share and market growth on the axes. By allocating management resources to each of the four categories, the most effective and efficient combinations of businesses and products can be analyzed.
External environment
Chapter 2
Opportunities
Reference
Large ← Market share → Small
66
Reference
Core competence “Core competence” in terms of business, refers to “capability (competence) in areas such as technology or capital that comprise a company’s core, which no other company can imitate.” A core competence is therefore a strength of a corporation, and also a valuable management resource for differentiating enterprises or products. For rival companies, core competencies are key to the competitiveness of their business strategy. When a tie-up with another company is formed, it gives the alliance more influence and leverage. Reference
Niche strategy A strategy that aims to secure and maintain profitability in a specific market or “niche,” rather than in a market in which major companies are active. Reference
CS Abbreviation for “Customer Satisfaction.”
Reference
Alliance In general, alliances with capital ties are described as strong alliances and those without capital ties are described as weak alliances.
67
2
Terms related to business strategy
The typical terms used in business strategy are summarized below. (1)Competitive superiority “Competitive superiority” is the relative position of a company according to its superiority over rival companies. In modern society where it is possible to acquire information by all kinds of means, many differentiation strategies may be imitated by other companies. In order to provide the customer with better value than the competition, it is necessary to develop a business strategy for competitive superiority through a combination of multiple factors. These include not only isolated factors such as low prices, but design, quality, production system, and brand. (2)Customer satisfaction “Customer satisfaction,” which is also referred to as “CS,” is the level of satisfaction a customer experiences after using a product or service and it meets their expectations. “CS management” is a management technique that focuses on customer satisfaction. CS management is based on the idea that creating corporate value from the perspective of the customer and giving the customer a sense of satisfaction contributes to corporate management. In CS management, the demands and opinions of customers are collected to analyze their needs and behavior. As a result, service that will satisfy the customers is determined. This information is utilized to expand services that should be provided and eliminate services that should be scaled down. CS management starts when a customer selects a product. It aims to raise corporate value by having the customer choose the corporation’s product over numerous rival products and make repeat purchases when replacement is necessary. It promotes awareness of customer satisfaction and providing not only product quality, but also follow-up service after sales. (3)Alliance An “alliance” is a collaboration or tie-up between corporations. There are different forms of alliances including those without any capital ties that come together only in specific fields, and those with capital ties that unite as “mergers.” In recent years, these collaborations and tie-ups have become popular in many corporations. The objectives behind this increase in alliances are to eliminate unnecessary corporate competition, and reduce costs such as those in research and development by sharing the burden between several companies.
Alliances can take the following forms.
Reference
●M&A (Mergers and Acquisitions) “M&A” is a general term for corporate “mergers and acquisitions.” A “merger” is the formation of one corporation from multiple corporations, while an “acquisition” is the purchase of an entire corporation or part of a corporation. This form of alliance also includes “absorption-type mergers” in which one of the corporations continues while the other ceases to exist. The objectives of M&A include entering new industries or markets, business tie-ups, corporate reorganizations, business bailouts, etc.
Abbreviation for “Mergers and Acquisitions.” Reference
Difference between a merger, an acquisition, and a merger through a holding company • Merger Company + Company = Company A B C •Acquisition Company + Company = Company A B A
●Capital participation “Capital participation” refers to strengthening collaboration with another corporation by acquiring shares in that corporation and becoming a shareholder. Capital participation promotes a cooperative relationship as capital is held by the other corporation, but it does not grant that corporation the authority to make decisions concerning management. ●Tie-up A “tie-up” refers to cooperation between corporations in executing business activities. Tie-ups are expanding from those confined to specific fields such as sales tie-ups and production tie-ups (OEM production, etc.) to those of sharing technology and cooperative recycling of waste, etc. Forms of alliances Form
Capital ties
Integration through a holding company
Yes
Degree of alliance
M&A
Strong
Reference
OEM An “OEM” is a manufacturer who makes products which are sold under the brand name of another corporation. Abbreviation for “Original Equipment Manufacturer.” Reference
Outsourcing
Capital participation
Tie-up
Business strategy
•Integration through a holding company Company + Company = Company Company B C A A Company B
Chapter 2
●Integration through a holding company A “holding company” is a company whose purpose is to hold large quantities of shares in other stock companies and exercise control over those companies. Some of the advantages of integration through a holding company are that it allows for business strategies that always seek profit for the entire group, and it can also speed up decision-making processes.
M&A
“Outsourcing” refers to procuring management resources required by the corporation from external sources. No
Weak
68
(4)Business execution organization In Japanese stock companies, the highest decision-making body is the “stockholders’ meeting” and the person in charge of business execution is the “representative director,” who as well as representing the company in the outside world, is the person with the highest managerial responsibility. In America, the business execution organization is categorized as follows. ●CEO (Chief Executive Officer) The “CEO” is responsible for management as the company’s representative. ●COO (Chief Operating Officer) Under the CEO, the “COO” is responsible for business operation. ●CIO (Chief Information Officer) The “CIO” has the highest responsibility concerning information. ●CFO (Chief Financial Officer) The “CFO” is responsible for financial affairs such as procurement of funds and financial administration. Reference
Data Warehouse A “data warehouse” is a large amount of data from a database used for day-today operations that has been organized, retrieved, and stored. The stored data is analyzed and used in decision-making. Reference
Data Mart A “data mart” is data that has been retrieved from a data warehouse for a specific purpose. Reference
Data Mining “Data mining” refers to obtaining new information by analyzing large amounts of data stored in data warehouses. It is used to find correlations between multiple items such as “men who buy Product A on Sunday also buy B at the same time.”
69
3
Use of office tools
Instead of using full-scale business systems, commercial office tools (software packages) can be utilized in business strategies. Office tools include spreadsheet software and database software. Using these software, it is possible to analyze large quantities of data efficiently by creating tables and graphs, and sampling and sorting the data. Recently, systems such as data warehouses and data marts are also being used in order to apply data stored in databases to business strategies. ●Word processing software “Word processing software” has a variety of functions, such as document creation, editing, and printing, which allow easy-to-read documents to be composed and printed. ●Spreadsheet software “Spreadsheet software” has a variety of functions such as table creation, graph creation, and data analysis, etc.
●Presentation software “Presentation software” has a variety of functions for creating and executing presentation materials, and inserting illustrations, graphs, tables, photographs, etc. into presentation materials. ●Database software “Database software” arranges various data (information) into units with specific purposes and stores them together in one place. This allows the data to be managed and operated efficiently.
Chapter 2
2-1-2 Marketing
1
Market Research
“Market research” is the collecting of various information concerning the market that the corporation can use to advance marketing activities effectively. There are various methods used in market research, such as surveys using the Internet, surveys that gather consumers together and hold discussions, surveys in which questionnaires are distributed and collected by mail, etc. Compared to other survey methods, market research using the Internet makes it possible to quickly collect vast amounts of data at low cost. Utilizing the Internet allows market research to be performed in a shorter time than methods such as mail, giving it the advantage of commercializing consumer needs without delay. Whichever method is used, the question of how to analyze and utilize the data obtained through market research is the key to subsequent strategy.
Reference
Marketing mix
Business strategy
“Marketing” involves activities to create structures for the manufacture and sale of products that accurately reflect the needs of customers. One area of marketing activities includes “market research”, “sales/product/purchase planning”, “sales promotions”, “customer satisfaction surveys,” etc.
The “marketing mix” is a combination of marketing tools used to achieve marketing objectives. The four Ps (product, price, promotion, place) are typical tools from the perspective of the seller. The four Cs (customer value, customer cost, communication, convenience) correspond to the four Ps seen from the perspective of the customer.
70
2
Sales/product/purchase planning
In “sales/product/purchase planning,” strategic activities are implemented based on the results of market research analysis and predictions for supply and demand. ●Sales Planning “Sales planning” is planning how to sell what kind of product or service to whom. After a sales plan is determined, subsequent product and purchase plans are formulated. The following “4W2H” are used as a base when creating a sales plan. What
Determine specifically the product or service to be sold.
How Much
Determine the price by assuming the volume of sales.
Where
Determine which region to target.
Whom
Envisage what kind of customer the product or service could be sold to.
How
Determine what kind of sales method to use.
Who
Determine who will sell the product or service.
●Product Planning “Product planning” is planning a product or service that can secure profit in the market by acquiring a precise understanding of consumer needs. The number and composition of products already circulating on the market and new products are taken into account when determining a product plan. ●Purchase Planning “Purchase planning” is planning what to purchase from where and under what terms in order to achieve the objectives of the sales plan. Purchasing has a large influence on sales, and profit and must be considered carefully to allow normal financing. If inventories are too small, there is a danger of shortages occurring. If inventories are too large, there is a danger of having excess stock. It is important to plan purchasing so that inventories are rotated as efficiently as possible in order to reduce the capital burden and prevent stock from deteriorating or becoming obsolete. 3
Sales Promotions
“Sales promotions” are initiatives that utilize advertisements and campaigns to encourage the eagerness of consumers to buy and the eagerness of vendors to sell products or services. In sales promotions, it is important to tailor initiatives towards individual target groups such as consumers, vendors, staff inside the company (sales department), etc.
71
4
Customer satisfaction surveys
A “customer satisfaction survey” is a quantitative investigation into the degree to which customers are satisfied with a product or service. Customer satisfaction surveys can be used in strategies for subsequent business deployment and product development. Survey methods may involve filling out questionnaire survey forms or interviews and discussions, etc. Features
Questionnaire survey
This method makes it possible to collect many replies, and analyze the trends and needs of the entire market.
Interview/discussion
This method makes it possible to obtain specific and honest replies, and analyze the values and needs of individuals.
Customer satisfaction is generally surveyed using the following procedure.
Determine the survey method Create questionnaire survey forms or interview items Conduct survey Tally and analyze survey results
“One-to-one marketing” is an approach that addresses individual customer needs separately, rather than targeting the market as a group. Reference
Target Marketing “Target marketing” is an approach that involves conducting strategic marketing activities by narrowing down the target to a particular small customer segment. Activities are carried out after narrowing the customer segment down to a certain degree. For example, conducting marketing activities aimed at a wealthy segment living in luxury apartments. Reference
Customer Loyalty “Customer loyalty” is a customer’s trust in or affinity towards a product or service. In other words, it is the state of mind in which a customer who has shopped at a certain store feels compelled to shop at the same store again the next time. When a customer has strong loyalty toward a product, it tends to lead to behavior that is favorable for the corporation such as repeat purchases and spreading praise about the product through word-of-mouth.
Business strategy
Determine the product or service to be surveyed
One-to-One Marketing
Chapter 2
Survey methods
Reference
2-1-3 Business strategy and goal/evaluation When planning a business strategy, it is important to analyze information and utilize it to establish goals and conduct evaluations. The typical techniques for analyzing information are summarized below. 1
BSC (Balanced Score Card)
“BSC” is a technique for evaluating performance in a balanced way by clarifying a corporation’s goals and strategies and evaluating not only performance expressed numerically, but also operations from various viewpoints. BSC is used as a method for planning, executing, and managing business strategies.
Reference
BSC “BSC” is a performance evaluation system developed by Harvard Business School professor, Robert S. Kaplan, and strategy consulting company president, David P. Norton. Abbreviation for “Balanced Score Card.”
72
Reference
Strategy map and scorecard Upon introduction of a specific BSC, a “strategy map” and “scorecard” are created. A “strategy map” is a communication tool used in BSC, which presents the business strategy of the corporation in a visual context in order to help propagate it into the workplace. A “scorecard” helps to manage execution of the strategy and allows PDCA to be conducted properly.
Reference
CSF Abbreviation for “Critical Success Factor.” Reference
KGI Abbreviation for “Key Goal Indicator.” Reference
KPI Abbreviation for “Key Performance Indicator.”
In BSC, business strategy is broken down into specific measures for daily business and evaluated from the four perspectives of “financial”, “customer”, “business process”, and “learning and growth.” Perspective
Description
Financial
Aims to achieve goals from a financial perspective such as sales amount, profitability, closing account, ordinary profit, etc.
Customer
Aims to achieve goals from the perspective of consumers and customers in terms of customer satisfaction, needs, quality, etc. in order to realize the financial perspective.
Business process
Aims to achieve goals from the financial and customer perspectives by analyzing what kind of processes are important and what kind of improvements are necessary in order to achieve the financial goals and improve customer satisfaction.
Learning and growth
Aims to achieve goals in capability development and human resource development that deal with how to raise the capability of employees, and maintain the work environment so that the corporation provides business processes surpassing those of rival companies, strives for customer satisfaction, and achieves its financial goals.
2
CSF
“CSF (Critical Success Factor),” which is a factor required for differentiation from rival companies and competitive superiority. A “CSF analysis” is a technique for defining the most important success factor from among many, and it is used as a foundation for business strategy. Numerical targets in questions such as “How much and by when?” are called “KGI.” In addition, more concrete targets for achieving the KGI are called “KPI”, and these derive from the results of CSF analyses. A process of step-bystep consideration of goals is followed in order to capitalize on the CSF and realize the business strategy. 3
Value Engineering (VE)
“Value engineering” is a technique for reducing costs without losing product quality. It involves analyzing the functions of the product in question, improving raw materials and services, and reviewing the development process. Implementing value engineering can result in not only reduced costs, but also in creativity flourishing in new fields and motivation to constantly achieve goals taking root. In order to conduct a comprehensive analysis with diverse viewpoints, experts from different fields may be gathered or a group with a different set of knowledge may be formed.
73
2-1-4 Business management systems In order to implement efficient business management, it is necessary to create systems that are tailored to the business management strategy. The techniques for managing data from a business perspective are summarized below. 1
SFA
CRM (Customer Relationship Management)
“CRM” is an approach that expands on SFA in order to strengthen not only sales activities but the relationship with customers on a companywide scale, or a system that implements this approach. In general, electronic commerce or a CTI system that links telephones or faxes and computers is used. 3
SCM (Supply Chain Management)
“SCM” is integrated management using computers and the Internet to manage everything from client orders and procurement of materials (raw materials and parts) to inventory control and product delivery. Raw material companies, parts factories, manufacturing plants, wholesalers, distributors, retailers, service companies, etc. participate in and form the supply chain. By consolidating the information traded between these parties and managing the supply chain as a system, SCM has the effect of reducing excess stock and lowering distribution costs. 4
Value chain management
“Value chain management” is a method for meeting the needs of consumers by optimizing circulation as a whole. Corporate activities that provide products or services to consumers follow a series of steps: procurement, development, manufacturing, sales, and servicing. Personnel in charge of each respective step work together as a unit to provide added value. Value chain management also seeks to improve the business strategy and make it more effective by grouping tasks according to function. Components in each function are analyzed to determine whether they generate added value, and if they can be considered strengths or weaknesses relative to rival companies.
SFA Abbreviation for “Sales Force Automation.”
Reference
CRM Abbreviation for “Customer Relationship Management.” Reference
Business strategy
2
Reference
Chapter 2
“SFA” refers to the concept of using computers to support sales activities, or a system that implements this approach. Optimization and standardization of sales activities is devised by managing the history of negotiations (contact) with customers, and sharing customer information and sales techniques, etc.
CTI “CTI” is technology that makes use of computers linked to telephones or faxes. This technology automatically answers telephone calls and faxes, or assigns telephone calls to the appropriate recipient depending on the caller. Abbreviation for “Computer Telephony Integration.” Reference
Electronic Commerce Refer to “Chapter 2-3-3 E-business.” Reference
SCM Abbreviation for “Supply Chain Management.”
74
2-2
Technological strategy management 2-2-1 Technological strategy planning and technology development planning
Reference
R&D “R&D” is research and development, or the department where research and development is engaged. Abbreviation for “Research and Development.”
Reference
Road map A “road map” displays transitions and changes in decisions and predictions for achieving a technological strategy along a time axis.
75
Development of new technologies and improvement of existing technologies can be considered the most important issues as far as the operation and survival of corporations are concerned. Increasingly, the market and environment surrounding corporations changing from moment to moment, developing technological strength is critical for survival. It is necessary to conduct research and development (R&D) with a long-term perspective, and avoid engaging in passing fads or consumer needs. 1
Technology development strategy and technology development planning
A “technological strategy” clarifies the fields in which research and development should be intensified and those in which it should be scaled down, and determines the course of research and development by a corporation as well as the key investment fields. The objective is to secure future competitiveness in the market. When determining a technological strategy, cooperation between management departments and research and development departments is essential. The management departments focus on the future of the corporation, while the research and development departments focus on the future of the technology. Policies are established based on the input of both departments. Once the fields in which research and development should be intensified have been determined through the technological strategy, a “technology development strategy” is determined in order to develop the technologies. The technology development strategy examines how to procure the necessary technology. Specifically, it addresses whether the technology will be researched and developed by the corporation or brought in from outside, what degree of investment will be made, and what kind of results the investment will produce. This is necessary to predict the profits that research and development will generate. Furthermore, the decisions and predictions that were made are laid out a road map before proceeding with the development of the specific technology. Sometimes a single technology development strategy can save corporate management that is ailing. A corporation must invest in research and development to increase corporate value, and implement the right technology development strategy to boost the motivation of the employees.
2
Delphi method
The “Delphi method” is a technique for making predictions about events that may occur in the future. It is used in activities such as planning technology development strategies. In this method, independent opinions from multiple experts are collected and reviewed. The feedback is returned and the experts make adjustments as necessary for further review. This process is repeated over and over until the opinions of the experts can be statistically aggregated to produce a consensus. As a result, highly accurate forecasts regarding unknown issues can be obtained.
Production systems
Chapter 2
3
Business strategy
The question of how to design a production process is an important element of business strategy management. Production processes are designed by considering requirements such as the characteristics of the product being produced, cost, quality, and delivery date. The production system must be able to be redesigned to suit requirements such as high-mix low-volume production, production with quick delivery time, inventory reduction, etc. The main production systems are summarized below. ●Cell production system A “cell production system” is a production system used in assembly processes in which between one and several workers are in charge of the entire process from component installation to assembly, processing, and inspection. Its name was derived from work that arranges components and equipment into cells. The advantage of the cell production system is that it is possible to change the product being assembled simply by changing the workers, components, or work sequence, which affords flexibility in the production of a large variety of products. ●Line production system A “line production system” is a production system in which dedicated lines are established using conveyor belts or similar contraptions. Numerous workers assemble the respective components that they are in charge of and perform the same work repeatedly. The advantage of the line production system is high productivity as it allows a specific product to be mass-produced. ●BTO (Build To Order) “BTO” is a production system that manufactures products after receiving an order from the customer. Components are assembled and shipped according to customer orders, which reduces the risk of having surplus stock. This production system is used by many major computer manufacturers as well as other manufacturers that mass-produce products such as automobiles.
Reference
BTO
Abbreviation for “Build To Order.”
76
2-3
Business industry 2-3-1 Business system With the development of information systems, businesses using them have spread rapidly, and Internet and information systems are now in use in diverse business fields. 1
Typical systems in business fields
The following are some typical business systems.
Reference
POS Abbreviation for “Point Of Sales.” Reference
Private Brand A “private brand” or “PB,” is an exclusive product developed and sold independently by a retailer. Also referred to as a “store brand.” Reference
EOS “EOS” is a system for online ordering between corporations. Orders originating from retail stores as well as procurement and invoicing are managed centrally by computer, with orders being made online from the retailer’s computer terminal to the headquarters or wholesalers. Abbreviation for “Electronic Ordering System.”
77
(1)POS system A “POS system” is a system that collects sales information (what was sold to whom, when, where, and how much?) when products are sold. POS systems make use of barcodes as the basis for merchandise management and are used in “distribution information systems” in places such as convenience stores, supermarkets, department stores, shopping centers, and restaurants. One advantage of POS systems is that market research and sales forecasts can be carried out based on the sales data that they collect. The collected information is used in strategies for product development and store expansion and is also useful for adjusting order quantities and inventory quantities depending on the season, region, or time period. Recently, the use of POS systems has expanded to product development of private brands in the retail industry, and POS systems are ranked as important information systems that are essential in retail business strategies. (2)IC Card An “IC card” is a plastic card embedded with an “IC (Integrated Circuit) chip.” Since IC cards can encrypt information, they are attracting attention for being difficult to counterfeit. Also, they can record a large amount of information from several dozen to several hundred times that of conventional magnetic cards.
In general, contact-type cards that read and write data are categorized as IC cards. Typical examples include cash cards and credit cards from financial institutions. They are widely used in “financial information systems.”
IC chip
Credit card A “credit card” is a card issued on the basis of an agreement between a consumer and a credit card company. The consumer can buy products or receive services by using the card within the limitations of its terms (such as expiration date and credit limit). Payment of charges incurred by using the card is deferred, and the user pays after receiving a bill from the credit card company. Reference
Contact type
Reference
RFID Abbreviation for “Radio Frequency Identification.”
Business strategy
“Contact type” is a method for reading/ writing data to or from an IC card by inserting the card into a device.
Chapter 2
(3)RFID “RFID” is the use of tiny “wireless chips” for identifying and managing people and things. Wireless chips are easily attached to people or materials because they can be incorporated into items such as self-adhesive labels, envelopes, key holders, or wristbands. Furthermore, an important feature is that they can simultaneously identify multiple people or materials. Therefore, wireless chips are used in a variety of situations such as management of comings and goings of people using wireless chips in key holders, or “traceability systems” that manage distribution histories for vegetables or meat using wireless chips in the form of self-adhesive labels. A wireless chips may also be called an “IC tag” or “wireless IC.” The communication range between a wireless chip and a reader is from several centimeters to approximately two meters, and an antenna provides power to the wireless chip. Also, building an antenna into an IC card makes wireless reading and writing possible. Therefore, contactless IC cards are categorized as technology based on RFID. Typical examples are electronic money, tickets for public transportation, driver’s licenses, and citizen identification cards.
Reference
Reference
Wireless chip A “wireless chip” is an IC chip with an antenna that can read/write data wirelessly. Reference
Contactless type “Contactless type” is a method for reading/writing data wirelessly using radio wave communication. Reference
IC tag
Traceability system A “traceability system” is a system for ensuring food safety, which clarifies production and distribution processes by tracing them back from the point of consumption to the point of production.
78
Reference
Debit card A “debit card” is a cash card from a financial organization that can be used to buy products. When buying a product, the cash card is presented, a personal identification number is entered into a computer terminal, and the money is withdrawn in real-time from the user’s bank account. Also referred to as “J-Debit” in Japan.
Reference
GPS Abbreviation for “Global Positioning System.”
Reference
ETC Abbreviation for “Electronic Toll Collection.”
79
(4)Electronic money “Electronic money” means paying for products using a contactless IC card that has been charged with cash in advance so that it has equal value to cash. It can also refer to the system. Recently, electronic money in the form of cellular phones embedded with IC tags has also become widespread. Electronic money is used in a similar way to prepaid cards or gift certificates, but it is attracting attention as an environmentally-friendly payment method because the same IC card can be charged repeatedly. Another advantage is that electronic money is easy for elderly and disabled people to handle as there is no need to deal with small change. Typical forms of electronic money in Japan include “Edy”, “iD”, “nanaco”, “PASMO”, “Suica”, “WAON”, and “Osaifu-Keitai.” (5)GPS application system A “GPS application system” is a system that precisely calculates positions on the earth by receiving electromagnetic waves from artificial satellites. Also referred to as the “Global Positioning System” or a “global navigation satellite system.” Developed as a military technology of the US Armed Forces, these systems are capable of calculating a receiver’s latitude, longitude, and altitude with a margin of error of between several centimeters and several dozen meters. As well as being used alone, GPS application systems are widely used in car navigation systems and cellular phones.
(6)ETC system An “ETC system” is a system for automating payment of charges on toll roads. Toll roads across Japan generate chronic traffic congestion, and the increase in costs due to traffic congestion and environmental pollution caused by exhaust fumes is becoming serious. ETC systems were developed with the aim of reducing these kinds of economic losses and preventing the traffic congestion that frequently occurs at tollgates. A contact-type IC card issued by a credit card company is used when using an ETC system. By inserting this IC card into an ETC on-board device, the user can pass through tollgates without stopping. Charges are billed later via the credit card company.
On-board device
IC card
Typical software packages for business systems
Chapter 2
2
The following are some typical software packages for business systems.
(2)Software packages for each job role (Accounting, marketing support, sales management software) “Software packages for each job role” are general purpose software used in areas such as accounting services, inventory control, and sales management. The packages compile functions required for tasks that are common to all corporations, such as accounting and marketing management tasks, employee payroll calculation tasks, and customer information management tasks. For example, an accounting software package allows trial balances, administrative data such as statements of accounts, and financial statements to be created automatically simply by entering journal vouchers, and it allows various analysis data for understanding business conditions to be created easily. Using software packages for each job role can drastically reduce the amount of time and effort spent on tasks.
Reference
ERP ERP is a technique for improving management of entire corporations by making effective use of all management resources ( human resources, assets, funds, information) within the corporation, from manufacturing to sales, accounting, and human resources. It is a management technique that manages all of the management resources of the entire corporation in an integrative way, and enables efficient business activities to be carried out through optimal arrangement and allocation of these resources. Abbreviation for “Enterprise Resource Planning.”
Business strategy
(1)ERP package “ERP packages” are software packages developed with the aim of increasing business efficiency through integrated management of corporate management resources (people, materials, money, and information). By integrating systems managed by each department and making the information mutually available for reference or use, information can be managed in real-time, which results in benefits such as increased speed of business. Also, some ERP packages can be expanded by adding on software components with special functions at a later date, allowing them to be tailored to the corporation.
80
(3)Software packages for each industry (Software packages for finance, medical services, production, transportation) “Software packages for each industry” are software packages that are specific to a type of industry, such as financial or medical institutions, or production or transportation industries. For example, there are many tasks at medical institutions that cannot be handled by software packages for each job role, such as management of medical facilities/equipment, differences in costs according to treatment methods, and management of National Health Insurance points. Software packages for each industry are formed so that they can be used in their respective industries to enable tasks corresponding to that particular industry to be performed. 3
Systems in other fields
Apart from business fields, a variety of systems are used in our daily lives. Some typical systems are as follows. (1)Basic Resident Register Network System The “Basic Resident Register Network System” is a system that links administrative bodies of the national government and local authorities nationwide via a network and allows the “Basic Resident Register,” which contains information on residents such as full name, date of birth, gender, address, and resident card code to be shared throughout Japan. Also referred to as the “Juki Net.” By making it possible to confirm the identities of residents nationwide, this system allows copies of resident cards to be made anywhere in Japan, and makes it unnecessary for residents to submit copies of their resident card when making applications or notifications to an administrative body. This means that work related to notifications can be made more efficient, and the amount of time and effort spent can be reduced. Resident A
Resident B
Ward office C
Can request a copy of his/her resident card from anywhere in Japan
Can easily carry out the procedure for registering at a new address
Can confirm the identities of residents nationwide
Basic Resident Register Network System
81
Chapter 2
(2)Electronic application/notification system An “electronic application/notification system” is a system that receives applications and notifications made to administrative bodies of national or local governments from home or office computers via the Internet. Since this system makes it possible to obtain the application forms required for certain procedures via the Internet, these procedures can be carried out at the user’s convenience at any time of day or night and without making a special trip to the office of the administrative body. The system can be used by individuals mainly to request the issue of documents such as copies of resident cards, copies of attachments to family registers, and seal registration certificates. However, the services available vary depending on the municipality. Obtains applications forms and submits them at the front counter
Business strategy
Proceeds to pick up documents
Receipt/ inspection Issuance
Public office
Resident Issuance
System introduction Application/ notification
Internet
Receipt/ inspection/ Issuance
Resident Public office
2-3-2 Engineering system A variety of IT systems are also used in engineering fields for purposes such as supporting design/manufacturing through automation, and optimizing production management and inventory control. The typical systems are summarized below. (1)CAD “CAD” is a system used when designing things such as machinery, buildings, and electronic circuits. CAD makes it possible to represent design drawings in 3D and to edit designs easily.
Reference
CAD Abbreviation for “Computer Aided Design.”
82
Reference
CAM Abbreviation for “Computer Aided Manufacturing.”
Reference
FA Abbreviation for “Factory Automation.”
Reference
CIM Abbreviation for “Computer Integrated Manufacturing.”
Reference
EC Abbreviation for “Electronic Commerce.” Reference
Commerce “Commerce” involves the commercial transfer of goods between economic entities, and is an exchange of articles, services, information, or money between parties placing orders and parties receiving orders.
83
(2)CAM “CAM” is a system used to control production lines in factories and plants. Moreover, a system for manufacturing using CAM that also makes use of CAD is called a “CAD/CAM system.” This kind of system is used to import drawing data created using CAD into CAM, and then send the information to the machine tools that actually carry out the manufacturing. (3)FA (Factory Automation) “FA” is a system for automation of production lines in factories and plants. Using this kind of system, it is possible to achieve cost reduction and full automation of factories. FA has the following advantages. Improved working efficiency
By managing various information collectively using an FA system, it is possible to reduce the occurrence of worker errors and defective products.
Reduced labor costs
Because an FA system allows work performed by multiple workers to be done by fewer or no workers, labor costs can be reduced.
Improved safety
Full automation of factories can improve safety by preventing accidents, particularly those that frequently occur during nighttime operation.
(4)CIM “CIM” is a system that comprehensively manages a series of manufacturing processes. Using CIM, it is possible to optimize production and promote coordination between departments by managing all of the information generated by the manufacturing processes using computers, and sharing that information throughout the entire corporation.
2-3-3 E-business “EC (Electronic commerce)” refers to commercial activities using networks. Electronic commerce makes it possible to go into business with only a small amount of investment by cutting the costs associated with stores and sales assistants. Therefore, it is becoming representative of businesses using the Internet. Electronic commerce is defined by the Ministry of Economy, Trade and Industry (Japan) as “the conduct of commercial transactions via electronic media using Internet technology.” In general, it can be described as “business systems for receiving/placing orders and making payments over the Internet.”
Electronic commerce is categorized according to the transaction relationship, as shown below.
BtoC (Business to Consumer)
Transactions between corporations and individuals. Includes electronic marketplaces (virtual markets) and online malls (virtual shopping centers). Also widely used in Internet advertising, Internet banking, and Internet trading (electronic stock trading).
BtoE (Business to Employee)
Exchange of information between corporations and employees. Includes information communication systems such as schedule management systems and electronic bulletin boards.
CtoC (Consumer to Consumer)
Transactions between individuals. Includes electronic auctions.
GtoC (Government to Consumer)
Transactions between governments and individuals. Includes electronic application/notification systems to public offices.
1
Precautions in electronic commerce
In recent years, all kinds of work involved in the lives of individuals and corporate business has been computerized. Consequently, strict security measures are required so that users do not disclose their personal information recklessly, and corporations manage the information they collect safely. When conducting electronic commerce, the following matters must be kept in mind. (1)Precautions for buyers ●Consideration of security Confirm that the website is trustworthy so that important personal information is not leaked by mistake. Also, do not disclose more information than required. ●Consideration of Internet fraud Confirm information such as the vendor’s business performance, history, and contact address in order to avoid damages such as non-arrival of goods after transferring payment. ●Consideration of transaction method Confirm the transaction method, including the method of payment and the method for delivering the product before ordering.
Reference
EDI “EDI” is the exchange of electronic data for the purpose of commercial transactions between corporations via communication lines. The format of the electronic data exchanged and the network connection method vary depending on the type of industry. In recent years, use of the Internet and HTML or XML formats has started to become the standard. Abbreviation for “Electronic Data Interchange.” Reference
CALS “CALS” is an approach that attempts to reduce costs by sharing all kinds of information between departments or corporations, from design to manufacturing, distribution, and maintenance. It also refers to acceleration of electronic commerce by using this approach. Since the main contents are standardization and unification of formats, SGML or XML are used. Abbreviation for “Commerce At Light Speed.”
Business strategy
Transactions between corporations. Includes “EDI” and “CALS.”
Chapter 2
BtoB (Business to Business)
Reference
Reverse auction A “reverse auction” is a type of auction in which the buyer indicates the amount of money that they wish to pay, and the sellers present the price that their corporation can offer. The buyer then conducts a transaction with the seller offering the lowest price. This method is widely used in bidding for public works or services.
(2)Precautions for sellers ●Consideration of security Manage the collected personal information safely, and ensure that leaks do not occur. ●Consideration of reputation Confirm information with the person placing the order so that mistakes such as failing to send products, shipping address errors, or sending the wrong products do not occur. Also, for products that can easily cause misunderstandings, display them clearly using pictures and double-check with the person who placed the order before sending.
84
2-3-4 Consumer appliances and industrial devices An “embedded system” is a computer system that is embedded in order to achieve a specific function. An “embedded OS” is used to control devices, comprised of a minimum amount of memory, a CPU, and ROM. Recently, since the costs involved in embedded systems have come down, they are being used to control various “consumer appliances” and “industrial devices.”
Reference
PDA A “PDA” is a palm-sized handheld terminal for personal use. PDAs were originally for managing personal information such as address books, schedules, and notepads. More recently, however, they are equipped with functions on par with computers, and can perform tasks such as sending/receiving e-mail, browsing websites, and executing application software. PDAs are characterized by the ability to exchange data with computers. Abbreviation for “Personal Digital Assistant.” Reference
(1)Consumer appliances “Consumer appliances” are electronics used in ordinary households such as rice cookers, washing machines, air conditioners, cellular phones, and PDAs. In recent years, consumer appliances have come to include “intelligent home appliances” equipped with communication functions allowing them to connect to networks such as the Internet. (2)Industrial devices “Industrial devices” are devices that are used to put various industries into practice, such as robots for industrial use, industrial equipment, signals, and elevators. Also categorized as industrial devices are vending machines for drinks and other goods, automatic service machines providing services such as games or teller services, and automated warehouses supporting distribution by ship, truck, and other means.
Embedded system
Intelligent home appliances “Intelligent home appliances” are electronics for household use that are equipped with communication functions allowing them to connect to networks such as the Internet. They make it possible to answer television program surveys using a digital television’s remote control, or to turn on the power to an air conditioner from outside the home using a cellular phone, or to search for and download recipes from a microwave oven.
85
Embedded system
2-4
Chapter quiz
*See page 3 in the “Answers and Explanations” booklet for the correct answers.
A SWOT analysis is an analysis method that examines opportunities and threats, and strong and weak points in planning strategy. Which of the following is included in the scope of subjects to evaluate strong and weak points?
A company has product lines including four items. The table shown below summarizes the survey results of the sales, market share, and market growth rate for each item that year. Which of the following represents the corresponding product portfolio matrix (PPM)? Here, the size (area) of each circle represents sales. Product
A
B
C
D
Sales (in million dollars)
8
12
4
16
Market share (%)
10
4
3
8
Market growth rate (%)
15
8
20
4
b)
20
a)
Market growth rate
Market growth rate
20 15 10 5 0
Business strategy
15 10 5 0
5
10
5
Market share
10
Market share
d)
c) 20
20
Market growth rate
2-2
The number of competitive companies Prices of its own products Growth of the targeted market Trends in Japanese economy
Chapter 2
a) b) c) d)
Market growth rate
2-1
15 10 5 0
15 10 5 0
5
10
Market share
5
10
Market share
86
2-3
Which of the following explains one-to-one marketing? a) It assumes the status of the company from its market share and performs activities suitable for the status. ) b It satisfies each customer’s need rather than targeting a group called a market. c) It develops the products and marketing mix suitable for the needs of the segment. d) It produces and distributes a single product in large volumes, targeting all customers.
2-4
Which of the following is the perspective of a balanced scorecard other than three perspectives: financial, customer, and business processes? a) b) c) d)
2-5
Learning and growth Communication Product Advantage
Which of the following explains SCM? a) This is a technique that strengthens relations with customers and connects them to improvement in corporate earnings by managing the exchanges with customers consistently while sharing information between the departments related to customers. ) b This is a technique of sharing the objective knowledge, experiences, and know-how, which each employee obtained from business activities, as the knowledge of the whole company with a network. c) This is a technique for centrally managing the data generated at business tasks, such as sales, production, accounting, and personnel affairs, with an integrated database, and understanding the situation of each operation department in real time. ) d This is a technique of optimizing the whole business process by sharing and managing information between the companies and the departments that participate in a series of processes from procurement of components to production, distribution, and sales.
2-6
This is a technique used for the prediction of future technology trends that are needed for planning technical development strategies. Collection of opinions from multiple experts, statistical analysis of collected opinions, and feedback of the analyzed opinions are repeated to form an opinion. Which of the following is this technique? a) b) c) d)
87
Scenario writing Delphi method Brainstorming Role-playing
2-7
This is a card that the card companies issue to members in cooperation with banks and stores. The member has only to present a card when shopping, without paying cash. Accounts will be settled later based on the contract between the card companies and consumer members. Which of the following is the card? a) b) c) d)
Which of the following describes the characteristics of a traceability system?
2-9
Business strategy
a) This uses computers for solutions by compiling a database or creating a program with expertise in the fields that need professional knowledge, such as medical diagnosis. b) This delivers ordering information to business partners from a handy terminal successively so that a shortage of goods may not take place in retail stores. c) This makes it possible to track history information about production and distribution of food from the consumption location back to the production location. d) This supports unprogrammed decision-making for solving management problems interactively.
Chapter 2
2-8
ID card Credit card Debit card Prepaid card
Which of the following explains a service that makes use of GPS? a) Automating payment to enable vehicles to pass through toll gates efficiently on toll roads such as expressways. b) Broadcasting by means of an artificial satellite; installing receiving facilities such as antennas for individual households or residential complexes to enable individuals or groups of users to receive satellite broadcast. c) Connecting PCs to a network without any cables, by means of radio waves or infrared rays, in locations such as stores where laying cable is difficult or offices where furniture is often rearranged. d) Indicating the user’s position on a map displayed on a mobile device by means of information from satellites.
88
2-10
What are the products, such as television sets, refrigerators, and air conditioners equipped with a communication facility connectable to networks, such as the Internet, called collectively? a) b) c) d)
2-11
AV household appliances PC household appliances Intelligent home appliances Multifunctional home appliances
Which of the following forms of EC (Electronic Commerce) is BtoC? a) A company places an order with an external vendor for materials using Web-EDI. b) An employee applies for service with a discount privilege on the sales site for employees in a company. ) c A company submits an electronic bid for construction work for which the country or the local governments place an order. ) d A customer purchases books at an online shop in a virtual mall.
2-12
When profit per month that can be calculated from the table is the largest, how many pieces of Product B are produced in one month? Here, the person-days per month are 280.
a) b) c) d)
89
Profit per product (yen)
Workload per product (person-days)
Production capacity per month (pieces)
Product A
200,000
4
25
Product B
160,000
4
30
Product C
90,000
3
40
15 20 25 30
Chapter
3
System strategy Chapter 3 details business processes, methods to improve business operations, the flow of information system construction, the composition of a requirements definition aimed at computerization, and other items based on information systems strategy.
3-1 System strategy................................. 91 3-2 System planning ................................ 102 3-3 Chapter quiz ..................................... 109
3-1
System strategy 3-1-1 Concept of information systems strategy An “information systems strategy” aims to increase the medium- to long-term efficiency of operations by implementing a business strategy that focuses on the computerization of business activities. This requires ascertaining the current business activities, analyzing the effectiveness of system installation and its investment effect, and formulating plans for installation. 1
Reference
Sales support system A “sales support system” is a system used to support sales activities. It aims to make sales activities more efficient by managing the history of negotiations with customers, and sharing resources such as customer information and sales technique know-how. It is also referred to as “SFA (Sales Force Automation).”
When planning for computerization, it is important to have a proper understanding of the current contents and flow of operations. Blindly computerizing everything will not automatically produce benefits. The goal is not just to achieve computerization, but to construct an information system that is consistent with the company’s business and enterprise strategies based on an understanding of the current business activities. Two benefits of computerization are summarized below. Benefit
Description
Streamlining of operations
Work hours can be reduced and calculation errors can be avoided through the computerization of routine, manual work such as filling in slips and managing inventory figures.
Support for operations
Once sales strategies and business strategies are determined, searches and tabulation can be performed efficiently by computerizing the analysis of large volumes of accumulated data.
2 Reference
SWOT analysis Refer to “Chapter 2-1-1 Business strategy techniques.”
Significance of information systems strategy
Objectives of information systems strategy
In order to implement business and enterprise strategies, it is necessary to set specific objectives through SWOT and business environment analyses. To clarify the objectives, target operations require modeling. Modeling techniques are summarized below. ●Business model A “business model” is a framework for what the company will do as a business and how it will generate profits. It is important to differentiate the business model in order to gain an advantage over the competition and achieve success.
91
●Business process model A “business process model” is the product of modeling the flow of goods and services operations: order acceptance, production, sales. Establishing a business process model is essential for the implementation of a business model. ●Information system model An “information system model” is designed to promote smooth interaction between different systems such as Internet ordering systems and inventory management systems. It is important to design the system so that coordination between different operations and the flow of information is smooth.
1
Understanding business processes
When implementing an information systems strategy, it is important to break down the business framework and related processes, and formulate the best way to promote effective and efficient operations. In order to analyze the current business activities and express them in an easy-to-understand manner, “modeling” is used for the applicable activities. Modeling is a process designed to promote proper understanding of the business activities by presenting the current activities in an easy-to-understand manner. Visual aids such as tables and diagrams are used.
System strategy
Computerization of the applicable operations is reviewed according to the business and enterprise strategies. For effective computerization, modeling the business processes (flow of work) of the applicable operations, and identifying points of improvement are necessary.
Chapter 3
3-1-2 Concept of business process
92
2
Reference
Relationship notation There are also E-R diagrams that use “rhomboids” to represent “relationships” and show “one-to-many” relationships as “1-to-*,” “1-to-n,” or “1-to-m.” Customer
n
*
Order
Symbol
Name
Product
Typical modeling techniques
The typical modeling techniques are summarized below. (1)E-R diagram An “E-R diagram” expresses the relationship between data using “entities” and “relationships.” Entities and relationships have several characteristics called “attributes.” There are three types of relationships, namely one-to-one, one-to-many and many-to-many.
Entity
Entity
Relationship Attribute
Entity
Entity
(Relationship)
(Relationship)
(Relationship)
Entity
One-to-one
Entity
One-to-many
Entity
Many-to-many
① Entities
are represented by rectangles. name of the entity is written inside the rectangle. ③ The relationships between entities are represented by straight lines or arrows. The name of the relationship is written beside the line in parenthesis. ④ “One-to-one” relationships are represented by straight lines. “One-to-many” relationships are represented by single-headed arrows pointing to multiple entities. “Many-to-many” relationships are represented by double-headed arrows. ② The
Example E-R diagram of the relationship between customers, orders, and products Customer
Order
Product
Customer number
Customer number
Product number
Customer name
Product number
Product name
Volume
Unit price
Attributes
There is a one-to-many relationship between “customer” and “orders,” which implies that a single customer has placed several orders. There is also a one-to-many relationship between “product” and “orders,” which implies that multiple orders have been placed for a single type of product.
93
(2)DFD A “DFD” uses the four elements of “data flow,” “process,” “file,” and “external,” and applies modeling to various operations and systems to express the flow of operations as a flow of data. Symbol
Name
Reference
DFD Abbreviation for “Data Flow Diagram.”
Meaning
Data flow
Represents the flow of data and information.
Process (Function)
Represents the processing of data.
File (Data store)
Represents data storage.
External (Data source/ data sink)
Represents the source or destination of data.
Example
Order placement information
Customer
Delivery information
Order process
System strategy
Updated information
Chapter 3
DFD of the product delivery process from order placement by customer to delivery
Inventory master file
Inventory information
Order acceptance information
Delivery process
Customer information Customer master file
(3)UML “UML” is a visual language for modeling that standardizes the conceptual components used in the development and specification decision stage. By using standardized notations, the desired program can be recognized regardless of differences in language and development methods. UML expresses the model using diagrams consisting of boxes and lines. The typical examples of UML are summarized below.
Reference
UML Abbreviation for “Unified Modeling Language.” Reference
Data-driven “Data-driven” refers to a technique that focuses on data relationships and flow to understand the business process. Modeling techniques such as “E-R diagrams,” DFD”, and “UML” are considered data-driven techniques.
94
Reference
Requirements definition Refer to “Chapter 4-1-1 System development process.”
●Use case diagram A “use case diagram” is a figure that shows the relationship between system users, functions the system provides, and external systems. An easyto-understand diagram that shows what functions the system possesses, how they respond when operated, and what role they play from a perspective outside the system can provide a general understanding of the overall system. Use case diagrams are normally used in the requirements definition stage at the beginning of system development. Use case diagrams express the functions of a system using the following symbols: Symbol
Name
Function
Person
Actor
Represents an entity that plays a role in accessing the system.
Ellipse
Use case
Represents a functionality in the system.
Straight line
Relationship
Represents the relationship between the actor and the use case.
Rectangle
System boundary
Indicates the scope of the system.
Order management system Register order information
Modify order information
Search order information
Customer
Employee
① Actors
are drawn outside the system boundary. ② Use cases are drawn within the system boundary. ③ Actors and use cases are connected with lines indicating relationships.
Reference
Class A “class” defines the object template that contains the data and methods (operating procedures).
●Class diagram A “class diagram” shows the structure of the system. It consists of three parts with the class name on top, attributes in the middle, and operations on the bottom. Customer -
Customer number Customer name Address Phone number
+ Register customer
① “One-to-many”
Order 1 0..*
-
Order number Order date Customer number Order total
+ Register order
relationships are expressed as “1-to-*.” ② “More than zero” is expressed as “0..*.” ③ A “+” sign is placed in front of attributes that can be directly accessed from all classes. ④ A “–” sign is placed in front of attributes that can only be accessed from certain classes.
95
(4)Workflow analysis A “workflow analysis” is a diagram that shows the flow of all related work in an operation. A workflow analysis can be used to clarify the responsibilities of each department and the flow of the business process. Specifically, computerizing the flow of documents and sharing information smoothens the flow of the process.
Reference
Function-driven “Function-driven” refers to a technique that focuses on procedures to understand a business process. “Workflow analysis” is an example of a modeling technique that is considered to be function-driven.
Inside company Sales department
Order
Customer
Delivery Invoice Payment
Process order Process shipment Process payment Process invoice
Chapter 3
3
Shipping department Accounting department
Business process analysis and improvement techniques
(1)BPR “BPR” is a business approach that is designed to dramatically improve corporate performance on an ongoing basis by rebuilding the business process or corporate structure from the ground up, reducing costs, and improving the quality of products and services. (2)BPM “BPM” is a management technique that promotes ongoing improvements to the business process in order to implement business and enterprise strategies. The business process is analyzed and designed according to the business or enterprise strategy. The design is then applied to actual operations to make improvements and the performance is evaluated.
Reference
BPR Abbreviation for “Business Process Reengineering.”
System strategy
The typical techniques for analyzing and improving business processes are summarized below.
Reference
BPM Abbreviation for “Business Process Management.”
(3)Workflow system
A “workflow system” is a framework for streamlining the flow of operations on the network by establishing flow diagrams or rules. Instances of input errors and approval errors can be reduced, allowing more applications to be made and approved from anywhere at any time.
96
4
Business process improvements and problem-solving
Computerizing operations and effectively utilizing computers and networks can make business activities more efficient. However, simply computerizing the current operations will not make them more efficient if they are not adapted appropriately. Problems and points of improvement need to be identified beforehand by conducting the activities outlined in the business or enterprise strategy to better understand and organize the business process. When doing so, it is important to analyze the problematic results within the business process and their causes, find techniques to resolve any problems, and think about how the process can be improved to make it more efficient. 5 Reference
Computer literacy “Computer literacy” refers to the possession of knowledge and skills necessary to perform assigned work or desired task using a computer. Specifically, it is the know-how of basic computer processes, features, systems, and operations that affords the ability to use the most appropriate hardware or software for a given situation. By acquiring computer literacy, it is possible to determine what operations would benefit from building a full-fledged system and what operations could be sufficiently handled with commercially available office tools. Reference
Information Literacy “Information literacy” refers to the ability to fully utilize information. For example, using information technology such as computers and application software to search through large volumes of data and identify necessary information, sorting out the necessary information, sending out information summaries, compiling and analyzing information, and identifying trends in the information compiled. By acquiring information literacy, it is possible to utilize information to solve problems, make decisions, and propose solutions. Training and educational activities are necessary to facilitate the acquisition of information literacy.
97
Effective use of IT
Many companies are currently promoting IT as a means of improving and streamlining operations. The computer and information literacy of the individual users is vital to the integration of IT. Smooth communication within the company achieved through effective use of IT and related tools, can help improve and streamline operations. (1)Streamlining of operations through computerization There are several methods for computerization and they will vary depending on the business process content to be computerized and the environment. It is important to determine how the computerization process will be implemented based on the business or enterprise strategy. The methods of computerization and their characteristics and benefits are summarized below. ●Installation of office tools In order to carry out the operations efficiently, it is necessary to select the optimal tools for a particular purpose. For example, when preparing presentation materials or a product pamphlet, a better-looking, higher quality product can be created more efficiently by using graphics software that is equipped with DTP functions. Another example would be managing the company’s customers. If the number is small, word processing or spreadsheet software could be used to manage them. If the number of customers or items to manage becomes larger, database or special customer management software would be more effective. It could also be used to send direct mail advertisements and perform customer analyses. It is important to select the right software according to the purpose and cost when looking to streamline operations.
●Construction of network Software resources such as programs and data, and hardware resources such as storage devices and printers can be shared. Work can be streamlined through the sharing of hardware and data, and costs can be reduced through the sharing of software. This is not limited to text but also includes multimedia information such as static images, sound recordings, and video. A network can be used as a means of communication, enabling various forms of expression even over long distances.
●Development of individual information systems Individual systems are developed from scratch based on the company’s own operations, making it possible to equip them with only the necessary functions.
A “network” is a computer configuration that uses multiple computers interconnected by cables.
Reference
Groupware “Groupware” is software designed to support operations within a company or organization. Its purpose is to facilitate operations by enabling the sharing of information between several individuals and allowing efficient collaboration. It includes functions such as “schedule management”, “libraries (file sharing)”, “bulletin boards”, and “electronic conference rooms.”
System strategy
●Installation of software packages Software packages come equipped with various pre-installed functions that can be used right away. User manuals are also provided and the software developer can be asked to perform the maintenance, making installation relatively inexpensive.
Network
Chapter 3
●Installation of groupware The effective utilization of e-mail, bulletin boards, libraries, and workflow functions substantially reduces paper consumption, and enables the sharing of operational know-how and basic data on corporate activities. Information resources can then be standardized and maintained over. This, in turn, enables communication without time or distance constraints, which improves the speed and accuracy of information transmission.
Reference
(2)System utilization for communication purposes Effective use of groupware and office tools enables a wide range of communication. The tools that facilitate smooth communication are summarized below. ●E-mail “E-mail” is a mechanism for exchanging messages with people all over the world via the Internet. Even if the recipient is busy, the message can still be sent, making it possible to contact someone without interrupting their work. Also, the messages can be kept as records of the communication and prevent misunderstandings.
98
Reference
BBS Abbreviation for “Bulletin Board System.”
●Electronic bulletin board An “electronic bulletin board” is a tool that allows an unspecified number of people to share opinions and information on a variety of topics or send reports and messages over the Internet. They are also referred to as a “BBS.” Files can be uploaded for sharing, allowing information to be communicated quickly and accurately within the company. Paper consumption can be reduced through the elimination of memos and other paper-based communications. ●Video Conferencing “Video conferencing” is a tool that enables electronic conferences over a network. They include sound and video, which makes it possible for multiple people in distant locations to participate in a virtual conference. By setting a specific time, the conference can be held without any participants having to make a trip. ●Chat “Chat” is a tool that enables multiple participants to engage in real-time text-based conversations over the Internet. Text entered by participants is displayed in sequence on the computer screen. Users can enter their opinions on the spot to be seen by all other participants. It is a convenient tool for multiple people to engage in conversation simultaneously. ●Blog “Blog” is a contraction of “weblog,” which in turn is a combination of two words, “web” and “log.” Articles can easily be created and published like a diary on the Internet. Readers can leave comments on published articles or link to them on their own blogs, facilitating communication between large numbers of people.
Reference
SNS Abbreviation for “Social Networking Service.”
●SNS An “SNS” is a community-oriented membership website that provides a place for friends and acquaintances to communicate with each other. In general, it is an invitation-based service where new participants are invited by those who are already members. These websites can be utilized as a place to meet friends of friends, other people in the area, and people from a user’s alma mater.
3-1-3 Solution business Finding clues to solve problems is an important aspect of improving operations. Correctly identifying these clues determines whether or not computerization will be successful. A “solution business” is one that identifies problems within operations, and provides assistance in finding clues to solve them.
99
1
Solutions
A “solution” is a means of solving problems utilizing information technology. When looking to improve operations, computerization will not be successful if the problems and solution requirements are not properly identified. To prevent unsatisfactory results, it is necessary to talk with the customer, establish a relationship of trust, and get a proper grasp of the problems and issues that need to be addressed. Solutions should be proposed to meet the customer’s requests, and assistance should be provided to solve the problems. 2
Types of solutions
(2)ASP An “ASP” provides an online software distribution service. Service fees are based on things like the length of time the software is used and paid to the ASP. Software installation and version control does not need to be handled internally, which makes it possible to reduce operational costs and manage the software efficiently. ASPs employ a “single-tenant scheme” in which exclusive servers are provided for each company.
Reference
Software package installation Management efficiency can be increased and operations improved by installing business system software packages that include a bundle of generic business functions such as accounting and sales management software.
System strategy
(1)SOA “SOA (Service Oriented Architecture)” is a framework that involves separating software functions and parts into distinct services, and constructing a system that puts them all together. A service refers to a bundle of application software packages made accessible to other computers. The services must be standardized so that they can be used on any system. The services can be used individually or in combination to produce a flexible system.
Chapter 3
System development is one aspect of a solution business designed to solve problems. System development is generally engaged on a company-wide scale. When approaching development, it is necessary get a comprehensive perspective that includes the contents and scale of the desired system, the internal structure and environment of the company, and the costs related to development to determine whether to develop the system in-house or outsource the task to a third party. If the system is not developed in-house, the Information Systems Department or relevant organization puts together a summary of the information and outsources the task to a system vendor or other company, or installs a software package. The solutions for computerization are summarized below.
Reference
SOA Abbreviation for “Service Oriented Architecture.”
Reference
ASP Abbreviation for “Application Service Provider.”
100
Reference
SaaS
Abbreviation for “Software as a Service.”
Reference
System Integration
“System integration” refers to a form of service that integrates various tasks such as information system design, development, testing, and operations and maintenance. With this service, even a company with no experience in system development can develop an optimal system that integrates products from multiple vendors.
(3)SaaS “SaaS” is a service that provides necessary software functions via the Internet. Only the necessary functions are used and fees are paid accordingly. The service is similar to the service provided by ASPs, but SaaS uses a “multi-tenant scheme” where multiple companies share a single server. (4)Outsourcing “Outsourcing” is where a third party specialist is hired to perform everything or almost everything related to development, operation, and maintenance of the information system.
Outsourcing Development Operations Maintenance
Server
(5)Hosting service A “hosting service” is a type of outsourcing in which a third party specialist handles operations related to servers and other equipment. The hosting company provides the servers and other equipment which are managed at advanced facilities by professional technicians, so a higher level of reliability can be expected. There are also cost benefits as the facilities and technicians are shared among several user companies.
Outsource facility operations Equipment
Server
(6)Housing service A “housing service” is a service in which the user provides the servers and other equipment, while a third-party specialist is requested to provide the space and connectivity, carry out operations. Compared to hosting services, there is more freedom to configure settings such as server type, OS, and security measures.
Outsource operations Operations
101
3-2
System planning
3-2-1 Computerization planning
Review the overall development schedule set forth in the computerization plan.
Review of development structure
Review the structure in place for system development.
Risk analysis
Analyze the possible risks pertaining to system development.
1
Scope of computerization When introducing computerization, it is necessary to review the scope to determine how much of the operations to include in the system. If the scope is too small, it may be ineffective. If it is too large, it may be unmanageable. Reference
Cost effectiveness Reviewing whether the system to be developed is cost effective is very important as it can result in the success or failure of the business strategy. When introducing a system, it is necessary to determine the costs related to development and operation, and review whether the benefits will exceed the costs and whether an effect corresponding to the costs can be achieved. If there is no prospect for achieving the desired effect, then computerization itself needs to be reconsidered. Computerization requires regular evaluations that look into how much efficiency can be achieved, and how much profits will increase in order to determine whether the desired level of cost effectiveness has been achieved.
System strategy
Review of schedule
Reference
Chapter 3
“Computerization planning” is the act of developing and planning an information system designed to streamline operations by putting together a computerization initiative and a basic policy for computerization based on the business or enterprise strategy. A “computerization initiative” is an introductory step which involves analyzing operations prior to defining the system requirements to produce the big picture for computerization that will serve as the basic requirements for the system, the scope, the schedule, the budget, etc. Development related to computerization is carried out in accordance with the company’s system strategy and business model. If the computerization initiative is flawed, operations may become more complicated than before or produce unexpected results. The “basic policy for computerization” is the basic development policy set forth when computerizing operations. Computerization is implemented based on elements of the basic policy such as the purpose of development and the issues to be addressed. The computerization plan is put together in the final stage of laying out the system. During the planning stage for computerization, it is necessary to put together a solid computerization plan based on the big picture that includes the schedule, structure, scope of operations, and cost effectiveness. The procedure for planning computerization is summarized below.
Review of schedule
The overall development schedule set forth in the computerization plan is reviewed. First, an overall development schedule that seeks full computerization by the time the system becomes necessary is planned. It is based on the business strategy and takes into account factors such as order of construction, transition from current operations, and education and training. If too much priority is placed on meeting deadlines and the system development period is cut short, the quality of the system may suffer. Management must make a decision whether to give priority to finishing the system by the time it becomes necessary, or making sure the system is fully developed even if it results in a delay. 102
2
Review of development structure
After determining an overall development schedule, the structure in place for system development is reviewed. The development structure should be considered not only by the System Development Department, but also the business operations departments that will actually use the system. If only one side is involved, the system could end up different than the actual operations or incompatible with the company-wide system. By having both sides involved in computerization, the system can be developed in line with the business strategy. When doing this, it is necessary to ensure proper assignment of personnel, including the person responsible for overall development, the person responsible for system development, and the person in charge of operations. 3
Risk analysis
“Risk analysis” is the act of determining what kinds of risks are involved in the construction and operation of the system, where they exist and what level of loss would result from their occurrence, and measuring the degree of their impact. The possible risks based on the estimated probability of occurrence and size of the potential loss are prioritized, and addressed according to their priority. The possible risks involved in computerization and their causes are summarized below. Risk
103
Cause
Hardware failure
•Forgetting to turn on the power •Incorrect device settings
•Device connection error •Device failure, etc.
Software failure
•Incorrect operation by user •Software bug •Incorrect OS or software settings •Computer virus, etc.
Network failure
•Disconnected cable •Incorrect IP address setting •Incorrect network device settings •Constraint violation, etc. •Network device failure
Data failure
•Data corruption •Wrong data type
•Improper format •Insufficient storage space, etc.
Performance failure
•Insufficient memory •Insufficient disk space
•File fragmentation, etc. •Increased volume of data
Disaster-related failure
•Fire, flood, earthquake, etc.
3-2-2 Requirements definition The “requirements definition” is the definition of requirements related to computerization such as the operational summary and flow. The requirements are defined after making plans for computerization. In order to define the requirements, it is necessary to survey and analyze user (system user department) requests, and consider whether the system to be developed is feasible in terms of cost and technology. 1
Definition of operational requirements
When planning computerization, it is important to consider the “software life cycle”, which is the flow of the overall process. Specifically, the following cycle needs to be considered. Planning process Requirements definition process Development process Operational process Maintenance process
System strategy
●Survey and analysis of user requests Surveys are taken for the functions necessary to implement the operations, requests for improvements to the flow of operations, and requests related to the design of the human interface. Requests from the users (system user department) who are actually engaged in the operational activities can prove to be useful in streamlining the operations. It is important to take ample time to meet with the users and gather as many opinions as possible. An analysis/review of the user (system user department) requests will also need to be carried out in order to determine whether they are technically feasible.
Software life cycle
Chapter 3
When putting together operational requirements, the requirements for the computerization of the operations are defined specifically. After ascertaining user (system user department) requests based on the business or system strategy, the functions and requirements of the system are defined by sorting out data related to the current operational activities, and analyzing it from various different perspectives. The definition of requirements should take into account the following.
Reference
●Analysis of current operations The operational activities to be computerized are analyzed. The results of the user (system user department) survey are compared with the business strategy, and look into whether they are necessary for computerization. 2
Definition of functional requirements
“Functional requirements” are the operations to be computerized themselves. When putting together functional requirements, the system operations and processing details are defined based on requests discussed with the users (system user department). The requests and the current operations are analyzed, and the specific content to be implemented as functions is sorted.
104
3-2-3 Procurement planning and implementation A company must improve operations and solve problems in order to implement a business strategy. Operational activities come in many forms depending on the field and purpose. When performing them, it is necessary to make decisions on a caseby-case basis, but the basic procurement plan is fixed and does not change. It is important to procure products and services that meet the requirements in order to promote computerization. 1
Flow of procurement
The basic flow of procurement is summarized below. Creation of RFI (Request For Information)
Request information from the prospective suppliers on the necessary products and services for computerization.
Creation and distribution of RFP (Request For Proposal)
Put together a summary of the computerization tasks along with a request for proposal and the basic policy of the system including procurement conditions, and distribute the materials to the prospective suppliers.
Obtaining of proposals
Obtain proposals from the prospective suppliers and compare the details.
Obtaining of quotations
Obtain quotations from the prospective suppliers and compare the details.
Selection of supplier
Select a supplier.
Signing of contract
Sign a contract with the supplier.
Reference
RFI Abbreviation for “Request For Information.” Reference
SOW (Statement Of Work) A “statement of work” is a document that lays out details such as the purpose of the project, scope of the work, and deadline for delivery. In general, these documents are often created as appendices to outsourcing contracts. They also serve as a reference for checking on the work to make sure it conforms to the request, and determining whether the performance matches the contract after the work is complete. They are important documents for ensuring things go smoothly between the parties concerned.
105
(1)Creation of RFI (Request For Information) A “request for information” is a document used to request information concerning computerization from prospective suppliers such as system vendors, and is created before the “RFP (Request For Proposal).” This document allows the company to collect a wide range of information including technical information on the necessary hardware and software, case studies involving competitors, and information on operation and maintenance.
(2)Creation and distribution of RFP (Request For Proposal) A “request for proposal” is a document used by companies looking to implement computerization to request specific system proposals from prospective suppliers such as system vendors. It contains the basic policy for the system including a summary of the system, the purpose, the necessary functions, the system requirements, and contract matters. A system vendor that receives the request will create a proposal containing a system overview based on the request for proposal, and present it to the company making the request. The request for proposal also serves to prevent confusion from arising in the actual development stage.
Reference
RFP Abbreviation for “Request For Proposal.”
Chapter 3
(3)Obtaining of proposals A “proposal” is a document containing the necessary items from the request for proposal. The prospective supplier reviews items such as the system configuration and the development techniques based on the request for proposal, and creates a proposal to submit to the requesting company. The requesting company evaluates the submitted proposals and uses them to select a supplier.
System strategy
(4)Obtaining of quotations A “quotation” is a document containing information such as the costs related to system development, operation, maintenance, and the delivery date. The prospective supplier submits a quotation to the requesting company outlining the costs, delivery date, and payment method. (5)Selection of supplier A supplier is selected. The final decision is based not only on a careful examination of the proposals and quotations, but also the selection criteria. (6)Signing of contract A contract is signed with the supplier. By clarifying the details of the agreement beforehand, the parties can avoid confusion on the part of the developers, disputes, delayed delivery, system failure, and other problems that result from verbal agreements and ambiguous orders.
Reference
Creation of selection criteria Before selecting a supplier, it is necessary to consider what criteria to use. Selection criteria such as RFP details, budget, and service, must be identified and prioritized to make a comprehensive decision.
106
2
Flow of manufacturing operations
The flow of manufacturing operations is summarized below. Supplier
Customer
① Purchase
②
Manufacture (Produce)
③ Sell
① Purchase
Purchase the raw materials and equipment necessary to manufacture (produce) the product. (Produce) Manufacture the product from the raw materials.
② Manufacture
③ Sell
Sell the manufactured product to the customer. 3
Flow of sales operations
The flow of sales operations is summarized below. Customer Place order
Deliver
Accept order
Allocate inventory
Give shipping instructions
Perform picking
Load
Ship
①
②
③
④
⑤
⑥
① Accept
order Process the order from the customer.
② Allocate
inventory Check the product inventory.
③ Give
shipping instructions Give instructions for shipping if there is sufficient inventory.
④ Perform
picking Remove the products from the warehouse according to the shipping instructions.
⑤ Load
Load the products onto the truck or delivery vehicle. ⑥ Ship
Ship the products to the customer.
107
The flow of documents related to sales operations is summarized below. ①
Quotation ②
Order form ③
Confirmation
⑤ Delivery receipt (Acceptance form)
Company
Customer
④
Packing list
⑥
Invoice
Lays out the product price, delivery date, payment method, etc. for the customer’s purchase request. ② Order
form The customer places an order for a product with the company.
System strategy
① Quotation
Chapter 3
⑦
Bill of receipt
③ Confirmation
The company acknowledges receipt of the order. ④ Packing
list The customer confirms that the product received is what was ordered.
receipt (Acceptance form) The customer acknowledges receipt of the product.
⑤ Delivery
⑥ Invoice
The company invoices the customer for the product. ⑦ Bill
of receipt The company acknowledges receipt of payment.
108
3-3
Chapter quiz
*See page 6 in the “Answers and Explanations” booklet for the correct answers.
3-1
Which of the following is the model that can be used for representing the target business tasks in planning of an information systems strategy to clarify what the information system should be? a) b) c) d)
3-2
Waterfall model Spiral model Business process model Prototyping model
Which of the following explains BPR? a) Accelerating business expansion by incorporating other company’s functions, which are insufficient in one’s own company, through a corporate acquisition ) b Analyzing the workflows and value chains that enterprises use to produce value in the form of products and services ) c Promoting quality control activities which aim at delivering zero-defect products, not only in manufacturing departments but throughout the enterprise ) d Reengineering business processes fundamentally to enhance business processing capabilities and cost-effectiveness by taking full advantage of information technologies
3-3
Which of the following is the concept of reviewing an existing organization and business rules radically and redesigning job roles, workflows, administrative functions, and information systems? a) b) c) d)
109
BPR ERP RFP SLA
3-4
Which of the following is a service that offers application functions via the Internet, characterized by the multi-tenant system, where one system is used by multiple companies? a) b) c) d)
3-5
Which of the following is an activity included in systematization planning? Functional requirements definition System requirements definition Software requirements definition Study of the entire development schedule
Maintenance process
A
a) b) c) d)
3-7
System strategy
As shown in the figure, when the software life cycle is classified into the operation process, development process, planning process, maintenance process, and requirements definition process, which of the following should be inserted in the box A?
Chapter 3
a) b) c) d)
3-6
ISP (Internet Service Provider) SaaS (Software as a Service) Housing service Hosting service
Operation process Development process Planning process Requirements definition process
The diagram below shows the workflow in sales and distribution business, from receipt of orders to delivery of goods. In the diagram, which of the following should be inserted in the rectangular box A? Here, shaded portions are intentionally not shown. Order Received
a) b) c) d)
Inventory Allocated
A
Product Removed from Shelf
Delivery
Delivery instructions Loading Shipping Taking inventory
110
3-8
Which of the following is the item that the ordering company should describe in a request for proposal to clarify the details of transaction contracts for software or services? a) b) c) d)
3-9
Person-days Basic policy of the system Program specifications Estimated cost
When selecting a system vendor who develops the next mission-critical system, your boss directed you to prepare an RFP as a leader. Which of the following appropriately explains this RFP? a) A document to ask a system vendor to submit a proposal of the next mission-critical system development b) A document to make inquiries to in-house users about issues of the current missioncritical system c) A document to make inquiries to in-house users about requirements for the next mission-critical system d) A document to submit an order of the next mission-critical system development to a system vendor
3-10
Which of the following is the appropriate description of information literacy? a) It means the economic disparities between those who have information technology skills and those who do not have them, which arise from computerization such as whether or not one owns a PC. b) It means the ability to handle information, or equivalently, to organize, store, and analyze information using a PC as well as collect and transmit information through the Internet and other means. c) It means the organizational ability to guide the business organization in developing and implementing an IT strategy and to lead it in the direction in which it should go for the purpose of establishing competitive leadership. d) It means the level of availability of information communications devices, software, and information services to all people including handicapped persons and senior citizens.
111
MANAGEMENT
Chapter 4 Development technology ........ 114 Chapter 5 Project management .............. 130 Chapter 6 Service management ............. 140
Chapter
4
Development technology Chapter 4 explains system development processes and test techniques, as well as software development processes and development methods.
4-1 System development technology ..... 115 4-2 Software development management techniques .. 126 4-3 Chapter quiz .................................... 129
4-1
System development technology 4-1-1 Process of system development
Reference
Service contract A “service contract” is a contract that is formed when the party placing the order presents terms to the contractor regarding what they want to be delivered and when, as well as the remuneration for the finished product, and the contractor accepts those terms.
Systems used in business operations are expected to perform the necessary functions properly, but must also be easy for the user (system user department) to utilize. It is important for the department developing a system to survey/analyze requirements in cooperation with the various departments that will use the system, and reflect the results into the system under development. System development does not necessarily have to be carried out internally, and may also be outsourced to a company that specializes in system development. A “service contract” is a typical method for forming an agreement when system development is outsourced to another company. The general procedure for developing a system is as shown below. Requirements definition
Determine the functions required of the system.
System design
Design the system based on the requirements definition.
Development (Programming)
Develop the system based on the design details.
Testing
Check that the designed/developed system operates properly.
System acceptance
Verify that the designed system operates according to the requirements.
System operation/ maintenance
Resolve any issues the user (system user department) encounters during system operation.
Reference
Need for review For each system development process, a “review” must be conducted. Reviews check/confirm that there are no bugs (errors) in the system or design, and serve the purpose of improving quality by finding any potential bugs and rectifying them. Reviews may be conducted by the individual developer, a small project team, or by all those concerned. Although it is effective for the developer to conduct a review, it is beneficial for persons other than the developer to conduct a review as well. An outside perspective allows for an objective check, which makes it possible to catch bugs that go unnoticed by the developer.
115
1
Requirements definition
A “requirements definition” clarifies the function, performance, and content required of the system and software, and includes a “system requirements definition” and a “software requirements definition.” The demands of the user (system user department) are surveyed/analyzed to determine whether they are technologically feasible, and the requirements for achieving the demands are then defined in detail. This is the first step in system design, which plays a critical role in determining the success or failure of the subsequent system. In order to develop a better system, the requirements are defined in cooperation with the various departments that will use the system.
2
System design
Development technology
●Software requirements definition In a “software requirements definition,” the required software content is specified on the basis of the actual business content. In general, details such as the system interface, operability, functions required for business, operation, and maintenance are stipulated. At such time, hearings are conducted with the users (system user department) in order to gather as many opinions as possible, although it is also necessary to analyze/consider whether those requirements can be realized.
Chapter 4
●System requirements definition In a “system requirements definition,” the types of functions that are required for computerization are clearly stipulated. In general, factors that determine system reliability such as operating conditions, security performance, and hardware used are stipulated. Accordingly, it is necessary to set priorities in order to maximize results within a limited budget, and determine whether the content described in the system requirements definition is worth the cost.
The system is designed based on the requirements definition. The procedure for designing a system is summarized below. Systems architecture design (External design)
The user (system user department) designs the components of the system that can be seen from the outside.
Software architecture design (Internal design)
The system development department designs the internal functions required by the system in order to realize the functions determined in the system architecture design.
Software detailed design (Program design)
The system development department designs the internal structure of the programs based on the software architecture design.
116
(1)Systems architecture design (External design) In a systems architecture design, components that are visible to the user (system user department) are designed. The functions required for the system are identified by considering how operations will change if the system is developed, and human interfaces such as input/output screens and forms/slips are designed. System architecture design is also referred to as an “outline design” as it outlines the type of system that will be used. In system architecture design, “human interface design” such as input/ output screens and forms/slips, as well as “data design” and “code design” are implemented. Reference
Human interface design Refer to “Chapter 9-1-1 Human interface technology.”
Reference
Data normalization Refer to “Chapter 9-3-2 Database design.”
●Human interface design “Human interfaces” are points of contact between people and computers. They are also referred to as “user interfaces.” In human interface design, the input/output screens of the system and print images such as forms/slips are designed. ●Data design In data design, table data is designed in order to utilize relational databases. By extracting all data items used in operations and normalizing the data, redundant data is removed. ●Code design In a system, various codes such as product numbers and customer numbers are handled. As these codes require regularity, the rules and items to be encoded are determined by the code design. (2)Software architecture design (Internal design) In software architecture design, an internal system is designed, which considers “how to implement” the necessary functions of the system. In other words, it is designed from the perspective of using programming to implement the functions determined in the system architecture design. The user (system user department) does not participate in software architecture design since it is a design of the system’s internal functions.
Reference
SQL Refer to “Chapter 9-3-3 Data manipulation.”
117
(3)Software detailed design (Program design) The internal structure of programs is designed based on the software architecture design. In software detailed design, function details in programs are defined, and detailed processing units of the program structure such as database access methods (SQL statements) are designed. The user (system user department) does not participate in software detailed design since it is design of the system’s internal functions.
3
Development (Programming)
Individual programs are created based on the content designed during the system design stage. In order to run the system, it is important to create the individual program processing procedures, processing details, and processing results according to the design. Furthermore, “unit testing (module testing)” is conducted to confirm that the individual modules created operate normally according to the “program design specification.” Unit testing is conducted in order to discover logical errors in modules one by one, and to check whether the modules function as per the established specifications. In unit testing, verification is conducted by using “white box tests” and “compilers.” (1)White box test A “white box test” is a technique for checking the internal structure and logic of a program, focusing on program control and flow.
Reference
Programming “Programming” involves describing algorithms ( processing procedures for problem resolution ) according to the rules and syntax of programming languages, as well as conducting operation tests. Reference
Module A “module” is the smallest unit that comprises a program. In general, a single program is comprised of more than one module. Reference
Debugging Internal structure of a program ① ②
③
④ ⑥
⑦
① ① ① ① ①
→ → → → →
② ③ ② ③ ②
→ → → → →
④ ④ ④ ④ ④
→ → → → →
⑤ ⑤ ⑤ ⑥ ⑥
→ → → → →
⑦ ………… Statement coverage ⑦ ⑦ ……… Condition coverage ⑦ (All test cases are tested) ⑦
(2)Compiler A “compiler” is software that transforms code created using a programming language into a program executable by a computer. Using a compiler, it is possible to confirm bugs (errors) in the created programs.
Reference
Statement coverage “Statement coverage” is a method for creating test cases so that all instructions are executed at least once. It is one of the white box tests.
Development technology
⑤
“Debugging” is the task of searching for bugs in a computer program and removing them. Unlike unit testing, if a bug is found to exist, its location is narrowed down and the program is modified.
Chapter 4
In scrutinizing the internal structure, test cases to cover all instructions and branch conditions are considered.
Reference
Condition coverage “Condition coverage” is a method for creating test cases so that both true and false cases for all decision conditions are covered. It is one of the white box tests.
118
4
Testing
When unit testing is completed, the modules are integrated and testing is carried out to confirm that the designed/developed system operates normally and is fit for operation. Testing is an important process for confirming program and system quality. Tests are conducted according to test plans, and work continues to proceed while performance is evaluated. (1)Test execution procedure The procedure for conducting each test is as follows. Reference
Program quality
Test plan creation
Determine items such as test schedule, participants, and evaluation criteria. Tests with the aim of improving the quality of the program are not repeated.
Test specifications design
Design items such as test data and response to predicted results according to the design specifications.
Test environment setting
Create test data and prepare the test environment including apparatus to be used in the test. If the program creator prepares the test data or designs the test environment, unexpected errors that could occur are less likely to actually occur. Therefore, it is best if someone other than the program creator is responsible for preparing the test environment.
Test execution
Execute the test according to the test specifications. If the program is modified after completing the test, repeat the test. When doing so, supplement the original test data with data containing modifications that can be confirmed.
Test result evaluation
Evaluate the system on the basis of the test results, and determine whether there are any problems.
Program quality improvement should be encouraged at the program design stage, rather than by repeating tests.
119
(2)Testing techniques One of the main testing techniques in system development is the “black box test.” A “black box test” is a technique for checking whether functions are in accordance with specifications, focusing on the output results of input data. It is a technique used in many test processes. System or program Data
Result
Considered a black box
Confirms that tasks are processed normally.
Exception data
Confirms whether exception data generated by tasks are processed as exceptions.
Error data
Confirms whether erroneous data are properly detected as errors.
* After first testing with normal data, testing is conducted with exception data and error data.
Development technology
Normal data
Chapter 4
(3)Test planning In test planning, data is prepared in order to verify whether the expected output results are obtained for the input data. However, it is not sufficient to end testing when the results for correctly inputted data are confirmed. In reality, correct data is not always inputted during tasks, and systems are not necessarily used in a normal state. Therefore, a variety of cases are assumed, and the following kinds of test data are prepared.
Two of the main methods used to create test data for conducting black box tests are “equivalence partitioning” and “boundary value analysis.”
120
●Equivalence partitioning “Equivalence partitioning” is a method that divides input data into a “valid equivalence class” or an “invalid equivalence class,” and adopts values that are representative of each class as test data. A characteristic of this method is that test data can be created easily. Valid equivalence class
Range of values that are processed normally as input data
Invalid equivalence class
Range of values that are errors as input data
Conditions Age of 20 years or over Under 50 years
Value
Valid equivalence class
20 years or over, and, 49 years or under
Invalid equivalence class 19 years and under, or 50 years and over
Age
… 1 2 3 … 18 19
20 21 22 23 … 47 48 49
50 51 52 …
Valid equivalence class Invalid equivalence class
●Boundary value analysis “Boundary value analysis” is a method that adopts values at the boundaries of the equivalence partitioning classes as test data. Due caution is required for complex boundary conditions as omissions can easily occur. Conditions Age of 20 years or over Under 50 years
19 years, 20 years … Lower limit 49 years, 50 years … Upper limit taken as test data
Age
… 1 2 3 … 18 19 20 21 22 23 … 47 48 49 50 51 52 …
(4)Test execution The following types of testing are conducted in system development. ●Integration testing (Consolidated testing) In “integration testing,” modules and programs are integrated and verified whether they can be executed correctly according to the software architecture design. Integration testing is conducted between modules and between programs for which unit testing is complete. It can confirm whether screen transition and data passing between programs is carried out correctly. Integrated testing is utilized by the system development department.
121
The following types of testing are included in integration testing. •Top-down testing “Top-down testing” is a method of testing in sequence starting from the higher-level modules. In many cases, however, the lower-level modules are not all complete. “Stubs” are then prepared, which are temporary modules that are called upon by the higher-level modules.
Reference
Sandwich testing “Sandwich testing” is a method that combines top-down and bottom-up testing. It is a type of integration testing. Reference
Module A (testing complete)
Test in sequence from higher-level modules
“Big bang testing” is a method in which all of the modules are integrated and tested at once. It is a type of integration testing.
Module under test
Stub
Big bang testing
Stub
Module under test
Module B (testing complete)
Module C (testing complete)
Test in sequence from lower-level modules
Development technology
Driver
Chapter 4
•Bottom-up testing “Bottom-up testing” is a method of testing in sequence starting from the lower-level modules. If the higher-level modules are not complete, “drivers,” which are temporary modules that call upon the lower-level modules are prepared.
●System testing (Comprehensive testing) “System testing” verifies whether the overall functions fulfill the requirements specification designed with the system architecture design. It is conducted after integrating programs for which integration testing is complete, and utilized in cooperation by the system development department and the user (system user department).
122
Reference
Response time/Turnaround time/Throughput Refer to “Chapter 8-2-2 System evaluation indexes.”
In system testing, the following types of testing may be conducted depending on the purpose. Name
Description
Function testing
Verifies that all of the required functions are included.
Performance testing
Verifies that the processing performance, including response time, turnaround time, and throughput, fulfills the requirements.
Exception handling testing
Verifies that error processing functions and recovery functions operate normally.
Load testing (Rush testing)
Applies a load to the system through such means as inputting a large amount of data and simultaneously increasing the number of operating computer terminals, and verifies that the system can withstand the load.
Operability testing
Verifies that the system is easy to operate for the user (system user department).
Regression testing
Verifies that no other programs were affected when errors discovered in any of the test processes were modified or when changes were made to the specifications.
Penetration testing (Intrusion testing)
Detects the system’s security holes and firewall weak points (vulnerability) by actually attempting an attack or intrusion from outside.
●Operational testing “Operational testing” uses real business data to verify whether the system is appropriate for the realities of the business and whether it can be operated in accordance with the operation manual. It is conducted mainly by the user (system user department). In operational testing, the following items are tested. Item
Reference
Receiving inspection “Receiving inspection” refers to testing and acceptance of a system by the user (system user department).
123
Description
Business function
Verifies that functions required in conducting business are fulfilled.
Operability
Verifies that the system is easy to operate for the user (system user department).
Anomaly measures
Verifies that measures have been taken in case of anomalies such as data anomalies, abnormal operation, and equipment anomalies.
Throughput
Verifies that throughput is sufficient using the current equipment configuration.
Processing time
Verifies that response times are within the acceptable range.
(5)Test result evaluation In order to receive system inspection, satisfactory test results must first be achieved. At such time, it is necessary to consider the criteria for evaluating the system based on the test results.
Number of bugs does not increase Testing can be stopped Test time
Cumulative number of bugs
Cumulative number of bugs
Typical evaluation criteria include “bug control charts.” A bug control chart is a graph showing the relationship between test time and cumulative number of bugs detected. An ideal bug control chart forms a curve referred to as a “Gompertz curve (reliability growth curve).”
Gompertz curve
5
Number of bugs increases and testing has not progressed Problems such as poor program quality exist Test time
Not a Gompertz curve
Software acceptance
A “user manual” is a manual that explains how to use the software and system. Before operation, the user manual is used to provide a tutorial of basic operations, and after the system is in operation, it is referenced to learn specific operations according to the respective content of work.
System operation and maintenance
When system development is complete, the user (system user department) starts utilizing the system. The usage status and operation status of the system are then observed, and any issues that arise are resolved. In order to respond to developments in information technology or changes in business strategy, programs may also be modified or changed. (1)Precautions about operation and maintenance Precautions about system operation and maintenance are listed below. • When performing any modification work, first backup the system before directly modifying a program in operation. After making the modification, conduct testing in an environment that is equivalent to the actual environment. • When any changes are made to a program, always record them in a modification log. This information may prove to be useful when investigating matters such as fault causes. A regression test should also be conducted to confirm that other programs are not affected by the changes. • Always keep the complete set of documents concerning system development (such as specifications and operating procedures) up-to-date. • Monitor issues such as whether there is insufficient disc space due to an increase in data volume, and whether there is a decrease in performance, and make improvements/address issues as necessary.
Development technology
6
User manual
Chapter 4
Software acceptance occurs when system development is outsourced to an external specialist and software is delivered from the outsourcer (developer) to the customer (user). It involves confirming whether all of the requirements of the user (system user department) are fulfilled, and whether the software operates normally. If there are no problems, the software is delivered and educational and training programs for the user (system user department) are conducted. It is also referred to as an “approval test (acceptance test).”
Reference
Reference
Document storage It is important to leave documentation in each system development process. Specific documents include “requirements definition documents,” “design specifications,” “developed programs,” “test execution plans,” and “test execution reports.” For example, design specifications can be used as a design drawing for the system under development, which those in charge can reference to check progress and advance development. Furthermore, if any changes to the program must be made at the operation/ maintenance stage, the test execution report becomes the only document that can provide an adequate understanding of the existing system.
124
(2)System maintenance The following are key maintenance tasks for preventing failures. Type of maintenance
Description
Preventative maintenance
Remove the causes for future failures before they occur.
Scheduled maintenance
Perform daily checks. Also, enter into a maintenance agreement with a specialist and request hardware checks once a month, for example.
Remote maintenance
Enter into a maintenance agreement with a specialist, and remove causes of failure remotely (remote operation) by connecting the specialist and the user (system user department) via communication lines.
(3)System failure In terms of maintaining system operation, it is important to take preventive measures so that failures do not occur. However, for reasons such as system modification as a result of tax rate changes, workflow changes, or hardware lifespan, failures in the existing system could occur and further modification may be unavoidable. During system development, it is necessary to consider the occurrence of failures as unavoidable. The key is to be well-prepared with effective countermeasures that will prevent failures from adversely affecting the entire system or stopping operations.
4-1-2 Software estimation Reference
FP Abbreviation for “Function Point.” Reference
GUI
Computerizing operations requires an awareness of cost when determining which functions to incorporate into the system. The following are methods for estimating system development costs. Type
Description
Characteristics
Program step method
A method for estimating the number of program steps (number of lines) in the entire system from past records.
Suited to estimations for development of core business systems with significant accumulation from the past.
FP (Function Point) method
A method for estimating system development personhours and development costs by quantifying the number of input/output screens and files to be used, and the level of difficulty of functions to be developed. Quantified items are referred to as “function points.”
Suited to estimations for development using GUI and object orientation.
Refer to “Chapter 9-1-1 Human interface technology.” Reference
Object orientation Refer to “Chapter 4-2-1 Software development process and methods.”
125
4-2
Software development management techniques
4-2-1 Software development process and methods When developing software, a development process and methods that suit the processing content and scale of the entire system must be determined. 1
Software development methods
“Software development methods” are methods for advancing the software development process. The following are typical development methods. Characteristics
Structured method
A method of programming that divides the program into individual processes and forms a hierarchical structure. Also referred to as “structured programming.
Dividing the program into individual processes makes it easy to verify or modify operations, and perform maintenance.
Object orientation
A method for modeling a business and creating a program by considering what items (objects) are required to advance the business, and defining the object characteristics.
Business data ( properties ) and roles (behavior) are treated as groups of objects ( components ) , which facilitates partitioning into components and reuse.
Data oriented approach
A method of carrying out system development based on databases created by focusing on the structure of data used in the business.
The structure of the core data will not change even if the business content changes, which makes it easy to carry out system modifications.
Process oriented approach
A method of carrying out system development by focusing on business processes and functions.
Each system is created based on the business content and if it changes, the system must be significantly modified.
Reference
Agent orientation “Agent orientation” is a developed form of object orientation. An “agent” is software that operates and processes tasks independently in order to accomplish a purpose without detailed instructions from the user. Agent orientation refers to that approach and function.
Development technology
Description
Chapter 4
Method
126
Reference
Precautions about the waterfall model Since it is impossible to advance different processes in parallel, it is necessary to shorten the time period of the processes themselves by working on the components of a single process that can be performed in parallel. However, in such cases, people and time are required to coordinate the parallel work, and costs tend to be higher than when parallel work is not carried out. Reference
2
Software development models
The typical software development models are summarized below. Model
Description
Characteristics
Waterfall model
A development model that advances each process in sequence without backtracking, similar to the flow of a waterfall. Also, dividing the system into a number of subsystems and repeatedly carrying out requirements analysis, design, development, testing, and implementation is called an “incremental model.”
This is the most common development model. Costs can be estimated relatively easily, and this model is often used in large scale developments. However, the amount of work that must be repeated if the system specifications change is extremely large.
Spiral model
A development model that divides the system into a number of subsystems and repeats the cycle from “requirements analysis” to “operation” for each subsystem. It develops the system by allowing it to evolve as it grows.
It can shorten the period until the first subsystem is operated. Each subsystem is verified by the user (system user department), making it possible to incorporate their opinions into the next cycle.
Prototyping model
A development model that creates prototypes from an early stage of system development and obtains confirmation from the user (system user department) as development advances.
It can identify any potential misunderstandings about the system between the user (system user department) and the developer at an early stage. It also has the effect of raising the awareness of the user (system user department) regarding the system. However, if prototypes are created repeatedly, cost management can become an issue.
RAD “RAD” is a type of development that divides the system to be developed into a number of subsystems, and proceeds to develop them starting from the items with the highest priority. The goal is to develop the system in a short time and at low cost using sophisticated software development tools. RAD is often used in a prototyping model. Abbreviation for “Rapid Application Development.” Reference
Reverse engineering “Reverse engineering” is a technique for creating new software by breaking down and analyzing existing software. It may include studying the relationship between modules and analyzing the system’s basic specifications. It is often carried out to maintain compatibility with the existing software.
Waterfall model Requirements definition Systems architecture design Software architecture design Software detailed design Development (Programming) Testing Operation and maintenance
127
Spiral model
Development (Programming)
Testing and evaluation
Completion
Design
Analysis
Prototyping model
Requirements definition
Systems architecture design
Creation of prototype
Chapter 4
Execution of prototype Confirmation by user (System user department)
OK Software architecture design
NG
Software detailed design
3
Development (Programming)
Testing
Operation and maintenance
Common frame
A “common frame” is a frame that standardizes the terminology and content of work in software development, including planning, development, operation, and maintenance. With a common frame, a system vendor and a user can clarify the details of their transaction such as their respective roles, scope of business, work content, and scope of responsibilities. This enables both parties to share a mutual understanding, which prevents misunderstandings and problems from occurring.
Reference
SLCP
Development technology
Evaluation
“SLCP” is a common frame for transactions and software development centered on software. Abbreviation for “Software Life Cycle Process.” In Japan, the “SLCP-JCF98 (Common Frame 98)” was established based on the ISO/IEC international standards, which takes into account the characteristics of Japanese commerce and Japan’s software industry. In September 2007, the contents of the SLCP-JCF98 were reinforced and expanded, and the “SLCP-JCF2007 ( Common Frame 2007)” was published. Abbreviation for “SLCP-Japan common frame.”
128
4-3
Chapter quiz
*See page 8 in the“Answers and Explanations”booklet for the correct answers.
4-1
When the information system department performs the procedure of the requirements definition, system design, programming, and testing in the flow of software development, which of the following most needs the participation of the user departments? a) b) c) d)
4-2
When the scale of software development is estimated, which of the following is an appropriate element that should be considered? a) b) c) d)
4-3
System design, testing, programming System design, programming, testing Testing, system design, programming Programming, system design, testing
Which of the following is the software development model that performs the requirements definition, system design, programming, and testing in that order, and checks carefully so as not to return to the previous phase when each phase is completed? a) b) c) d)
129
Developer’s skills Development organization Number of screens Schedule
Which of the following shows part of the phases of software development in the order of implementation? a) b) c) d)
4-4
Requirements definition System design Programming Unit test
RAD (Rapid Application Development) Waterfall model Spiral model Prototyping model
Chapter
5
Project management Chapter 5 explains the processes of project management and techniques of project scope management.
5-1 Project management ......................... 131 5-2 Chapter quiz ...................................... 138
5-1
Project management 5-1-1 Project management
Reference
Project organization Refer to “Chapter 1-1-1 Management and organization.”
In pursuing various corporate activities such as the development of new information systems and services, it is important for a corporation to execute plans in unison with a sense of purpose that is shared throughout the corporation. In general, it is efficient to execute a plan by assembling a project organization and executing the project as an organization, while managing various aspects such as progress of the project, cost, quality, and members. 1
Project
A “project” is temporarily assembled in order to execute activities and achieve a specific purpose within a specified time. The main characteristics of a project are summarized below. • A clear purpose is defined before the project is initiated. • A series of activities is undertaken to achieve the purpose. • Activities are executed by a temporary group. • Persons with specialized knowledge from various fields are assembled. • Work that is non-routine and non-repetitive is executed. • Activities are undertaken using defined resources. • The project is disbanded after achieving the purpose.
A project is engaged for the purpose of executing non-routine work instead of simple and routine work. An example is the development of a new information system. In order to achieve such purposes, it is important to manage the project using defined management resources (people, materials, money, and information). 2
Project management
“Project management” is a management technique to facilitate every process of a specified project within the corporation from initiation to completion.
131
The typical processes for a project are summarized below. Initiation and planning
Initiate the project and plan the course of action.
Execution and monitoring
Execute the project and monitor the work schedule, costs, and quality.
Closing and evaluation
Close the project once the purpose is achieved, and evaluate the work performance and deliverables (finished product).
(1)Project initiation and planning The “project manager” plays a central role in initiating the project. The project is usually initiated after the client (commissioning party) that requests the systems development approves the documentation that describes the project outline. At that point, a “kick-off” meeting is conducted with the “project members” to discuss various aspects such as the framework and key points of the project, progress (schedule), and management method. Afterwards, a detailed plan is formulated and a “project plan” is prepared.
A “milestone” is a term used in project management to denote an important point in the work schedule such as the integration testing date or customer review date. Reference
Project manager A “project manager” is an individual who manages and oversees projects or is nationally certified to manage a project. In the case of the former, a project manager organizes project members, manages the project schedule, and makes decisions concerning work processes. Reference
Project member A “project member” refers to one of the members of a project. Reference
Stakeholder In the context of project management, a “stakeholder” refers to an individual who is variously impacted by the project or has a stake in its success or failure. Project stakeholders include the project client, project manager, project members, and users. It is important to manage each respective stakeholder in an appropriate manner.
Project management
(3)Project closing and evaluation After the target system is completed, the project is closed and disbanded. Once the client has accepted the system, a “project completion report” is prepared. The project completion report includes a performance evaluation of all work such as the actual cost and progress, and a list of the final deliverables (finished product). The evaluation contains information that will be useful for the next project such as variance between the plan and actual performance, changes occurred and their causes, and risks encountered and their countermeasures.
Milestone
Chapter 5
(2)Project execution and monitoring After the project plan is completed, the project moves into the execution phase and work begins. During project execution, the project manager makes sure to communicate with project members and the client, and monitors the performance of the project including the progress of the project, cost, and quality. The project manager makes adjustments as the need arises.
Reference
132
5-1-2 Project scope management
Reference
PMBOK Abbreviation for “Project Management Body of Knowledge,” which is a standard framework for project scope management based on a body of knowledge advocated by the U.S.-based Project Management Institute (PMI).
“Project scope management” is a management technique that analyzes the final deliverables of the project and the work scope required, and manages the relationship between the deliverables and work scope. The “Project Management Body of Knowledge (PMBOK)” is an international standard that provides guidelines for project managers to execute projects in an integrated manner using project scope management techniques. PMBOK recognizes the nine knowledge areas listed below. Scope
Define the deliverables and work scope.
Time
Coordinate the work processes and schedule.
Cost
Determine the budget.
Quality
Define the quality targets and inspect the quality.
Human resources
Procure and train the project members.
Communication
Achieve mutual understanding and share information between the project members and teams.
Risk
Predict the risks and determine countermeasures to avoid and address the risks.
Procurement
Select the necessary resources, issue orders, and sign agreements.
Integration
Integrate the other knowledge areas and manage the overall project.
The key characteristic of PMBOK is that it achieves an overall balance of these knowledge areas to enable flexibility in response, even if there are significant changes to the deliverables or work scope. 1 Reference
WBS Abbreviation for “Work Breakdown Structure.” Reference
OBS Abbreviation for “Organization Breakdown Structure.” OBS is a chart that breaks down the project member organization into parts and organizes them into a hierarchical structure. Reference
Scope
“Scope” refers to the final deliverables of the project, and the work scope required to produce the deliverables. The scope is defined using a “WBS (Work Breakdown Structure).” ●Work breakdown structure A “WBS (Work Breakdown Structure)” is a chart that breaks down the work scope of the project into detailed items, and organizes the items into a hierarchy. The procedure for preparing a WBS is outlined below. Determine the individual deliverables of the project.
Determine the work scope required to achieve the deliverables.
CBS Abbreviation for “Cost Breakdown Structure.” CBS is a chart that breaks down the project cost into components and organizes it into a hierarchical structure.
133
Break down the work scope into parts, and determine the work.
WBS chart Deliverable A
Work scope 1 Work (1) Work (2) Work scope 2 Work (1) Work (2)
Deliverable B
Work scope 1 Work (1) Work (2)
Time
The work content identified by WBS is used as the basis for estimating the approximate number of days required. The estimated number of days is used to divide the schedule for each piece of work according to the planned delivery dates in order to manage progress. The schedule plan is determined based on the calculated number of operating days, clarifying the confirmation of progress, completion date, and handover of each individual piece of work. “Arrow diagrams” and “PERT ( Program Evaluation and Review Technique ) ” charts are used to prepare the schedule plan. A “Gantt chart” is used to illustrate the planned schedule. Since there is a variety of work for each project, it is necessary to estimate the number of days required for each piece of work.
Reference
Arrow Diagram, PERT chart, Gantt chart Refer to “Chapter 1-1-2 OR (Operations Research) and IE (Industrial Engineering).”
Project management
2
Chapter 5
Once the WBS is prepared, it becomes the foundation for all work areas under PMBOK. In addition, if any excesses or deficiencies are found in the WBS or while the project is in progress, the scope is reviewed to ensure that it is always up-to-date, and it is updated as any changes arise.
134
In the following arrow diagram example, work E can be started when work C and work D are both finished. In other words, work E can be processed seven days after the work is started.
Work A
Work C 2 days
5 days
Work B
Work D
Work E
2 days
3 days
2 days
Example In the following arrow diagram, calculation for the overall number of days required if work C can be shortened to three days is illustrated.
Work A
Work C 2 days
5 days
Shortened to 2 days
Work B
Work D
Work E
2 days
3 days
2 days
The overall number of days required is calculated as follows (before work C is shortened to three days). Work A (2 days) + Work C (5 days) = 7 days Work B (2 days) + Work D (3 days) = 5 days Seven days are needed until both work C and work D are finished, so the overall number of days required is: 7 days + Work E (2 days) = 9 days. If work C is shortened to three days, at most five days are needed until work C and work D are finished. Therefore, the overall number of days required is: 5 days + Work E (2 days) = 7 days.
135
3
Cost
The work content identified by WBS is used to estimate the approximate cost required. The estimated cost is used as the basis to define and manage the budget. An “EVMS (Earned Value Management System)” is used for cost management. ●Earned value management system An “EVMS (Earned Value Management System)” is a technique for quantitatively evaluating the progress of a project by comparing it with the budget and work schedule. EVMS is used to prepare a cost plan based on the estimated person-hours derived from the breakdown of work from the WBS, and the variance of the schedule and cost is measured. The measured results are then analyzed to forecast work delays and over-budgeting, and adjustments are made to the schedule and budget. 4
Quality
5
Human resources
6
Abbreviation for “Earned Value Management System.” Reference
Person-hours “Person-hours” represent the volume of work required for activities such as system development. Person-hours are typically indicated in person-month units. Reference
Person-months “Person-months” are a unit of personhours. One person-month equals the amount of work performed by one person in a single month. Example Work that takes one person three months to accomplish represents three person-months of work. Example Work that takes two persons three months to accomplish represents six person-months of work.
Project management
Project members are procured based on the deliverables identified by WBS, as well as work scope, time, cost, and quality. The project team is also structured and trained according to the deliverables and work scope. The success of the project hinges on manpower and teamwork. In order to effectively capitalize on the capabilities of all persons involved in the project, it is necessary to prepare an optimum environment and assign the right project members to the right positions.
EVMS
Chapter 5
Quality is maintained and improved by defining and managing the desired quality targets of the deliverables, which are based on the deliverables identified by WBS. The following items are reviewed and summarized in a “quality management plan:” targets, quality maintenance and improvement plan, quality inspection technique, review plan, and testing method.
Reference
Communication
It is necessary to manage communication so that there is sharing of information, and mutual understanding between working project members and the project manager. E-mail is typically used for communication, but other methods are also used to share information within the project such as preparing mailing lists and using groupware. In addition, regular meetings are held to encourage mutual understanding between project members, information sharing, and reporting on progress.
Reference
Mailing list Refer to “Chapter 9-4-3 Network application.” Reference
Groupware Refer to “Chapter 3-1-2 Concept of business process.”
136
7
Risk
The deliverables and work scope identified by WBS are used as the basis for predetermining the possible locations and types of risks that may occur, as well as the extent of the losses and the degree of impact that those risks may entail. The predetermined risks should be ranked – starting with the highest rate of occurrence and the largest loss impact – to determine which risks should be prioritized and dealt with. In addition, it is integral to the process that sufficient countermeasures are prepared in advance for the predetermined risks. If a risk actually arises, it is dealt with according to the course of action that has been devised based on the risk analysis and countermeasures. It is also necessary to be prepared to deal with legal issues due to the possibility of various contractual risks that could arise. 8
Procurement
Necessary technologies and services are procured from an external source in order to execute a project. The deliverables and work scope identified by WBS are used as the basis for examining the technologies and services that need to be externally procured, followed by the selection of candidate suppliers. This process is referred to as “solicitation.” Suppliers are typically chosen through bidding or quotation, or they are directly designated. The workflow from processing orders and contracts to receiving inspection is managed in a comprehensive manner. 9
Integration
All of the work areas are comprehensively managed to achieve unity in the entire project. Overall policies and plans for the project are formulated, and any changes that occur during the execution of the project are addressed. In some cases, new or more efficient technologies are developed during the course of a long-term project, requiring the ability to flexibly adapt when necessary. Accordingly, any new developments such as major schedule delays, delivery date extensions, and cost increases should be thoroughly discussed. In short, the overall project should be managed in a manner that ultimately yields the desired deliverables.
137
5-2
Chapter quiz
*See page 9 in the “Answers and Explanations” booklet for the correct answers.
5-1
When one day is reduced for Activity C and three days are reduced for Activity B in the arrow diagram shown below, how many days can be reduced in total? C
A 3 B 6
a) b) c) d)
5-2
5
Legend Activity name Days required
D 3
1 2 3 4
1 2 4 5
Project management
a) b) c) d)
Chapter 5
A project with 50 work items of equivalent labor was planned to be finished in 10 days. The fifth day is now over, and only 20 work items have been completed so far. By how many days is the project delayed at this point? Here, the delay is given by the difference from the number of days it should have taken to complete the work items that are currently finished.
138
5-3
Which of the following is described in a project plan? a) b) c) d)
5-4
It takes 24 days for Mr. A to complete a certain software development and 12 days for Mr. B. When both Messrs. A and B work together, 25% of all the working hours in a day are needed for preliminary discussion. When both Messrs. A and B work together, how many days does it take to complete the development? a) b) c) d)
139
Screen layout Workflow Schedule Program structure
6 8 11 12
Chapter
6
Service management Chapter 6 explains the basic roles and components of IT service management including the management of information system operations, service support, the concept of system environment development, and the basic principles of system audits.
6-1 Service management ........................ 141 6-2 System audit ..................................... 147 6-3 Chapter quiz ..................................... 152
6-1
Service management 6-1-1 Service management “Service management” is the act of operating an information system in a stable and efficient manner to maintain and improve the quality of user services. 1
IT Service management
“IT service management” is a method of management that associates the operation of information systems with the provision of IT service in order to facilitate stable and efficient operations. For example, by providing various IT services, entities such as financial institutions and transportation companies are supporting business management and society overall. If trouble arises in those IT services, it could have a major impact not only on those companies themselves but also on the entire society, leading to accidents and confusion. For that reason IT services are managed in such a way as to ensure efficient operation and to maintain and improve the quality of the services themselves. 2 Reference
ITIL Abbreviation for “Information Technology Infrastructure Library.” Reference
OGC Abbreviation for “Office of Government Commerce.” Reference
De facto standard A “de facto standard” is an industry standard that is established not through formal approval, but through widely-accepted use within the industry.
141
ITIL
“ITIL” is a framework of know-how, best approaches, best practices, etc. designed to create a successful business utilizing IT services. It was put together in the form of a series of books published by the “OGC,” a UK government agency, in the late 1980s and serves as the “de facto standard” of IT service management. ITIL is a comprehensive set of guidelines for IT services, but not all IT service operations need to be brought into line with it. It is best to compare the actual work against the framework and use the relevant parts as a reference for operations.
(1)ITIL system diagram The ITIL framework can be expressed with the following diagram. Service management implementation planning
Business perspective
Service support
Service delivery
ICT infrastructure management
Technology
Business
IT service management
Security management Application management
(2)ITIL framework ITIL is summarized in the following seven books.
Service delivery
Guidelines for formulating a medium- to long-term plan and making improvements to it. Explains the method how to appropriately provide IT services, touching on things like investment effects and availability.
Service management implementation planning
Explains the method how to formulate a plan for implementing IT service management.
Business perspective
Explains the best practices for service support and service delivery, focusing on the business perspective.
Application management
Explains the life cycle and investment effect of software.
ICT infrastructure management
Explains the best practices for infrastructure management.
Security management
Explains how to ensure the security and confidentiality of data.
“Service support” and “service delivery,” which are components of “IT service management,” form the core of ITIL. These two items can be broken down into the processes listed below. Service support
Service delivery
・Incident management
・Service level management
・Problem management
・IT service financial management
・Configuration management
・Capacity management
・Change management
・IT service continuity management
・Release management
・Availability management
Service management
Guidelines for daily operations and support. Explains the method how to provide support to users so that they can appropriately use IT services.
Chapter 6
Service support
・Service desk
142
6-1-2 Service support “Service support” is a set of processes for supporting service operations and is one part of the ITIL framework. It consists of five processes and a service desk. IT services are managed in an integrated fashion by executing these processes. The processes of service support are summarized below.
Reference
Incident An “incident” is a failure, accident or unexpected occurrence that happens within the computer system.
(1)Incident management (fault management) “Incident management” minimizes the length of service interruptions and the external impact when incidents occur in IT services, and takes steps to restore normal service as quickly as possible and resolve the incident. An incident that is resolved before it becomes serious is known as a “close call,” and management is exercised in such a way as to utilize these lessons as well. (2)Problem management “Problem management” treats the causes of incidents as “problems” and looks for the root cause. Measures to resolve the problems are reviewed and carried over into change management. (3)Configuration management “Configuration management” involves managing assets that comprise IT services such as hardware and software, and keeping them in top shape in order to provide better IT services. (4)Change management “Change management” involves reviewing the solutions produced by problem management and changes to configuration made necessary by life cycles, and performing an evaluation to determine whether to proceed to release management. (5)Release management “Release management” implements the changes decided upon in the process of change management. (6)Service desk The “service desk” is the point of contact where user inquiries are handled. Other names for it include “help desk”, “call center”, and “user support.” In general, the service desk accepts inquiries on how to use products and services and how to fix problems and deals with repair requests and complaints. Inquiries may be accepted in the form of phone calls, e-mails, faxes, etc., but if multiple points of contact are set up depending on the contents of the inquiry, it can become difficult to determine the appropriate point of contact, which results in wasted time. It is then necessary to implement measures such as consolidating the points of contact. If the inquiries received are registered in a database, they can be published as a FAQ on a website or analyzed and used to improve products and services.
143
6-1-3 Service delivery “Service delivery” is a set of processes for implementing long-term plans for and improvements to IT services, and is one part of the ITIL framework. It consists of five processes, and by executing them, stable IT services can be provided. The processes of service delivery are summarized below. (1)Service level management “Service level management” is the process of maintaining and making improvements to the service level based on the agreement between the IT service provider and user. The “service level agreement (SLA)” and “service level management (SLM)” are executed and managed in order to ensure quality and provide stable IT services. Reference
SLA Abbreviation for “Service Level Agreement.”
Chapter 6
●Service level agreement (SLA) A “service level agreement” is a “quality assurance agreement” formed between the IT service provider and user with respect to the management of operations, and it defines the quality and scope of the IT services. The agreement includes the scope of the system services, pricing, support hours, target recovery time for system failures, etc. This form of contract was originally popularized by telecommunications carriers to guarantee the quality of communications in network services. Standards are set for things like minimum data transfer speeds and maximum downtimes, and rules for penalties and compensation are stipulated for instances where the standards are not met. These agreements are currently utilized in a wide range of IT services.
Service management
144
Reference
SLM Abbreviation for “Service Level Management.”
●SLM (Service Level Management) “SLM (Service Level Management)” is a method of management that works to maintain and improve the service level by measuring whether the agreed service level is being met. The PDCA cycle for service level management is as follows. Measurement plan
Plan Review and implementation of improvements
Do
Action
Provision of IT services
Check Measurement and evaluation of results
(2)IT service financial management “IT service financial management” is the process of managing the costs necessary to provide IT services. For IT services, the costs vary depending on the scope and level of service, making it necessary to clarify the required services and control the financial situation in a comprehensive manner. (3)Capacity management “Capacity management” is the process of ensuring services that meet the necessary performance requirements can be developed while taking the budget and cost effectiveness into account. (4)IT service continuity management “IT service continuity management” is a process designed to prevent IT services from being interrupted even in the event of an earthquake, fire, or other disaster, and to minimize the damage or impact if there is such an interruption. Restoring the IT services within the timeframe agreed upon with the customer is also important for ensuring the continuity of IT services. (5)Availability management “Availability management” is the process of managing the quality of IT services. For example, it involves ensuring operations run 24 hours a day, 7 days a week so that the user can receive service at any time, and working to prevent the system from going down.
145
6-1-4 Facility management “Facility management” is maintaining the company’s computers, network, equipment, facilities, etc., and keeping them in top condition. It originally referred to management techniques for managing and operating a company’s real estate, buildings, and other facilities. When applied to information systems, the purpose is to maintain the system environment according to the facility management policy, and keep the systems in optimal condition. 1
Reference
Facilities “Facilities” are things that are built or installed to fulfill a certain purpose.
System environment development
Information systems are supported by various system environments. When it comes to facility management for information systems, it is important to enact measures for natural disasters such as earthquakes and floods, and accidents such as fires. Checks need to be carried out regularly on windows, air conditioning, etc. to ensure that nothing impedes equipment operations such as noise, water leaks or electrical leaks, and measures should be taken as necessary. For example, the following points need to be considered in order to protect devices and equipment used in the information system from power outages or surges caused by lightning and disasters such as earthquakes.
●Surge protection A “surge” is a sudden burst of voltage. When lightning strikes nearby, a powerful current resulting from the high voltage (thousands to tens of thousands of amperes) sometimes runs through power lines and phone lines, which can break computers. Damage from surges can be prevented by using OA taps with “surge protection.”
Reference
UPS Abbreviation for “Uninterruptible Power Supply.” Reference
Security wire A “security wire” is a wire attached to a laptop computer or other piece of equipment to prevent theft. When security wires are attached to laptops or other equipment and fastened to the desk where they are installed, they make it more difficult to remove them, effectively preventing theft.
Service management
●Uninterruptible power supply An “uninterruptible power supply,” also referred to as a “UPS,” is a backup power supply to prevent interruptions in the supply of power in the event of a power outage or surge. In the event of a power outage, power is supplied via a battery, but generally a UPS can only supply power continuously for about 10 to 15 minutes. For that reason, it is important to quickly save data that is being worked on and shut the system down.
Chapter 6
• Install an uninterruptible power supply as a measure against power outages and surges. • Use OA taps that come with surge protection. • Install information equipment in places with firm foundations and minimal vibration to prevent it from tipping over or falling off the shelf in the event of an earthquake. Also consider vibration-free floors to absorb and mitigate tremors from earthquakes.
146
6-2
System audit 6-2-1 System audit System audits are crucial as companies engage in developmental operations. 1
System audit
A “system audit” is a comprehensive verification and evaluation of the system by an independent third-party “system auditor.” After the audit is performed, the system auditor provides suggestions and advice to the concerned parties. (1)Purpose of system audits The purpose of system audits is to determine whether or not an information system is contributing to management efforts based on a wide-perspective investigation of the system. The following are general items to consider. • Whether there are safeguards in place to ensure the reliability of the information system with respect to failure •Whether there are safeguards in place to ensure the safety of the information system with respect to disasters and unauthorized access • Whether the information system is efficiently contributing to the company’s management policy and strategy
147
(2)Processes in system audits The processes in system audits are as follows. Planning
Formulation of audit plan
Implementation
Preliminary audit Main audit
Preparation of system audit report
Reporting
Opinion exchange meeting Audit report meeting
Follow-up
●Main audit In the “main audit,” a detailed audit, analysis, and review are carried out according to the items and procedures laid out in the system audit plan. The audit techniques generally include interviews, on-site inspections, document and record checks, and questionnaire surveys. The information obtained is kept as “audit evidence.”
System audit standards “System audit standards” provide the framework for carrying out an appropriate audit of information systems. They serve as the code of conduct expected of the system auditor when implementing a system audit. Reference
Audit trail “Audit trail” refers to the information system logs, user information logs, error logs, and other data. These are carefully reviewed to establish the reliability, security and efficiency of the system, which is the purpose of the audit. Since it is not possible to verify every single log, the necessary audit trail is selected at the time the system audit plan is formulated.
Service management
●Preliminary audit The “preliminary audit” is carried out before the main audit in order to get a general grasp of the system. It involves meeting with the manager of the department to be audited and checking documents. It makes it possible to divide audit items into those that require a detailed investigation during the main audit and those that do not, and modify the individual documented plans that were prepared earlier.
Reference
Chapter 6
●Formulation of system audit plan Research the company’s business conditions and policies, problems with the information system, etc., and identify the purpose of the audit as well as the department and information system to be audited. In this step, the “documented audit plans” are prepared. These include the “documented medium- and long-term plan”, which covers a period of several years, the “documented basic plan”, which covers the fiscal year, and the “individual documented plans”, which cover individual audit items.
148
●Preparation of system audit report Once the system audits are complete, a “system audit report” is prepared to accurately inform management, the audited department, and the related departments of the results. The audit report includes the “audit results”, a “general overview”, the “strong points”, “suggestions”, and “things that need to be improved.” ●Opinion exchange meeting At the “opinion exchange meeting,” opinions are exchanged with the representative of the audited department to make sure there are no factual errors in the audit report. Opinion exchange is a characteristic process of system audits. The opinion of the audited department as shared at the opinion exchange meeting is reflected in the system audit report, and additions or changes are made as necessary to put the finishing touches on it. ●Audit report meeting An “audit report meeting” is held to provide an explanation of the audit results to management based on the final audit report. ●Follow-up The effectiveness of system audits hinges on the provision of suggestions for improvement. For that reason, the system auditor checks on the status of improvements and supports the implementation thereof. This is called “follow-up.” Regular audits are carried out to check on the status of improvements, and follow-up audits are performed as necessary. 2
Other Audit Work
Other typical audit work is as follows.
149
Accounting audit
Accounting and financial statements are audited and approved by a third party. These audits are performed by a certified public accountant or an auditing firm.
Operations audit
The results of a company’s business and management activities, the management methods used, etc. are verified and evaluated by a third party. These audits are performed by internal auditors or the company’s auditor.
Information security audit
The criteria, methods, etc. of information security measures are audited, corrected, verified, and evaluated by a third party. These audits are performed by internal auditors or the company’s auditor.
6-2-2 Internal control “Internal control” and “IT governance” are means of ensuring sound management. 1
Internal control
“Internal control” involves constructing a system for the company to engage in business activities in an appropriate manner. (1)Purposes of internal control Internal control serves four purposes in the support of business activities. The purposes of internal control are summarized below. ●Efficiency and effectiveness “Effectiveness of operations” refers to the degree to which business objectives are being achieved. “Efficiency of operations” refers to the rational use of time, human resources, costs, etc. to achieve the objectives. The achievement of business objectives is supported by putting together a system by which to measure and evaluate the degree of achievement and rationality. ●Reliability of financial reporting A system is put together to prevent false information from finding its way into financial reports and thereby support the reliability of financial reporting.
Chapter 6
●Compliance with laws and regulations A system is put together to ensure compliance with laws, standards, regulations, etc. related to the business activities in order to support legal compliance.
(2)Basic elements of internal control Internal control is comprised of six basic elements that are required in order to fulfill each of the above purposes. These elements are taken from the “COSO Framework,” which is the global standard for internal control. The basic elements of internal control are summarized below. ●Control environment A proper environment (climate) must be set up within the organization. Putting together a better environment affects the awareness of everyone within the organization and provides the foundation for the basic elements.
Reference
COSO
Service management
●Protection of assets A system is put together to ensure that acquisition, use and disposal of assets is carried out in accordance with appropriate procedures and thereby support the protection of the company’s assets.
“COSO” is an organization established by organizations such as the American Institute of Certified Public Accountants in response to the numerous incidents of accounting fraud and management failures in the 1970s and 80s. The “COSO Framework” was announced in 1992. The “COSO Cube” is a graphical representation of the COSO Framework. Abbreviation for “Committee of Sponsoring Organizations of the Treadway Commission.”
150
●Risk evaluation and response Measures against risk are reviewed after identifying, analyzing and evaluating risks that pose a threat to the achievement of organizational objectives. ●Control activities “Control activities” are policies and procedures for incorporating internal control into business activities. In order to implement them, a company must consider the following points.
Reference
Segregation of duties “Segregation of duties” refers to dividing the authorities and responsibilities of a single job among several people.
• Identify the risks that are produced by business processes, illegal acts, fraudulent acts, etc. • Identify the authority and responsibilities of the persons in charge and work on the segregation of duties. • Establish rules to be followed when responding to risks along with a system for checking whether they are properly implemented.
●Information and communications An environment is established in which everyone within the environment can properly acquire, communicate, and share the necessary information. ●Monitoring Evaluations are carried out to make sure internal controls are functioning properly. This includes “daily monitoring,” which is carried out on an ongoing basis, regular “independent evaluations” and a “whistle-blowing system” for people to report illegal and fraudulent acts. These monitoring activities are utilized to monitor, evaluate, and correct the internal control situation. ●Response to IT “Response to IT” is the act of appropriately incorporating the necessary information systems within operations after establishing policies and procedures to achieve the organizational objectives. A better system of internal control is constructed by introducing information systems and improving the efficiency and effectiveness of operations.
Reference
IT strategy An “IT strategy” is a medium- to longterm strategy established to define the company’s information system strategy, how much it will invest, etc. in order to make the information system an effective part of the business strategy. Reference
IT governance The definition of IT governance as provided by the Ministry of International Trade and Industry (now the Ministry of Economy, Trade and Industry) is “the organizational capacity of a company to control the formulation and implementation of an IT strategy and guide it in the proper direction to establish a competitive advantage.”
151
2
IT Governance
“IT governance” is a framework for establishing an IT strategy to utilize information systems and governing its implementation. A company’s relative merits and competitiveness depend on how well it utilizes information systems. For example, even if a large investment is made to introduce information systems, there will not have a significant investment effect if they do not conform to the management policy or meet the users’ needs. The purpose of IT governance, therefore, is to ensure the achievement of the goals of the business strategy through the utilization of information systems, and to improve competitiveness.
6-3
Chapter quiz
*See page 10 in the“Answers and Explanations”booklet for the correct answers.
6-1
Which of the following is appropriate as an item for evaluating the service level to the user of a system? a) b) c) d)
6-2
Which of the following is responsible for receiving various inquiries, such as operations of the product, solutions at the time of troubles, and complaints from the users of the system? a) b) c) d)
6-3
The cost concerning the system development The recovery time from system failure The number of programs that make up the system The number of disk input/output
Access counter Webmaster Data center Help desk
Which of the following is a characteristic of a service desk in operations management of information systems?
Service management
Inquiries are about temporary issues, so records are not necessary. Service desks passively await user inquiries; they do not initiate communication. Service desks should be consolidated into a single window for inquiries. The scope of inquiries is limited to the method of operations.
Chapter 6
a) b) c) d)
152
6-4
Which of the following is the appropriate description concerning the introduction of an uninterruptible power supply (UPS)? a) The highest priority device that should be connected to the UPS is a network printer shared by each PC. b) There is a limit in the capacity of the UPS, so the measure to shut down within several minutes after detecting a power failure is required. c) The UPS has a power generation function, so it is effective if it connects the computers, lighting, television sets, and other appliances. d) The UPS uses a special battery that can be used semi-permanently, so the maintenance cost after introduction is unnecessary.
6-5
Which of the following shows the steps of system audit in the order of implementation? a) b) c) d)
6-6
Planning, investigation, report Cause investigation, correction, test Design, programming, test Requirements definition, proposal request, proposal evaluation
Which of the following is the role of system auditors? a) Advising audited departments about recommendations and measures for improvements b) Appointing auditors c) Determining security policies d) Requesting audited departments to make improvements
6-7
Which of the following is included in the internal control for inhibiting an employee’s dishonesty? a) Publishing the information security plan of a company on the Internet b) Assigning separately the operator and approver of a business task c) Supporting events as corporate sponsors which are held by cities, towns, and villages for contribution to regional vitalization d) Taking the measures against mass media to avoid the deterioration of corporate image by the revealed scandal
153
TECHNOLOGY
Chapter 7 Basic theory............................ 156 Chapter 8 Computer system ................... 186 Chapter 9 Technology element ............... 234
Chapter
7
Basic theory Chapter 7 explains the fundamental concepts of radixes, sets, probabilities, and statistics, as well as the digitization of information and algorithms.
7-1 Basic theory....................................... 157 7-2 Algorithms and programming ............ 171 7-3 Chapter quiz ...................................... 183
7-1
Basic theory 7-1-1 Discrete mathematics The information managed by computers bears a close relationship with “discrete mathematics,” which deals with factors such as digital quantity. Discrete mathematics forms the basis of a wide number of fields, encompassing computer logic circuitry, data structures, and linguistic theory. 1
Numbers and expression
All internal computer commands and data are expressed using binary numbers. An understanding of the fundamental logic behind the binary numbers that form the basis of data expression, as well as other types of number systems, is essential in order to perform tasks such as programming. (1)Binary numbers, octal numbers, decimal numbers, hexadecimal numbers A computer is capable of internally recognizing and processing data based on the transmission of electric current, voltage fluctuation, and other factors. Data recognized through such means is expressed as values featuring a combination of the symbols “0” and “1.” This method is known as a “binary number system.” However, since it only deals with “0” and “1” arrangements, it is difficult for humans to utilize such a system. For this reason, information can also be expressed by replacing this method with a “decimal number system,” which consists of ten commonly used numerals (“0” to “9”). In addition, an “octal number system” employing numerals from “0” to “7” and a “hexadecimal number system,” which is comprised of the numerals “0” to “9” and alphabet letters from “A” to “F” can be utilized as well. HexaHexaBinary Decimal Octal Binary Decimal Octal decimal decimal number number number number number number number number 0
0
0
0
1001
9
11
9
1
1
1
1
1010
10
12
A
10
2
2
2
1011
11
13
B
11
3
3
3
1100
12
14
C
100
4
4
4
1101
13
15
D
101
5
5
5
1110
14
16
E
110
6
6
6
1111
15
17
F
10000
16
20
10
111
7
7
7
1000
8
10
8
* In a hexadecimal number system, “10” through “15” are expressed using “A” to “F.”
157
(2)Radix conversion “Radix conversion” deals with the replacement of one number system with another. The method of radix conversion is summarized below.
(
1 3
= 2 ×1 = 8 ×1 = 8
0 2
+ 2 ×0 + 4 ×0 + 0
1 1
+ 2 ×1 + 2 ×1 + 2
0
)2
0
+ 2 ×0 + 1 ×0 + 0
= (10) 10
●Conversion from a decimal number to a binary number By repeatedly dividing a decimal number by 2, it can be easily converted into a binary number.
Example Converting (10)10 to a binary number 2
10 …0
2
5
…1
2
…0
2
1
Reference
Reading and writing binary numbers If “1010” is written as is, it would not be possible to differentiate a binary number from a decimal number. To be represented as a binary number, the value must be bracketed using parentheses and denoted with a “2” after it. The resulting notation would then be “(1010)2.” This number can be read digit by digit as “One. Zero. One. Zero.” Reference 0
n
← Write the remainder.
Regardless of which value n represents, “n0 = 1” (the zero power equals “1”) by definition.
← Divide by 2 until the quotient equals “1.”
Decimal Number Composition
Reference
In the same sequence as shown by the arrow, write the final quotient and each remainder starting from the beginning of the new value, to convert the decimal number to a binary number.
(10)10 → (1010)2
A “radix” shows how many different numbers can be expressed within one digit. For example, a binary number is composed using the two numbers “0” and “1,” therefore its radix is “2.”
Basic theory
Example Converting (1010)2 to a decimal number
Radix
Chapter 7
●Conversion from a binary number to a decimal number In the same way that each digit in a decimal number system represents “100”, “101”, “102”, and so on, the digits in a binary number system signify “20”, “21”, and “22”, etc. Using these properties, a binary number can be converted to a decimal number.
Reference
(1 3
2
3 )10
0 2
1
0
= 10 ×1 +10 ×2 +10 ×0 +10 ×3 = 1000×1 + 100×2 + 10×0 + 1×3 = 1000 + 200 + 0 + 3 = 1203
158
● Conversion from a binary number to an octal number or hexadecimal number The following properties are used to convert a binary number to an octal number or hexadecimal number. • Three binary number digits can be expressed as one octal number digit. • Four binary number digits can be expressed as one hexadecimal number digit.
Example
Converting (11010)2 to an octal number and hexadecimal number
Conversion from a binary number to an octal number Separate the value by groups of three digits starting from the final digits
11
010
3
2
Conversion from a binary number to a hexadecimal number Separate the value by groups of four digits starting from the final digits
Convert each group of digits into decimal numbers
1
1010
1
10
(32)8
(1A)16
●Conversion from an octal number or hexadecimal number to a binary number To convert an octal number or hexadecimal number to a binary number, convert each octal number digit into three binary number digits, and each hexadecimal number digit into four binary digits.
Example
Converting (43)8 and (F5)16 to binary numbers
Conversion from an octal number to a binary number
4 100 100
3
Conversion from a hexadecimal number to a binary number
F
Convert each digit 11 into binary numbers 011(Add a third digit)
(100011)2
1111 1111
5 101 0101(Add a fourth digit)
(11110101)2
Radix conversion overview Divide the value of the decimal number by 2 repeatedly to determine the quotients and remainders. Continue until the final quotient equals “1.” Arrange the final quotient of “1” and each remainder in reverse order to convert the resulting figures to a binary number.
Separate the binary number into groups of three digits starting from the final digits. Multiply each digit by 2 0 , 2 1 , or 2 2 , and add the resulting values to convert the figures into an octal number. Or similarly, separate the binary number into groups of four digits. Multiply each digit by 20, 21, 22, or 23, and add the resulting values to convert the figures into a hexadecimal number.
Decimal number
Binary number
Octal number
Hexadecimal number
(30)10
(11110)2
(11 110)2
(1 1110)2
(3 6)8 From the last digit of the binary number, multiply each successive digit by its corresponding factor (20, 21, 22, etc.). Add the resulting values to convert the figures into a decimal number.
(1 E)16
Divide each digit of the octal number or hexadecimal number by 2 to determine the quotients and remainders. Continue until the final quotient equals “1.” Arrange the final quotient of “1” and each remainder in reverse order. Combine the resulting values starting with those corresponding to the first digits of the original number, to convert the figures to a binary number. * When converting to a binary number, if each digit of the original number does not equate to three or four digits, add a “0” before the resulting value until it contains the required amount (three digits for an octal number, four digits for a hexadecimal number).
159
(3)Signed binary numbers A “signed binary number system” is a method of expression for handling binary numbers with negative values. In this method, the first bit is treated as a “signed bit,” which acts as a symbol that separates positive and negative values. If the first bit is “0,” it indicates a positive number. If the first bit is “1,” it indicates a negative number.
Reference
MSB An “MSB” is the leftmost bit of a binary number. Abbreviation for “Most Significant Bit.” Reference
The range of values which can be expressed by a particular number of bits is shown below.
Signed bit
An 8-bit unsigned binary number (standard binary number) can express a value ranging from “0” to “255.” A signed binary number, however, only uses seven digits to represent values since its first bit is used as a signed bit. For this reason, an 8-bit signed binary number can, at most, express a value ranging from “−128” to “127.” Two typical kinds of signed binary numbers are summarized below. ●One’s complement A “one’s complement” reverses bits signifying a positive value in order to express a negative value. When the value is “−3” ① Determine the bits used for positive “3” ② Reverse the bits
00000011 11111100 ······ One’s complement
Number Unsigned bi- Signed binary of bits nary number number 4
0~15
−8~7
8
0~255
−128~127
12
0~4095
−2048~2047
16
0~65535
−32768~32767
32
0~ −2147483648~ 4294967295 2147483647
Basic theory
“0” represents a positive number. “1” signifies a negative number.
Chapter 7
Expressible value range
Reference
Complement A “complement” is a value that carries over one digit when it is added to another number.
●Two’s complement A “two’s complement” adds “1” to a one’s complement to express a negative value. When the value is “−3” the one’s complement ② Add “1” to the one’s complement ① Determine
11111100 + 1 11111101 ·····Two’s complement
160
(4)Addition and subtraction of binary numbers To add or subtract binary numbers, arrange the digits in the same way as decimal numbers, and calculate from the last digits. ●Addition During addition, digits must be carried over so that “(1)2 + (1)2 = (10)2.”
Example
Calculate (1001)2 + (011)2
1 1 Digits carried over ( 1001 ) 2 ( 011 ) 2
+
( 1100 ) 2
●Subtraction During subtraction, digits must be carried over so that “(10)2 − (1)2 = (1)2.”
Example
Calculate (1001)2 − (011)2
0 1 Digits carried over ( 1001 ) 2 − ( 011 ) 2 ( 110 ) 2
2
Set
A “set” is a collection of data grouped following certain well-defined conditions. Using sets, it is possible to express written text such as “A OR B.” These types of statements are known as “propositions.” Sets expressed through propositions can be graphically represented by “Venn diagrams.” The relationship between three typical kinds of sets and Venn diagrams is shown below. Set Venn diagram
A OR B (A + B)
A
B
A AND B (A & B)
A
B
NOT A (¬A)
A
In order to interpret these Venn diagrams, the “truth-value” is required. For the “truth-value,” a value of “1” indicates “True,” and a value of “0” indicates “False.”
161
For example, if A is valid, but B is not valid, the respective truth-values would be “A = 1” and “B = 0.” If proposition “A OR B” is applied, this equates to “1 OR 0,” indicating that the proposition is logically true. However, if proposition “A AND B” is applied, this becomes “1 AND 0,” which would be logically false. The combination of these truth-values is referred to as a “truth table.” Logical product (AND)
Negation (NOT)
B
AORB
A
B
AANDB
A
NOT A
1 1 0 0
1 0 1 0
1 1 1 0
1 1 0 0
1 0 1 0
1 0 0 0
0 1
1 0
Logical Operations A “logical operation” is a type of mathematical operation that is used when a combination featuring multiple conditions (logic) is represented by an expression.
Basic theory
Truth table
A
Reference
Chapter 7
Logical sum (OR)
7-1-2 Applied mathematics The analysis of accumulated data allows for the discovery of operational problems and may provide hints that lead to the improvement of operational capabilities. During this process, “applied mathematics” is used. Applied mathematics is a branch of mathematics concerned with areas such as “probability” and “statistics,” which aims to impart mathematical understanding to non-mathematical fields. 1
Probability
“Probability” is a means to evaluate the total number and extent of accumulated data. (1)permutation A “permutation” is the aggregate derived when an optional count is taken from a particular collection of data, and the remaining values are arranged in an equation. If r is arbitrarily taken from the variant n, and a sequence of the resulting numbers arranged in one row is expressed as nPr, the following expression is provided. Pr = n × (n − 1) × (n − 2) × ··· × (n − r + 1)
n
Example Take four variant numbers from the values “1, 2, 3, 4, 5, 6” to derive four separate digits. P =6×(6−1)×(6−2)×(6−3)=6×5×4×3=360
6 4
162
Reference
! “!” is a symbol that represents a factorial. For example, “3!” is equivalent to “3 × 2 × 1.”
(2)Combinations A “combination” is the aggregate derived when an optional count is taken from a particular collection of data, and the respective values are removed from an equation. If r is arbitrarily taken from the variant n, and the resulting combination of numbers is expressed as nCr, the following expression is provided. Cr
n
=
Pr r!
n
n! (n−r)! r!
=
Example Take four variant numbers from the values “1”, “2”, “3”, “4”, “5”, and “6.” P 6×5×4×3 = = 15 4! 4×3×2×1
6 4
(3)Probability A “probability” expresses the likelihood that a certain phenomenon will occur in comparison with all applicable phenomena. If all phenomena are expressed numerically as n, and the likelihood of phenomenon A occurring, as signified by r, in comparison to all phenomena is represented by P(A), the following expression is provided. P (A) =
r n
Example When three out of ten lottery tickets contain a winning number, determine the probability for drawing two consecutive winning tickets. Combination containing all phenomena: Combination in which two out of ten tickets are drawn ··· 10C2 = 45 Combination in which two consecutive winning tickets are drawn: Combination in which two out of three winning tickets are drawn ··· 3C2 = 3 The probability is calculated as follows. 3 1 = 45 15
163
Example When three out of ten lottery tickets contain a winning number, determine the probability for drawing two consecutive winning tickets. (Alternate method) The probability of acquiring a winning ticket after drawing just once
2
Basic theory
The problem is solved by considering the second draw. Probability of acquiring a winning ticket on the first draw 3 = 10 Probability of acquiring a winning ticket on the second draw 2 = 9 The required probability is calculated as follows. 3 2 1 × = 10 9 15
Chapter 7
Number of winning tickets Total number of tickets
Statistics
“Statistics” are a means to examine the regularity of accumulated data, and make predictions about the future. (1)Measure of central tendency of data Through a “measure of central tendency of data,” the properties of all data can be expressed via one numeric value. Values used as a measure of central tendency of data are shown below. Value
Explanation
Mean
The combined sum divided by the number of data sets. In general, “mean” refers to “arithmetic mean.”
Median
The central value when data is arranged in either an ascending or descending order. In cases where there is an even number of data sets, the average of the two most central values is adopted.
Mode
The highest value related to the frequency of occurrence of data.
164
Reference
Work sampling “Work sampling” is a means of analyzing equipment, working hours, and other details. After an observation frequency is chosen, the working status of particular employees is monitored at random intervals.
(2)Data dispersion “Data dispersion” numerically represents the extent of spread in individual sets of data around a particular mean. Even in cases where collections of data bear the same mean, their properties may differ as shown below. Data
Mean
Group A
20, 21, 22, 19, 18
20+21+22+19+18 =20 5
Group B
10, 30, 5, 25, 30
10+30+5+25+30 =20 5
Values that express these differences include “variance,” “standard deviation,” and “range,” each of which serves as a dispersion index. Value
Explanation
Variance
The value calculated by subtracting the mean from the value of each data set, squaring that result, adding each of those figures together, and dividing the total sum by the number of data sets.
Standard deviation
The value derived from the square root of the variance.
Range
The difference between the highest and lowest numbers contained in the data.
Although Group A and Group B have the same mean, data dispersion is calculated as follows. Group A
Group B
Mean
20
20
Variance
{(20−20)2+(21−20)2+(22−20)2 2 2 +(19−20) +(18−20) }÷5 =(0+1+4+1+4)÷5 =10÷5 =2
{(10−20)2+(30−20)2+(5−20)2+ (25−20)2+(30−20)2}÷5 =(100+100+225+25+100)÷5 =550÷5 =110
Standard deviation Range
2≒1.414 22−18=4
110≒10.48 30−5=25
With the mean alone, it is not possible to accurately analyze how data is structured. Through dispersion, a strong understanding of the data’s overall distribution can be gained.
165
A “frequency distribution table” is a chart that provides an overview of the state of data analysis. Reference
Histogram Histograms, which express dispersion through bar graphs, can also be used to represent the state of data distribution. Through histograms, information such as an overview of the data as a whole, its central position, and the magnitude of dispersion can be checked.
Basic theory
Data count
Reference
Frequency distribution table
Chapter 7
(3)Normal distribution “Normal distribution” allows for data variation to be expressed in chart form using a convex-shaped graph known as a “bell curve.” Rounded in the same way as an actual bell, a bell curve is symmetrically balanced to the left and right with the mean positioned at its center. In terms of its properties, normal distribution contains data within approximately 68% of the mean plus or minus a standard deviation of 1, approximately 95% of the mean plus or minus a standard deviation of 2, and approximately 99% of the mean plus or minus a standard deviation of 3. This data can be used to express standard kinds of knowledge such as the height of a large number of people, the weight of a large quantity of products produced by the same process, or errors in measurement. Such properties can be utilized to predict the amount of data that differs greatly from the mean, and in turn the quantity of inferior industrial goods manufactured.
68%
Standard deviation
Data value Mean
7-1-3 Theory of information In order to grasp the fundamental logic behind the numeric values and data managed by computers, it is necessary to understand various concepts including methods of expressing information quantity, the reasoning behind digitization, and character representation. 1
Units measuring volume of information
“Bits” and “bytes” are units that are used to measure quantities of information, and represent the memory capacity and performance of a computer. Knowing about these units will also prove helpful in understanding PC performance and memory, as well as hard disk memory capacity.
166
Reference
Number of data types expressible by bits 21 = 2 types 22 = 4 types 23 = 8 types 24 = 16 types 25 = 32 types 26 = 64 types 27 = 128 types 28 = 256 types
1 bits 2 bits 3 bits 4 bits 5 bits 6 bits 7 bits 8 bits
(1)Bits and bytes A “bit” is the smallest unit of data which can be handled by a computer. In the same way as a binary number, “one bit (also written as “1 bit” or “1 b”)” is represented by either “0” or “1.” Eight bits together can be displayed as “one byte (also written as “1 Byte” or “1 B”).”
00000000 00000001 00000010
28 indicates that 256 kinds of data can be expressed.
11111110 11111111 _ _ 1 bit 8 bits = 1 byte Reference
Prefixes “Prefixes” are letters used to represent the size of bits and bytes. These include K ( kilo ) , M ( mega ) , and G ( giga ) . Although not used independently, prefixes are used with other units to express the multiple of 10 applied to that particular unit. Prefixes
Long form
Power
K
kilo
3
M
mega
6
G
giga
9
T
tera
12
P
peta
15
(2)Units representing volume of information Units used to describe information larger than a byte are summarized below. Unit
Long form
KB
kilobyte
Explanation
MB
megabyte
220 = 1024 KBytes
GB
gigabyte
230 = 1024 MBytes
TB
terabyte
240 = 1024 GBytes
PB
petabyte
250 = 1024 TBytes
210 = 1024 Bytes
* When displaying memory capacity, units are generally converted using “210” as a multiplier. Normally, a lower case “k” is written if “1000” is the multiplier, while an upper case “K” is used if “210” is the multiplier.
(3)Units representing time To denote computer processing speed, the following units are used to represent times shorter than one second. Unit
2
Long form
ms
millisecond
μs
microsecond
ns
nanosecond
ps
picosecond
Explanation 1 1ms=10 s = 103 s 1 −6 1μs=10 s = 106 s 1 −9 1ns=10 s = 109 s 1 −12 1ps=10 s = 1012 s −3
Digitization
In order to manipulate “analog data” such as text, forms, photos, and pictures on a computer, converting it into digital code (ranging from “0” to “1”) or “digitization,” is necessary. Through digitization, image processing, copying, communications, and other functions can be executed at high speeds, greatly expanding the application of data. In addition, the use of digital data protects the original analog data from deterioration, allowing for more efficient data utilization.
167
●A/D Conversion “A/D conversion” refers to changing analog code into digital code. Conversely, restoring digital code to analog code is referred to as “D/A conversion.” Analog data such as music is divided and extracted at set intervals.
Reference
Decode
1
2
The information extracted during sampling is expressed using numeric values (bits).
Quantization
15 12
11 8
7
8
8
5
5 3
1
2
“Decode” refers to restoring original data by converting encoded data according to specified rules. Software which performs this operation is known as a “decoder.” Reference
Sampling rate
Basic theory
16 14 12 10 8 6 4 2 0
16 14 12 10 8 6 4 2 0
“Encode” refers to converting data according to specified rules. Software which performs this operation is known as an “encoder.”
Chapter 7
Sampling
Reference
Encode
“Sampling rate” refers to the number of times analog data is measured within one second. Also referred to as “sampling frequency,” this unit is expressed using “Hz.” The greater the sampling rate, the better the sound quality when the digital data is replayed. Reference
Bits are converted to data following specific guidelines. For example, they are expressed through a radix conversion, where the data is changed from decimal numbers to binary numbers.
Encoding
7
0
1
1
1
12
1
1
0
0
15
1
1
1
1
8
1
0
0
0
5
0
1
0
1
8
1
0
0
0
11
1
0
1
1
5
0
1
0
1
8
1
0
0
0
3
0
0
1
1
Sampling and quantization While analog code consists of consecutively grouped data, digital code is comprised of data that is divided separately. By shortening the sampling interval and increasing the level of quantization to search for more exact values, it is possible to approach the quality of the analog data during A/D conversion. • The longer the sampling interval, the lower the quantization level
Coded data is converted into digital data. 1
Coded digital display 0 7
12
15
8
5
8
11
5
8
3
• The shorter the sampling interval, the higher the quantization level
168
●Major properties of digital data Item
Explanation
Data transmission
Transmittable to distant locations
Data sharing
Can be jointly used over a network
Data image processing
Can be editted and processed using functions such as expansion, shrinkage, and trimming
Data image quality
Does not deteriorate
Data compression
Executable
Data searching
Executable
Data copying
Executable
Character representation
3
Internally, a computer treats characters as binary numbers. The binary code to which all characters are assigned is known as a “character code.” Type Reference
ASCII
The character code standardized by ANSI (American National Standards Institute). A 7-bit code system which expresses alphanumeric characters and symbols. By adding a parity bit, it can be represented as one byte.
JIS
The character code standardized by JIS (Japanese Industrial Standards). It consists of a 1-Byte code system, which expresses alphanumeric characters and symbols, and also a 2-Byte code system, which represents Chinese and Japanese characters.
Shift JIS
A character code standardized by Microsoft. A 2-Byte code system, which combines the JIS 2-Byte code with the ASCII 1-Byte code. It is used on a wide range of computers via Windows, Mac OS, and other operating systems.
EUC
A character code standardized by AT&T. Short for “Extended Unix Code,” this 2-Byte code system allows for Chinese characters to be used via the Unix operating system.
EBCDIC
An 8-bit character code standardized by IBM in the United States. It has mostly been adopted for large, multi-purpose computers.
Unicode
A character code standardized by ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission). A 2-Byte code system which incorporates characters used throughout the entire world.
Parity bit A “parity bit” is a bit which allows for character code errors to be inspected.
Reference
EUC Abbreviation for “Extended Unix Code.”
169
Explanation
●JIS Code Table First four bits 00
00
01
10
00
4 @ A B C D E F G H I J K L M N O
01
01
5 P Q R S T U V W X Y Z [ ¥ ] ^ _
* “SP” in 0010, 0000 is the symbol for a blank space.
01
10
6 a b c d e f g h i j k l m n o
01
11
7 p q r s t u v w x y z { l }  ̄ DEL
10
00
10
01
8
9
10
10
A Undefined 。 「 」 、 ・ ヲ ァ ィ ゥ ェ ォ ャ ュ ョ ッ
10
11
B − ア イ ウ エ オ カ キ ク ケ コ サ シ ス セ ソ
11
00
C タ チ ツ テ ト ナ ニ ヌ ネ ノ ハ ヒ フ ヘ ホ マ
11
01
D ミ ム メ モ ヤ ユ ヨ ラ リ ル レ ロ ワ ン ゙ ゚
11
10
11
11
E
F
Basic theory
3 0 1 2 3 4 5 6 7 8 9 : ; < = > ?
01
Chapter 7
* + , . /
11
Undefi ned
2 SP ! " # $ % & ' ( )
00
Undefi ned
1 TC7(DLE) DC1 DC2 DC3 DC4 TC8(NAK) TC9(SYN) TC10(ETB) CAN EM SUB ESC IS4(FS) IS3(GS) IS2(RS) IS1(US)
00
Undefi ned
0 NUL TC1(SOH) TC2(STX) TC3(ETX) TC4(EOT) TC5(ENQ) TC6(ACK) BEL FE0(BS) FE1(HT) FE2(LF) FE3(VT) FE4(FF) FE5(CR) SO SI
00
Undefi ned
b8b7 b6b5 b4~b1 0000 0 0001 1 0010 2 0011 3 0100 4 0101 5 0110 6 0111 7 1000 8 1001 9 1010 A 1011 B 1100 C 1101 D 1110 E 1111 F
Last four bits
170
7-2
Algorithms and programming 7-2-1 Data structures When developing a system, programs must be created so that the necessary functions will operate correctly. Here, the data structures and algorithms required during programming will be explained. 1
Data and data structures
“Data” is defined as the information manipulated internally by a computer. When a collection of data is systematically organized and managed as a group, that information is known as a “data structure.” Data structure design serves as the entire foundation of system development. Accordingly, it is necessary to plan and investigate data structures ahead of time so that they can execute the desired tasks. The fundamental data structures are summarized below. Reference
Constant A “constant” is data possessing a certain fixed value. They are the opposite of variables.
●Variables A “variable” identifies the location where data currently used by programs is stored temporarily. When defining a variable, a variable name consisting of alphanumeric characters and symbols is entered to differentiate it from other data. In addition, while it is being used, the variable is assigned a value. For example, in the expression “y = a + 10,” by assigning a value of “10” to a, y will equal “20.” Since the properties of variables allow for different values to be entered each time a program is executed, there is no need to rewrite the actual program at such times. 10
y=
Data is assigned when the program is executed.
a
+10
The variable acts as a kind of box which contains the data.
171
●Field types A “field type,” which is also referred to as a “data type,” indicates different kinds of stored data. A field type, including numbers and character strings, is defined within the data which is manipulated while the program is being run. By defining the field type with a variable, it becomes possible to assign only the most suitable data, greatly improving the program’s accuracy. Chapter 7
a
y=
+10
●Arrays When a large volume of data is manipulated, it becomes useful to employ a data structure known as an “array” instead of a variable. In contrast to variables, which store one piece of data, arrays are capable of arranging and storing multiple pieces of the same type of data. Normally, arrays store consecutively grouped data. However, they also contain a “subscript” for identifying individual sets of data, making it possible to search for specific data and extract smaller pieces of data sequentially from a particular group. Variable
Array
Variable a
Reference
Precautions about arrays
Basic theory
A numeric value is manipulated.
Before using an array, its size and the order in which data will be assigned must be determined beforehand. If these items are changed thereafter, the array will need to be redefined.
To distinguish the different elements within an array, a number known as a subscript is added.
[1]
[2]
[3]
[4]
[5]
Array a
●Lists A list is a data structure which groups together multiple sets of scattered data. Similar to arrays, lists do not necessarily store only consecutively grouped data. In addition to containing the data itself, lists possess a type of information known as a “pointer,” which indicates the location where the next set of data is stored. When data is replaced or added, the list’s order can be redefined by changing the pointers.
1
2 2
Data
3 5
4 4
Reference
Other data structures • Record ∙∙ The data assigned to one row • File ∙∙∙∙∙∙∙ A collection of data
5 6
3
Pointer
172
2
Stacks and queues
The concept of introducing and deleting data within a list is summarized below.
Reference
LIFO “LIFO” refers to an order in which the last data entered is the first one removed. Abbreviation for “Last-In-FirstOut.”
●Stacks A “stack” is a method through which data is introduced to the end of a list, and the last data added to the list is deleted. Also referred to as a “LIFO” list. The basic structure of a stack is shown below. PUSH (n)
Introduce the data (n)
POP
Delete the last piece of data
PUSH (n)
POP Deleted in the order of 4→3→2→1
4 3 2 1
Reference
FIFO “FIFO” refers to an order in which the first data entered is the first one removed. Abbreviation for “First-In-First-Out.”
●Queues A “queue” is a method through which data is introduced to the end of a list, and the first data added to the list is deleted. Also referred to as a “FIFO” list. The basic structure of a queue is shown below. ENQUEUE (n)
Introduce the data (n)
DEQUEUE
Delete the first piece of data
ENQUEUE (n)
4 3 2 1 DEQUEUE Deleted in the order of 1→2→3→4
173
7-2-2 Algorithms An “algorithm” is a processing procedure that is used to solve problems. When developing a system or conducting an operational analysis, the algorithm is considered first. Algorithms clarify which steps are taken, making it possible to create programs more efficiently.
Flowcharts
●Flowchart symbols The symbols which appear in flowcharts are established by Japanese Industrial Standards (JIS). The typical symbols used are summarized below. Symbol
Name
Basic theory
A “flowchart” is a diagram which illustrates the progression of work tasks and programming steps, utilizing various symbols and arrows. In addition to programming steps, flowcharts can also display data paths and controls, and are used to graphically represent algorithms in an easy to understand manner.
Chapter 7
1
Explanation
Terminal
Indicates the start and end of the flowchart.
Lines
Indicates the flow of steps, data, controls, and other items.
Process
Indicates procedures such as operations and data assignments.
Data symbol
Indicates data input and output.
Decision
Indicates a management function in which conditions are judged, and as a result, one process is selected out of a multiple number of choices.
Loop limit (beginning)
Indicates the start of a loop.
Loop limit (end)
Indicates the culmination of a loop.
174
2
Basic structures of algorithms
The fundamental structures of algorithms are “sequence structures”, “selection structures”, and “repetition structures.” Through a combination of these structures, it is possible to express complex algorithms. (1)Sequence structures A “sequence structure” represents a flow which is carried out in a particular order. Start
Process ①
Process ②
End
(2)Selection structures A “selection structure” represents a flow through which processes are selected based on certain conditions. Start
Condition
False
True
Process ①
End
175
Process ②
(3)Repetition structures A “repetition structure” represents a flow which, based on some predetermined frequency or condition, is carried out over and over again as long as some requirement is satisfied, or until some criteria has been met. Start
Condition True
When the flow repeats due to some condition, there are methods which judge the condition before the repetition occurs ( pre-assessment ) , and also methods which judge the condition after the repetition takes place (post-assessment).
Basic theory
False
Condition based repetition
Chapter 7
Process ①
Reference
Process ②
End 3
Typical algorithms
The typical algorithms used are summarized below. (1)Sum A “sum algorithm” deals with addition. It is written using a sequence structure if the number of additions ranges from one to several. If that amount is always plural, however, it is written with a selection or repetition structure. Sum algorithms are the most standard type of algorithm. Calculate “1 + 1”: y = y + x ① Assign
“0” to the value y (Default)
y=0+x ② Assign “1” to the value x y=0+1 ③ Assign the calculated result to the solution y 1=1 ④ Assign “1” to the value x y=1+1 ⑤ Assign the calculated result to the solution y 2=2 ⑥ Repeat steps ④ and ⑤ if further calculations are necessary.
176
(2)Search A “search algorithm” looks for data that matches certain conditions that are given. These include the following types of structures. ●Linear search A “linear search” is a method which checks each set of data in order, starting from the first set and ending with the last set. Search for “6” 4
5 2 7 8 6 1 9 3 10
① Check
whether “6” can be found in the first set of data. ② Check whether “6” can be found in the second set of data. ③ Repeat until “6” is found. ●Binary search A “binary search” is a method which, starting from a central set of data, checks for information by narrowing down whether the targeted item is located before or after the central value. This method is useful when data is in ascending or descending. Search for “6” 1
2 3 4 5 6 7 8 9 10
① Narrow the choices down to the data located after the center.
1
2 3 4 5 6 7 8 9 10
② Within 6-10, narrow the choices down to the data located before the center.
1
2 3 4 5 6 7 8 9 10
③ Within 6-7, narrow the choices down to the data located before the center.
Find “6.”
177
(3)Merge A “merge algorithm” combines two files into one while maintaining the order of data present in both files. Combine two files into one List 1
1
List 2
4
2
2
8
3
4
5
6
3
5
9
8
9
10
7
10
Basic theory
1
7
Chapter 7
Merged list
6
Data is arranged in order starting from the smallest set of data. This repeats until the last set of data is allocated.
(4)Sorting A “sorting algorithm” organizes the order in which data is arranged. ●Bubble sort A “bubble sort” is a method in which the values of adjacent data are compared and then arranged in order from the first set of data to the last. This is the most standard type of sorting algorithm. Sort data in an ascending order 5
4 2 1 3
① If the first value is > the second, switch the two sets of data.
4
5 2 1 3
Reference
Sorting algorithms There are many different kinds of sorting algorithms.
●Comparison sort A “comparison sort” compares two sets of data and then arranges them in order. One type of comparison sort is a bubble sort.
●Insertion sort An “insertion sort” compares two sets of data and then arranges the data by inserting it in the correct order.
●Merge sort A “merge sort” combines data after it is sorted.
② If the second value is > the third, switch the two sets of data.
4
2 5 1 3
③ If the third value is > the fourth, switch the two sets of data.
4
2 1 5 3
④ If the fourth value is > the fifth, switch the two sets of data.
4
2 1 3 5
⑤ Repeat steps 1-4 until the data is arranged in order.
178
7-2-3 Programming and programming languages A “program” is a collection of text that commands a computer to perform algorithms. Collectively, the rules and syntax used to describe a program are known as a “programming language.” 1
Types of programming languages
Different kinds of programming languages are employed depending on the objective, as well as the computer’s format and usage. The act of writing algorithms while utilizing a programming language is known as “programming.” The typical programming languages used are summarized below.
Low-level language “Low-level language” is a name used for programming languages written in a format that is easy for computers to interpret.
Low-level languages
Reference
Reference
Type
Characteristics
Machine language
Language written using a binary command code that can be understood by a CPU. Machine languages differ for each type of CPU.
Assembly Language
Language consisting of symbols representing the command sections of a machine language, which makes it easier for humans to read.
C
Language originally created in order to develop UNIX. It is now used by a wide range of fields through operating systems, application software, and other programs and interfaces. An updated version that supports object orientation has been developed as “C++ (C-plus-plus).”
Java
Language which supports object orientation and is widely used by the Internet and distributed system environments. Programs created with Java operate via a runtime environment known as a “Java Virtual Machine.” This allows programs to be executed by different hardware or operating systems. Java is subdivided as follows. • Java applications Programs created via Java that operate independently of browsers. • Java applets Programs created via Java that operate in conjunction with browsers. • Java servlets Programs developed via Java that execute on the server side according to browser requirements.
High-level language “High-level language” is a name used for programming languages written in a format that resembles human language and diminishes user awareness of hardware devices. Reference
Object orientation High-level languages
Refer to “Chapter 4-2-1 Software development processes and methods.”
Technical specifications of Java are as follows. • JavaBeans Technical specifications used when creating component programs (Beans) with Java. These programs can be reused and combined to develop new programs.
179
COBOL
Language primarily suited for the development of programs related to administrative processes.
FORTRAN
Language primarily suited for the development of programs related to science and technology.
BASIC
Language frequently used by novices due to its comparatively easy-to-understand utilization of symbols. A widely used updated version known as “Visual Basic” supports the development of application software that can be run on Windows.
2
Language processor
Programs created using high-level language cannot be executed as is by computers. In order for data to be converted (translated) into a machine language that computers understand, a software program known as a “language processor” is used. The typical language processors used are summarized below. Characteristics It translates entire source programs into machine language with an executable format. A complete set of machine language is executed after translation, resulting in a program that runs faster than a program translated by an interpreter.
Interpreter
It executes programs while translating one command at a time from the source program into machine language. The translation and execution processes repeat for each command, resulting in a program that runs slower than a program translated by a compiler. However, it is easier to detect bugs written in the program.
C source program
Language processor (Compiler)
main () printf ( "Sunday \ n" ) ; printf ( "Monday \ n" ) ; printf ( "Tuesday \ n" ) ;
Reference
Cross compiler A “cross compiler” is a language processor that translates programs using a different computer than the computer actually executing the program.
Machine language program 01110100・・・
Translate
{
“JavaScript” is a script language developed by Netscape Communications. It serves as an interpreter language that is embedded in HTML, and can be executed via a browser. It is a programming language completely separate from Java.
Basic theory
Compiler
JavaScript
Chapter 7
Type
Reference
00110101・・・ 10101111・・・ 01011011・・・ 00110111・・・
}
7-2-4 Markup languages A “markup language” is used to write logical structures in text by means of tags. A “logical structure” affects textual and graphical layout, character appearance (written format), and other elements. Through the use of tags, they embed control characters into text to express information related to details such as layout, character embellishment, and hyperlinks. Two typical examples of markup languages are “HTML” and “XML.”
180
Reference
HTML Abbreviation for “HyperText Markup Language.” Reference
SGML “SGML” is a type of markup language that uses a text format developed to simplify data conversion for electronic publishing, text databases, and other types of applications. Abbreviation for “Standard Generalized Markup Language.” Reference
1
HTML
“HTML,” which was developed based on “SGML,” is a language used to create Web pages. It employs control characters called “tags,” which provide commands that direct how the page will be displayed. These tags appear as sections which are bracketed off using the symbols “.” ●Standard tags Tag
Explanation
…
Start and end of HTML
…
Start and end of header
…
Start and end of title
…
Start and end of main text
…
Start and end of paragraph
…
Start and end of boldface text
DHTML
…
Start and end of underlined text
“DHTML,” which is based on expanded HTML specifications, is a technology that enables various interactive means of expression on a Web page. It allows for more animated Web pages featuring images that display and illustrations that move in line with mouse or cursor movement. Abbreviation for “Dynamic HTML.”
…
Start and end of italicized text
…
Start and end of link (indicates a link using an HREF attribute)
Line break
●Examples of tag notation
Appears in browser as
181
[Main text]
← Start of HTML ← Start of header ← Start of title Home page ←(Title) ← End of title ← End of header ← Start of main text Recruiting baseball team members Practice every Sat. and Sun. Members needed: 5 players (ages 20-35) For further details click ← End of main text ← End of HTML
2
XML
XML Abbreviation for “eXtensible Markup Language.” Reference
DTD Abbreviation for “Document Type Definition.” Reference
“VRML” is a language used to manipulate three-dimensional data. Abbreviation for “Virtual Reality Modeling Language.”
Basic theory
VRML
Chapter 7
“XML” is a markup language designed for writing data that is optimally suited for use with the Internet. Since it allows tags to be independently defined, it is said to be an expandable markup language. XML is also capable of defining text and the information that defines text type (DTD) separately. Text written using XML is translated under the rules stipulated by the DTD, and the resulting information is displayed onscreen. Currently, this language is widely used not only by the information services industry, but also by a wide range of companies that utilize its capabilities to disclose information or make electronic commercial transactions via the Internet.
Reference
182
7-3
Chapter quiz
*See page 11 in the“Answers and Explanations”booklet for the correct answers.
7-1
Which of the following is the binary number obtained by adding binary number 1111 and number 101? a) b) c) d)
7-2
A test consisting of two questions, question 1 and question 2, was given. Among 100 examinees, 65 correctly answered question 1 and 73 correctly answered question 2. At least how many examinees correctly answered both questions? a) b) c) d)
7-3
1111 1212 10000 10100
35 38 62 65
In the following Venn diagrams including three areas A, B, and C, which shaded area is “common to A and B but not C”? a)
B
c)
C
A
B
d)
A
B
183
b)
A
C
C
A
B
C
7-4
At least how many bits are required to indicate the length from 0 mm to 1,000 mm in the unit of millimeters?
7-5
4 10 1000 1001
PUSH
a)
7-6
Basic theory
There is a device where articles are accumulated upwards from the bottom and taken out from upwards in sequential order. There are two kinds of operations for this device. PUSH n: Accumulate an article (number n) POP: Extract one article from the top If no articles are accumulated at the beginning, which of the following is the result of the operations?
Chapter 7
a) b) c) d)
PUSH 1 → PUSH 5 → POP → PUSH 7 →
POP
PUSH 6 → PUSH 4 → POP → POP → PUSH 3
c)
b)
d)
1
3
3
6
7
4
7
4
3
6
1
3
When the procedure described below is repeated to sort five numbers in ascending order, how many times is the procedure repeated until sorting is completed? [The order of data before sorting] 5, 1, 4, 3, 2 [Procedure] (1) If the 1st data > the 2nd data, replace the 1st and 2nd data. (2) If the 2nd data > the 3rd data, replace the 2nd and 3rd data. (3) If the 3rd data > the 4th data, replace the 3rd and 4th data. (4) If the 4th data > the 5th data, replace the 4th and 5th data. (5) When no replacement occurs, sorting is completed. When replacement occurs, repeat the procedure from (1). a) b) c) d)
1 2 3 4
184
7-7
In the communication network shown below, how many nodes from B to L cannot be reached from A? Here, information can be transmitted only in the direction of arrows.
B A
C
G D
E
F
J
K
L
H I
a) b) c) d)
7-8
Which of the following is appropriate as the role of a programming language? a) b) c) d)
7-9
It enables humans to read programs automatically generated by computers. It describes the number of data processed by computers. It describes the procedures for computers. It makes an imperfect program written by programmers into a perfect one.
Which of the following is the language used for creating a Web page on the Internet? a) b) c) d)
185
1 3 4 6
BMP FTP HTML URL
Chapter
8
Computer system Chapter 8 examines computer components, system components, hardware, and software, and explains each type of component and their characteristics.
8-1 8-2 8-3 8-4 8-5
Computer component ........................ 187 System component............................ 204 Software ............................................ 212 Hardware ........................................... 223 Chapter quiz ...................................... 229
8-1
Computer component 8-1-1 Processor
Reference
CPU Abbreviation for “Central Processing Unit.”
The “processor” or “CPU (Central Processing Unit),” is a critical device that can be considered the brains and nucleus of a computer. A computer is comprised of devices that perform various functions centering on the CPU. When using a computer, it is important to understand the basic components of a computer and how they work. 1
Computer configuration
A computer is configured from devices that possess the five functions of “input”, “output”, “control”, “operation”, and “storage.” The roles performed by the five major types of devices are summarized below. Device
Task
Control device
Interprets programs and sends instructions to other devices.
Operation device
Performs calculations according to the instructions within programs. Combined with the control device, it is referred to as the CPU.
Storage device
Stores programs and data. Divided into “main memory” and “auxiliary storage devices.”
Input device
Inputs data to the main memory.
Output device
Outputs data from the main memory (display, print, etc.).
The flow of data and control between the respective devices is shown below. Reference
Control device
Flow of control
A “peripheral device” is a device other than the CPU and main memory.
Flow of data
CPU
Peripheral device
Operation device
Input device
Main memory
Auxiliary storage devices
187
Output device
Peripheral devices
For example, a program that processes the equation “1 + 2 =” inputted from a keyboard, operates according to the following sequence. + 2 =” is inputted using the input device (keyboard) ② “1 + 2 =” is stored in the storage device (main memory) ③ “1 + 2 =” is calculated by the operation device (CPU) ④ The result “3” is stored in the storage device (main memory) ⑤ “3” is displayed by the output device (display)
① “1
2
Basic framework of CPUs
An “MPU” is a device which contains CPU functions on a single “large-scale integrated (LSI)” circuit. For computers, a CPU is sometimes called an “MPU.” Abbreviation for “Micro Processing Unit.” Reference
Chip A “chip” is a component that makes up an electronic part such as a CPU. Chips are small in size and measure just a few millimeters on each side. Electronic circuits are embedded into the chip.
Computer system
(1)CPU The CPU incorporates “control” functions that send instructions to the various devices, and “operation” functions that perform calculations according to instructions contained within programs. Due to increasing miniaturization, some CPUs are now small enough to fit on a fingertip.
MPU Chapter 8
The CPUs of earlier computers were comprised of multiple chips, but advancements in technology have enabled the CPU to be contained on a single chip. A CPU that is comprised of a single chip is called a “microprocessor.” The basic framework and functions of a CPU are summarized below.
Reference
●CPU throughput The processing speed of a computer is heavily influenced by the performance of the CPU. A CPU is categorized by the number of bits it can process at one time. A “16-bit CPU” and “32-bit CPU” can process 16 and 32 bits at a time respectively. Higher bits indicate greater throughput and a higher performance CPU.
188
Reference
x86 The “x86” processors are a series of CPUs developed by Intel. The 8086 processor was followed in succession by the release of the 8088, 80186, 80286, i386, and i486 processors.
●Types of CPUs Several types of CPUs are summarized below. Brand Pentium
Developer
Description
Intel
Successor to the x86 family of processors. The original Pentium was followed by the release of the Pentium Pro, Pentium II, Pentium III, Pentium 4, and Pentium D.
Celeron
Athlon
CPU aimed at lower cost computers. The brand name does not change with version upgrades as is customary with the Pentium series, but the processor itself has improved with each successive generation. AMD
Includes Athlon MP for servers, Athlon and Athlon XP for general computers, and Mobile Athlon and Mobile Athlon 4 for laptops.
Duron PowerPC
Reference
Clock generator A “clock generator” is a circuit that generates a clock signal.
CPU aimed at lower cost computers. Designed to compete with Celeron processors from Intel. Motorola, IBM, Apple (alliance)
Includes the PowerPC 601, 603, 604, 740, 750, G4, and G5. PowerPC processors are equipped on Mac (Macintosh) computers from Apple.
(2)Clock frequency A “clock” signal is a cyclical signal that is used to coordinate the timing of operations, either within the CPU or with outside devices. The “clock frequency” indicates the number of signals per second. CPUs with the same bits can differ in throughput, depending on the clock frequency. The higher the clock frequency, the greater the capacity to process data and the faster the processing speed. The clock frequency is indicated in “Hz (Hertz)” measurements. The CPU name is followed by a “MHz (Megahertz)” or “GHz (Gigahertz)” designation, as in “Pentium 4 2.80GHz.” An 800MHz CPU performs eight hundred million operations per second. 800MHz
<
1GHz
<
3.20GHz
Processing speed Slow
Fast
Example calculation of CPU instruction execution count If a computer has a CPU that operates at 200MHz, the CPU is capable of executing one machine language instruction at an average of 0.5 clocks. Can this CPU execute several tens of thousands of instructions per second?
189
The number of instructions that can be executed per second is calculated as follows. CPU clock frequency ÷ Clocks necessary to execute one instruction = 200MHz ÷ 0.5 clocks = 200 × 106 clocks per second ÷ 0.5 clocks per instruction = 400 million instructions per second
Reference
FSB Abbreviation for “Front Side Bus.”
Computer system
●Internal bus An “internal bus” is a path of transmission used to exchange data inside the CPU. The “core clock frequency” refers to the clock frequency of the internal bus.
Chapter 8
(3)Bus width A “bus” is a path used to exchange data between devices. The “bus width” indicates the number of signal lines that make up the bus, and is indicated in bit units. The devices and CPU inside of a computer are physically connected by buses. An “internal bus” refers to a bus that is used to exchange data inside the CPU. A 32-bit CPU for example, exchanges 32 bits of data inside the CPU for every one clock (representing the interval in which the clock circuit sends one timing signal). An “external bus” connects the CPU with various devices, and is also called a “FSB (Front Side Bus).”
●External bus (FSB) The “external bus” is a path of transmission used to exchange data between the CPU and memory or peripheral devices. The “external clock frequency” refers to the clock frequency of the external bus, and is also called the “FSB clock frequency.”
8-1-2 Storage device A “storage device” is a device that stores data including data required for computer processing. Storage devices can be categorized into “memory” or “storage media” based on their type and function. 1
Memory
“Memory” broadly refers to a device that is used to store programs and data required for processing in the operation of a computer. Memory relies on the use of integrated circuits (semiconductors). Also referred to as “main memory.”
190
(1)Types of memory Memory can be categorized by the method used to store data. Several methods of data storage are summarized below. Reference
RAM
DRAM
Abbreviation for “Random Access Memory.”
RAM SRAM
Reference
ROM
Memory
Abbreviation for “Read Only Memory.”
Mask ROM Reference
DRAM
ROM
Abbreviation for “Dynamic Random Access Memory.”
EPROM
EEPROM
Reference
SRAM Abbreviation for “Static Random-Access Memory.” Reference
EPROM
●RAM (Random Access Memory) “RAM” is a volatile type of memory in which stored content is lost when the power is turned off. Data can be read and written, and is used as main memory or cache memory.
Abbreviation for “Erasable Programmable Read Only Memory.”
DRAM
SRAM
Capacity
Large
Small
Processing speed
Slow
Fast
EEPROM
Cost
Low
High
Abbreviation for “Electrically Erasable Programmable Read Only Memory.”
Refresh function (re-supply of electricity)
Available
Not available
High
Low
Reference
Reference
Flash memory “Flash memory” is a type of EEPROM that is electrically rewriteable. For computers, flash memory is used as storage for the BIOS or as auxiliary storage device.
Comparison item
Power consumption
●ROM (Read Only Memory) “ROM” is a non-volatile type of memory that retains stored content after the power is turned off. There are read-only ROMs for data and programs, and rewriteable ROMs used as flash memory or storage for the computer BIOS. Type Mask ROM
Data is written at the manufacturing stage and cannot be rewritten afterwards.
EPROM
Data can be written afterwards. Data can be erased using ultraviolet light.
EEPROM
EPROM that can erase data electrically. Flash memory is a typical type of EPROM that is used in digital cameras and IC cards.
Reference
BIOS “BIOS” is a program that controls the input/output between the computer unit and peripheral devices. BIOS is stored in ROM and integrated into the motherboard. Abbreviation for “Basic Input/Output System.”
191
Characteristics
(2)Memory applications Memory can be categorized by application. Several types of memory are summarized below. Characteristics Memory that stores programs and data that the CPU processes. DRAM is used for this purpose.
Cache memory
Memory used to speed up computers by absorbing the difference in the access speeds of the CPU and main memory. Many computers are equipped with multiple cache memory, which are called “primary cache memory” and “secondary cache memory” based on their proximity to the CPU. SRAM is used for this purpose.
VRAM
Dedicated memory for temporary storage of image data shown on the display. VRAM is typically provided separately from the main memory, and is integrated into graphics accelerator boards. DRAM is used for this purpose.
Computer system
Due to the difference in the processing speed of the CPU (fast) and main memory ( slow ) , “cache memory” is used to fill in the gap between processing speeds. High-speed cache memory is used to store previously accessed data. Instead of accessing the slow main memory each time, the same data is next accessed by reading it from the cache memory. Faster throughput is achieved by reducing the frequency of accessing the main memory.
Chapter 8
Type Main memory
When cache memory is not available Without cache memory, data is constantly exchanged between the CPU and main memory, which incurs a wait time for the CPU and lowers processing efficiency.
Slow CPU
Main memory DRAM
When cache memory is available
Fast
Slow
Primary cache memory
Secondary cache memory
CPU SRAM Fast speed, small volume
Main memory DRAM
Slow speed, large volume
Data is stored in the cache memory when the CPU reads it from the main memory. The next time the same data is used, the CPU reads the data from the cache memory, which improves processing efficiency.
192
Reference
SIMM Abbreviation for “Single In-line Memory Module.” Reference
DIMM Abbreviation for “Dual In-line Memory Module.”
(3)Types of main memory The type of main memory used depends on the type of computer. When expanding the main memory, it is necessary to add the correct type of main memory for the computer. The common types of main memory are summarized in the following table. Type
Characteristics
SIMM
The signal pins on the front and back of the module release the same signals. Used on desktop computers, typically in pairs. Recently declining in usage.
32-bit unit
DIMM
The signal pins on the front and back of the module release separate signals. Used in laptop PCs. Recently used as memory in desktop computers.
64-bit unit
Reference
Expansion memory “Expansion memory” is memory that is added later to expand the built-in standard memory.
Data transfer
SIMM
DIMM
2
Storage media
“Storage media” are devices that store created data and files, and are also called “auxiliary storage devices.” The data stored on storage media is retained after the power is turned off, making it possible to carry the data around and distribute it. Storage media also have a large storage capacity, and can be used to save data and programs.
193
The following are types of storage media. Floppy disk Magnetic disk Hard disk
CD-ROM CD-R CD-RW Storage media
Optical disk
MO
USB memory Flash memory
Computer system
Streamer Other
Chapter 8
DVD-ROM DVD-RAM DVD-R DVD-RW
Memory card (Semiconductor memory)
(1)Magnetic disk A “magnetic disk” is a type of storage media that uses magnetization to read and write data. The characteristics and storage capacities of typical types of magnetic disks are summarized below. Storage device
Storage media
Characteristics
Storage capacity
FDD (Floppy Disk Drive)
Floppy disk
Reads and writes data to floppy storage media comprising of a plastic case that contains a thin, magnetic-coated film disk.
720KB 1.44MB
HDD (Hard Disk Drive)
Hard disk
Reads and writes data to storage media comprising of multiple magnetic-coated metal disks. The standard storage media used for computers.
Tens of GB (gigabytes) to several TB (terabytes)
* Approximate capacities as of May 2009. Floppy disk Hard disk
194
Reference
Track A “track” is a concentric region for data storage that is separated on a magnetic disk.
●Construction of magnetic disks In order to use a magnetic disk, it is first necessary to “format (initialize)” the disk. The formatting organizes the disks into “tracks” and “sectors” to enable the storage of data. The construction of a magnetic disk is shown below.
Reference
Sector A “sector” is a region of data storage that is derived by radially dividing a track into equal parts. It is the smallest storage unit of a magnetic disk.
Track
Sector
Magnetic disks (floppy disks and hard disks) store data in sector units.
Moves in line with the magnetic head (Seek operation)
Reference
Cylinder A “cylinder” comprises a group of tracks that share the same location. Each storage surface has its own magnetic head. These heads move in line with each other simultaneously, which makes it possible to select tracks on the same radius. The groups of tracks on the same radius comprise a cylindrical shape or cylinder.
Access arm Magnetic head Cylinder 2 Magnetic disk Rotational axis
Cylinder 1
●Sequence for read/write operations of magnetic disks Magnetic head moves to the target track. (Seek operation)
Reference
Search time “Search time” refers to rotational latency for read/write operations on a magnetic disk. It is the time it takes after the seek operation has finished, for the magnetic disk to rotate, and for the lead part of the read data or write area to reach the position of the magnetic head. The seek operation time is called “seek time.”
195
Waits for the target sector to rotate and come around. (Rotational latency)
Reads and writes to and from the target sector. (Data transfer)
●Fragmentation and optimization (defragmentation) “Fragmentation” occurs when data is stored across multiple regions of the hard disk. Repeatedly adding, deleting, and moving data that is stored across a continuous sector results in a state of fragmentation. When data becomes fragmented, the number of seek operations increases, which in turn reduces access speed. It is then necessary to periodically repair fragmentation via “optimization,” which is performed using specialized software.
Fragmented state When fragmented, the
number of seek operations increases and access speed decreases.
Optimized state When optimized, the
number of seek operations decreases and access speed increases.
③
② Optimization (Defragmentation)
① ③
②
④
④
① ⑤
⑤
Formula for calculating storage capacity
Example If a floppy disk with the following specifications is formatted, how many MB is the storage capacity? No. of tracks per surface No. of sectors per track Sector length (bytes) Storage surface
Computer system
Storage capacity per sector × No. of sectors per track × No. of tracks per surface × No. of storage surfaces
Chapter 8
●Calculating the capacity of magnetic disks The following formula can be used to calculate the storage capacity of a magnetic disk, and the number of sectors needed to record data.
: 80 : 18 : 512 : Both sides
512 bytes × 18 sectors / per track × 80 tracks / per surface × 2 surfaces = 1,474,560 bytes ≒ 1.4MB Therefore, the storage capacity is 1.4MB. Formula for calculating number of sectors needed to store data Data length ÷ Storage capacity per sector ··· Round to nearest integer
Example For a floppy disk that has 512 bytes per sector, how many total sectors are needed to store 500 bytes, 1,400 bytes, and 1,600 bytes of data? 500 bytes ÷ 512 bytes = 0.976 ···· (rounded to nearest integer) = 1 sector 1,400 bytes ÷ 512 bytes = 2.734 ···· (rounded to nearest integer) = 3 sectors 1,600 bytes ÷ 512 bytes = 3.125 ···· (rounded to nearest whole integer) = 4 sectors 1 sector + 3 sectors + 4 sectors = 8 sectors Therefore, 8 sectors are needed.
196
Reference
CD-ROM Abbreviation for “Compact Disc Read Only Memory.” Reference
CD-R Abbreviation for “Compact Disc Recordable.”
(2)Optical disks An “optical disk” is a type of storage device that uses laser optics to read and write data. The characteristics and storage capacities of typical optical disks are summarized below. Storage device
Storage media
CD-ROM drive
CD-ROM
A read-only media. Due to its low cost, CD-ROMs are widely used to distribute software packages.
CD-R drive
CD-R
A media that reads and writes data. Data can only be written once, after which the data becomes read-only. Also referred to as a “write once, read many disc.” Data that is recorded to a CD-R can be read by CD-ROM devices.
CD-RW drive
CD-RW
A media that reads and writes data. Can be rewritten about 1,000 times.
DVDROM drive
DVDROM
A read-only media that is widely used to distribute movies and other largevolume video software.
DVDRAM drive
DVDRAM
A media that reads and writes data. Used to record large-volume video from devices such as digital video cameras.
DVD-R drive
DVD-R
A media that reads and writes data. Data can only be written once, after which the data becomes read-only. Data that is recorded to a DVD-R can be read by DVD-ROM devices or DVD players.
DVD-RW drive
DVD-RW
A media that reads and writes data. Can be rewritten about 1,000 times, similar to a CD-RW.
Blu-ray drive
Blu-ray
A media that reads and writes data. The Blu-ray format was jointly developed by a consortium of nine companies including Sony and Panasonic. Uses the same 12-cm diameter optical disc cartridges as CDs and DVDs. Used as a large-capacity storage media for data such as video.
Reference
CD-RW Abbreviation for “Compact Disc Rewritable.” Reference
DVD-ROM Abbreviation for “Digital Versatile Disc Read-Only Memory.” Reference
DVD-RAM Abbreviation for “Digital Versatile Disc Random Access Memory.” Reference
DVD-R Abbreviation for “Digital Versatile Disc Recordable.” Reference
DVD-RW Abbreviation for “Digital Versatile Disc Rewritable.” Reference
Shelf life of optical discs Data on optical discs is protected by a thin resin protection layer on top of the recording layer where data is stored. Using an optical disc for many years can result in deterioration of the protection layer and loss of the stored content.
197
Characteristics
* Approximate capacities as of May 2009.
Storage capacity 650MB 700MB
Single-sided, single-layer: 4.7GB Single-sided, dual-layer: 8.5GB * Capacities are doubled for double-sided media
Single-sided, single-layer: 25GB Single-sided, dual-layer: 50GB
(3)Other Storage media other than magnetic discs and optical discs are summarized below. Storage device
Storage media
Streamer (Magnetic tape drive)
Magnetic tape
MO
Storage capacity Several tens of to several hundred GB
Writes data using laser optics and magnetism, but only uses laser optics for reading data. Capable of repeated rewriting.
Several hundred MB to several GB
Reference
Random access “Random access” is a method of reading and writing from an arbitrary point in a file. Reference
DAT Abbreviation for “Digital Audio Tape.” Reference
MO
* Approximate capacities as of May 2009.
Abbreviation for “Magneto-Optical disk.”
DAT
MO
Computer system
A streamer continuously reads and writes data, whereas magnetic tapes typically used with general purpose computers are started and stopped as each block is read and written. Magnetic tape formats include “DAT” and “8mm tape.” For computers, DAT tape is mainly used to perform operations such as backing up data.
“Sequential access” is a method of reading and writing data in sequence starting from the first position of a file.
Chapter 8
MO device (Magnetooptical disk drive)
Characteristics
Reference
Sequential access
(4)Flash memory “Flash memory” is a non-volatile type of rewriteable memory that retains stored content after the power is turned off. Several types of flash memory are summarized below. Storage media
Characteristics
Storage capacity
USB memory
Reads and writes data using flash memory. Integrated with a connector for connecting to a computer, offering small size and excellent portability.
Several tens of MB to several tens of GB
SD memory card
Reads and writes data using flash memory. Used in digital cameras and mobile phones.
Several tens of MB to several tens of GB
Reference
Compact flash memory card A “compact flash memory card” is a type of storage media that reads and writes data using flash memory. They are used in digital cameras and portable laptop computers.
* Approximate capacities as of May 2009.
198
3
Storage hierarchy
A “storage hierarchy” uses a pyramid-shaped hierarchy diagram to represent the structure of storage devices used by a computer. Normally, storage devices are stacked in order of data access speed; storage devices with slower data access speed are at the bottom, while storage devices with faster access speed are at the top. The farther up the pyramid, the closer in proximity to the CPU. High speed, high cost Cache memory
Main memory
Auxiliary memory
Low speed, low cost
HDD (Hard Disk Drive)
8-1-3 Input/Output devices A computer can be connected to peripherals such as printers and scanners. In order to connect the peripherals, the type of “interface” used must match. 1
Input/Output interfaces
An “input/output interface” is an intermediary device or system for exchanging data (electrical signals) between two points such as a computer and peripheral.
199
The types of data exchanged between a computer and peripheral are summarized below. ●Analog “Analog” information is expressed as a continuous value. Changes occur in a wave-like pattern since time is continuous. Attenuation and noise become more pronounced as the transmission distance increases. Size
Time
Computer system
Size
Chapter 8
●Digital “Digital” information is expressed as a concrete numerical value. Changes occur in a bar graph pattern due to numerical value conversion. Digital information is not prone to attenuation and noise as the transmission distance increases.
Time
A computer processes information based on electrical signals that have been converted into numerical values. In other words, a computer handles and processes digital information. In the exchange of electrical signals between a computer and peripheral, the interface acts as an intermediary. Input/output interfaces used for data transmission are divided into “serial interfaces”, “parallel interfaces”, and “wireless interfaces.”
200
Reference
PC/AT-compatible computers A “PC/AT-compatible computer” is a computer that is compatible with PC/AT computers made by U.S.-based IBM Corporation. The “IBM PC/AT” computer specification was released in 1984. Many hardware manufacturers produced computers according to this specification, and it is now a global standard for computers.
(1)Serial interface A “serial interface” is an interface that transfers data one bit at a time. It uses few signal lines and is not prone to signal variation, making it suitable for long-distance transmission. The standards for serial interfaces are summarized below. Standard RS-232C
An interface used to connect a computer unit to a modem or mouse. They are standard and built into PC/AT-compatible computers.
USB
An interface used to connect various types of peripherals such as a keyboard, mouse, printer, or display. A USB hub can be used to connect up to 127 peripherals. While the power is on, peripherals can be connected or removed (hot plugging), and power can also be supplied to them over a cable. Data transmission speeds range from 1.5Mbps for low-speed mode (USB 1.1) to 480Mbps for high-speed mode (USB 2.0).
IEEE1394
An interface used to connect devices such as a digital video camera or DVD-RAM. Up to 63 peripherals can be connected. It enables hot plugging and power to be supplied. Also referred to as “FireWire” and “i.Link.”
Reference
Bus power method “Bus power method” is a method of supplying power to USB equipment over a USB cable. USB equipment that does not need an AC adapter or power cord is operable simply by connecting a USB cable and receiving power via USB.
Characteristics
RS-232C D-sub 25-pin
D-sub 9-pin
Reference
bps “bps” refers to the amount of data that can be transferred in one second. Abbreviation for “bits per second.”
USB
IEEE1394
USB connection example USB hub
Printer
CD-ROM drive
USB hub
Scanner
MO drive
Digital camera
Up to 127 devices including USB hubs can be connected * Printers and other peripherals can also be directly connected to the USB port of the computer unit.
201
(2)Parallel interface A “parallel interface” is an interface that transfers data in groups of multiple bits. Since it bundles signal lines and sends data in parallel, it is prone to signal variation. This makes it unsuitable for long-distance transmission. The standards for parallel interfaces are summarized below. Standard
Characteristics
SCSI ( pronounced “scuzzy”)
An interface used to connect a computer unit to peripherals. It is mainly used when connecting external peripherals. Up to seven peripherals can be connected in a daisy chain method in which each piece of equipment is connected in series. (The daisy chain can comprise up to eight pieces of equipment including the SCSI board of the computer unit.) Depending on the SCSI standard, up to 15 pieces of equipment (or 16 including the SCSI board of the computer unit) can be connected.
IEEE1284 D-sub 25-pin
Amphenol 36-pin
Amphenol 50-pin
D-sub 25-pin
Amphenol half pitch 50-pin
Comb-shaped Amphenol half-pitch 50-pin
SCSI
Computer system
An interface mainly used to connect a computer unit to a printer. In addition to printers, it is also used to connect image scanners and MO devices.
“PCMCIA” is a U.S. standardization organization that develops standards and specification for items such as PC cards. There are various types of PC cards including SCSI cards and LAN cards. PC cards transmit data using a parallel transfer method. Abbreviation for “Personal Computer Memory Card International Association.”
Chapter 8
IEEE1284
Reference
PCMCIA
SCSI connection example Hard disk
Computer unit
Hard disk
Terminator (integrated on the SCSI board)
CD-ROM drive Other SCSI equipment Terminator
MO drive
Printer
Scanner
202
Reference
Terminator A “terminator” is a kind of resistance that is connected so that electrical signals are not reflected back at the end of a daisy chain of peripherals. Also referred to as a “terminating resistance.” Reference
SCSI ID A “SCSI ID” is a number from 0 to 7 that is used to identify equipment connected by a SCSI interface. The SCSI ID can be assigned to SCSI equipment in any order. Reference
IrDA
Up to seven peripherals can be connected by a daisy chain method. A “terminator” is attached to the equipment at each end of the daisy chain as resistance. (A SCSI board contains a built-in terminator.) Each piece of SCSI equipment must be configured to have a unique ID number. If the SCSI IDs overlap, there can be issues such as the peripherals failing to operate. (3)Wireless interface A “wireless interface” is an interface that transfers data using infrared or wireless transmission technology. Transmission speeds can range from fast to slow, but the distance of transmission is short at several tens of meters. Wireless interfaces are therefore generally suited for short-range use such as indoors. Standards for wireless interfaces are summarized below. Standard IrDA
An interface that uses infrared communication. The transmission distance is generally within two meters. If there are obstructing objects between the devices, interference can occur in the data transmission.
Bluetooth
A wireless communications interface that uses the 2.4GHz band to achieve transmission speeds of 1Mbps within a range of 10 meters. Integrated into computers, printers, PDAs, and mobile phones. Relatively resistant to obstructing objects compared to IrDA.
Abbreviation for “Infrared Data Association.”
2 Reference
Device A “device” is a peripheral that is connected to a computer such as a keyboard, mouse, or display. Reference
Plug and play “Plug and play” is a function of Windows that automatically configures the optimum settings for a peripheral when it is added to a computer. Necessary device drivers for the connected device are automatically added and configured. In order to activate it, plug and play must not only be supported by the computer, but also by the peripheral.
203
Characteristics
Device driver
A “device driver,” also called a “driver,” is a piece of software that enables the use of a peripheral. Every peripheral requires a device driver, which must be installed to use the peripheral. Device drivers must be developed to support the type of operating system and type of computer, and are either provided with the device or can be downloaded from the Web site of the manufacturer. However, the latest operating systems are “plug and play,” which enables peripherals to be used simply by connecting them.
8-2
System component
8-2-1 System configuration
Processing modes for information systems
Computer system
1
Chapter 8
An “information system” is a system that uses a computer to advance work activities. Information systems can be categorized according to the type of computer used or processing mode. When developing systems, it is necessary to select a system configuration that matches its purpose.
The processing modes for information systems are summarized below. (1)Centralized processing “Centralized processing” is a processing mode in which all processing is performed by a single computer (host computer). It is the processing mode employed by online systems. The characteristics of centralized processing are summarized below. • One computer is used for management, making it possible to focus equipment and personnel. • Easy to conduct operations management, security management, and maintenance. • If there is a failure with the computer that performs the processing, the overall system comes to a halt.
(2)Distributed processing “Distributed processing” is a mode in which processing is divided between multiple computers connected by a network. It is the processing mode employed by client/server systems. The features of distributed processing are summarized below. • Easy to expand the system functions. • If there is a failure with a single computer, the overall system comes to a halt. • Processing is performed by multiple computers, increasing the complexity of operations management, security management, and maintenance. • If an abnormality occurs, it can be difficult to trace the location of the abnormality.
Reference
Online system An “online system” is a system configuration that uses a communication line to connect between computers and perform processing.
Reference
Client/server system Refer to “Chapter 8-2-1 4 Client/server system.”
204
Reference
Standalone “Standalone” is a system configuration in which a single computer performs processing without connecting to a network. Reference
Workstation Refer to “Chapter 8-4-1 Hardware.” Reference
Parallel processing “Parallel processing” is a method for improving the overall throughput of a system by connecting multiple computers to perform a single processing task.
Reference
Cluster system A “cluster system” is a system configuration in which multiple computers (including servers ) are connected by a network, operating together as if it were a single system. It is one type of system configuration that seeks to improve reliability by continuing to provide services without interrupting tasks in the event of a failure. Reference
Handling of primary and secondary systems Depending on how the secondary system is handled, there are two types of duplex systems.
●Cold standby system The primary system usually performs real-time processing, while the secondary system performs other processing such as batch processing. Depending on the separate processing performed by the primary and secondary systems, a duplex system can be effectively employed.
●Hot standby system The primary and secondary systems do not perform separate processing, and the secondary system is maintained in the same state as the primary system as a backup. This makes it possible to quickly switch systems in the event of a failure.
205
In terms of hardware configuration, distributed processing can be categorized into “horizontal distribution” and “vertical distribution.” ●Horizontal distribution “Horizontal distribution” is a processing mode in which processing is distributed by connecting computers and workstations with standalone processing capabilities. ●Vertical distribution “Vertical distribution” is a processing mode in which the functions are distributed by connecting a hierarchy of computers and terminals that perform the processing. 2
Information system configuration
The typical configurations for information systems are summarized below. (1)Dual system A “dual system” uses two systems with the same configuration, which simultaneously perform the same processing to check whether there are errors in the processing results. If a failure occurs, the system that generated it is isolated and the other system continues the processing. (2)Duplex system A “duplex system” uses two systems; one system is used as the primary system (currently used system), and the other is used as the secondary system (backup system). The primary system usually performs the processing. If a failure occurs with the primary system, the duplex system switches to the secondary system to continue the processing that the primary system was performing. (3)Thin client A “thin client” manages resources such as application software and files on the server side, and limits the client-side computer to only the minimum functions. On the client side, the system can be operated simply by preparing network functions for connecting to the server and input/output functions. This makes operations management easy to conduct, and offers enhanced security. 3
Uses of information systems
The uses of information systems are summarized below. (1)Interactive processing “Interactive processing” is a form of mutually interactive processing between the user and computer. The user responds to the operations requested by the computer through the display, mutually performing the processing as if actively interacting with the computer.
(2)Real-time processing “Real-time processing” is a mode in which processing occurs the instant data is generated. It is used in conjunction with online systems such as bank ATM and train seating reservation systems. (3)Batch processing “Batch processing” is a mode that accumulates data over a specified period and processes it in batches. Batch processing is automatically performed simply by configuring the processing settings, which allows it to be employed when the computer is normally not in use. It is used for administrative processing such as pay calculations. Chapter 8
4
Client/server system
Peer to peer
Server Printer Data Provide services
Provide services
Request services
“Peer to peer” refers to a type of system that comprises a network. In a peer to peer system, computers connected to the network are mutually connected as equals, instead of designating individual roles. For this reason, there is no distinction between servers and clients. Reference
Web system
Client
(1)Characteristics of client/server systems The characteristics of a client/server system are summarized below. Characteristic
Reference
Computer system
A “client/server system” is a system that is configured by designating the roles of a “server” and “client.” A server provides services to computers that are connected to the network, while a client requests services from the server.
Description
Reduced load on system
Roles are divided (processing is distributed) between client and server, reducing the load on the system.
Reduced installation cost
Use of hardware resources (printers, hard disk drives, etc.) is shared, reducing installation costs.
Improved efficiency of work
Use of software resources (files, etc.) is shared, improving work efficiency by retrieving necessary data when needed and processing.
Ease of system expansion
Servers and clients can be added easily.
Increased complexity of system management
Hardware and software resources must be managed for each server and client, increasing complexity the more the scale of the system increases. Also difficult to isolate the cause and responsibility if an issue arises.
A “Web system” is a system that operates on a server and performs two-way communications using a browser. “Shopping carts” seen on many shopping sites and “e-mail forms” are a type of Web system applications.
206
Reference
Network printer A “network printer” is a printer with builtin print server functions. Laser printers widely used in corporations are a type of network printer. Clients can use a network printer simply by connecting the printer to a hub. However, a printer driver must be installed for each client. Reference
(2)Types of servers In a client/server system, servers can be categorized according to their role. The types of servers are summarized below. Type of sever
Description
File server
A server that collectively manages files. Clients can share files on the file server for effective use of information.
Print server
A server that manages and controls a printer. Clients temporarily save print data to the hard disk of the printer server (spooling), and after it is registered to a printing queue, the data is printed in sequence.
Database server
A server with a DBMS (Database Management System). It can produce an environment similar to one in which all clients are directly connected to the database. According to the requests of the client, the database server performs processing such as searching, tabulating, and sorting large amounts of data, and returns only the results to the client.
Database management system Refer to “Chapter 9-3-1 Database architecture.”
(3)Three-layer architecture A “three-layer architecture” is a system that divides the applications of a client/server system into three modules. In a three-layer architecture, data is processed on the server side to limit the amount of data transferred between the client and server. Dividing the applications into three modules also makes it easier to change the specifications. A conventional and typical client/server system is called a “two-layer architecture.” Hierarchy of three-layer architecture
207
First layer
Presentation layer
Human interface level
Second layer
Application layer (Function layer)
Data processing level
Third layer
Data layer
Database access level
8-2-2 System evaluation indexes System evaluation indexes require a comprehensive look at the computer performance, reliability, and cost efficiency. 1
System performance
Chapter 8
System performance is measured by conducting a “performance testing” as part of system testing and acceptance testing. A performance testing is a test used to verify whether aspects of processing such as response time, turnaround time, and benchmarks satisfy requirements. The aspects used to evaluate the performance of a system are summarized below.
(2)Turnaround time The “turnaround time” is the time it takes to receive all processing results from the time the computer is requested to perform a series of tasks. It is used to evaluate batch processing performance.
Computer system
(1)Response time The “response time” is the time it takes for the computer to first respond from the time the computer is requested to perform a given process. It is used to evaluate the performance of online systems. Response time is affected by CPU performance and number of connected users. Lower loads produce faster response times, while higher loads produce slower response times. Reference
Throughput “Throughput” refers to the amount of work that a system can perform in a unit of time.
Response time
Printing instruction
Processing
Printing result
Turnaround time
(3)Benchmark A “benchmark” is an index used to measure system performance. It compares and evaluates the performance of multiple computers by measuring aspects such as response time and CPU availability.
208
2
System reliability
When installing a system, it is important that the system is reliable for users (system user departments). System reliability is improved by ensuring the system remains operational with no functions coming to a halt during operation.
Reference
MTBF Abbreviation for “Mean Time Between Failures.” Reference
(1)Index for system reliability “Availability” is used as an index for measuring system reliability. The system availability is a percentage that indicates the level of uninterrupted availability. The higher the availability value, the better the reliability of the system. Availability can be indicated by “MTBF (Mean Time Between Failures)” or “MTTR (Mean Time To Repair).” A higher MTBF or shorter MTTR indicates better system availability. The following formulas are used to calculate availability using MTBF and MTTR.
MTTR
Availability =
Abbreviation for “Mean Time To Repair.”
MTBF MTBF + MTTR
OR Availability =
Total operational time − Failure time Total operational time
MTBF
Time between failures. Average time of continuous system operation.
MTTR
Average time to repair the system in the event of a failure.
Start of operation
End of operation
Failure Operation 100
6
Failure Operation 350
2
Failure Operation 120
MTBF: (100 + 356 + 120 hours) ÷ (3 times) = 190 hours MTTR: (6 + 2 + 4 hours) ÷ (3 times) = 4 hours Availability :
MTBF MTBF + MTTR
=
190 190+4
=0.9793814 … Approx. 0.979 OR Total operational time − Failure time = 570 Total operational time 570+12 =0.9793814 … Approx. 0.979
209
4
Time
(2)Availability of complex systems For systems that are configured from multiple computers or equipment, the formula used to calculate availability depends on whether a system is a “serial system” or “parallel system.” ●Availability of serial systems A “serial system” is a system that only operates when all of the devices from which it is configured are operational. If there is a failure with even one device, the system is unable to operate.
Availability = A1×A2 Chapter 8
Availability A1
Availability A2 If A1 = 0.9 and A2 = 0.8, 0.9 × 0.8 = 0.72
Device 1
Device 2
●Availability of parallel systems A “parallel system” is a system that operates as long as at least one device is operational. The system stops operating only when all of the devices from which it is configured have failed. Rate of failure from both device 1 and device 2
Reference
Failure rate The “failure rate” is the rate representing the number of failures that occur within a given time. 1 Failure rate = MTBF
Computer system
the availability is
Availability = 1− (1−A1) × (1−A2) Rate of failure with device 1
Rate of failure with device 2
Availability A1
Device 1 Availability A2
If A1 = 0.9 and A2 = 0.8, the availability is 1 × (1−0.9) x (1−0.8) = 0.98
Device 2
210
Reference
Hot site A “hot site” is a backup site equipped with equivalent servers and functions of the original site to enable rapid switchover in the event of a failure. Backup data and updated information are transferred to the backup site. This is in contrast to a “cold site,” wherein a backup system is installed and made operational in the event of a failure.
Reference
TCO Abbreviation for “Total Cost of Ownership.” Reference
Initial cost “Initial cost” refers to the cost required to install a system. Initial costs include the purchase cost for hardware and software, development labor costs (outsourcing costs), training costs for users (system user departments), and maintenance costs. Reference
Operational cost The “operational cost,” also called the “running cost,” refers to the cost required to operate a system. Operational costs include equipment maintenance costs (such as leasing fees, rental fees, upgrade costs, and labor costs for system administrators) and business losses from a shutdown of operations.
211
(3)High reliability design Concepts for constructing high reliability systems that users can be assured of using at all times are summarized below. Concept
Explanation
Fault tolerant
Maintains all of the normal functions even in the event of a failure, allowing for processing to continue. Generally achieved by building a duplex system.
Fail soft
Maintains the minimum necessary functions in the event of a failure, preventing the system from coming to a complete halt.
Fail-safe
Secures the safe condition of a system in the event of a failure, and limits the resulting impact. For example, if there is a failure with a signal, the system acts to prevent the failure or malfunction from leading to an accident by turning all the signals red and stopping the vehicle.
Foolproof
Ensures against failure, even if the system is used in a way beyond the scope of the original specifications.
3
Cost efficiency of systems
When installing a system, corporations must consider aspects of cost efficiency such as evaluation and benefits. The installation of a system entails a wide variety of costs including initial costs and operational costs. In considering the cost efficiency of a system, it is necessary to emphasize “TCO (Total Cost of Ownership),” which covers all necessary costs from the time of the system’s purchase to its disposal. TCO encompasses all costs including the purchase cost for computer hardware and software, training costs for users (system user departments), operational costs, system maintenance costs, and cost of losses due to system issues. It is used in the decision-making process for systems installation. In considering the cost efficiency of a system, it is important to take into account the continuous return on investment based on the TCO calculated throughout the software life cycle.
8-3
Software
8-3-1 OS (Operating System) An OS (Operating System) is the minimum software that is needed to run a computer. Software other than the OS expands the range of application for a computer.
OS Abbreviation for “Operating System.” Chapter 8
1
Reference
Needs of an OS
Type
Description
Examples
Software that manages and controls hardware and application software. Usually called an “OS.” In broader terms, it includes utility programs and language processors.
OS Utility program Language processor
Middleware
Software that operates between the OS and application software. Provides basic functions that are commonly used in many areas of application.
Database management system Communications management system Operations management tool Software development system
Common application software
Software that is commonly used for a variety of industries and work.
Word processing software Spreadsheet software CAD/CAM Statistical software Graphics software Groupware
Specific application software
Software that is used for specific industries and work.
Payroll calculation software Financial accounting software Sales management software Production management system
Basic software
Computer system
The “OS” is the software that manages and controls the hardware and application software. Also referred to as “basic software.” It acts as an interface between the hardware and software, and performs functions such as configuring settings to run software, and relaying information from the user to displays, printers, and other peripherals. In contrast, “application software” such as word processing software and spreadsheet software are used for specific purposes. The types of software that comprise a computer are categorized below. Reference
Utility program
System software
A “utility program” is software that enables a computer to be used more efficiently by improving the functions or operability of a computer. Examples include disc compression and optimization software, memory management software that supplements OS functions, and screensaver and anti-virus software. Also referred to as a “service program.”
Application software
212
OS OS
Application software
User Reference
Software
Virtual memory
Application software (Runs on system software platform)
“Virtual memory” is a function that uses a portion of auxiliary storage devices such as hard disks to execute large programs that exceed the main storage capacity. When executing multiple programs at the same time, or editing large data such as an image file, memory can be insufficient. In such a case, some of the data in the main memory is temporarily saved to a hard disk or other device, effectively providing more memory than the physical capacity of the main memory. Reference
Profile A “profile” is a collection of information for each user account that is unique to each environment. It manages settings such as the desktop layout, network configuration, and human interface configuration. Reference
User account A “user account,” also referred to as an “account,” is a collection of information such as a user name or password that is required to utilize a computer. A user account is linked to a single profile, and when the user logs on to the user account, the computer reads the information in the profile. Reference
Multitask “Multitask” refers to the CPU function in which multiple tasks are executed at the same time. Multitasking enables multiple programs including word processing software and spreadsheet software to run at the same time, and allows alternation between the two programs. In contrast, a CPU that can only execute one task at a time is considered to be “single-tasking.”
213
System software
Middleware
Basic software (Acts as interface between hardware and application software, and humans)
Hardware 2
OS functions
The functions of an OS are summarized below. Function
Description
Memory management
Manages the memory domain for efficient memory use. Virtual memory enables more memory to be used than physically available.
Resource management
Allocates and manages computer resources (CPU, memory, hard disk, software) for efficient use of resources.
Input/output management (Device management)
Manages and controls peripherals such as a keyboard or printer. Recent OSes are “plug and play” to enable the easy use of peripherals.
File management
Enables reading and writing of files in devices such as hard disks and floppy disks. Restrictions on file and folder usage within the computer can be placed for each user.
User management
Enables registration and deletion of multiple user accounts on a computer. Information such as access rights and profiles are managed for each registered user account.
Task management
Manages the programs that are currently in operation. The execution unit of a program is called a “task.” Recent OSes possess the capability to multitask, and are able to perform multiple tasks at the same time.
3
Types of OSes
Several types of OSes used on personal computers are summarized below. Type of OS
Description A single-tasking OS developed by Microsoft that runs on 16-bit CPUs in PC/AT-compatible computers. Employs a CUI (Character User Interface) operating environment.
Windows 98/ Me/NT/2000/ XP/Vista
A multitasking OS developed Microsoft that runs on 32-bit CPUs in PC/AT-compatible computers. Employs a GUI (Graphical User Interface).
MacOS
An OS developed for the Macintosh line of computers by Apple. First OS to achieve a GUI operating environment for personal computers. A multitasking OS developed by Bell Labs of AT&T. A CUI operating environment is standard, but a GUI operating environment is also available by installing the X Window human interface. Offers multitasking, multiple users (operating at the same time), and excellent network functionality.
Linux
An OS compatible with UNIX, developed from the ground up for use on PC/AT-compatible computers. Published as OSS (Open Source Software), which allows anyone to freely modify or redistribute the software, provided that they observe certain rules. In the strictest sense, Linux refers to the kernel of the OS. Linux is usually distributed in the form of “distributions” that packages the kernel with application software.
A “CUI” is an environment for operating a computer by inputting instructions called “commands” via a keyboard. Abbreviation for “Character User Interface.” Reference
GUI A “GUI” is a visual environment for operating a computer via a mouse or other input device by clicking on a section of graphics called an “icon.” Abbreviation for “Graphical User Interface.” Refer to “Chapter 9-1-1 Human interface technology.” Referencev
OSS (Open Source Software) Refer to “Chapter 8-3-4 OSS ( Open Source Software).”
Computer system
UNIX
CUI
Chapter 8
MS-DOS
Reference
Reference
8-3-2 File management When managing files, data must be adequately maintained and protected in preparation for the following situations.
Interaction between different OSes Each OS has its own rules regarding files, folders, and file names. In some cases, this may result in files that do not display properly or other issues.
• As the number of files increases, there is a tendency to forget where data is stored, and the disk can run out of available space. • Necessary data is accidentally deleted. • Server data is accidentally overwritten or intentionally falsified. Etc.
1
Directory management
“Directory management” is the process of managing files using a hierarchy structure in order to facilitate file searching. Within the hierarchy, the uppermost directory is called the “root directory,” while the directory below is called a “sub-directory.”
214
Reference
A directory employs a tree structure shown below.
Current directory \
The “current directory” refers to the respective directory in which operations are currently being performed.
Root directory
USR
ETC
Reference
USR1
“.” symbol Indicates the current directory when specifying the relative path.
USR2
MYFILE.txt
HERFILE.txt Sub-directory
OURFILE.html YOURFILE.html
File Reference
“..” symbol Indicates one directory above the starting directory when specifying the relative path.
The two ways to specify the location of files based on these file management methods are summarized below. ●Current directory is “USR” Specifying method
Description
Specify relative path
Specify the location of the target file from the perspective of the current directory.
..\ETC\MYFILE.txt
Specify absolute path
Specify all directory names and file names in hierarchical order from the root directory to the target file.
\ETC\MYFILE.txt
Reference
Directory notation method The notation method for directories depends on the OS. Sometimes, a slash (“/”) or backslash (“\”) may be used.
2
Reference
File management The following operations are also effective for file management. • File optimization (defragmentation) • File organization (deletion of unnecessary files)
Specify MYFILE.txt
File sharing
When building a network, it is possible to enable file sharing so that multiple users can share and use files on computers that are part of the network. For example, in a corporation, it possible to save files such as business negotiation records and client information to a computer that is equipped with a large-capacity hard disk, and share them so that all employees concerned can access this information. When sharing directories and files on a network, it is necessary to set “access rights” to restrict the read and write activity for each user. File 1 Write
Write
Group
Write Read
File
1
User A File 1 Write Read
215
Write
Read Write
Read
File 1
File 2 Write Read
Read
File Read
2
User B
Write Read
3
Backup
A “backup” refers to a copy of data comprised of files and programs that is stored on an auxiliary storage device as protection against loss of data from computer or disk device failure. In such an event, lost data can be recovered from the backup. The following considerations should be taken when backing up data.
Chapter 8
• Back up data regularly on a daily, weekly, or monthly basis. • Schedule a suitable time to back up data such as after business processes are finished so that everyday work is not interrupted. • For backup media, consider the time and cost the backup will require, and choose one that can store all the backup data. • It is normal practice to create primary and secondary backup files, and store them in separate places to protect against file loss.
Computer system
(1)Backup files Attempting to back up every file and registry on a personal computer is time-consuming and requires media with a large capacity. Since Windows and application software can be reinstalled and restored to their initial state, it is normal practice not to back up either software. Important files created by users and files that contain environment settings are usually backed up. However, the entire hard disk is backed up if a failure will cause major ramifications. (2)Choosing a backup method Methods of backing up data based on recovery time and backup work load are summarized below. Type
Backup data
Recovery method
Full backup
All data on the disk.
Restore from full backup.
Differential backup
Data that has changed since the last full backup.
Restore from full backup and last differential backup.
Incremental backup
Data that has changed since the last backup.
Restore from full backup and all incremental backups performed since the full backup.
Backup Recovery time time Long
Short
Reference
Restore “Restore” refers to returning content that has been backed up on a disk device or other device.
Short
Long
216
Work disk
Differential backup
Incremental backup
Full backup (all data)
Full backup (all data)
Changes since full backup
Changes since backup
Changes since full backup
Changes since backup
Monday
Change
Tuesday
Change
Wednesday
Failure
Restore from full backup and last differential backup
Restore from full backup , and incremental backups and in sequence
Recovery
(3)Backup methods Important files are saved to a separate drive or backup media. In addition, backing up the entire C: drive allows for quick recovery of files in the event of an emergency such as damage to the hard disk. Reference
Generation management
“Generation management” refers to the process of storing several generations of backup data from the past. Backup data is needed when recovering data, but if it is accidentally overwritten, older data may become necessary. In such an event, generation management is useful. Reference
Backups that use DAT
“DAT” is a type of magnetic tape that is suited for backing up entire hard disks. Instead of individual files, whole disks are backed up.
217
Method
Description
Copy files and folders
Create backups by dragging and dropping each file or folder, or by copying and pasting.
Utilize backup tool
Create backups by using specialized application software.
(4)Backup media Backup media is selected according to the volume of backup files or their application. Examples of media formats that can be used for backup include hard disks, MO, CD-R, CD-RW, DVD-R, DVD-RW, and DAT.
8-3-3 Development tools Software packages such as office suites are used for work purposes. It is useful to understand the characteristics and basic methods of operating such software, in order to use them efficiently for your work. 1
Software packages
Characteristics
Reference
Word processing software
Software used to create, edit, and print documents.
Multimedia authoring tools
Spreadsheet software
Software used to perform calculations such as tabulation, and create graphs by entering data and formulas into a worksheet.
Database software
Software used to collect, manage, and apply various data.
A “multimedia authoring tool” is software used to create multimedia content that combine elements such as images, sound, and characters.
Graphics software
Software used to produce drawings or edit photographic images.
Presentation software
Software used for visualization via inserting drawings, graphs, tables, and photographs into presentation documents.
2
Computer system
Type
Chapter 8
“Application software” refers to software that is used for a specific purpose or work. There are various types of application software, many of which are sold as software packages. Compared to software developed from the ground up according to specific corporation or user requests, software packages are developed at a comparatively low cost, and sold to many and unspecified corporations and users. Application software in software packages used on personal computers are summarized below.
Reference
Plug-in
Word processing software
“Word processing software” is software used to create documents that offers extensive functions for printing and enhancing the readability of documents. Expressive documents can be created by setting the style format of characters, and using tables, drawings, and diagrams. The main features of word processing software are summarized below.
A “plug-in” is a program that adds features to application software, and expands the functionality of the original application software. It is possible to upgrade only the plug-in, or uninstall it. Reference
Word processing software Examples of word processing software include “Microsoft Word” from Microsoft and “Ichitaro” from JustSystems.
(1)Create documents Documents are created by inputting character strings using an input method. The inputted character strings can be formatted by configuring settings such as the font, font size, and underlining. Other settings such as centering, indenting, and bullets can be used to change the positioning of character strings and paragraphs. (2)Create tables Tables are easily created by simply specifying the number of columns and rows. It is also possible to insert or delete columns and rows, or change the column width. (3)Embed drawings, graphic objects, and tables Expressive documents can be created by embedding drawings and graphic objects.
Reference
Clipboard A “clipboard” is an area used to temporarily store data during moving or copying operations. Data from the clipboard can be pasted any number of times once the data has been moved or copied to the clipboard.
218
Reference
Spreadsheet software Examples of spreadsheet software include “Microsoft Excel” from Microsoft and “Calc” from Sun Microsystems.
Reference
Cell A “cell” is a section of a grid in a worksheet that is divided into columns and rows. For example, the cell in column A or row 1 is called cell “A1.” Reference
Inputting formulas ● Input a formula using numbers and operator symbols Example =10+20+30 ● Reference cells with inputted numbers and input a formula using operator symbols Example =C5+D5+E5 ● Input a formula using a function Example =SUM (C5:E5) Reference
219
Spreadsheet software
3
“Spreadsheet software” is integrated software that offers a variety of functions from spreadsheet and graph creation to data management. Tables and graphs are created by inputting characters, numbers, and formulas such as functions into a worksheet. It is suited for complex data analysis, and is used to analyze sales with budgeting and pricing models, as well as create forms and slips such as quotations and invoices. The main features of spreadsheet software are summarized below. (1)Spreadsheet functions Spreadsheet software can easily perform calculations by inputting formulas into cells that use functions and operator symbols. Data can be selected, added, deleted, and inserted as well as formatted, to create tables that are easy to understand. The main operator symbols and functions used in spreadsheets are summarized below. ●Operator symbols Formula example
Operator symbol Calculation performed
Formula entered
+ (Plus)
Addition
− (Minus)
Subtraction
2−3
=2−3
* (Asterisk)
Multiplication
2×3
=2*3
/ (Slash)
Division
2÷3
=2/3
^ (Caret)
Exponentiation
23
=2^3
2+3
=2+3
●Functions Function
Calculation performed
Formula entered
SUM
Sum of numbers
=SUM(C2:C4)
AVERAGE
Average of number
=AVERAGE(C2:C4)
Cell reference
COUNT
Count of numbers
=COUNT(C2:C4)
A “cell reference” refers to the referencing of a specific cell or range of cells. When a formula is inputted using a cell reference, and the data inputted into the cell is changed, the calculation result is automatically re-calculated. A cell reference can be a “relative reference” or an “absolute reference.” The “$” character can be added to the cell address to specify an absolute reference and fix the cell reference. Example =SUM ($C$2:$C$4)
MAX
Maximum value
=MAX(C2:C4)
MIN
Minimum value
=MIN(C2:C4)
(2)Graphing functions Graphs can be easily created using data that has been inputted into cells. Graphs can be used to visually represent data, and are useful for comparing data and analyzing trends. Various types of graphs such as vertical and horizontal bar graphs, line graphs, and pie charts are included in spreadsheet software.
(3)Database functions A “database function” is a function that is used to manage and operate a database containing related data such as a product list, employee list, or sales log. Database functions can be used to efficiently management large amounts of data. Database functions are summarized below. ●Sort Sorts data according to the specified criteria.
4
Chapter 8
●Filter Filters only the data from the database that meets the conditions.
“Presentation software” is software used to create persuasive and highimpact presentations through the use of tables, graphs, diagrams, animations, and audio in addition to explanatory text. It can be used to make effective presentations for a variety of situations including briefings for various project plans such as sales plans, and announcements of new products. The main features of presentation software are summarized below.
Reference
Presentation software Examples of presentation software include “PowerPoint” from Microsoft, and “Agree” from JustSystems.
Computer system
Presentation software
(1)Create slides Files are in slide format, making it possible to input titles for each slide, or input text using bullets. The design, font, and other attributes used in the slides can also be changed. (2)Expressive presentations Graphs can be inserted in order to visually express numerical data. Also, drawings and images taken with a digital camera also be inserted, and graphics such as lines, ellipses, and balloons can be created. 5
WWW browser (Web browser)
“WWW (World Wide Web)” refers to a service that is used to view and search information from “Web pages” on the Internet. Web pages are collections of information published on the Internet. In order to obtain information from the Internet, the Web page a user wishes to view is accessed. Software referred to as a “WWW browser” is used to view Web pages. The main features of a WWW browser are summarized below. (1)View Web pages In order to view a Web page, a “URL” is specified from the WWW browser. A URL, also simply called an “address,” is a convention for displaying a Web page address.
Reference
WWW Abbreviation for “World Wide Web.” Reference
WWW browser Examples of WWW browsers include “Internet Explorer” from Microsoft, “Netscape” from Netscape, and “Firefox” from Mozilla Japan. Reference
URL Abbreviation for “Uniform Resource Locator.”
220
(2)Search Web pages A “search engine” is utilized when the address of a Web page a user wishes to view is not known. The user simply enters or selects a keyword using the search engine to display matching Web pages. If many Web pages match the keyword, additional keywords can be added to narrow the search. Enter the keyword! Search criteria
France
CAK E
Execute
Tens of thousands
of matching CA websites found FE
WINE
Specify one criterion
WINE
FRANCE
E EE OFFFFE C CO
WINE
Search criteria France
Execute
Wine
Several matching websites found
Specify multiple criteria
The following search methods are used when specifying multiple keywords. Operator
Description
Example
AND
Search that includes both “France” and “wine”
France AND wine
OR
Search that includes “France” or “wine”
France OR wine
NOT
Search that includes “France” but not “wine”
France NOT wine
8-3-4 OSS (Open Source Software) OSS (Open Source Software) is software that is freely modified and distributed by many persons, used around the world. 1
Characteristics of OSS
“OSS” refers to software wherein the source code is published over the Internet free of charge by the creator, making it possible for anyone to modify or redistribute the software without infringing on copyrights.
221
Corporations normally distribute software for a charge to prevent creation of imitation products that mimic the technology used in the software. As a rule, OSS offers no warranties, and is freely redistributed without charge, with the aim of encouraging development of the software. Characteristics of OSS are summarized below.
Types of OSS (Open Source Software)
The major OSS applications are summarized below. Category
OSS
Description
Office
OpenOffice. org
An office suite that includes word processing and spreadsheet software. Compatible with Microsoft Office data, and can handle Word files, Excel files, etc. Comprised of six software including “Writer (word processing software ) ”, “Calc ( spreadsheet software ) ”, “Impress (presentation software)”, “Draw (drawing software)”, “Base (database software)”, and “Math (formula editor software).”
Internet
Firefox
Internet software that can display a WWW browser. Similar operating feel to Internet Explorer from Microsoft, and allows for numerous add-on programs to be installed.
E-mail
Thunderbird
Software for sending and receiving e-mail. Similar operating feel to Outlook Express from Microsoft. Also offers functions for organizing received messages and privacy protection.
Image editing
GIMP
Image editing software with advanced functions similar to Photoshop from Adobe. Although it does not an offer an extensive range of standard options or designs, it can be used to create and edit highly sophisticated graphics.
“Source code” is the code from which software is created via a programming language. In order to run software, it is necessary to create a program from the source code. Reference
OSI “OSI” is an organization whose purpose is to promote OSS. OSI defines the terms under which programs are distributed as OSS. Abbreviation for “Open Source Initiative.”
Computer system
2
Source Code
Chapter 8
• Allows users to redistribute freely. • Allows distribution of the source code. • Allows distribution of derivative software. • Protects the integrity of the original source code. • Does not discriminate against individuals or groups. • Does not discriminate against the field of use. • Does not require an additional license to redistribute. • No dependency on specific software. • No limitation on other software distributed on the same media. • No dependency on a specific technology or interface.
Reference
Other examples of published OSS include the “Linux” OS and “MySQL” database management system.
222
8-4
Hardware 8-4-1 Hardware
Reference
Hardware “Hardware” refers to the actual devices that make up a personal computer.
There are many types of typical hardware that make up a computer. Understanding these types and their characteristics enable hardware to be used effectively for work. 1
Computer
Computers can be organized into various categories based on their performance, purpose, shape, and size. (1)Types of computers Computers were originally developed for the purpose of performing science and technology calculations. Subsequent advancements in technology have led to the spread of computers to all kinds of fields. Modern day computers are now used for a wide variety of purposes in not only corporations and research institutes, but in homes and schools as well. Computers are categorized by performance and purpose as summarized below. Type
Reference
Microcomputer A “microcomputer” is an ultra-small computer system that is intended for integration into equipment used for control purposes. It was originally used to refer to a computer system that is centered on a microprocessor.
223
Description
Applications
Supercomputer
A computer that offers the fastest speed and highest performance for high-speed processing such as science and technology calculations.
Weather forecasting, air traffic control, aerospace development, etc.
General purpose computer
A computer that is designed to be used for both office processing and science and technology calculations. Also referred to as a “mainframe.”
Train seat reservations, online bank deposit systems, etc.
Office computer
A specialized computer used for office processing in corporations. Also referred to as a “business server.”
Inventory control, sales management, etc.
Workstation
A high-performance computer used for specialized work. A workstation is categorized as either an “EWS ( Engineering Workstation)” used for applications such as CAD/CAM and science and technology calculations, or an “office workstation” used for applications such office processing and information management. Workstations are mainly connected to LANs and used as servers. Workstations can also include high-end personal computers with high-performance processing.
Software development, CAD/CAM, servers, etc.
(2)Types of PCs (Personal Computers) Computers can be categorized into several types according to their layout and size as summarized below.
Reference
PC Abbreviation for “Personal Computer.”
Characteristics Type Desktop
Description
A personal computer unit that stands upright and is relatively large.
Slimline
A slim personal computer unit that takes up less space.
All-in-one
A personal computer unit that is integrated with a display.
Laptop
A portable personal computer that is equipped with a full keyboard, and can be directly supplied with 100V/200V AC electric power (without an AC power adapter). It gets its name from being able to sit on top of a lap and be used. A slimline desktop personal computer that uses an LCD display can also be considered a laptop. In the West, notebook computers are often called laptops.
Notebook
A personal computer that can be folded like a notebook with an emphasis on portability, and is equipped with an LCD display and keyboard that are built into the unit. Notebook computers come in A4 and B5 sizes, as well as even smaller sub-notebooks.
PDA
A palm-sized personal computer, also referred to as a “palmtop” computer. Mainly used to manage personal information such as addresses and schedules. Usually equipped with built-in Internet connectivity.
High
High
Reference
Rack-mount server A “rack-mount server” is a server with a flat layout designed to be mounted on a rack. Rack-mount servers are suited for keeping and organizing multiple servers. Each server requires their own power supply and cabling. Reference
Blade server A “blade server” is a server in which multiple thin servers are mounted on a specialized chassis, and is suited for processing large amounts of data. The multiple servers are constructed extremely thin, and can share a power supply and cabling. This enables it to take up even less space than a rackmount server and use less power.
Small
Low
Computer system
Tower
Large
Power consumption
Chapter 8
A personal computer used in a fixed location such as on a desk. Also referred to as a “stationary computer.” Broadly categorized into tower, slimline, and all-in-one types.
Size Expand(Weight) ability
Low
224
2
Input devices
“Input devices” are devices used to assign instructions and data to a personal computer. Several types of input devices are summarized below. Type
Reference
Nam
Input device for characters and numbers
Keyboard
A standard device for inputting characters, numbers, and symbols, by pressing the keys positioned on the keyboard.
Pointing devices
Mouse
A typical pointing device for inputting positional information such as icons, by rotating a mouse ball to move the pointer on the screen. There is also an “optical mouse” that detects reflected light to gauge the amount of movement.
Trackball
A device for inputting positional information such as icons, by rotating a ball using the fingers.
Trackpad (Touchpad)
A device that moves a mouse pointer by brushing a finger against a flat, plastic surface. It detects changes in capacitance when a finger brushes against the trackpad. Unlike a trackball or mouse, no mechanical parts are used, making it resistant to breaking. Mainly used on notebook computers.
Pointing stick
A device that moves a mouse pointer, by using a finger to apply pressure forward/backward/left/right against a stick that protrudes from the middle of a keyboard. The speed at which the mouse pointer is moved can be typically controlled by adjusting the force used to press the stick. Mainly used on notebook computers. Names vary by manufacturer.
Digitizer/ tablet
A device that uses a coordinate indicator to input a position on a flat surface. It is used to input design plans and drawings. A “tablet” is a small version of this device that is used on desk. A “stylus pen” is used for input.
Touch panel (Touch screen)
A device that inputs data by touching the fingers against icons or buttons shown on the display. Used for bank ATM and library information displays, etc.
Pointing device A “pointing device” broadly refers to a device that inputs positional information (coordinate information) for the screen. Reference
Stylus pen A “stylus pen” is an input device that is shaped like a pen. It is used to input graphic objects and characters on a tablet or PDA.
Description
Trackball
Trackpad
Pointing stick
225
Type Image input device
Description
Image scanner
A device that captures photographs, pictures, printed materials, and handwritten characters as digital data. There are “flatbed”, “sheet feeder”, and “portable” scanners.
Digital camera
Similar to a regular camera, it photographs scenery and people, but captures the images as digital data.
Barcode reader
A device that optically reads barcodes placed on products and other items. Used as an input device for POS terminals. There are “stationary” and “portable” barcode readers. A device that optically reads handwritten characters and printed characters. OCR for personal computers read images with an image scanner, and use OCR software for character recognition.
OMR (Optical Mark Reader) device
A device that optically reads marks that are darkened with a pencil on an answer sheet.
Sound input device
A device that uses a microphone to input data or operate a personal computer by voice.
Handwritten character input device
A device that reads characters that are handwritten on a flat device. Can also be used in place of a mouse to input positional information. Used on electronic personal organizers and notebook computers.
Magnetic card reader
A device that reads information from magnetic stripes attached on magnetic stripe cards such as credit cards and debit cards.
OCR Abbreviation for “Optical Character Reader.” Reference
OMR Abbreviation for “Optical Mark Reader.” Reference
CCD A “CCD” is a semiconductor device that converts the intensity of light called a “light-sensitive element” or “pixel” into an electrical signal. Devices such as digital cameras use an array of multiple CCDs to convert and store changes in light, into independent electrical signals for each pixel. CCDs with a higher number of pixels produce more detailed images. Abbreviation for “Charge Coupled Device.”
Computer system
OCR (Optical Character Reader) device
Reference
Chapter 8
Other input devices
Nam
Barcode reader
Image scanner
OCR
226
3
Output devices
An “output device” is a device that retrieves information from within a computer in a manner that is easy to understand for humans. Typical output devices for personal computers are a “display” and “printer.” (1)Display Several types of displays are summarized below. Reference
CRT
Type CRT display
A display device that uses a CRT (Cathode Ray Tube). It comes in a variety of sizes such as 15-inch, 17-inch, and 21-inch, and basically uses the same principles as a CRT television. Although it has a high display performance, it has disadvantages such as high power consumption and the large size of the device itself.
LCD display
A display device that uses LCD (Liquid Crystal Display) technology. It ranges in size from 10 inches to around 60 inches, and employs the property of liquid crystals (light transparency changes when voltage is applied) to display images.
OLED (Organic Light- Emitting Diode) display
A low voltage drive and low power consumption display device that emits light when voltage is applied. It gets its name from the use of luminescent organic molecules such as diamine and anthracene. The low voltage drive, low power consumption, and the ability to produce thin displays make it possible to use it in the same way as an LCD display.
Abbreviation for “Cathode Ray Tube.” Reference
Pixel A “pixel” is the smallest unit of an image, and indicates a point on a display. Also referred to as a “dot.” Reference
Multiscan display A “multiscan display” refers to a display that supports multiple resolutions. The resolution can be changed to suit the application.
Characteristics
(2)Printer Printers are categorized by the unit used to print characters and other information on paper, and divided into “page printers” and “serial printers.” A page printer stores the printing pattern for a single page in the printer memory, and prints the page all at once. In contrast, a serial printer prints one character at a time. Several types of page printers and serial printers are summarized below. ●Page Printer Type Laser printer
Characteristics A printing device that uses a laser beam and electrostatic technology to deposit toner on paper. Printers primarily used in offices due to high speed and quality of printing.
Laser printer
227
●Serial printer Type
Reference
Characteristics A device that sprays ink droplets from nozzle tips onto paper. Printers primarily suited for consumer use due to low price and high quality of color printing.
Dot impact printer
A printing device that uses a set of pins that are driven forward to form the shape of a character. An ink ribbon is positioned between the paper and pins, and the pins hit the ribbon to transfer ink. Used for printing on carbon paper.
Thermal transfer printer
A printing device that uses thermal heat to transfer the ink from an ink ribbon. Some use thermal paper instead of an ink ribbon. This type is called a “thermal printer.” Many thermal transfer printers can also be used as thermal printers.
Plotter A “plotter” is a device for printing design plans and graphics. They are used to print drawings prepared by CAD or other software. There are various types of plotters including an “XY plotter” that prints by moving a pen in a horizontal and vertical direction, and an “electrostatic plotter” that uses the same principle as a laser printer for printing. There is also an “inkjet plotter,” which uses the same principle as an inkjet printer for printing. Reference
Inkjet printer
“PostScript language” is a page description language for printers, and it is used to coordinate the printer controls and printing content.
The units used to evaluate the performance of a printer are summarized below. Unit dpi
Description Indicates the number of dots per inch (approx. 2.5cm) in a straight line. Used as a unit to indicate the quality of a printer or image scanner. The higher the number, the greater the resolution. Example: 600dpi over a square inch works out to 600 x 600 = 360,000 dots.
ppm
Indicates the number of pages that can be printed per minute. Used as a unit to indicate the printing speed of a page printer.
cps
Indicates the number of characters that can be printed per second. Used as a unit to indicate the printing speed of a serial printer.
Computer system
PostScript language
Chapter 8
Inkjet printer
Reference
dpi Abbreviation for “dot per inch.” Reference
ppm Abbreviation for “page per minute.” Reference
cps Abbreviation for “characters per second.” Reference
cpi “cpi” is a unit that expresses the number of characters that can be printed in one inch. Abbreviation for “characters per inch.”
228
8-5
Chapter quiz
*See page 13 in the “Answers and Explanations” booklet for the correct answers.
8-1
In the basic configuration of PCs shown below, which of the following combinations of functional units corresponds to the rectangular boxes 1 through 3? 1
Flow of instructions Flow of data, including programs
Auxiliary Storage
2
Input
8-2
Output
1
2
3
a
Control unit
Processing unit
Main memory
b
Main memory
Control unit
Processing unit
c
Main memory
Processing unit
Control unit
d
Processing unit
Main memory
Control unit
Which of the following is always required so that software can run on a PC? a) b) c) d)
229
3
Keyboard Network Printer Memory
8-3
Which of the following is the memory used in SD cards? a) b) c) d)
8-4
Among the connection interfaces for PCs and peripheral devices, which of the following uses electromagnetic waves for the transmission of signals?
Client/server Streaming Peer-to-peer Mailing list
Computer system
Which of the following is the configuration where the computers connected to the network use resources of each other, such as data, on equal terms? a) b) c) d)
8-6
Bluetooth IEEE 1394 IrDA USB 2.0
Chapter 8
a) b) c) d)
8-5
CD-ROM DRAM SRAM Flash memory
Which of the following is the most appropriate processing that should be performed by the server in a client/server system? a) b) c) d)
Processing to check the format of input data Processing to display pull-down menus Processing to preview printing results Processing to update databases
230
8-7
For improvement in system reliability, there are a measure to prevent failures and a measure to continue operating the system even if a failure occurs. Which of the following is a measure to continue operating the system even if a failure occurs? a) b) c) d)
8-8
Which of the following is the appropriate description concerning an OS that runs on PCs? a) b) c) d)
8-9
Replacing with the devices that do not fail easily Configure redundant devices that constitute the system Preparing an operation manual to prevent operators from performing incorrect operations Performing operations incorporating the scheduled maintenance for the devices
Software that manages hardware and applications on a PC Software for viewing Web pages Software for transmitting and receiving e-mail Software for creating and editing documents
In the hierarchical structure shown in the figure, two or more directories with the same names A and B are located. Which of the following specifies file “f ” in the directory indicated by an arrow from the directory with the “*” (current directory)? Here, the file specification method is as follows: [Specification method] (1) Like “Directory name\... \directory name\file name”, place the directories on the path by using “\” as a delimiter in correct order and then place “\” and the file name. (2) Indicate the current directory with “.” (one dot). (3) Indicate the parent directory (one level up within hierarchy) with “..” (two dots). (4) When it begins with “\”, the root directory is omitted at the left end. Root
A B*
A A
a) b) c) d)
231
B ←
.\B\f ..\..\B\f ..\A\..\B\f ..\B\f
A B
B
8-10
When important files are replicated in preparation for possible hard disk failures, which of the following is the most appropriate method?
8-11
Which of the following is the purpose of using a multimedia authoring tool?
8-12
Which of the following is a characteristic of open source software? a) b) c) d)
8-13
Computer system
a) It is used for creating multimedia content combining materials, such as images, sounds, and characters. b) It is used for building the network environment that handles multimedia information, including images, sounds, and characters. c) It is used for searching for multimedia information, including images, sounds, and characters on the Internet. d) It is used for building the database that consists of multimedia information, including images, sounds, and characters.
Chapter 8
a) Replicating the files on a different hard disk, attaching version numbers to the file names ) b Finding the available hard disk space for every operation to place replicated files there ) c Replicating the files with the same file name on the hard disk used for the last replication ) d Replicating the files with different file names on the same hard disk as that storing them
All copyrights are waived. A warranty is available in case of problems. Only one copy may be made for the purpose of backup. The source code can be obtained.
Which of the following is the advantage of using open source software? a) b) c) d)
It can be used free of charge, including support. There are no restrictions on modifying the source code. Security is assured because there are no vulnerabilities in the software. It can run on every operating system.
232
8-14
Which of the following is the input device that detects the moving direction and distance and reflects it on the cursor movement on the screen? a) b) c) d)
8-15
Keyboard Touch panel Bar code reader Mouse
A disk is labeled 1 through 6 clockwise around the outer edge. The disk spins clockwise and completes a cycle once every 6 seconds. The disk is in a dark room, and only the portion on top (outlined with a dotted line here) is illuminated for a moment by a spotlight at a flashing interval of a specified period of time. Which of the following patterns of numbers can be seen when the spotlight is set to flash every 5 seconds?
6
2
5
1
3
4
a) b) c) d)
233
1, 2, 3, 4, 5, 6 1, 3, 5, 1, 3, 5 1, 4, 1, 4, 1, 4 1, 6, 5, 4, 3, 2
Chapter
9
Technology element Chapter 9 examines the characteristics of human interfaces and multimedia technology, basic knowledge about database design and networks, as well as security measures and other aspects.
9-1 9-2 9-3 9-4 9-5 9-6
Human interface................................. 235 Multimedia.......................................... 240 Database............................................ 247 Network.............................................. 258 Security.............................................. 279 Chapter quiz....................................... 301
9-1
Human interface 9-1-1 Human interface technology A “human interface” is the point of contact between a human and a computer. Specifically, it refers to the layout of the screen, form, and methods of operating the computer when the system is used. During the systems architecture design stage of system development, it is important to create a human interface that considers ease of use from the user’s perspective, and it is necessary to learn the techniques and procedures for designing such an interface. 1
GUI
A “GUI” is a human interface that makes heavy use of graphics to present information visually, and enables basic operations to be performed by using pointing devices such as a mouse. The elements that comprise a GUI are summarized below. ①Window
②Menu
bar
Reference
Help function The “help function” is an operational guide that provides on-screen instructions for system operations and other tasks.
③Text ④Radio
box
button ⑤Pull-down
menu
⑥Check box ⑦Command button
*The above screen is an example from Windows Vista. ① Window .....................Small,
stand-alone screen provided within the operational screen. Text and images are displayed here. ② Menu bar ..................Displays menu names. When a menu name is selected, a list of corresponding commands is displayed.
235
③ Text
Interface design can be broken down into “screen design” and “form design.” Screen design
Designs screen items and layout for data entry, and keyboard and mouse operations, etc.
Form design
Designs layout for pages and source documents, and contents to be printed, etc.
Reference
Technology element
9-1-2 Interface design
Chapter 9
box ....................Text and number data is entered here using the keyboard. ④ Radio button .............One item is selected from a list of several. If a different item is selected, the previous one will be unselected automatically. ⑤ Pull-down menu .......Displays the selected menu by opening downward on the screen from the menu heading. ⑥ Check box .................Applicable items are selected from a list of several. Either a single item or multiple items can be selected. Alternatively, each individual item may have an ON and OFF option to select from. ⑦ Command button .....Performs the corresponding action when selected. List box .....................One or more items are selected from a list of several. Effective when there are more items than will fit in a radio button or check box list. Icon............................A picture or symbol representing a file or command. Can be used to launch applications, open files, etc. Pop-up menu ............A menu displayed in an arbitrary place on the screen while preserving the current contents. Also referred to as a “short-cut menu.”
Source document A “source document” is a form for prefilling the data to be entered on the computer. The necessary items, boxes, etc. are printed to make it easier to fill out. Reference
Points of consideration for interface design ● Clarify the purpose of the data to be printed and the items included. Next, clarify what data must be entered for it to be printed. ● Clarify whether the user of the input screen or recipient of the form is an employee or customer, and adjust the format accordingly. ● Select an appropriate human interface according to user proficiency. ● Select the input/output device according to the contents. ● Minimize the response time and turnaround time, and take steps to ensure that a long time is not spent waiting for the data to be processed. ● Clarify how to deal with erroneous operations and system failures. ● Take steps to ensure that the data entered is not leaked outside the company.
236
1
Screen design
The input screen is the interface most used in a system by users. An easy-to-use input screen should be designed from the standpoint of the user. The procedures for designing an input screen are as follows. Reference
Function key A “function key” is a key on the keyboard that has been assigned a specific function. Also referred to as a “PF key.” Depending on the type of keyboard, they may be given labels such as “PF1” or “F1.”
Reference
Default value A “default value” is a value that has been pre-set. When entering data, the default value can be overwritten.
Screen standardization
Standardize the items common to each of the screens such as the position of the title and function key assignment.
Screen systematization
Design the flow and hierarchical relationship between related screens. After the screens have been systematized, create a “screen hierarchy chart” and “screen transition chart.”
Screen item definition and layout design
Decide on the position of items on the screen, default values, input methods, etc.
Example: Conference room reservation system screen design Screen hierarchy chart Main
Reference
Main The “main” screen is the first screen that is displayed when using the system. All available functions are listed in the form of a menu. For this reason, it is also called the “main menu.”
Reservation
Cancelation
Inquiry
Event exhibition information
Availability
Screen transition chart Availability Reservation Main Inquiry Cancelation
237
Event exhibition information
··· Shows that the screen can be moved
●Points of consideration for screen design The points of consideration for screen design are as follows. • Have it move from left to right and top to bottom so that the flow of input is natural. • When there are a large number of options, group them together or use some other means to make the selection easy. • Establish rules for color usage. • Provide an operational guide (help function) for users not familiar with the operations. • According to purpose of use, make it possible to use other input devices other than a keyboard (barcode reader, touch panel, scanner, etc.).
2
Form design
Standardize the elements common to each of the forms such as the position of the title and the number of lines per page.
Layout design
Design the layout of each of the items.
Selection of printer and paper
If the form is to be printed, select the printer and paper according to the purpose of use.
●Points of consideration for form design The points of consideration for form design are as follows. • Place items that are common to all the forms in the same location. • Include only the bare minimum information. • Use commas for every three digits to make numerical data easy to read. • Use tables, graphs, diagrams, etc. in the layout according to purpose. • Make considerations for special output such as barcodes according to purpose.
Technology element
Form standardization
Chapter 9
Forms used on a daily basis need to be designed in such a way that they are easy for anyone to use. The procedures for designing forms are summarized below.
Reference
WYSIWYG Abbreviation for “What You See Is What You Get,” meaning that what is printed will be the same as the on-screen display.
238
3
Web design
It has become common practice for companies to set up their own Web pages and transmit information via the Internet. As Web pages are seen by so many people, it is not an exaggeration to say that the quality of the Web page’s design can make or break the company’s image. Web pages are also places to search for information on companies and submit inquiries. It is important for Web pages to be designed in such a way that they are easy for anyone to use. ●Considerations for Web design Reference
Style sheet A “style sheet” sets various style formats for a Web page that defines settings such as font style and size, background, and margins. A style sheet can be used to comprehensively manage a Web page, making it possible to not only set and make changes efficiently, but maintain the overall volume of the website. Reference
Usability “Usability” refers to ease of use for a user. It is an indicator for designing a user-friendly and easy-to-use Web page. Reference
Web accessibility “Web accessibility” refers to the availability of the desired information and services on the website to everyone, including the elderly and disabled. Reference
Information accessibility “Information accessibility” refers to the removal of obstacles that get in the way of using information devices so that information can be accessed without difficulty. In general, if a device is easy to use or a screen is easy to see for people with disabilities or special needs, it will likely be easy to use or see for all users.
239
• Use a style sheet and standardize the colors and design. • Keep use of images to a minimum and make the operations stress-free. • Avoid functions that only work on certain Web browsers and make sure the site renders properly on all browsers.
4
Universal design
“Universal design” is an approach that involves designing products, equipment, facilities, and living spaces in such a way that they can be used by anyone regardless of nationality, culture, gender, age, or physical ability. Some examples include vending machines that have the product dispenser in the middle, and elevators that are entered on one side and exited on the other. These designs provide ease of use to everyone and are not limited to those in wheelchairs or those with large luggage. This universal design approach is said to have first been proposed by Ronald Mace, a professor at the University of North Carolina in the United States, in 1985. The key point is that the target is all persons and is not limited to the elderly or people with disabilities. It is important to imagine being in the user’s shoes and make designs that are accessible to as many people as possible by eliminating any inconveniences.
9-2
Multimedia
9-2-1 Multimedia technology “Multimedia” refers to the combined use of various types of data in addition to letters and numbers, including static images, video, and audio. With advances in computer technology, the use of data such as static images, video, and audio files has become increasingly common. After converting this analog data into digital data according to certain rules, it is used in “Web content”, “hypermedia”, “streaming”, and other media.
Multimedia file types
Multimedia includes static images, video, and audio.
File type Extension
Characteristics
JPEG
.jpg .jpeg
A file format for compressing and storing static images. It supports 24-bit full color (16.77 million colors) images and is suited for photographs and other data that includes a wide range of colors. It is used as the image format for digital cameras and other devices. It employs lossy compression so there is deterioration in quality. The compression rate can be changed.
GIF
.gif
A file format for compressing and storing static images. It supports 8-bit color (256 colors) images and is suited for graphics and other data with limited color variation. It employs lossless compression, so there is no deterioration in quality. The compression rate cannot be changed.
BMP
.bmp
A file format for storing static images as a collection (or map) of dots. The images are not compressed, so the size of the file is relative to the size of the image and the number of colors. It is a standard format on Windows.
TIFF
.tif .tiff
A file format for storing static images. It was developed by Microsoft and Aldus (now Adobe Systems) and can save image data of different formats. Attribute information on the recording format is placed in what is called a “tag” at the top of the image data, and the image is rendered according to this information, so it can record images regardless of resolution, number of colors, etc. The user can also choose whether or not to compress the data. It employs lossless compression, so there is no deterioration in quality.
PNG
.png
A file format for compressing and storing static images. It supports 48-bit color images. It employs lossless compression, so there is no deterioration in quality.
“Web content” is a generic term that refers to information and data accessed on Internet browsers, including static images, video, audio and text. Reference
Hypermedia “Hypermedia” is used as a logical extension of the term “hypertext,” which applies to text, and is a media format that links text, images, audio, and other objects together in an easily accessible manner. Reference
Streaming “Streaming” refers to a technology for efficiently distributing and playing back audio files, video, and other Web content. The data is played back while it is being downloaded, so the user does not need to wait for the download to complete. It makes it easier to watch videos and listen to music on the Internet.
5 TechnologyChapter element
●Static images The types of static image formats and their characteristics are summarized below.
Web content
Chapter 9
1
Reference
Reference
PDF “PDF” is a file format created by Adobe Systems’ Acrobat software. When converting documents created using word processing software into PDF format, the data can be compressed to reduce the file size. For this reason, it is widely used for distributing electronic documents. PDF files cannot be edited using the original software. Abbreviation for “Portable Document Format.” Reference
Compression rate “Compression rate” refers to the ratio of data compression. The higher the compression rate, the smaller the file size.
240
Reference
JPEG Abbreviation for “Joint Photographic Experts Group.”
●Video The types of video formats and their characteristics are summarized below. File type
Extension
MPEG
.mpg
Reference
GIF Abbreviation for “Graphics Interchange Format.”
Characteristics A file format for compressing and storing video. It is an international standard data format for color video and audio. There are three different MPEG formats. MPEG-1
Used for CDs (Video-CD), DAT, hard disks, and other media that have a data transfer speed of around 1.5 Mbps. Data is compressed and decompressed by software. Image quality is comparable to VHS videos.
MPEG-2
Used for DVDs (DVD-Video), digital satellite broadcasts, etc. that have a data transfer speed of several Mbps to several dozens of Mbps. Data is compressed and decompressed by hardware. Image quality is comparable to HDTV.
MPEG-4
Used for mobile communication devices (such as mobile phones), video conferencing systems, etc. that have a data transfer speed of several kbps to several dozens of kbps.
Reference
PNG Abbreviation for “Portable Network Graphics.” Reference
Capture card A “capture card” is an extension card that can import video signals from VCRs and other devices, and convert them into digital data (video) that can be viewed on a computer. Reference
MPEG
SWF
.swf
The video file format created by Macromedia’s ( now Adobe Systems) Flash software. Widely used on the Internet for animated video files. A plugin (Adobe Flash Player) is required to playback video.
AVI
.avi
A standard composite file format for videos and audio used on Windows. Software called “CODEC” that supports the various video and audio compression formats is required to play AVI files.
QuickTime
.mov
A video file format created by Apple. Widely used not only on Macintosh, but also Windows computers. These files provide simultaneous support for various compression and decompression systems not only for audio and video, but also for text.
Abbreviation for “Moving Picture Experts Group.”
241
●Audio The types of audio formats and their characteristics are summarized below. File type MP3
.mp3
WAV
.wav
.midi
ATRAC3
.at3
A file format for compressing and storing audio data using the part of MPEG-1 that controls sound. The data can be compressed to about 1/10 the size of a music CD (compression rate can be specified). It is used on portable music players and used to distribute music over the Internet. A file format for storing raw audio sampling data in the same way as CD audio. It is used as the audio data format on Windows computers. When exporting audio files from CDs to Windows computers without compression, they are exported in WAV format. As data is not compressed, the size of data is large. A file format for compressing and storing audio used as a standard on Windows computers. The data can be compressed to about 1/20 the size of a music CD (compression rate can be specified). It is used on portable music players and used to distribute music over the Internet. A file format for storing musical data such as pitch, loudness, and tone. It is used to play data created using electronic instruments (synthesizers and sound generator units) on a computer or network karaoke. A file format developed by Sony for compressing and storing audio. It is an improvement of “ATRAC,” currently used in MDs, designed for use with Sony memory sticks.
Compression and decompression of information
When attaching large data such as multimedia files to e-mail or publishing it on a Web page, it is common practice to “compress” it. The size of the file can be reduced by compressing the data. Several files can also be put together into one, enabling data exchange to be simplified. “Decompress” refers to returning compressed data to its original state. Compression/decompression software is used to accomplish this task. The following are examples of data compression formats. File type Lzh
Zip
Extension .lzh
.zip
Characteristics Format of files compressed with LHA (file compression software). The compressed data can be decompressed and completely restored to its original state. Format of files compressed with file compression software developed by PKWARE. The compressed data can be decompressed and completely restored to its original state.
Reference
MIDI Abbreviation for “Musical Instrument Digital Interface.” Reference
ATRAC3 Abbreviation for “Adaptive TRansform Acoustic Coding 3.” Reference
AAC “AAC” is a file format developed by Apple for compressing and storing audio. Abbreviation for “Advanced Audio Coding.” Reference
SDMI “SDMI” is a file format standardized by a foundation established to protect digital music copyrights and used on mobile music players. It is used as a format for music files distributed over the Internet. Abbreviation for “Secure Digital Music Initiative.”
Technology element
MIDI
.wma
Characteristics
Abbreviation for “MPEG-1 Audio Layer-3.”
Chapter 9
WMA
2
Extension
Reference
MP3
Reference
Archive An “archive” is a collection of files that have been packaged together. Archives are used to free up space by compressing large files, or distribute multiple files as a single package. Reference
Lossy compression “Lossy compression” is a method of data compression in which the compressed images and other files cannot be completely restored to their original state when decompressing the archive. Reference
Lossless compression “Lossless compression” is a method of data compression in which the compressed images and other files can be completely restored to their original state when decompressing the archive.
242
9-2-2 Multimedia application Multimedia technology and graphics processing are applied and utilized in various fields. 1
Graphics processing
“Graphics processing” is a task involving the display, processing, and storing of loaded images. In order to implement graphics processing, it is necessary to have an understanding of color and image quality. (1)Color representation “RGB” and “CMYK” color models are used for displaying color on display devices and for printing in color. ●Three primary colors of light (RGB) When displaying color on display devices, a single dot is comprised of the three colored lights Red (R), Green (G) and Blue (B). All colors are reproduced by adding together R, G and B light in varying degrees. When all three are combined, white is produced. When all three are at zero intensity, black is produced. Three primary colors of light (RGB)
Red (R) Yellow
Magenta
White Green (G)
Cyan
Blue (B)
●Three primary process colors (CYMK) When printing in color, the colors are created by mixing Cyan (C), Magenta (M), and Yellow (Y). When C, M, and Y are mixed, black is produced. For a solid black, Black (K) is added to create CMYK ink. Three primary process colors (CYMK) Black (K) Cyan (C) Blue
Magenta (M)
243
Green
Red
Yellow (Y)
●Three elements of color Colors are comprised of the three elements “hue”, “brightness”, and “saturation.” These three elements can be adjusted to produce various effects such as color uniformity or accented colors. Element
Description
Hue
The color as described by wavelength. Each hue is represented on the “color circle.”
Brightness
The intensity of the color. The higher the brightness, the whiter the color. The lower the brightness, the blacker the color.
Saturation
The amount of color displayed. The higher the saturation, the deeper the color. The lower the saturation, the duller the color.
(2)Image quality Image quality is determined by pixels, resolution, and contrast. Chapter 9 Technology element
●Pixel A “pixel” refers to the dots that comprise an image and is the smallest single component of the image. The higher the number of pixels, the larger the data. ●Resolution “Resolution” is a value that expresses the number of pixels per inch and is a measure of the detail and smoothness of the image. The higher the resolution, the more natural and attractive the image. The lower the resolution, the blurrier the image. ●Contrast “Contrast” refers to the gradation of colors, and is a measure of the image detail. The higher the contrast, the smoother the image. The lower the contrast, the clearer the colors. (3)Graphics software Graphics software that handle images include “painting” and “drawing” software. Painting type
Drawing type
Reference
Image category
Luster
Vector
Luster and vector
Characteristics
Pictures can be painted on the computer much like painting on a piece of paper or canvass, but the image is actually saved as a collection of dots. There are slight differences between various software applications, but they all feature intuitive tools.
Pictures are drawn by combining lines and curves into different shapes like circles and squares. The picture is smooth even when enlarged.
Typical software
Paint, Adobe Photoshop, etc.
Adobe Illustrator, etc.
“Luster” refers to images created with a collection of small colored dots. “Vector” refers to images that appear as if they were drawn with a pencil; several point coordinates called “anchors” are created, and the images are produced by connecting the anchors with lines, applying color to areas enclosed by lines, etc.
244
2
Multimedia technology applications
Graphics processing is an applied technology for multimedia expressions. Graphics processing involves the use of computers to create images and videos, and add sound and other effects to artificially create a sense of realism. It is used in games and other forms of entertainment as well as various professional training programs. The typical forms of graphics processing are summarized below. Reference
CG Abbreviation for “Computer Graphics.”
Reference
VR Abbreviation for “Virtual Reality.”
245
(1)Computer graphics (CG) “Computer graphics” refers to the technology for processing and generating images and videos using a computer or the images and videos themselves. Computers are used to create images of imaginary objects and scenes, or to add special effects. Computer graphics can be either two- or three-dimensional representations. Two-dimensional representations are used in tablet paintings, photographic image processing, etc. Three-dimensional representations are used to create virtual worlds for video games, simulations of future urban landscapes, CAD-based industrial designs, etc. (2)Virtual reality (VR) “Virtual reality” refers to the technology for creating an artificial (virtual) reality by combining computer graphics with sound effects. People can experience virtual realities like far-removed worlds, past and future locations, etc., as if they were actually there, while not setting foot outside their current location.
(3)Computer simulation “Computer simulation” involves using a computer to simulate an event of some kind. Creating various simulated situations enable results to be realized that are otherwise unattainable using actual theories or experiments. For example, it can be applied to predict damage from building fires, or the effects of global warming on climate. The hardware and software used to perform computer simulations are called a “simulator.”
“Interlaced display” refers to a method of dividing the image display operation into two parts and displaying a complete image only when the second part is displayed. It controls flickering when displaying moving images. For this reason, it is used in televisions. Reference
Non-interlaced display “Non-interlaced display” refers to a method of displaying a single, complete image all at once. On computer monitors and other display devices that often display static images and letters, the interlaced method tends to produce flickering and bleeding. As a result, most devices use a non-interlaced display.
Collage A “collage” is a composite picture created using a computer to combine pictures of scenes and people that were taken separately.
Technology element
Reference
Chapter 9
(4)CAD “CAD” is a system used when designing machines, buildings, electronic circuits, etc. With recent developments in computer graphics, CAD is now used in a variety of situations. Drawings used to be created by hand, but have now become digitalized, making them easier to edit, correct, and render into three-dimensional representations. In addition to floor plans and blueprints for buildings and design plans for automobiles, televisions and other mechanical products, CAD is used to prepare the basic CG data used in media such as commercials and video games.
Reference
Interlaced display
246
9-3
Database 9-3-1 Database architecture A database is a collection of various data (information) organized and stored in a single location according to a certain purpose. For example, product or customer information is collected and stored together in a database. Using a database enables business activities to be expressed from the perspective of information, and makes it possible to streamline those activities. 1
Characteristics of databases
A “database” is a collection of data organized for a certain purpose. In the past, data used in business activities was saved in files according to each program (process). In such a system, programs were created according to the data format. This resulted in the issue of programs not being able to respond flexibly to changes in the format of the data. To resolve this problem, databases were proposed. A comparison of traditional files and databases is shown below. Item
247
File
Database
Impact of changes to data format on program
Large
Small
Redundancy of data
Data is sometimes redundant on a task-by-task basis
No redundancy
Consistency between related data
Hard to maintain
Can be maintained
Sharing of data between tasks
Sharing is difficult
Sharing is easy
Data backup
Complicated
Simple and easy
2
Database models
There are several models of databases depending on the format in which the data is managed. The typical models are summarized below. ●Relational database Data is managed in tables. Multiple tables are linked by item values to build a database.
Reference
Characteristics of relational databases • Related data is managed in tables.
Student ID
Course name
Course name
Classroom
2001010
Mathematics 1
Mathematics 1
A103
2001021
English
English
B211
2001021
Mathematics 1
French
B211
2001021
French
→Easy for users to understand. • Tables are linked by saved “values.”
→Easy to extract the user’s desired data. Reference
B211
Mathematics 1
English
2001010
French
2001021
Technology element
A103
Relational databases are used as the basic model for E-R diagrams.
Chapter 9
Use of relational databases
●Network database Data is managed in a meshed format. Many-to-many parent-child relationships
●Hierarchical database Data is managed in a hierarchical structure. One-to-many parent-child relationships comprise the data. A103
B211
Mathematics 1
English
French
2001021
2001021
2001010
2001021
248
Reference
DBMS Abbreviation for “DataBase Management System.”
3
DBMS (DataBase Management System)
A database product (software) called a “database management system” is used to manage and manipulate databases. The role of database management systems is to structurally store data and maintain consistency so that the user can properly use the database at any time. The main functions of database management systems are summarized below. Database management system Database definition
Simultaneous processing (exclusive access control)
Log management
Operations management
Data manipulation
Recovery process (function)
Access management
Reorganization
Database
Function
Reference
Buffer A “buffer” is an area of memory used to store data temporarily.
249
Description
Database definition
Standardize the operations for defining the database structure, including tables, items, and indexes.
Data manipulation
Standardize data manipulation (search, insert, update, and delete actions) with respect to the database.
Simultaneous processing (exclusive access control)
Maintain data consistency so that even if multiple users manipulate the database simultaneously, no discrepancies arise in the data.
Recovery process (function)
Restore the data to the state it was in just before experiencing hardware or software issues.
Log management
Store and manage the log files necessary for the recovery process.
Access control
Set user privileges for the database so that users without privileges cannot access the data.
Operations management
Several management-related functions including database backups and restoration, storage status, and buffer status.
Reorganization
Resolve database fragmentation resulting from repetitive adding and deleting of data. Reorganizing the database improves the speed of data manipulation.
9-3-2 Database design When designing a database, it is necessary to consider points such as “data analysis”, “data design”, and “data normalization.” 1
Data analysis
Before creating a database, it is important to clarify what kind of task will be converted into database format, and what it will be used for. In order to design tables in a logical manner, printing results that correspond to the purpose, and the input items necessary to obtain those results are determined.
Determine what printing results are ultimately required and choose the input items accordingly.
Table design
Design the tables based on the selected input items. Link the tables with common items and have them reference the data as necessary. Categorizing the input items and dividing the tables enable the construction of a database that prevents redundant data entry, unnecessary disk usage, and input error. Data is normalized to design the table.
Technology element
Determining printing results and input items
Chapter 9
Clarification of purpose
Analyze the flow of work and clarify the purpose of the database such as sales or inventory control. Clarify details such as how the database will be used and by whom.
The key points in table design are summarized below. • Eliminate repetitive data. • Ensure that data is only registered once. • Do not save data obtained through calculation in the tables.
250
2
Data design
Databases manage data in “tables.” The table structure in databases is shown below. Column (field)
Customer table
Item name (field name)
Customer code
Customer name
Phone number
Location
A-1 B-1 A-20
Nanboku Denki Nihon Kogyo Iroha Denshi
03-3592-123X 06-6967-123X 078-927-123X
Tokyo Osaka Hyogo
Row (record) Primary key: Identifies each record in the table For example, if the customer code is specified, the corresponding customer name can be identified.
If managing multiple tables, a “relationship” should be considered. A relation refers to linking two tables according to “primary keys” and “foreign keys.” A foreign key is used when searching for data in a different table. For example, in the following two tables (order table and customer table), the order table does not contain the customer name. However, by linking the two tables using the customer code, the customer name can be obtained from the customer table based on the value for the customer code in the order table. In this case, the customer code in the customer table is called the primary key, and the customer code in the order table is called the foreign key. “Referential constraints” are used to prevent inconsistencies when setting foreign keys. For example, only a value that exists in a reference (primary key table) field can be entered in a field for which an external key has been set. Order table “Primary key” of order table Order No. 0001 0002 0003 0004
Order date 2008.10.02 2008.10.02 2008.10.02 2008.10.03
Customer table
“Foreign key” corresponding to customer table
Customer code Product name Volume W-type radio 30 A-1 X-type monitor 20 B-1 Y-type radio and cassette player 100 B-1 Z-type radio and cassette player 5 A-20
Items in the customer table can be referenced based on customer code
Customer code Customer name Nanboku Denki A-1 Nihon Kogyo B-1 Iroha Denshi A-20
Phone number 03-3592-123X 06-6967-123X 078-927-123X
Location Tokyo Osaka Hyogo
“Primary key” of customer table If a referential constraint has been set, records in the customer table corresponding to customer codes (B-1, for example) in the order table cannot be deleted, and the customer code itself cannot be overwritten. Also, records containing customer codes not found in the customer table cannot be added to the order table.
251
●Primary key An item set to differentiate rows from other columns in a table. Multiple items can also be combined and made a primary key. ●Foreign key An item in a table that is the primary key of another table. ●Referential constraint A constraint set to maintain consistency between tables by ensuring that values that exist in the foreign key also exist in the referenced primary key.
3
Chapter 9
●Index Created to speed up data searches. An index is created with respect to items within a table specified by the search conditions. Creating indexes speeds up database searches. However, indexes are updated when data is updated. If indexes are created indiscriminately, the processing speed will slow down.
Data normalization
• Eliminate redundancy of data stored in tables. • Set tables in a format that enables data to be manipulated using SQL statements.
Normalized tables are said to be in “normalized form,” and those that are not are said to be in “non-normalized form.” Examples of non-normalized form (grades table) Student ID 2001010 2001021
Name Iuchi
Department code Department name Course name Classroom R Department of Mathematics 1 A103 Science English B211 Nakahara K Department of Mathematics 1 A103 Economics German 2 C402
“Course name”, “classroom”, and “grade” in the grades table contain several items of data. These are called “repeating items.” This grades table is yet to be normalized and is in “non-normalized form.”
Grade A C B A
Reference
Normalization procedure For “Non-normalized forms” that include repeating items, normalization is performed in three steps. These are the first normal form, second normal form, and third normal form. Data redundancy is eliminated by completing all three steps.
Technology element
In order to use a database, it is necessary to determine a table format. At such time, the process of “data normalization” is performed. Data normalization is the process of dividing tables appropriately so that data is not duplicated. Normalizing data eliminates redundancy, making it easier to manage data, and enables the use of data for various purposes. Data normalization is a basic technique for building databases. The main purposes of normalizing data are summarized below.
First normal form Eliminate repeating items
Second normal form Move items dependent on part of the primary key to other tables
Third normal form Move items not dependent on the primary key to other tables
Repeating items = “Non-normalized”
252
9-3-3 Data manipulation Database management systems employ a standardized method of manipulation called “SQL” to define tables and search, insert, update, and delete data. Commands called SQL statements execute functions like data searches in an interactive fashion. SQL is standardized by ISO (International Organization for Standardization) and JIS (Japan Industrial Standards Committee), which allows for data to be handled without regard to the type of database management system. Extracting the necessary data from the database is called an “operation.” Examples of operations are “relational operations” and “set operations.” Reference
Data manipulation In addition to the three relational operations, the following are different kinds of data manipulation. Insert ·····Insert the specified record into the table. Delete ····Delete the specified record from the table. Update ···Update the specified record in the table.
●Relational operation A “relational operation” is an operation that extracts the desired data from a table. There are three basic relational operations. Project ·········Extract the specified item from the table. Select ···········Extract the specified record from the table. Join ··············Extract data that combines two or more tables by means of a certain item with the same value.
Relational operation example Select Customer code Customer name Rep code Ono 2051 A12 Tanaka 4293 B30 Harada 5018 A11
Customer code Customer name Rep code Tanaka 4293 B30 Extract only records where the customer code is “4293”
Project Customer code 2051 Extract only the 4293 customer code “item” 5018
Customer code Customer name Rep code Ono A12 2051 Tanaka B30 4293 Harada A11 5018
Rep code A12 A11 B30 B60
Rep name Suzuki Yamada Saito Yoshida
Rep name Suzuki Saito Yamada
Join data where the “rep code” is the same in a row In this case, the “rep code” is called a “join key”
Join Customer code Customer name Rep code Ono 2051 A12 Tanaka B30 4293 Harada 5018 A11
253
●Set operation A “set operation” is an operation that extracts data using the approach of joining two tables. The primary set operations are as follows. Union··················· Extract all data in two tables. Intersection ········ Extract shared data in two tables. Difference ··········· Extract data in only one of two tables.
Reference
Wildcard A wildcard can be used to specify conditions, enabling searches for partially matching strings. Examples of wildcards are listed below % ·· Matches any number of characters including zero _ ··· Matches a single character
Set operation example Purchase Table A
Purchase Table B Rep code C01 A12 B30 A11 D04
Union
Customer code Customer name 1311 Inoue Ono ・ 2051 Tanaka ・ 4293 1806 Mori 7745 Yagi 5018 Harada
Rep code C01 A12 B30 A11 D04 A11
A Inoue Mori Yagi
Rep code A12 B30 A11
B Ono Harada Tanaka
Records in both tables consolidated into one record
A
Intersection Data in Purchase Table A or Purchase Table B Customer code Customer name 2051 Ono 4293 Tanaka
Rep code A12 B30
Difference Data in Purchase Table A minus data in Purchase Table B (data only found in Purchase Table A) Customer code Customer name 1311 Inoue 1806 Mori 7745 Yagi
Rep code C01 A11 D04
Inoue Mori Yagi
B Ono Tanaka
A Inoue Mori Yagi
Technology element
Data in both Purchase Table A and Purchase Table B
Customer code Customer name 2051 Ono 4293 Tanaka 5018 Harada
Chapter 9
Customer code Customer name 1311 Inoue 2051 Ono 4293 Tanaka 1806 Mori 7745 Yagi
Harada
B Ono Tanaka
Harada
254
9-3-4 Transaction processing
Reference
Online transaction processing “Online transaction processing” is a process in which a client connected to a network sends a processing request to a server, and the server performs the task accordingly and returns the results to the client. Usually, there are many processes involved with updating the database (including adding and deleting data), and if processing is interrupted, inconsistency in the data will result. For this reason, reliability is required.
When manipulating a database, it is necessary to maintain database consistency using exclusive control, recovery functionality, etc. to handle referencing and updates to the data by multiple users. 1
Exclusive control
“Exclusive control” is a function that temporarily prevents data writing on the part of one user, when two are simultaneously attempting to update the same data in order to prevent inconsistencies from arising within the database. To restrict access, the database is “locked.” The consistency of the data can be maintained by restricting access. (1)Lock By “locking” the database, users can be prevented from using data that is being updated or referenced by another user. There is an “exclusive lock,” where both updating and referencing are locked, and a “shared lock (read lock),” where only updating is locked. In general, when performing an update process (insert, update, or delete), the database management system automatically applies an exclusive lock. When performing a reference process, the program can specify whether to apply a shared lock. [External data usage and lock status] Update Reference Delete Exclusive lock by other program Shared lock by other program
255
Exclusive lock
Shared lock
× × × × ×
× ○ × × ○
Example A store has 50 units of Product A in inventory and two people order Product A simultaneously, reducing the inventory ① Places order for 15 units of Product A
② Places order for 20 units of Product A
A
B
User A
User B Product A inventory
:Reference
:Update
Exclusive lock
50−15=35
×:Reference
50 units
:Reference
35 units
15 units
35−20=15
:Update
User B acquires exclusive lock
Chapter 9
Exclusive lock
Acquire exclusive lock to prevent referencing/updating by others
User B is made to wait during this time
Technology element
Acquire exclusive lock to prevent referencing/updating by others
(2)Transaction A “transaction” is a set of operations that should be completed as one unit. For example, the process of “placing an order for 15 units of Product A” is a transaction. Transactions are either accepted and completely processed, or rejected and not processed at all. If a transaction is completed successfully, the database is updated. However, if a transaction is interrupted and gets aborted, the database is not updated. This system maintains database consistency. 2
Backups in the event of failure
The database management system automatically writes updated information to a “log file” when an update process is executed on the database. The database and log file should be backed up regularly just in case hardware failure occurs. If hardware failure does occur, a backup makes it possible to exchange the hardware and restore the database up to the point where the log file was last backed up.
Reference
Log file A “log file” is a file that records activities that occur on a computer. It can be used to check who accessed the data on a server, when it was accessed, and what was done to it.
256
When an update process is executed, “pre-update” and “post-update” information is saved to the log file
Database
Log file (journal file) Pre-update information Post-update information
Backup
Ba
Database
② Back up database from specific point in time (save it)
3
ck
up
Log file
① Back up log file when it becomes full (save it)
Recovery process
The “recovery process” is the process of restoring the database to the state it was in when it was backed up or just before the trouble arose in the event of hardware or software failure. There are two types of recovery processes, “roll forward” and “roll back.” ●Roll forward “Roll forward” describes the method of restoring a database to the state it was in when the log file was backed up by using the database backup, and reproducing the processes listed in the log file in the event of hardware failure or other issues. ●Roll back “Roll back” describes the method of rewinding the data back to before the transaction, and starting again in the event an error occurs during a transaction.
257
9-4
Network
9-4-1 Network architecture A “network” is a form of using multiple computers by connecting them with a cable. A network provides the following functions that cannot be achieved by using a single standalone computer or personal computer.
Chapter 9
●Sharing of resources A network enables the sharing of software resources such as programs and data, and hardware resources such as storage devices and printers. Sharing data and other resources helps to improve the efficiency of work, and delivers other advantages such as cost reduction through sharing of hardware.
1
5 TechnologyChapter element
●Exchange of information In addition to exchanging data, it is possible to exchange text and voice messages, and multimedia information such as images and video. By exchanging information, it is possible to use a variety of expressive means to communicate, even from a remote location.
Types of networks
The types of networks are summarized below. (1)LAN (Local Area Network) A “LAN” is a network that is used to exchange information within a relatively confined area such as a single building, site, plant, or school.
Reference
LAN Abbreviation for “Local Area Network.”
3rd Floor Planning dept.
2nd Floor Sales dept.
1st Floor General affairs dept.
LAN
258
Reference
WAN Abbreviation for “Wide Area Network.”
(2)WAN (Wide Area Network) A “WAN” is a network that connects computers from remote locations or connects LANs, using communication service (line services) that are provided by a telecommunications provider. LAN
Tokyo head office
WAN
LAN
Osaka branch office
Communication line
Leased line, etc.
Reference
Provider Refer to “Chapter 9-4-3 3 Communication services.” Reference
Access point An “access point” is a connection point that is provided for Internet users by a provider. Users connect to an access point by various means such as a leased line, ISDN line, or phone line.
(3)Internet The “Internet” is a global system of interconnected networks comprising of LANs and WANs at corporations, and single computers in individual households. By using the Internet, it is possible to view Web pages and exchange e-mail. In addition, it is possible to transmit information across the globe by creating and publishing a personal Web page. Subscriber of provider Corporate network Server
Provider
Provider
Server Server
Corporate network Provider
Provider
Access point
2
Network components
In order to build a network, it is necessary to understand the typical network architectures and components that comprise a network such as networking equipment and devices.
259
(1)LAN topologies The type of connection for a LAN is called a “topology.” The three types of LAN topologies are summarized below. Topology Bus
Star
Ring
Advantages
Drawbacks
Computers and peripherals branch off from and connect to a single transmission path called a “bus.”
A failure with a computer has few ramifications on the network.
Difficult to identify the point of failure. Cost of building this type of network is relatively high.
Computers and peripherals radially branch out from and connect to line concentration devices such as hubs.
Easy to add and move computers.
A failure with a hub or other line concentration device stops the entire network.
Computers and peripherals are connected by a ring-shaped transmission path.
Easy to identify the point of failure.
A failure with even a single computer or transmission path stops the entire network. The cost of building this type of network is relatively high.
Star
Hub Refer to “Chapter 9-4-1 2 (3) LAN components.” Reference
Transmission path A “transmission path” is a path used for data communication. The width of the transmission path determines the amount of information that can be exchanged.
Technology element
Bus
Reference
Chapter 9
Description
Ring
(2)LAN standards There are various standards for LANs, each specifying a certain type of cable, topology, and access control. “Ethernet” is a typical LAN standard. ●Ethernet “Ethernet” is the most popular international standard specification for LANs. “Ethernet” was jointly developed by DEC, Intel, and Xerox, and was later improved by the IEEE 802.3 Committee. It has now become an international standard specification.
260
Reference
The types of Ethernet standards are summarized below.
Segment A “segment” is a unit of a LAN. It normally refers to the range of a single cable.
Type Standard
Reference
Gigabit Ethernet “Gigabit Ethernet” is a high-speed Ethernet standard that delivers faster communication speeds of one gigabit per second ( 1000Mbps ) . There are a number of variations for this standard including 1000BASE-T that uses twisted pair cable, and 1000BASE-LX that uses fiber optic cable. Reference
Switch A “switch” is a type of network device that connects networks, and refers to a line concentration device that houses twisted pair cable used for 10BASE-T and 100BASE-TX.
Fast Ethernet
“Fast Ethernet” is a high-speed Ethernet standard that delivers faster communication speeds of 100Mbps. There are a number of variations for this standard including 100BASE-TX that uses twisted pair cable, and 100BASEFX that uses fiber optic cable.
Gigabit Ethernet
Fast Ethernet
Ethernet
Reference
Transmission speed
Segment length
Topology
Type of cable
Connector
10 BASE5
10Mbps
500m
Bus
Coaxial (10mm diameter)
AUI
10 BASE2
10Mbps
185m
Bus
Lightweight coaxial (5mm diameter)
BNC
10 BASE-T
10Mbps
100m
Star
Twisted pair
RJ-45
100 BASE-TX
100Mbps
100m
Star
Twisted pair
RJ-45
100 BASE-FX
100Mbps
2km
Star
Fiber optic DSC
1000 BASE-T
1Gbps
100m
Star
Twisted pair
RJ-45
1000 BASE-CX
1Gbps
25m
Star
Twisted pair
RJ-45
1000 BASE-LX
1Gbps
550m
Star
MultiDSC mode fiber optic
1Gbps
5km
Star
SingleDSC mode fiber optic
1Gbps
550m
Star
MultiDSC mode fiber optic
1000 BASE-SX
*1Gbps = 1000Mbps
Reference
Backbone LAN A “backbone LAN” is a LAN for connecting multiple LANs in which computers are directly connected, operating them together as a single network. A backbone LAN must be fast and reliable, and have a large capacity.
AUI
BNC
RJ-45
DSC
Reference
Types of cables Refer to “Chapter 9-4-1 2 (3) LAN components.”
261
Application Connect computers
Connect high-speed computers or backbone Backbone LAN
Recently, the demand for increased network capacity and speed are on the rise, driven by the need to connect more computers to networks, and handle more data such as voice and image data. In some cases, computers that run software which demand faster performance are directly connected using Fast Ethernet. In addition, backbone LANs are increasingly using Gigabit Ethernet that delivers speeds of one gigabit per second (1000Mbps) over conventional FDDI (Fiber Distributed Data Interface) networks that deliver speeds of 100Mbps. ●Other LAN standards Several types of LAN standards are summarized below. Standard
Standards Method of Transmission organization transmission speed
FDDI
ANSI
Radio wave or infrared ray
1~11Mbps
A dual ring topology that is capable of data communication, even if there is an interruption in a cable. (The network normally operates one of the two rings.) Usable anywhere within the communication area, providing freedom of movement. Wireless LANs based on radio wave transmission are relatively unaffected by obstructing objects, with a transmission distance of around 100 meters. Wireless LANs based on infrared ray transmission cannot work around obstructing objects.
FDDI Abbreviation for “Fiber Distributed Data Interface.” Reference
ANSI ANSI is a private organization whose aim is to unify and develop standards for the US industry. Many ANSI standards have become de facto global standards such as ASCII code, SCSI, and FDDI. Abbreviation for “America National Standards Institute.”
Technology element
IEEE 802.11 committee
100Mbps
Reference
Chapter 9
Wireless LAN
Fiber optic cable
Characteristics
FDDI Dual topology using fiber optic cable Small LAN connected to backbone LAN Router
Backbone LAN Router
262
Reference
Precautions when installing wireless LANs A wireless LAN enables communication within the range of radio waves, which requires security considerations beyond that of a cable-based LAN. Authentication functions and communication encryption functions are often used to provide security.
●Wireless LAN Wireless LAN is a technology for building networks using radio waves or infrared rays. Since no cables are used, wireless LANs are used in places where the office layout is changed frequently, the wiring is complicated, or a tidier appearance is necessary. Since there are several wireless LAN standards, care must be taken to match the supported standards. If the standards are not the same, communications will not be possible. Several types of wireless LANs are summarized below. Standard
IEEE 802.11a
Frequency Transmission band rate
5.2GHz
IEEE 802.11g
54Mbps
Fast data rate. Uses higher frequencies and is sometimes affected by obstructing objects, but is resistant to noise as it uses a frequency that is not usually shared with other electronic equipment.
54Mbps
Fast data rate. Compatible with 802.11b. Low frequency band tends to be unaffected by obstructing objects. However, communication quality is inferior to 802.11a, as it uses a frequency that is often shared with other electronic equipment.
11Mbps
Technology is more affordable than high-speed standards. Low frequency band tends to be unaffected by obstructing objects. However, communication quality is inferior to 802.11a, as it uses a frequency that is often shared with other electronic equipment.
2.4GHz
IEEE 802.11b
Wireless LAN
Characteristics
Hub Wired LAN (Ethernet)
Access point
Access point
Wireless LAN (IEEE 802.11b)
263
(3)LAN components The network equipment required to build a LAN are summarized below. Equipment LAN board
Reference
Characteristics An expansion board for connecting a personal computer to a LAN. Also referred to as a “LAN adapter” or “NIC ( Network Interface Card).” The LAN and personal computer must support the same standard. A piece of equipment used to connect the LAN board installed on a personal computer to a coaxial cable for LANs that support the 10BASE5 standard. The transceiver provides functions such as sending and receiving between the personal computer and coaxial cable, and transmitting collision detection to the personal computer.
Hub
A line concentration device used for LANs with a star topology. Many hubs provide a repeater function. These are also called a “repeater hub.”
Cable
Provides a connection for computers and equipment that connect to a LAN.
Abbreviation for “Network Interface Card.”
Chapter 9
Transceiver
NIC
Cable
Reference
Characteristics
Coaxial cable
Comprised of a copper core surrounded by an insulating layer, which is in turn wrapped in a copper layer woven from fine copper wire. The cable is resistant to external noise. The diameter of the cable ranges from 10mm standard coaxial cable to 5mm thin coaxial cable.
Twisted pair cable
Comprised of several pairs of wires with copper cores. The cable is thin and flexible, which makes it easy to handle.
Fiber optic cable
Comprised of quartz glass or plastic fibers, which makes the cable thin and lightweight. Can transmit signals with almost no deterioration or attenuation of data, and is not affected by electromagnetic waves. Uses light to transmit data instead of electrical signals. Supports a wide range of transmission speeds from 10Mbps to 1000Mpbs.
Crossover cable A twisted pair “crossover cable” is a cable that contains signal wires for input and output which cross over inside.
Technology element
●Types of cables Cables are required in order to connect computers and equipment that connect to a LAN. Several types of cables are summarized below.
10BASE 5 Terminator
Coaxial cable
Transceiver
AUI cable
Hub LAN board
LAN board LAN board
Can also connect using 10BASE-T
Reference
AUI cable An “AUI cable,” also called a “transceiver cable,” provides a connection between a transceiver and LAN board or hub. Abbreviation for “Attachment Unit Interface.”
264
Reference
LAN analyzer A “LAN analyzer” is a piece of software or hardware that monitors the packets (data) that are carried over a LAN, and analyzes the traffic (volume of data).
10BASE 2 Lightweight coaxial cable Terminator
LAN board
LAN board
LAN board
Hub
10BASE-T
Twisted pair cable
LAN board
LAN board
●Relay device Various types of relay devices are used to expand a network. The main types of relay devices are summarized below. Device Repeater
A device that amplifies an electrical signal carried over a cable to extend the transmission distance. Connects the first layer (physical layer) in the OSI model.
Bridge (bus)
A device that connects multiple LANs. The bridge remembers the MAC address for the LAN board in each computer, and can be configured to reduce traffic (data over the network) by not carrying data that is unnecessary to the LAN and unrelated to communications. Connects the second layer (data link layer) in the OSI model.
Switching hub (star)
A hub that provides functions for transferring packets only to LAN ports that have a destination MAC address. To provide this function, the switching hub has the ability learn the MAC address for each LAN port. Unlike a repeater hub, there are no limitations on the number of intermediary hubs that can be used.
Reference
MAC address A “MAC address” is a 48-bit number that is assigned to a LAN board at the time of manufacturing. MAC address is assigned in order to identify each computer within the LAN. Reference
Default gateway A “default gateway” is a piece of equipment such as a computer or router that is used when accessing a computer located outside the network. The equipment acts as a gateway to enable communications. Reference
OSI Refer to “Chapter 9-4-2 Communications protocols.”
265
Characteristics
LAN construction example Gigabit Ethernet (1Gbps)
Switch
Switch
Fast Ethernet (100Mbps) Switching hub
Switching hub
Switching hub
Switching hub
Repeater hub
Repeater hub
Server
Chapter 9
Ethernet (10Mbps)
Server
(4)Network communication lines The types of equipment needed to perform data communication over a communication line are summarized below. Type of comEquipment needed munication line
Role of equipment
Analog line
Modem (Modulation and demodulation device)
Provide conversion of digital signals and analog signals.
ISDN
DSU (Line terminating device)
Provide conversion for digital signal formats from computers and digital signal formats over the network, and a terminal connection for the digital line.
TA (Terminal Adapter)
Provide conversion for ISDN digital signals and other signals such as analog signals. Many terminal adapters have a built-in DSU.
ADSL
FTTH
Reference
DSU
Technology element
*Circles indicate the area of the transmission speed.
Abbreviation for “Digital Service Unit.” Reference
Dial-up router
A router that is equipped with TA, DSU, or hub functions. Generally used to provide an Internet connection using an ISDN line for multiple computers on a LAN.
ADSL modem
Provides conversion of ADSL analog signals and digital signals. The connection port on the computer can use an Ethernet or USB interface.
Splitter
Separates the bandwidth used for voice signals and data signals.
Media converter
Provides conversion for optical signals and electric signals.
TA Abbreviation for “Terminal Adapter.” Reference
PBX “PBX” is a piece of equipment that provides a private telephone exchange for extension phone use. The PBX connects to a phone line to enable a corporation or other organization to build an extension phone network within a restricted area. Abbreviation for “Private Branch eXchange.”
266
9-4-2 Communications protocols A “protocol” is a set of rules for data communication between computers over a network. In order to exchange data between computers, it is necessary to first decide on a mutual protocol. Windows
Mac Ability to build a network that is not dependant on OS or type of computer
Protocol (Rules) UNIX
Reference
OSI Abbreviation for “Open Systems Interconnection.” Reference
ITU The ITU develops international standards in the field of telecommunications for data and other communications. Abbreviation for “International Telecommunication Union.”
267
1
Windows
Windows
OSI model
The “OSI (Open Systems Interconnection) model” is a protocol reference model and international standard. The OSI model was mainly developed by the ISO and ITU. It can be used as a starting point for developing a protocol that enables communications between different systems and different types of computers. The OSI model divides the many protocols necessary for communications into functional layers. The OSI model is comprised of the following seven layers. Layer
Description
Layer 7
Application layer
Provides communication services such as file transfer and e-mail.
Layer 6
Presentation layer
Provides conversion into a form that is acceptable for data communication, and conversion into a form that the application layer can accept.
Layer 5
Session layer
Establishes and terminates communications.
Layer 4
Transport layer
Ensures reliable communications including retransmission in the event of communication errors.
Layer 3
Network layer
Transfers data between computers or relays data across multiple networks.
Layer 2
Data link layer
Sends data between adjacent computers.
Layer 1
Physical layer
Provides conversion of data into electrical signals and transmits the electrical signals.
2
TCP/IP (Transmission Control Protocol/Internet Protocol)
“TCP/IP” is a set of protocols for data communication over the Internet, centering around the TCP and IP. TCP/IP became a standard protocol with the spread of the Internet, and is often referenced today in describing the structure of the OSI model. OSI model Layer 7
Application layer
Layer 6
Presentation layer
Layer 5
Session layer
TCP/IP model Application layer
Main protocols SMTP, POP3, HTTP, FTP, Telnet, SNMP
Transport layer
Transport layer
TCP, UDP
Layer 3
Network layer
Internet layer
IP
Layer 2
Data link layer
Layer 1
Physical layer
Network interface layer
CSMA/CD, PPP Twisted pair, coaxial, fiber optic
TCP UDP
: : : : : : : :
IP : CSMA/CD : PPP
:
Sends or transfers e-mail to a mail server. Retrieves e-mail from a mail server. Transfers files that are marked in HTML. Transfers files. Provides remote operation of computers over a network. Manages communications equipment that is connected to a network over the network. Provides reliable end-to-end data transfer services. Provides high-speed data transfer services, but end-to-end does not guarantee reliability. Provides routing functions. Monitors the usage of communication paths, and provides data transfer by detecting open transmission paths. Connects computers to a network over a phone line. Frequently used for dial-up connections.
Reference
POP3 Abbreviation for “Post Office Protocol version 3.” Reference
HTTP Abbreviation for “HyperText Transfer Protocol.” Reference
FTP Abbreviation for “File Transfer Protocol.” Reference
SNMP Abbreviation for “Simple Network Management Protocol.” Reference
TCP Abbreviation for “Transmission Control Protocol.”
Technology element
SMTP POP3 HTTP FTP Telnet SNMP
Abbreviation for “Simple Mail Transfer Protocol.”
Chapter 9
Layer 4
Reference
SMTP
Reference
UDP Abbreviation for “User Datagram Protocol.” Reference
IP Abbreviation for “Internet Protocol.” Reference
CSMA/CD Abbreviation for “Carrier Sense Multiple Access with Collision Detection.” Reference
PPP Abbreviation for “Point-to-Point Protocol.” Reference
HTTPS “HTTPS” is a protocol that combines HTTP with data encryption functions based on SSL. Abbreviation for “HyperText Transfer Protocol Secure.”
268
Reference
End-to-end “End-to-end” refers to connectivity between the computers that engage in the final communications.
(1)TCP “TCP” is a protocol that corresponds to the transport layer (Layer 4) in the OSI model. TCP provides reliable end-to-end communications. It is equipped with the following functions to accomplish this role. • Divides and assembles data into packets. • Assigns a number (sequence number) to packets, indicating the sequence in which the packets were divided. • Uses numbers (port numbers) to identify the application software that supports the data.
Port Number
Protocol
20, 21
Reference
IPv6 “IPv6” is an Internet protocol that provides expanded functionality over the current Internet protocol (IPv4) used. IPv6 expands the manageable address space from 32 bits to 128 bits to address the shortage of available IP addresses caused by the rapid spread of the Internet. Other characteristics include faster routing, plug-and-play functionality, security functions, multimedia support, and flexibility and expandability of functions. Abbreviation for “Internet Protocol version 6.”
FTP
23
Telnet
25
SMTP
80
HTTP
(2)IP “IP” is a protocol that corresponds to the network layer (Layer 3) in the OSI model. Common functions of IP are “addressing” and “routing.” ●Addressing IP uses a number called an “IP address” to identify the computer connected to a network. An IP address is a 32-bit number, and is divided into a “network address” used to distinguish between multiple networks, and a “host address” to distinguish computers within a network. Network address IP address representation Binary representation
160.
168.
1.
25
10100000
10101000
00000001
00011001
[IP address classes] According to the scale of the network, IP addresses are divided into Class A, Class B, and Class C. The structures of Classes A to C are shown below. 0
Class A
7 8 0
31
(7-bit) Network address 8-bit
(24-bit) Host address 24-bit
0
Class B
15 16 1
0
1
1
(14-bit) Network address 16-bit
0
Class C
0
(21-bit) Network address 24-bit
269
Host address
31 (16-bit) Host address 16-bit 23 24 (8-bit) Host address 8-bit
31
[Number of network addresses and host addresses supported] Class A B C
Network scale Large Medium Small
No. of network addresses
No. of host addresses
7
2 – 2 = approx. 16.77 million
14
2 – 2 = approx. 650,000
21
2 – 2 = 254
2 – 2 = 126 2 – 2 = approx. 160,000 2 – 2 = approx. 2.09 million
24 16 8
* For host addresses, “0” and “1” are always reserved for special purposes. Theren fore the number of addresses is 2 – 2 (where “n” is the number of bits). For network addresses, “0” and “1” are always reserved for special purposes on n RFC 950 compliant networks. Therefore the number of addresses is 2 – 2 (where “n” is the number of bits). On RFC 1812 compliant networks, “0” and “1” are always usable as a valid subnet. Therefore there is no need to subtract two.
Reference
JPNIC The “JPNIC” is an organization that administers the NIC in Japan. It oversees all administration for the assignment of IP address and domain names in Japan. In order to make a corporate mail server available or publish a Web server over the Internet, it is necessary to apply for and acquire an IP address and domain name from JPNIC. Abbreviation for “Japan Network Information Center.” Reference
NIC The “NIC” is based in the United States, and is the central governing body for network information. It oversees all administration of IP addresses and supplies IP addresses. Abbreviation for “Network Information Center.”
Technology element
●Routing A “router” is a device that connects multiple LANs and WANs to transfer data between computers using the best path of transmission. A router corresponds to the network layer (Layer 3) in the OSI model. The main function of a router is to perform “routing.” Routing is the process of transferring data using the best path of transmission so that the data reaches the destination computer. Routers are positioned between computers engaged in communications and each one decides the next router to send the data to, and relays the data. To decide on the next router, the router uses the destination IP address in the IP packet and searches for it in the routing table within the router. Routing is also referred to as “path control” and “path selection.”
An “RFC” is a document prepared by the IETF ( Internet Engineering Task Force) that describes technical information, specifications, and operating rules concerning the Internet. IETF is an organization that develops standards for Internet technologies. Abbreviation for “Request for Comments.”
Chapter 9
●Global IP address and private IP address A “global IP address” is an IP address assigned to a computer that connects to the Internet. In order to connect to the Internet, it is necessary to obtain a global IP address assigned by “JPNIC.” A “private IP address” is an IP address assigned to a computer that only connects to an individual network such as a corporate network. A private IP address cannot be used to directly connect to the Internet.
Reference
RFC
Reference
Routing table A “routing table” lists routing information for the send destination of packets that are managed by the router. Specifically, a router stores a routing table that corresponds with the destination for received packets, and the networks or router IP addresses through which the packets are sent to the destination. Routing tables can be generated and managed via “static routing,” in which the administrator of the router manually configures each routing table, and “dynamic routing,” in which routers automatically configure routing tables by exchanging information between routers.
270
Router
Host 1
Routing table for router 1 Network Next router Distance A Direct connection 0 B Direct connection 0 C Direct connection 0 D Router 3 1
Network B
Router 2
Routing table for router 2 Network Next router Distance A Router 1 1 B Direct connection 0 C Direct connection 0 D Router 3 1
Network C Router 1
Network A
IP packet Router 3
Source IP address
Destination IP address
Network A/Host 1
Network D/Host 2
Other control/information data
There are two paths when transmitting packets from Host 1 to Host 2. The router selects the optimum path (shortest path), and the packets are carried in the arrow direction.
Routing table for router 3 Network Next router Distance A Router 1 1 B Router 2 1 C Direct connection 0 D Direct connection 0
Host 2
Network D
Protocols used for e-mail
3
The protocols used for e-mail are summarized below. Protocol
Reference
SMTP
A protocol for sending e-mail. Used when sending e-mail between mail servers, or from a mail client to a mail server.
POP3
A protocol for retrieving e-mail. Retrieves all newly arrived e-mail that has been stored on the mail server and is addressed to the user.
IMAP4
A protocol for retrieving e-mail. Can selectively retrieve e-mail that is stored on the mail server.
IMAP4 Abbreviation for “Internet Message Access Protocol version 4.”
Description
Example Protocol for sending e-mail from A to D
D
Internet Mail addressed to D
A ①
Router
Send by SMTP
② Transfer by SMTP
Router
③ Retrieve by POP3 or IMAP4
Mail addressed to D
B
Mailbox for D Mail addressed to D
Mail server
Mail server for A
C
Mail server
Mail server for D
271
●Other protocols used for e-mail Other protocols that extend the data formats or provide added security functions are summarized below. Protocol MIME
S/MIME
APOP
Description A protocol that extends the data formats for sending and receiving e-mail, in addition to the text format. Using MIME, it is possible to send and receive multimedia files such as static images, video, and audio media as attachments. A protocol that extends MIME with additional security functions (encryption functions). Can be used to prevent interception, spoofing, and falsification of e-mail. Protocol that encrypts passwords. Can be used to encrypt passwords sent to providers when retrieving e-mail.
Reference
MIME Abbreviation for “Multipurpose Internet Mail Extensions.” Reference
S/MIME Abbreviation for “Secure/Multipurpose Internet Mail Extensions.” Reference
APOP Abbreviation for “Authenticated Post Office Protocol.”
Chapter 9
9-4-3 Network application
1
Framework of the Internet
The Internet was born when the “ARPANET ( Advanced Research Projects Agency Network)” was created as a distributed computer network by the United States Department of Defense in 1969. In the early 1970s, research institutes such as those at universities were connected to the network, and in 1991 the network was opened to commercial providers. The Internet has since spread at an explosive rate to become what it is today. Computers from around the globe can mutually connect over the Internet through the use of protocols to exchange information. (1)DNS “DNS (Domain Name System)” is a framework for providing services to manage the one-to-one matching of IP addresses and domain names. When computers communicate to each other, IP addresses are used to find the other computer. However, since IP addresses are represented as numbers, they are difficult for people to use. A domain name is therefore used as a separate name for an IP address.
Reference
ARPANET Abbreviation for “Advanced Research Projects Agency NETwork.”
Technology element
There are many kinds of services that can be used over the Internet. In order to utilize these services, it is necessary to understand the framework of the Internet.
Reference
DNS Abbreviation for “Domain Name System.”
(2)Domain name A “domain name” uses a combination of characters to represent an IP address, and is easier for people to understand. Domain names are generally used to access servers over the Internet.
272
Starting from the end, the domain name is divided into a “TLD (Top-Level Domain)” preceded by a “SLD (Second-Level Domain).” The domains are separated by a “. (Dot),” with the highest level domain placed at the end of the domain name in descending order to the left. The top-level domain is represented as a two-character country abbreviation. The second-level domain is an “organization domain” that describes the type of organization that holds the domain name. In Japan, it is customary to use the organization domain, but usage of third-level and lower domains depends on the country. A domain that is to the left of the secondlevel domain is called a “sub-domain.” The front of the domain name is appended with WWW, or in the case of a large organization, it is appended with a character string that distinguishes the group or other sub-organization. Domain name
* * * .co.jp Type of Country Name of organization organization
Organization types exclusive to Japan
Example
co
General corporation
jp
Japan
ac
University, research institute
kr
Korea
go
Government agency
uk
United Kingdom
ne
Network services provider
None for United States
or
Other organization
* Domains such as .com (for commercial organizations) and .org (for non-profit organizations) are used according to the type of organization. Example: ***.com
Example E-mail address
* * @* * * .co.jp User name
Domain name
User ** who belongs to ***.co.jp.
The new operating rules for JP domains that use a domain name ending with “jp” are referred to as the “generic JP domain” system. Under the previous system for JP domains, second-level domains that describe the type of organization (such as “co” or “ne”) were restricted to the organization types decided by JPNIC. Under the generic JP domain system, secondlevel domains are now available to general users and open to registration such as registering an organization name. In addition, where the previous system only allowed one organization to register one domain name in principle, the new system enables organizations to acquire any number of domain names. The generic JP domain system also opens up the use of domain names with Japanese characters, and the ability to transfer domain names. (3)DNS server A “DNS server” is a server with DNS functions. A DNS server provides services for translating domain name requests from clients into IP addresses. DNS servers make it possible to view Web pages or send e-mail without the user having to know the IP address.
273
Reference
Example
Broadcast mail
Accessing ***.co.jp
② Response 170.10.12.5
***.co.jp 170.10.12.5 Determine IP address
Client
DNS server Router ③ Access using IP address
Internet 170.10.12.5 Server for ***.co.jp
2
Router
Internet services
Service name
Description
Protocol
WWW
A service for publishing or viewing information over the Internet. Can be used to publish and view static images, video, and audio in addition to text information (characters).
HTTP
E-mail
A service for exchanging messages. Enables the user to exchange messages with a specific person, similar to exchanging letters.
SMTP, POP3, IMAP4
FTP
A service for transferring files. Used to download and upload files.
FTP
Telnet
A server that enables remote operation of computers over a network.
Telnet
Netnews
An information sharing service. Users can subscribe to newsgroups to receive messages from group members, or send a message to all group members.
NNTP
3
Communication services
An “ISP (Internet Service Provider),” also called a “provider,” provides communication services for the Internet. Connection fees are collected from users and in return, various Internet services are provided.
Reference
Mailing list A “mailing list” is a system that can be used to communicate with multiple persons using e-mail. It is possible to send e-mail to all of the members registered to the mailing list simply by sending an e-mail to a specified address.
Technology element
A variety of services are provided over the Internet. The main types of services provided over the Internet are summarized below.
Chapter 9
“Broadcast mail” refers to the process of sending e-mail containing the same content to multiple e-mail addresses. When sending broadcast mail, e-mail addresses are entered into the “Cc” or “Bcc” address slots. Cc: E-mail addresses of persons to receive mail are specified for reference. Addresses are visible to all recipients so that recipients can be made aware of who else the message has been sent to. Abbreviation for “Carbon Copy.” Bcc: Unlike Cc, e-mail addresses are hidden from recipients so that recipients do not know who else the message has been sent to. Abbreviation for “Blind Carbon Copy.”
***.co.jp ① Request
Reference
Mailbox A “mailbox” is a virtual space that is used for temporarily storing incoming e-mail. Usually, an upper limit is placed on the capacity of the mailbox. Reference
NNTP Abbreviation for “Network News Transfer Protocol.” Reference
ISP Abbreviation for “Internet Service Provider.” Reference
Carrier A “carrier” is a business operator who provides lines for connecting to the Internet.
274
Reference
Exchange line service An “exchange line service” is a communication service that is capable of connecting to an unspecified host. The connection is established by dialing for every communications session, using a device called an exchanger. This service uses a telephone line. Reference
Leased line service A “leased line service” is a communication service that is permanently connected to the specified host that the user has subscribed to. Reference
ISDN Abbreviation for “Integrated Services Digital Network.” Reference
Packet switching “Packet switching” is a method for data communication that sends data by dividing it into packets. Reference
Packet
(1)Types of communication services The main types of communication services are summarized below. ●Telephone line A “telephone line” is a communication service whose main purpose is for voice communications using a common telephone line (analog line). The transmission speed is slow at a maximum speed of around 56kbps. Since a telephone line is an analog line, a “modem” is required to convert digital data into analog data, and connect to a computer that processes the digital data. ●ISDN (Integrated Services Digital Network) line “ISDN” is a digital communication service that supports a wide variety of data communication including voice, image, and fax communications. Certain equipment is necessary in order to use ISDN such as a DSU, terminal adapter, and dial-up router. A typical ISDN service is “BRI (Basic Rate Interface),” also called “2B+D.” BRI is comprised of a pair of information channels (B channels) and one control channel (D channel) for each subscriber line. Each of the two information channels can be used respectively for data communication or voice communications, making it possible for one computer to use the Internet while simultaneously talking on the same line using telephone equipment. The control channel mainly sends control information such as the telephone number of the other communicating party. Data communication using packet switching can also be performed. Basic rate interface (2B+D)
A “packet” is a unit of measurement for data transfer, which is derived by dividing data into blocks that do not exceed a fixed length. Reference
IP phone An “IP phone” is a telephone service that is provided by using the “IP (Internet Protocol)” over the Internet. Voice calling is accomplished by converting voice data into digital data, which is divided into packets and sent to the called party over an IP network.
275
Capable of simultaneous calling and data communication using one line
Channel B Channel B Channel D
64kbps 64kbps 16kbps
TA DSU
●ADSL (Asymmetric Digital Subscriber Line) “ADSL” is an asymmetric service that is capable of high-speed data communication by taking advantage of the unused bandwidth of a telephone line (analog line). The service is asymmetric in that the upstream (computer to network) and downstream (network to computer) communication speeds are not equal. Upstream speeds range from around 512kpbs to 12Mpbs, while downstream speeds range from around 1Mpbs to 50Mpbs. This line service is particularly suited to activities that involve a high volume of download communications such as viewing Internet Web pages and downloading files.
●ATM (Asynchronous Transfer Mode) “ATM” is a method of communication for transferring cells that are frames of a fixed length. It was originally developed as a communication technology for WANs to make it possible for a single network to carry various types of information such as voice calls, data communication, and video. ATM is utilized in order to effectively use high-speed data lines such as fiber optic lines.
Reference
ADSL Abbreviation for “Asymmetric Digital Subscriber Line.” Reference
FTTH Abbreviation for “Fiber To The Home.”
Technology element
●CATV (Cable television) “CATV” is a data communication service that takes advantage of the unused bandwidth of a cable television line used to send video. Depending on the cable television company that is used, the service can provide highspeed communications of around several tens of megabits per second.
“Broadband” refers to a communication service that is capable of high-speed, large bandwidth communications such as ADSL and FTTH. The opposite of broadband is “narrowband,” which refers to low-speed communication services provided over an analog line (telephone line).
Chapter 9
●FTTH (Fiber To The Home) or optical communication “FTTH” is a method of high-speed communications in which optical signals are carried over optical fibers. In order to use FTTH, it is necessary to install fiber optic lines inside the building that receives the service. FTTH has a maximum speed of one gigabit per second, making it the fastest communication service among the methods of communication that are available to an individual user.
Reference
Broadband
●Mobile communications “Mobile communications” is a service for providing data communication by using a data communication card paired with a mobile terminal such as a laptop computer, PDA, mobile phone, or PHS handset. Since the service relies on wireless communications, it is possible to conduct data communication anywhere within the service range. ●Packet communications “Packet communications” is a method of communication that sends and receives data by dividing data into small blocks of a fixed size. Dividing the data into small blocks enables multiple persons to share and effectively use a single communications line. It is widely used as it is not prone to problems such as line interruption.
276
(2)Billing methods “Billing” refers to the process of charging fees for the use of services. There are various billing methods including flat, metered, and base plus metered. Billing method
Reference
Transmission speed The “transmission speed” indicates the amount of data that can be transferred within a specific time. It is expressed in units such as “bps (bits per second)” or “B/s,” which is the amount of data that can be transmitted in one second.
Fee structure
Flat
Usage fees are always billed at a flat rate regardless of the length of usage, such a “flat 1,000 yen monthly fee.”
Metered
Billed according to the length of usage such as “10 yen per three minutes.”
Base plus metered
Billed at a base fee plus additional metered charges, with the additional charges covering usage that exceeds the amount covered by the base fee.
Cap
Capped at a maximum fee such as “10 yen per three minutes up to one hour, not over 1,000 yen per month regardless of usage.”
●Calculation of transmission time/communications fee The “transmission time” refers to the time required to transmit data. The following formula can be used to calculate the transmission time, and the communications fee for the transmission time. Formula for calculating transmission time Transmitted data ÷ (Line transmission speed × Transmission efficiency)
Reference
Transmission efficiency
Example 1
The “transmission efficiency” is the percentage of actual data that is contained within all the transmitted data. Due to the inclusion of other data such as control codes, the transmission efficiency normally ranges from 60 to 80%.
Approximately how many minutes are required to transmit data under the following conditions? Transmission data
: 2000 × 1,500 pixel JPEG image, 16.77 million colors, compressed to one-tenth size Line speed : 33.6kbps modem Transmission efficiency : 60% ① Calculation of transmission data volume 2000 pixels × 1500 pixels × 24 bits per dot (16.77 million (Total pixels) colors is 224)
1 10 (Compression rate) ×
= 7,200,000 bits
② Calculation of transmission time 7,200,000 bits ÷ (33,600 bits per second × 60%) (Line transmission speed) (Transmission (Transmission data volume) efficiency) ≒ 357 seconds ≒ 6 minutes
Therefore, approximately six minutes are needed to transmit the data.
277
Example 2 What are the phone charges for downloading a file from the Internet using a mobile phone under the following conditions? Please ignore the time required for specifying the file, and for connecting and disconnecting the line. Also, assume that only mobile phone fees are incurred for using the Internet connection service provided by the mobile phone carrier. Mobile phone fee : 30 yen per 30 seconds Communication speed : 9,600 bits per second Effective communication speed : 80% of communication speed Size of download file
: 1.2 megabytes (1 byte = 8 bits)
= 9,600,000 bits ÷ 7,680 bits per second = 1,250 seconds
② Calculation of phone fee
Technology element
1.2 megabytes × 8 bits ÷ (9,600 bits per second × 80%) (Transmission data volume) (Line transmission speed) (Transmission efficiency)
Chapter 9
① Calculation of transmission time
1,250 seconds ÷ 30 seconds = 41.666 ···30-second units transmitted 42 times 42 times × 30 yen per 30 seconds = 1,260 yen
Therefore, the phone fee for downloading the file is 1,260 yen.
278
9-5
Security 9-5-1 Information assets and information security Corporations and other organizations handle a wide variety of information such as personal information and confidential information, and also share information using computers. “Information” of this type is an important “asset,” regardless of whether it is from the perspective of a corporation, organization, or educational institution. These information assets must be strictly managed. 1
Information assets
“Information assets” refers to assets whose value should be protected such as data, software, computers, and network equipment. The adoption of computers and spread of the Internet has rapidly increased the use of information by corporations and other organizations. When a corporation has customer information that only it should use and the information is leaked to the outside, it can hurt the competitiveness of the corporation and ultimately threaten its very existence. In addition, personal information such as customer information must be protected from the standpoint of privacy, while leakage of such information is certain to damage the credibility of the organization. For these reason, organizations must treat “information” as “assets.” Information assets can be broadly categorized into “tangible assets” and “intangible assets.” Examples of tangible assets • Data printed on paper • Hardware such as servers and computers • Network equipment
Examples of intangible assets • Data such as customer information, personal information, sales information, and information concerning intellectual property • Software such as operating systems and applications • Knowledge and experience of people
279
2
Classification of information
Published
3
Content of information
A: Confidential information
Product cost sheets, human resources information, customer information
B: Information for internal use only
Marketing information, sales information
C: Published information
Information published on the Web, product catalogs
Technology element
Rank of importance Unpublished
Chapter 9
Information that is handled by an organization can be broadly categorized into “published information” and “unpublished information.” Published information refers to information that has been made available to the public such as product catalogs and information on Web pages, and information that can be published without issue. Unpublished information refers to confidential information that is not in the interest of the organization to publish such as information about new product development, and personal information such as customer information and address information. In handling information, it is necessary to rank the importance of the information, taking into account the value of the information and the extent to which people will use the information. It is also important to decide the administrator of the information and how the information will be managed. After determining if information is published information or unpublished information, it is necessary to take adequate precautions for the handling of unpublished information in particular. Information can be ranked as follows.
Threats and vulnerabilities
Information systems and the Internet are widely used today by corporations and other organizations, making it possible for anyone to quickly and easily use information. At the same time, there is seemingly no end to incidents involving virus infections or unauthorized access of information systems. It is important to grasp the various risks involved, and institute appropriate measures to protect information assets from such risks and ensure safe use of information assets. (1)Types and characteristics of human threats In the field of security, “social engineering” refers to the act of manipulating people to obtain important information through physical and personal means, and use it for fraudulent purposes. Anyone can easily use information for fraudulent purposes by preying on the psychological vulnerabilities of people, even without possessing technical knowledge. For this reason, due caution is necessary. The typical methods of social engineering are summarized below. ●Spoofing “Spoofing” is a technique that is used to masquerade as someone such as a superior, person from an information systems department, or customer. Once the person has asked and obtained information for the purpose of gaining unauthorized access, the person masquerades as the normal user using the stolen ID or password, and proceeds to use a computer for fraudulent purposes. 280
●Intrusion “Intrusion” is the process of trespassing into a building or site by using items such as an ID card that have been found or stolen. ●Trash scouring “Trash scouring” is the process of masquerading as cleaning staff in order to dig through trash and gather information such as customer information, human resources information, and product development information. ●Peeping “Peeping” is the act of looking at someone’s keyboard while they are entering a password. It can also mean looking at the computer display of another person over their shoulder, or looking at memos or notes on the desk of a person while that person is away. Reference
Information leakage from operational error Sometimes important information can be erroneously leaked by internal employees due to errors in e-mail handling such as sending e-mail to the wrong recipients or attaching the wrong files.
●Theft, leakage, and loss of information “Theft” of information refers to the act of intruding on a system without authorization to remove important and confidential information from within the system. “Loss” of important information can occur if a person removes a notebook used for work from the workplace and misplaces it. Theft or loss of confidential information can result in its “leakage” to third parties. ●Damage to data Damage to data can occur if storage media or hard disks on which data is stored are damaged, or if important documents are accidentally shredded to render the data unusable. ●Cracking “Cracking” is the act of intruding on a system without authorization to engage in illegal acts such as the destruction or falsification of information. A person who commits such an act is called a “cracker.” ●Falsification of information “Falsification of information” is the act of intruding on a system without authorization in order to rewrite data within a computer using an unauthorized means. (2)Types and characteristics of technical threats Technical threats include attacks that are designed to create confusion among users, or overload an externally accessible server such as a Web server or mail server so that it stops providing services. The typical threats are summarized below.
281
●Computer viruses A “computer virus” is a malicious program that is created for purposes such as intruding into a computer without the user’s knowledge to destroy data within the computer, or to spread the virus to other computers. It poses the greatest threat upon usage of information systems and the Internet. A computer virus usually has a life cycle of “infection”, “dormancy”, and “appearance of symptoms.”
Infection
No symptoms appear until certain conditions are met
Causes the destruction of programs or data, or triggers abnormal computer operations
Reference
BOT A “BOT” is a newer type of computer virus created for the purpose of using a computer for malicious purposes. Once a computer is infected with a BOT, a third party with a malicious intent can manipulate the computer and cause serious damage through acts of nuisance such as e-mail bombs and DoS (Denialof-Service) attacks. The name comes from manipulating an infected computer as if it were a “robot.” Reference
Spyware
[Type of virus by symptoms] Type
Symptoms
Program destruction
Causes destruction to the OS as the basic software, or causes destruction to application software.
Data destruction
Causes destruction to data such as files on auxiliary storage devices.
Screen display destruction
Suddenly displays objects on the screen of the display such as pictures, graphics, or characters.
Specific date/time message output
Causes symptoms that lower the performance or cause the destruction of files, only when the computer is operated on a specific date/time.
[Type of virus by infection object] Type
Symptoms
Boot sector virus
Infects the location that stores the programs that are executed on system launch. Infection is dependent on the OS and type of machine.
Program virus
Infects other programs during the program execution. Infection is dependent on the OS and type of machine.
Macro virus
Infects files that are created using applications such as word processing or spreadsheet software. Infection occurs when the file is opened. Infection is not dependent on the OS and type of machine as long as the macro framework is the same.
●Port scan A “port scan” is the process of scanning a computer to look for open port numbers. If an open port number is found, it is exploited for intrusion purposes or to block services that use the open port number.
“Spyware” broadly refers to software that sends personal or other information from within a computer to the Internet. Users are often unaware that they have spyware installed on their computer, which can lead to serious damage.
Technology element
The types of computer viruses are summarized below.
“Malware” broadly refers to software that has a malicious intent. Computer viruses are a common example of malware.
Chapter 9
Infection occurs when the virus is copied to other programs
Appearance of symptoms
Dormancy
Reference
Malware
Reference
Stealth virus A “stealth virus” is a type of virus that attempts to conceal itself so that it is hard to find the infection. Reference
Worm A “worm” is a program that continues to replicate itself when an infected computer is connected to a network. The spread of damage depends on the network load. Reference
Trojan horse A “Trojan horse” is a program that masquerades as a utility or other useful program, but performs unauthorized processing when the program is executed. The unauthorized processing can include the destruction of data within the computer, or the automatic sending of keystroke information. As it does not self-replicate on infection, it is technically not a computer virus.
282
●Password crack A “password crack” is the process of engaging in analysis to discover a user name and password, which a cracker requires in order to use a computer for an unauthorized purpose. One form of password cracking is a “dictionary attack” that involves analysis in combination with a file (dictionary file), which comprises a large list of descriptions of candidate user names and passwords. Another form of password cracking is a “brute force attack,” which involves analysis in combination with a program that generates random character strings. ●Stepping stone A “stepping stone” refers to the use of computer with weak security as a cloaked base for a cracker to attack a target system. ●Buffer overflow attack A “buffer overflow attack” is an intentional attempt by a cracker to overflow the buffer on a computer by executing unauthorized processes. The attack is executed by sending data that exceeds the memory capacity (buffer) secured by a program operating on a computer.
Reference
DoS Abbreviation for “Denial-of-Service.” Reference
File exchange software “File exchange software” refers to software that enables the exchange of files between computers on a network. When a file is published on a computer that has been installed with file exchange software, users on other computers can download that file. Careless use of file exchange software can lead to a serious breach of information leakage.
Reference
Security hole A “security hole” refers to a security vulnerability in software.
283
●DoS attack A “DoS (Denial-of-Service) attack” is an attempt to disable the functions of a server by overloading the server. In general, this method involves sending a large amount of packets that exceed the processing capacity of the server. A “distributed denial-of-service (DDoS)” attack is an attack that uses multiple computers to execute DoS attacks at the same time. The network congestion created by the attack can render the entire server unusable to general users. ●E-mail bomb An “e-mail bomb” attack is an attempt to disable the functions of a mail server by sending a large amount of e-mail to overload a server. It is a type of DoS attack that is used to harass a specific user. ●Phishing “Phishing” is the act of sending e-mail as if it were from an actual corporation or organization to obtain the personal credit information of the recipient such as credit card numbers, IDs, and passwords. ●Cross-site scripting “Cross-site scripting” is a type of security hole vulnerability in software. The vulnerability can be exploited to steal personal information or destroy files on a computer when a user views a malicious website containing embedded code. The damage occurs when the website is posted to a bulletin board or online forum.
(3)Types and characteristics of physical threats Physical threats such as natural disasters, destruction, and sabotage can prevent access to information or lead to the destruction of information, which in turn can interfere with the execution of work or provision of services. ●Natural disasters Natural disasters such as earthquakes, fire, and flooding can cause the destruction of computers or information. Unlike threats from social engineering, it is difficult to control threats from natural disasters. Measures that include appropriate response after a threat has materialized must be formulated.
Chapter 9
●Destruction and sabotage Deletion of data within a computer, destruction of actual storage media, and spread of malicious code or programs through unauthorized access to computers can interfere with work.
Technology element
9-5-2 Information security management “Risk management” refers to the process of ascertaining and analyzing risks, and assessing the risks from the standpoint of the frequency of occurrence and extent of impact, in order to implement certain measures according to the type of risk. It is also important to formulate measures to minimize the damage, if the risk actually materializes. Information security management and personal information protection are types of risk management. 1
ISMS (Information Security Management System)
“ISMS” is a unified framework for an organization to improve the level of information security by implementing necessary information security measures based on risk analysis/assessment. (1)Risk management “Risk management” is a method for identifying where and how risks exist in using information systems, and measuring the extent of losses and impact if the identified risks materialize. The order of priority is also determined for foreseeable risks, starting with risks that have the greatest probability of materializing and incur the greatest losses.
Reference
ISMS conformity assessment system An ISMS conformity assessment system is a system for assessment that is conducted by a third party examination and registration organization to determine conformance with international conformity standards. Abbreviation for “Information Security Management System.”
284
“Risk assessment” is implemented in the following order. Identify
Identify where and how risks exist.
Analyze
Analyze the extent of the losses and impact.
Assess
Determine the order of priority, starting with risks that have the greatest probability of occurring and incur the greatest losses.
Measures
Prepare a response manual, and carry out other preparations such as education and training.
(2)Method for operating ISMS It is necessary to formulate a concrete basic policy and targets for information security based on the results of the risk analysis and assessment. After formulating the basic policy and targets, there is a need to implement information security measures including human and physical security measures, in addition to technical measures. The information security of the organization is continuously improved through the process of verifying the results and reassessing the measures. Identify risks Analyze risks
Measures
Assessment
2
Information security policy
An “information security policy” explicitly describes the basic security policy of an organization in order to consistently implement information security measures throughout the organization. The information security policy explicitly describes the usage and operation of systems and the organizational framework, rather than the technical measures for information security. Under the information security policy, the organization identifies the important information assets within the organization and formulates measures that determine how the organization is to protect the assets. The information security policy is made up of a “basic policy”, “standards for measures”, and “procedures for implementation.” An information security policy commonly covers the “basic policy” and “standards for measures.”
285
Basic policy
Information security policy
Standards for measures
Procedures for implementation
●Procedures for implementation The procedures for implementation are usually not covered by the information security policy. The procedures for implementation describe the procedures for executing the contents prescribed by the “standards for measures,” as it relates to specific and individual work and information systems. 3
Technology element
●Standards for measures The organization establishes a concrete code and evaluation criteria in accordance with the basic policy, describing the “information assets, threats, and degree of protection against threats.”
Chapter 9
●Basic policy Describes the guidelines from upper management for pursuing information security initiatives as an organization. Upper management must explain the reasons for pursuing these initiatives to the employees of the organization.
Three major elements of information security management
“Information security management” is designed to protect information assets from various threats, and secure the “confidentiality”, “integrity”, and “availability” of the information assets. These three elements are to be secured in a balanced manner. ●Confidentiality Ensure that only persons authorized to have access are able to access information. ●Integrity Protect the accuracy and integrity of information and processing methods. ●Availability Ensure that authorized users are able to access information and related assets when needed.
286
4
Personal information protection
Incidents involving the leakage of personal information are now occurring with greater frequency. As a result, corporations must protect and strictly manage personal information as part of their valuable assets. Leakage of personal information can expose individuals to various threats including nuisance telemarketing calls, large amounts of direct mail, and misleading payment notices, in addition to eroding confidence in the corporation.
Reference
EU (European Union) directive An “EU directive” is a form of legislation between EU member states. The 1995 EU Directive on the protection of individuals with regard to the processing of personal data and the free movement of such data stipulates that the transfer of personal data from an EU member state to a third country may only be made to a third country that takes adequate steps to protect personal information.
●Privacy Mark System A large amount of personal information is stored on computers today, which has increased the risk that personal information could be carelessly leaked. Due to this risk, developed countries have implemented measures such as enacting legislation for the protection of personal information. The European Parliament and Council of the EU (European Union) issued the EU Directive on the protection of individuals with regard to the processing of personal data and the free movement of such data in 1995. This directive served as the impetus for Japan to launch the “Privacy Mark System” in April 1998, with the JIPDEC (Japan Information Processing Development Corporation) acting as the accreditation body. The three objectives of the Privacy Mark System are summarized below. • Enhance consumer consciousness toward personal information protection. • Provide consumers with an index for judging the appropriateness of the handling of personal information by business operators. • Bestow incentives for business operators to take measures to protect personal information.
Under the Privacy Mark System, JIPDEC grants permission to business operators who have demonstrated that they have taken appropriate initiatives to protect personal information for using the privacy mark as a mark of accreditation. Business operators who have been granted permission to use the privacy mark may display this mark in advertising and on business cards, and on envelopes and websites to demonstrate to others that they observe the appropriate handling of personal information.
Privacy mark
Sample * The privacy mark accreditation number shown here is a sample number. Accreditation numbers are individually assigned to business operators.
287
9-5-3 Information security measures/information security implementation technology It is necessary to institute and implement information security measures from every possible perspective in order to suitably deal with a variety of threats to information security. It is also important to institute information security measures against human, technical, and physical threats respectively. 1
Types of human security measures
The types of human security measures are summarized below.
(3)Compliance with company regulations and manuals The organization should prepare company regulations and manuals, and ensure strict compliance by users. For example, there are various methods for logging on to a server such as through the use of an “IC card”, “password”, or “fingerprint authentication.” The organization should prescribe the administration method for logging on to servers through company regulations or manuals so that it is standardized to secure unified compliance by users.
Technology element
(2)Implementation of security education It is important to regularly implement security education so as to raise awareness of security among users.
Chapter 9
(1)Realization of information security policy The purpose of a security policy is to realize a unified approach to information security as an organization. There are multiple information security measures for each threat. Of these measures, an organization can achieve a unified approach to information security by pursuing “standardization of measures as an organization.”
(4)Access administration Unauthorized intrusion into a company network can lead to the possibility of theft or falsification of data in shared folders. When sharing directories or folders on a network, it is necessary to set “access rights” that determine who may use the directories or folders, and the extent of use. By setting access rights, it is possible to restrict the users with access and extent of use to prevent theft or falsification of data.
288
In addition, if there is a workplace transfer by a user, certain actions are taken such as assigning new access rights and revoking old access rights. If a user quits the company, the user ID is rendered invalid. To verify that access rights are operating as intended, it is necessary to gather user logs and regularly audit the logs. 2
Types of technical security measures
The types of technical security measures are summarized below. (1)Measures for computer viruses The infection routes for computer viruses are through removable storage (portable storage media) such as USB memory and networks. The following are measures that can be taken to protect systems from the threat of computer viruses. Reference
OS (Operating System) updates A type of bug known as a “security hole” is sometimes discovered in OSes and e-mail software. When a security hole is discovered, the OS developer distributes an updating program on its website in order to repair the security hole. The updating program can be downloaded and installed to repair the security hole, and restore security to the OS. It is important to regularly update the OS. Reference
Signature code A “signature code” describes the characteristics of a virus, and is stored in pattern files. Reference
Basic measures following virus infection ● Removable storage media that contains an infected program should basically be destroyed, as there is no assurance that initializing the media will completely remove the computer virus. ● If a fixed disk within a system is discovered to be infected with a virus, follow the instructions issued by the security administrator for dealing with the problem. ● Follow the instructions issued by the security administrator when attempting to restore backup systems and other systems, taking into account that the infection could spread.
289
●Habitually running checks using antivirus software “Antivirus software” is software with functions to check for infection by computer viruses, and to remove computer viruses if there is an infection. Also referred to as “vaccine software.” When files or e-mail are downloaded from the Internet, there is a possibility that the files or e-mail could be infected with a computer virus. Therefore, it is necessary to use antivirus software to run a virus check on the downloaded files or e-mail. In addition, infection can result from bringing in devices such as USB memory from outside the organization. Therefore, users should be conditioned to habitually run a virus check before using such devices. ●Measures to prevent virus intrusion from networks To prevent the intrusion of computer viruses from networks, it is necessary to deploy antivirus software at appropriate points on the path of infection over networks. Specifically, antivirus software should be deployed for firewalls that are the sole path connecting internal networks to the Internet, and on public servers, company servers, and clients. These steps are taken to minimize the scope of infection from a computer virus. It is also necessary to create a framework to automatically distribute antivirus software to these resources so that every resource is updated to the most recent software version and pattern file (virus detection data).
●Measures to prevent spread of damage following virus infection If a situation that points to a computer virus infection is discovered, the first step it to stop using the system, then notify the security administer and follow instructions as necessary. If the system is connected to a network, the connection should immediately be severed to prevent the infection from spreading. (2)ID and password management A “user ID” is a user name that is assigned in order to identify the system user. A “password” is used to authenticate the user and prove that it is the correct user. The system validates that it is the user only when the user ID and password match.
· Own name or date of birth · Telephone number · Employee number or company name · Address · Commonly used word · Repeat characters · Few characters
Difficult passwords to guess
· Combination of multiple words · Combination of alphanumeric characters and special symbols · Character string containing eight characters or more
Measures for when a network system is infected by a virus ● Issue instructions to stop using the system, and sever the system from the network. ● Investigate the route of infection, possible scope of infection, and type of computer virus, and notify relevant departments and network users of the virus infection. ● Implement measures such as restricting use of the network.
Technology element
Easy passwords to guess
Reference
Chapter 9
●Password setting and management Under user ID and password management, permission to use a system is only granted when a user enters the correct user ID and password combination. Therefore, it is necessary to set a password that is difficult for others to guess.
The following precautions should be observed for password management. • Always set passwords. (Do not permit blank passwords.) • Change passwords on a regular basis. • Do not write down passwords on a piece of paper or other material. • Do not set shared passwords for an entire organization, etc. • Do not respond to inquiries over the phone. • Do not send passwords by e-mail.
290
Reference
One-way hash function A “one-way hash function” is a function that converts an entered value into another value in such a way that it is not possible to derive the entered value through reverse conversion of the converted value. Reference
One-time password A “one-time password” can be used for one login session only, after which it is discarded. The password is generated using a piece of hardware called a password generator. The advantage of a one-time password is that security is not compromised if the one-time password is leaked, as the password is changed for each login.
●Response by security administrator A security administrator, regardless of position, must not know the passwords of users, due to the risk of password leakage. If a password is forgotten by a user, the old password should be initialized and rendered unusable, and the user should personally reset the password. The security administrator should not be the one to set a new password. It is also necessary to take measures to ensure that the contents of password files used for password registration cannot be immediately deciphered in case the password files are stolen, and to prevent malicious use of the passwords. One method is to encrypt the passwords in advance. A “one-way hash function” is often used to prevent the deciphering of encrypted passwords. ABC
Match
XYZ
Person A
Password file Person A
Conversion using hash function
Third party
Reference
SSL “SSL” is a protocol developed by Netscape Corporation to provide communications security for the transport layer of TCP/IP. Specifically, SSL is used to encrypt the sending and receiving of information between an Internet server and a Web browser so that a third party cannot use the information for malicious purposes. Abbreviation for “Secure Sockets Layer.”
291
(3)Use of encryption “Encryption” is the process of converting information into a format that cannot be leaked to a third party when exchanging data over the Internet. Using encryption during communications can prevent the theft of information. (4)Setting a firewall A “firewall” is a system that prevents unauthorized intrusion from the Internet. It functions as the entry and exit point between a company network and the Internet in order to monitor communications and block unauthorized communications. The most basic function of a firewall is “packet filtering,” which searches for information such as the IP address of packets, as well as TCP port numbers and UDP port numbers. Only packets that contain a previously registered and permitted IP address, TCP port number, or UDP number are allowed to pass through the firewall. This prevents the intrusion of packets that do not have permission.
A router can also be used to provide this function. However, the difference between a router and firewall is that a router is designed in principle to let all packets through, which makes it necessary to register packets that are to be blocked. In contrast, a firewall is designed in principle to block all packets, which makes it necessary to register the packets that are to be let through. Company network (company LAN)
Web server for internal use Protection from outside
Firewall Chapter 9
Unauthorized intrusion
Internet
Technology element
Router
(5)Installing a proxy server A “proxy server,” also called an “application gateway,” is a server that acts as a communications gateway for company computers to access the Internet. ●Communications gateway When a company computer connects to the Internet, the connection is routed through a proxy server acting as a gateway. Using a proxy server as a gateway makes it possible to conceal the IP address of each computer (private IP address). From the perspective of the Internet, communications are conducted with the proxy server, which reduces the risk of attacks on company computers. In addition, a proxy server can temporarily store (cache) data that has been accessed, which speeds up the process when accessing the same data the next time.
292
Reference
Security settings for e-mail and Web browsers E-mail software and Web browsers provide functions for setting the security level of the software. Setting a high security level can help to prevent intrusion from viruses, hackers, etc.
Reference
DMZ Abbreviation for “DeMilitarized Zone.”
●Content filter A “content filter” is a function that blocks inappropriate content to prevent leakage of information. For example, an educational institution may place restrictions on accessing harmful Web pages to discourage viewing of certain sites such as those containing adult or violent content. This can be accomplished by preparing a list of URLs of harmful Web pages and blocking access to them, or blocking access to Web pages that use specific words or phrases. Corporations also use content filtering to ban the viewing of Web pages that are unrelated to work, or to prevent leakage of information through message boards or blogs. (6)DMZ A “DMZ (DeMilitarized Zone)” is an area of a network that is established between the company network and an external network such as the Internet. Web servers, mail servers, and proxy servers that a corporation publishes over the Internet are situated in the DMZ. A server that is published in the DMZ can be accessed from company networks, while also permitting access from the Internet. It is also permitted to access the Internet through the DMZ, but company networks cannot be accessed through the DMZ. Establishing a DMZ is useful for preventing the spread of damage to company networks, if a server published on the Internet is compromised through unauthorized access. Company network (company LAN)
Web server for internal use ×
× Proxy server
Firewall
Web server
○ DMZ
○
Router ○
Internet
293
Mail server
(7)Callback “Callback” is a system in which the user connects to the authentication server of a company network from outside the company. The line is then severed and the authentication server calls back the user. It can be used to verify whether the caller is a valid user by configuring the callback system to deny network access to anyone whose number has not been registered to the system. It can also be used to reduce communications costs for users. Company network Server
Telephone network Access request
A1
Call from 06-1234-222X
3
User A1 : 06-1234-222X User A2 : 03-8888-999X
Deny access if not a registered number
Technology element
Access permission
Access request Call back the registered phone number
A “RAS” refers to a dial-up connection service for computers in a remote location, using telephone lines or ISDN lines. It allows users to take advantage of resources on company networks by connecting to a company authentication server from outside the company. Abbreviation for “Remote Access Service.”
Chapter 9
Authentication server
Server
Reference
RAS
A2
Call from 03-4444-999X
Types of physical security measures
The types of physical security measures are summarized below. (1)Biometric authentication “Biometric authentication” is a matching technology that is used for identification, and is based on physical characteristics that are unique to each person such as fingerprints or veins. The advantages of identification based on physical characteristics are strong security and inability to forget the identification. Currently, research is being conducted on a variety of technologies, which is gradually making it possible to implement biometric authentication as technical hurdles, and clear cost issues. However, there are various outstanding issues such as support for persons who cannot use biometric authentication due to illness or injury. In addition, there are other issues dealing with secular changes in physical characteristics, and management of biometric information that has been previously registered.
Reference
Biometric authentication “Biometric authentication” was coined from the words “biology” and “metrics.” Reference
Secular change “Secular change” refers to the changes that occur over the passage of time.
294
The typical types of biometric authentication in practice are summarized below. Reference
Feature extraction “Feature extraction” is a method of extracting the features of a fingerprint pattern such as where a ridge terminates or splits in order to compare fingerprints.
●Fingerprint authentication Fingerprint authentication is the most prevalent form of biometric authentication and is used in laptop computers and mobile phones due to the small size and comparatively low price of the authentication devices. Methods of fingerprint authentication include feature extraction, which involves extracting and matching features from fingertip patterns, and pattern matching, which provides matching by superimposing images of fingerprint patterns.
Feature extraction
Pattern matching
●Vein authentication Vein authentication is a method for matching vein patterns, utilizing the property of blood flowing in veins to absorb near-infrared light. Matching is performed using finger and palm vein patterns. Palm vein authentication delivers higher accuracy than finger vein authentication, as there are many thick veins in the palm. Vein authentication is used in a wide range of fields such as bank ATMs since there is less psychological resistance to using the technology. Vein patterns are invisible to the eye and there is not as much of an association with crime investigation. Contactless sensor devices have been developed for improved hygiene.
Near-infrared Sensor device
295
●Face authentication Face authentication is a method for matching face patterns by extracting the features of face parts such as the eyes and nose. Face authentication is performed by requiring the person to stand in front of a camera for authentication, or through automatic authentication as the person walks through a hallway. It is used for applications such as airport check-in and entrance access control, and customer management.
Chapter 9 Technology element
●Retina/iris authentication The “retina” is a thin lining at the back of the eyeball. Retina authentication involves matching the pattern of capillary vessels in the retina. The “iris” is a circular lining that adjusts the contraction and dilation of the pupil. Iris authentication involves matching the pattern of the iris. Although there is variance between the left and right retinas and irises on the same individual, it does not change with the passage of time. For this reason, retina and iris authentication are used as a means of entrance access control for confidential areas of government and business. Iris
Retina
Pupil
296
(2)Entrance access control “Entrance access control” refers to control over the movement of people, with respect to who has access, and when and where the access takes place. It can also be used as a measure against suspicious individuals. Only authorized persons can be permitted access to buildings or rooms where important or confidential information is handled, and it is necessary to keep records of entrance access. Reference
Use of IC cards An “IC card” is a card the size of a business card and contains an integrated circuit (IC) or chip. They are often built into employee identification cards, and are used for personal identification purposes. In addition, IC cards are often used in combination with a “PIN (Personal Identification Number)” as a precaution against theft. Reference
Installation of surveillance cameras It is also effective to install cameras and video cameras in order to implement surveillance of suspicious individuals. Surveillance cameras are installed in places such as near doors and other entrances, or where confidential information is stored. This can help to prevent theft and information leakage. Reference
Measures for physical security control The Guidelines for Personal Information Protection Laws Concerning Fields of Economy and Industry defines measures for physical security control as “measures such as to control room or building entrance access and prevent theft of personal data.” These guidelines state that the following measures are to be instituted. “1) Implementation of entrance access control for building or room, 2) prevention of theft, etc. and 3) physical protection such as of equipment and devices.” A physical measure refers to the control of physical elements such as persons, equipment, buildings, and rooms. These measures are used to determine the persons that accessed buildings or rooms containing equipment on which personal information is stored, and when the access occurred. These measures are also used to determine if rooms containing equipment are locked, and if equipment is fastened or chained down to prevent removal.
297
●Locking Locking is the basic method of entrance access control. Just as a password is set for a computer, facilities such as buildings, rooms, and lockers are locked in order to prevent intrusion from the outside and use by unauthorized persons. In consideration of user convenience, electronic locks are increasingly being used. ●Unlocking An electronic key is used to unlock and enter a room that is kept locked using an electronic lock. There are various types of electronic keys including IC cards, security codes, and biometric authentication, which can be chosen based on the desired level of security and convenience to users. Since a suspicious person could gain access by slipping behind a valid user who has unlocked the access, other measures are required such as installing a gate that only allows one person through, or installing surveillance cameras. ●Keeping records of movement The movement of people is recorded with respect to who has access, and when and where the access takes place. This information can be handwritten on a paper list but due to its inconvenience, users are increasingly failing to record the information properly, which could prevent strict entrance access control. Currently, it is standard practice to have a system in place that records the time, user, and place when an electronic key is unlocked. These records can also be combined with attendance-related processing. IC tags can be used to record movement in a more precise manner. IC tags contain a tiny chip that can be used for radio wave transmission. When a user who wears an IC tag passes near an IC tag reader, the reader automatically records the movement. This system can be used to record the movement of multiple persons who pass by the reader at the same time, making it a useful solution for recording the movement and whereabouts of persons.
4
Encryption technology
Reference
“Encryption” is the process of converting plaintext (source text) into different data. Decryption is the process of returning the encrypted data to plaintext. A key is required for both encryption and decryption. Approaches for encryption include “common key cryptography” and “public key cryptography,” which are distinguished by their respective use of keys.
The sender sends the ciphertext that was encrypted using the common key.
Plaintext
Test Replace with next character in alphabet
Encryption
Ciphertext
Uftu Replace with preceding character in alphabet
Encryption
Plaintext
Test
Reference
DES Abbreviation for “Data Encryption Standard.”
Technology element
Sender generates a common key, and confidentially transmits the common key to the recipient.
Encryption by “replacing each character with the next character” in the alphabet.
Chapter 9
(1)Common key cryptography (Secret key cryptography) “Common key cryptography” is an approach that uses the same key (common key) for encryption and decryption. The common key must be confidentially shared since it is not possible to prevent interception or falsification if the key becomes known to a third party. For this reason, common key cryptography is also called “secret key cryptography” and “shared key cryptography.” The “DES (Data Encryption Standard)” is a commonly used method of common key cryptography. The framework and characteristics of communications using common key cryptography are summarized below.
Encryption example
The recipient decrypts the ciphertext using the common key.
●Characteristics • Fast encryption and decryption speed. • Risk of leaking the common key when the common key is transmitted. • Need to prepare separate common keys for each communicating partner.
Sender
Recipient Transmit
Encryption
Plaintext
Common key
Decryption
Ciphertext
Ciphertext
Ciphertext
Common key
Plaintext
Common key
Same key
298
Reference
PKI “PKI” refers to the overall technology and product infrastructure for using public key cryptography. It encompasses technologies for public key cryptography such as RSA, browsers that incorporate SSL, e-mail encrypted using a standard such as S/MIME, and servers of certification authorities that issue digital certificates. It was proposed as a solution to enable the secure execution of electronic commerce. Abbreviation for “Public Key Infrastructure.” Reference
RSA “RSA” is a method for public key cryptography that was developed with a focus on the challenge of factoring large numbers into its prime components.
(2)Public key cryptography “Public key cryptography” is an approach that uses different keys (secret key and public key) for encryption and decryption. The secret key is for personal use and must not be shared with a third party. The public key is widely published to third parties, and is registered with a certification authority for publication. “RSA” is s method that is typically used for public key cryptography. The framework and characteristics of communications using public key cryptography are summarized below. The recipient generates a secret key and public key, and registers the public key to the public key list of a certification authority. The recipient then receives a certificate.
The sender takes the recipient’s public key from the public key list of the certification authority.
The sender sends the ciphertext encrypted with the recipient’s public key.
Reference
CA A “CA” is an entity that issues certificates that attest to the validity of a public key used for purposes such as public key cryptography or digital signatures. Abbreviation for “Certification Authority.”
The recipient uses their own secret key to decrypt the ciphertext.
●Characteristics • Uses a public key which is suited for communications with many recipients. • Easy to manage keys. • Slow encryption and decryption speed.
Sender
Recipient Transmit
Encryption
Plaintext
Decryption
Ciphertext
Ciphertext
Secret key
Public key
Certification authority Public key of recipient
299
Plaintext
Ciphertext
Pair of keys
(3)Other cryptography approaches Another approach to cryptography is “session key cryptography,” which combines the approaches of common key cryptography and public key cryptography. It is also referred to as a “hybrid cryptography” approach. The session key cryptography takes advantage of the fast encryption speed of common key cryptography, and the ease of key management under public key cryptography, combining the approaches to provide a more practical approach to encryption. The framework and characteristics of communications using session key cryptography are summarized below. Sender encrypts plaintext using a common key.
A “digital signature” refers to information that is appended in order to attest to the validity of electromagnetic records (digital documents). A digital signature has the same effect as a seal or signature that is used to attest validity in daily life. A digital signature is achieved through the combined use of a message digest and common key cryptography. The characteristics of a digital signature are summarized below. • Sender uses a secret key for encryption so that it is possible to attest that it is the sender. • The message digest is compared to attest that the data has not been falsified. Reference
The recipient decrypts the common key using their own secret key.
The recipient decrypts the ciphertext using the common key.
●Characteristics • Uses common key cryptography for fast encryption and decryption speed. • Uses public key cryptography to enable confidential notification of common keys.
Sender
A “message digest” is compact data that contains a summary of the original plaintext. A hash function is used to summarize the original plaintext. It is not possible to generate the original plaintext from the message digest, while even a single change in the original plaintext completely changes the values of the message digest. Therefore, the message digest before transmission and after transmission can be compared to attest that the data has not been falsified.
Technology element
Message digest
Chapter 9
Sender transmits the common key that has been encrypted using the recipient’s public key.
Reference
Digital signature
Recipient Transmit
Encryption
Decryption
Common key
Common key
Decryption using recipient’s secret key
Encryption using recipient’s public key
Transmit Encryption
Plaintext
Decryption
Ciphertext
Ciphertext
Ciphertext
Plaintext
Common key
Common key
Same key
300
9-6
Chapter quiz
*See page 15 in the “Answers and Explanations” booklet for the correct answers.
9-1
Which of the following is the appropriate GUI (Graphical User Interface) component used to select one from multiple alternatives? a) b) c) d)
9-2
In screen design, in which of the following situations would it be better to select an option from a list of candidates than enter data directly? a) b) c) d)
9-3
Scroll bar Push button Progress bar Radio button
In the situation where each input item must be checked or corrected In the situation where large amounts of data such as sentences are entered In the situation where many different values are valid as input data In the situation where the types and content of input data are limited
When Web pages are created with due consideration for ease of use, which of the following points should be kept in mind? a) The fundamental screen structure and buttons should be displayed and placed in an easily understood manner on each page, without unifying the whole website. b) When there are many options, they should be divided into groups or hierarchies to make them easy to select. c) The title of a page should be named so that the developer can understand easily when the page contents are updated. d) When you want the user to move to another page, you should make the page switch automatically, rather than prompt the user to select the link for the destination.
301
9-4
Which of the following is the appropriate description concerning the JPEG format? a) b) c) d)
9-5
Which of the following is a device that is used for catching image projected from imaging equipment such as a video cassette recorder and storing it on a computer as digital data? Capture card Scanner Sound card Tablet
Which of the following is the appropriate explanation of virtual reality?
9-7
Technology element
a) It enables recognition of the overall picture immediately not by displaying an image from the top gradually but by displaying a coarse mosaic-like image first and then displaying a clear and vivid image gradually. b) It enables seeing and hearing the objects and spaces that are generated by computers like the actual world using computer graphics etc. c) Instead of the wind tunnel test used for the design of cars and airplanes, it conducts simulation tests using computers. d) It creates the composite image of scenery and people shot separately to make an image that is different from the real world.
Chapter 9
a) b) c) d)
9-6
It is an encoding format for images with up to 256 colors. It is an encoding format for audio. It is an encoding format for static images. It is an encoding format for video.
Which of the following is appropriate as a role that a database management system plays? a) b) c) d)
It compresses data to increase the available capacity of a disk. It encrypts the data transmitted to a network. It enables multiple computers to share a magnetic disk. It enables multiple users to share a large amount of data.
302
9-8
In handling a database, the key to specify a record is required. Which of the following is the appropriate key to specify a record in the student management table of a certain school year? a) b) c) d)
9-9
Name Address Student number Birth date
Which of the following is the membership number of the woman whose present address and work location are both Tokyo in the member list table? Member list Membership number
Name
Sex
Present address
Work location
0001
Akio Tanizawa
Male
Saitama Prefecture
Tokyo
0002
Masato Toyonaga
Male
Tokyo
Tokyo
0003
Mayumi Akiyama
Female
Chiba Prefecture
Saitama Prefecture
0004
Yuka Kasai
Female
Tokyo
Tokyo
0005
Kenta Yamauchi
Male
Saitama Prefecture
Saitama Prefecture
0006
Nobuko Yamamoto
Female
Chiba Prefecture
Tokyo
a) b) c) d)
303
0001 0003 0004 0006
9-10
Which of the following product groups can be found when searching the “Product Inventory” table for products with a sales price of 500 dollars or more per unit and an inventory of less than 10 units? Product Inventory Product Code
Product Name
Manufacturer
Sale Price
Inventory
Inspector
AAA
300,000
10
Smith
110
Medium refrigerator
AAA
200,000
6
Smith
120
Small refrigerator
BBB
100,000
8
Smith
130
Portable refrigerator
BBB
40,000
3
Smith
200
Air purifier
CCC
60,000
22
Miller
210
Air ionizer
DDD
45,000
18
Miller
300
Coffee maker
EEE
15,000
5
Johnson
400
Air conditioner
FFF
120,000
7
Brown
a) Large refrigerator, medium refrigerator, small refrigerator, air purifier, and air conditioner ) b Large refrigerator, medium refrigerator, small refrigerator, portable refrigerator, air purifier, coffee maker, and air conditioner ) c Medium refrigerator, small refrigerator, and air conditioner d) Medium refrigerator, small refrigerator, portable refrigerator, coffee maker, and air conditioner
9-11
Technology element
Large refrigerator
Chapter 9
100
Which of the following is the problem that may occur when multiple users change one file and overwrite it concurrently? a) Many files with the same name are created and the users cannot distinguish them. b) Only the contents overwritten by the last user remain, and the previous modifications are lost. c) The file is moved onto the PC of the user who modified the file previously, and other users cannot find the file. d) Modified contents are automatically added at the end of the file and the file size increases.
304
9-12
Which of the following is the appropriate explanation of LAN? a) The protocol for transmitting and receiving e-mails on the Internet b) The network that provides “high speed” communication between the computers in a comparatively narrow area, such as inside of the same building c) The network that connects geographically distant Base A and Base B using telephone lines or dedicated lines to provide communication d) The standard protocol of the Internet used for network control
9-13
What is the convention and rules that both sides should observe about error detection, retransmission control, and selection of communication pathways for data flowing through channels, in communication between computers via a network? a) b) c) d)
9-14
Which of the following is indicated by URLs, which are used on the Internet? a) b) c) d)
9-15
E-mail addresses for use in the Internet Information sources (resources) on the Internet IP addresses of servers connected to the Internet Owners of PCs connected to the Internet
When Mr. A sent an e-mail to Mr. B, Mr. A specified Mr. C as “cc” and Mr. D and Mr. E as “bcc.” Which of the following is an appropriate explanation at that time? a) b) c) d)
305
Address Interface Domain Protocol
Mr. B understands that the mail from Mr. A was sent to Mr. D and Mr. E. Mr. C understands that the mail from Mr. A was sent to Mr. D and Mr. E. Mr. D understands that the mail from Mr. A was sent to Mr. E. Mr. E understands that the mail from Mr. A was sent to Mr. C.
9-16
When you send broadcast mails to a large number of predetermined people, which of the following is used to specify the destinations easily? a) b) c) d)
9-17
bcc Mailing list Mail transfer Mailbox
Which of the following describes social engineering?
Which of the following is the appropriate description concerning formulation of the information security policies in a company? a) They are common in each type of industry, so creating original policies in each company is not required. b) They are created by a system administrator and care must be taken not to let anyone else know about them. c) The concepts and measures for information security in the company are clearly described in a document. d) The configuration of a firewall is determined and documented.
9-19
Technology element
9-18
Chapter 9
a) It collects a user’s personal information via a questionnaire on a website. b) It analyzes the utilization history of on-line shopping to predict the product that the customer is likely to buy. c) It collects the e-mail addresses publicly available on the website to transmit the e-mails for advertisements to many people. d) It picks a piece of paper on which a password is written out of a trash can to obtain a user’s password, and pretend to be the user when using a system.
Which of the following is the most appropriate description concerning management of the user IDs and passwords in system operations? a) Each business system uses a different user ID and password. The user must carry a list to prevent input mistakes. b) The company prompts all the employees to change their passwords periodically, and the users themselves change their passwords. c) A system distributes the word chosen from the dictionary at random to each user. The user uses it for a password up to a periodic date of update. d) The users are encouraged to use a numeric string that is easy to memorize and easy to use, such as their birthdays and telephone numbers, as their passwords.
306
9-20
If a user at an enterprise forgets his/her own password, which of the following is an appropriate way in which a security administrator should inform the user of his/her passwords after confirming his/her identity? a) A security administrator retrieves the password which is stored on his/her own computer, and then sends it to the user in the form of an internal document classified as confidential. b) A security administrator informs the user of an initial value after initializing the user’ s password, and then the user changes it to a new password. c) A security administrator makes a copy of the password, which is stored in an encrypted form, in the common area, and then informs the user of the decryption key by telephone. d) A security administrator decodes the password which is managed in an encrypted form, and then informs the user of that password by e-mail.
9-21
Which of the following is the appropriate description of measures against computer viruses? a) b) c) d)
307
Virus checking is unnecessary while the PC is operating normally. The virus definition file in antivirus software is updated to the latest one. Virus checking is unnecessary if the digital signature is attached to the program. Virus checking is unnecessary for the software that one of your friends gave you.
Practice exam The practice exam includes practice questions for the IT Passport Examination.
Practice exam 1 ......................................... 309 Practice exam 2 ......................................... 340 Practice exam 3 ......................................... 370
Practice exam 1 *See page 19 in the “Answers and Explanations” booklet for the correct answers.
Strategy Q1.
Which of the following is the appropriate description concerning intellectual property rights of Web pages that use the Internet? a) Information on a Web page is not considered a “transmission” under the Copyright Act because the information is only sent from the server to the client when the user sends a request to view the Web page. b) Using an image scanner to capture a pinup image from a magazine, and posting it on a Web page is not considered socially acceptable behavior, but it is not a violation of the Copyright Act under existing legislation. c) A Web page features a collection of works from other people based around a central theme. If you sample certain contents with the Web page creator’s consent, it is not a violation of the Copyright Act. d) You purchase a design contents compilation that includes image data and illustrations from a software retailer. If you use the contents for creating your company’s Web page within the scope covered by the license agreement, it is not a violation of the Copyright Act.
Q2.
Which of the following represents the “S” and “W” in SWOT analysis? a) b) c) d)
Q3.
Which of the following describes the practice of meeting social responsibilities by acting in the interests of the public, practicing information disclosure, and gaining the understanding of stakeholders such as customers and shareholders? a) b) c) d)
309
Schedule and Workings Security and Web System and Workflow Strengths and Weaknesses
CSR RFP ROE Corporate philosophy
Q4.
Which of the following is the appropriate description of the “star” in PPM (Product Portfolio Management)? a) A product that requires investment with growth, but offers a high market growth rate and high market share. b) A product with a low market growth rate and low market share, which offers low potential and low outflow of investment. c) A product that offers a high market growth rate but requires substantial investment funds due to low market share, while offering long-term potential for growth. d) A product that offers a low market growth rate but high market share, so that it is possible to generate profits with low capital.
Q5.
A dispatch employee is working under a dispatch contract. Which of the following is an appropriate response by the client company? Here, assume that no particular employment conditions have been agreed upon.
Q6.
Which of the following is an essential management resource for managing a corporation, in addition to people, materials, and money? a) b) c) d)
Q7.
Practice exam 1
a) The dispatch employee is responsible for performing maintenance on a sales information system, and directly requests to take paid leave. The client company determines that the paid leave will not interfere with the work, and approves the paid leave. b) The client company directly instructs the dispatch employee to perform maintenance on groupware, just as if the person were an employee of the client company. c) The client company instructs the dispatch employee to enter data into a production management system, but an entry error leads to the production of defective products. The client company blames the responsibility for the manufactured goods on the dispatching company. d) The dispatch employee does not finish the data processing for a sales management system, during the regular work hours. The client company instructs the dispatch employee to work overtime, just as if the person were an employee of the client company.
Environment Information Imagination Responsibility
Which of the following describes software that supports collaborative work between people by providing communication functions such as electronic conferencing and e-mail, and workflow functions such as bug report management? a) b) c) d)
CAD SCM Expert system Groupware
310
Q8.
Which of the following is applicable to BtoC EC (Electronic Commerce)? a) b) c) d)
Q9.
CALS Web-EDI Virtual company Virtual mall
Which of the following acts concerning the copyright of a program could be considered an infringement of the Copyright Act? a) A company instructs an employee to create a program as part of his work. Since there are no particular provisions for it in the employee rules, the company copies the program without the permission of the creator, and sells it to another company. b) A company purchases a program and partially alters the program without the permission of the author in order to use the program effectively on its computers. c) A company purchases a program and makes a copy without the permission of the author, for its own backup purposes. The copy is held in safekeeping. d) A company purchases a program for which it has a license. The company then copies the program without the permission of the author, and instructs a subsidiary to use the copied program.
Q10.
A certain company provides computerization services. Which of the following describes a document that contains necessary information for promoting the computerization services, and is used to gather information from the ordering company such as a system vendor? a) b) c) d)
Q11.
Proposal Request for information Request for proposal Request for order
Which of the following should be taken into consideration for planning the development of an information system? a) Analyze and clarify the effectiveness and return on investment of installing the system. b) Use a system that is already being used by another company in order to prevent confusion. c) Prepare an operations manual, and select the administrator and personnel in charge of fault management. d) Develop everything from the ground up with the company’s employees, taking into consideration operations and maintenance.
311
Q12.
Which of the following is the highest decision-making authority of a Japanese stock company? a) b) c) d)
Q13.
A certain plant retains records of the number of defective products that have occurred to date, organized by the cause of occurrence. Which of the following diagrams shows the top causes of defective products and percentage of occurrence? a)
b)
c)
d)
Which of the following does not correspond to personal information that is protected under the Act on the Protection of Personal Information? a) b) c) d)
Q15.
Practice exam 1
Q14.
Stockholders’ meeting Board of governors Executive meeting Board of directors
Own name and date of birth that a person enters on a questionnaire sheet Human resources information managed by a corporation Names and phone numbers of companies published on Web pages Images taken from a security camera at a bank ATM
Which of the following is the system that records sales information at the retail point of sales, and collects, stores, and analyzes product sales information for each product? a) b) c) d)
CAD CIM EOS POS
312
Q16.
Which of the following is expressed by an E-R diagram? a) b) c) d)
Q17.
Association between process and relationship Association between entity and process Association between processes Association between entities
Which of the following is the correct description of an income statement? a) Summarizes and tabulates journal slips in one statement b) Lists all revenues and expenses during the accounting period, and indicates profit and loss ) c Lists the respective credits and debits for each title of account, and generates the balance totals ) d Describes the financial position of a corporation at a given point in time
Q18.
Which of the following is appropriate under a service contract? a) The employer directs the worker to engage in work, under the employer’s direction. b) The worker engages in labor under the instruction of the client. c) An employment relationship arises between the worker and the client, in addition to the original employment relationship between the worker and employer. ) d The client directs the pay structure of the worker, including the base salary and overtime pay.
Q19.
Items (A) to (D) in the diagram show the procedure for Company X to receive and deliver documents, under transactions with a client. Which of the following documents corresponds to (B), where answers (A) to (D) each correspond with one of the items (A) to (D)? Client Quotation
A
B Company X
a) b) c) d)
313
Inspection sheet Invoice Order confirmation Purchase order
C
D
Q20.
There are four (4) separate venues that are each rented at 15,000 yen per day. One of the venues will be chosen for an exhibition of artwork. The table below shows the respective number of visitors expected for each venue, in the case of clear skies, cloudy skies, and rain respectively. The chance of clear skies, cloudy skies, and rain on the day of the exhibition are 50%, 30%, and 20% respectively. Which of the following venues can be expected to draw the most number of visitors?
a) b) c) d)
Q21.
Venue
Clear skies
Cloudy skies
Rain
A
30
15
10
B
20
30
5
C
15
20
15
D
25
15
10
A B C D
Which of the following statements applies to an information appliance?
Q22.
Practice exam 1
a) Connecting a digital terrestrial broadcast television to the Internet, and participating in a television program. ) b A fully automatic clothes washer that uses the right amount of water for the volume of laundry. ) c A fully automatic vacuum cleaner that cleans every room in a house. d) An air-conditioner unit that maintains a specific temperature in a room.
The diagram shows the calculation procedure for MRP (Material Requirements Planning), which is a technique for production management systems. Which of the following is necessary information that corresponds to (A) in the diagram? Master schedule
Gross requirements calculation
Net requirements calculation (calculation of shortage amount)
Order calculation
Arrangement plan
Arrangement instruction
A
a) b) c) d)
Basic schedule (time of completion, lead time number of days) Inventory status (remaining inventory, remaining orders, remaining in process) Purchase order policy (lot-sizing method, purchase order system, safety stock) Bill of materials (list of components and quantities required for final product)
314
Q23.
A dispatch worker is dispatched under a worker dispatch contract, and develops a program under the instruction of the client company. Assuming that no separate conditions have been decided, who owns the copyright to the program? a) b) c) d)
Q24.
Client company Person from the client company who directly issues the instructions Dispatching company Dispatch worker
Which of the following is achieved using RFID (Radio Frequency Identification) technology? a) Ability to use the services of a bank or other financial institution from home. b) Ability to watch a television program on a cellular phone, using one-segment broadcasting. c) Ability to download music data to a cellular phone or portable music player. d) Ability to borrow several library books all at once, simply by placing a pile of books on an automatic borrowing device.
Q25.
Which of the following describes an approach for the cycle from the release of a product until the product is discontinued and disappears from the market, in which the cycle is divided into four (4) stages to maximize profits at each stage? a) b) c) d)
Q26.
PDCA cycle Product life cycle Management cycle Software life cycle
Which of the following shows the correct order of the standards organizations (A) to (D) below? (A) International Organization for Standardization: Develops international standards relating to industry and technology, and provides coordination between countries. (B) Institute of Electrical and Electronics Engineers: An institute based in the United States that is involved in the fields of electrical engineering and electronic engineering, which was instrumental in developing LAN and other interface standards. (C) American National Standards Institute: A private standards organization that develops standards for industry in the United States, and acts as the U.S. representative to ISO. (D) Telecommunication Standardization Sector: A body under the United Nations that issues recommendations concerning standards for telecommunications.
315
(A)
(B)
(C)
(D)
a) b)
ANSI
ISO
ITU-T
IEEE
IEEE
ISO
ANSI
ITU-T
c) d)
ISO
IEEE
ANSI
ITU-T
ISO
ITU-T
ANSI
IEEE
Which of the following describes the actual work of a worker, where the worker obeys a separate chain of command from the employment relationship? a) b) c) d)
The diagrams below show the break-even point for two (2) companies. Which of the following is the correct description of the break-even analysis for Company X and Company Y? Revenues/ expenses
Q28.
Transfer of employment Contracting Part-time Dispatching
Company X
Revenues/ expenses
Q27.
Break-even point
100
Company Y
Break-even point
100
70 30 0
100
Sales
0
100
Sales
Q29.
Practice exam 1
a) If Company X and Company Y both increase their sales, Company Y with lower fixed costs will generate less of an increase in profits than Company X. b) Company X has lower variable costs per unit of product. If sales exceed the breakeven point, Company X will generate more of an increase in profits than Company Y. c) The break-even point for both companies is the same, so the sales required to generate the same amount of profit is always the same. d) The break-even point for both companies is the same, as is their fixed costs. If sales are the same, the resulting profit/loss is also the same.
Which of the following is a methodology for modeling business processes? a) b) c) d)
PDPC Portfolio Distribution chart UML
316
Q30.
Which of the following describes outsourcing? a) Entrusting work to an expert outside company rather than performing the work inhouse, such as program design for systems development and operations/maintenance ) b Entrusting program design to an outside company, and operations/maintenance to a separate outside company ) c A form of business that provides a full-range of services such as systems design, development, testing, and operations/maintenance ) d A form of cooperation with an outside company for program design and development
Q31.
Under JIS Q9000:2000 (ISO 9000:2000) – Quality Management Systems: Fundamentals and Vocabulary, which of the following describes a third party audit? a) b) c) d)
Q32.
Which of the following is a tool that enables multiple participants to converse between themselves in real time over the Internet using text messages? a) b) c) d)
Q33.
Audit of the quality management system through internal control. Audit of the quality management system of a company by stockholders’ meeting. Audit of the quality management system of a company by an examination body. Audit of the quality management system of a subsidiary by the board of directors.
Social networking service Bulletin board Chat Blog
In the example below, which is the amount of net sales needed to achieve a target profit of 18 million yen? Net sales . . . . . . 100 million yen Variable costs . . 50 million yen Fixed costs . . . . 30 million yen
a) b) c) d)
317
80 million yen 88 million yen 96 million yen 120 million yen
Q34.
Which of the following describes IE (Industrial Engineering)? a) A methodology for analyzing a problem using the latest science and technology, in order to identify the best solution ) b A methodology used by a group to generate ideas through the exchange of opinions under a set of rules, and produce a solution ) c A methodology that uses various methods to consider the work time, and engage in activities such as scheduling and management, and cost planning ) d A methodology for dividing the scope of tabulated data into a number of segments, and expressing the amount of data in the segments using a bar graph
Q35.
Which of the following is not recorded in accounting records? a) b) c) d)
Complete destruction of a company-owned vehicle due to a traffic accident. Debts waived by a creditor. Signing of a lease for renting an office. Company-owned building that burned down due to fire.
Management Which of the following describes the FP (Function Point) method? a) A method for estimating functions and the degree of difficulty converted as a value, using a GUI input/output screen b) A method for estimating person-hours, based on the past record for the number of program steps for the overall system c) A method used in systems development for enhancing the level of completeness, by dividing up the system and repeatedly implementing a development cycle d) A depreciation method based on a fixed rate for the value of assets such as purchased equipment
Q37.
Practice exam 1
Q36.
Which of the following is a set of guidelines for best practices and know-how, compiled for the success of a business that uses IT services? a) b) c) d)
ITIL IT infrastructure IT governance IT service management
318
Q38.
Which of the following is the appropriate precaution to observe when preparing test data for a white box test? a) Boundary value for each equivalence class obtained through the application of equivalence partitioning b) Program internal structure such as algorithm c) Program functions d) Program input and output relationship
Q39.
Which of the following is part of IT service management at the core of ITIL? a) b) c) d)
Q40.
Which of the following is the correct sequence for designing a system based on a system requirements definition? a) b) c) d)
Q41.
Software detailed design → System architecture design → Software architecture design System architecture design → Software detailed design → Software architecture design Software architecture design → Software detailed design → System architecture design System architecture design → Software architecture design → Software detailed design
Which of the following is a development model for creating an experimental model that realizes the requirements while achieving verification from users, at the initial stages of systems development? a) b) c) d)
Q42.
Infrastructure management and security management Business perspective and application management Service support and service frame Service support and service delivery
Spiral model Waterfall model Portfolio Prototyping model
Which of the following is the appropriate description of PMBOK? a) A methodology for conducting regular meetings between project members. b) A set of guidelines for the body of knowledge for project management. c) A method of managing schedules and costs that is specifically used for systems development. d) An international standard for quality management.
319
Q43.
Which of the following is a framework that is built around the basic elements of internal control? a) b) c) d)
Q44.
Which of the following is a milestone for project management under systems development? a) b) c) d)
Q45.
Initial maintenance and inspection, performed after the system goes live System integration review date with the client’s participation Selection of project members Programming processes based on the design
Which of the following stipulates the quality and scope of IT services provided to the client? OGC ITIL SLA IEC
Which of the following is the appropriate description of a common framework?
Practice exam 1
a) b) c) d)
Q46.
Monitoring system IT governance System audit standards COSO framework
a) A unified and common framework for systems development, to secure the compatibility of each system ) b A common framework for systems development, to unify terminology and standardize the contents of work, from planning and development through to operations and maintenance c) A common framework for systems development, to unify different development models from each system vendor and enable mutual cooperation d) A unified and common framework for systems development, to achieve a fixed level and enable development in a short period of time
320
Q47.
Which of the following descriptions applies to a system requirements definition? a) If the system requirements definition does not clearly define the initial purpose of the computerization by users (system user departments), there is no issue with gradually introducing requests. b) Check and verify the design, and determine if there are any bugs in the system. c) Establish the concrete functions that should be achieved, through investigation/analysis of requests from users (system user departments). ) d The systems development department should play a central role in establishing the systems requirement definition, in order to guide the subsequent development.
Q48.
Which of the following is the correct description of the approach of facility management? a) Enhance the position of a company and its business partners to enable mutual growth, by securing a better relationship between the own company and employees at business partners that do business with the company. ) b Provision of know-how for the operation of information systems. c) Integrated operation and maintenance of facilities that are used to manage the information systems of a corporation. d) Management of information systems to keep them in an optimal state, such as computers, networks, facilities, and equipment.
Q49.
Which of the following is the appropriate description of SLM? a) A methodology for maintaining the system level of a corporation that uses information systems ) b A methodology used to compare the level of IT services between corporations, providing a management model for standout companies ) c A methodology of management for maintaining and improving the service level d) A methodology for securing a level of convenience for computer users who use a standalone environment
Q50.
Which of the following work is necessary for project management? a) Prepare an operating manual in three (3) months, so that your own company can sell package software. b) Conduct three (3) days of training by the human resources department to integrate 10 new employees. c) Calculation work that is performed every year by accounting departments. d) Thorough correction of defects by stopping a system that is in operation.
321
Q51.
Which of the following is a methodology for verifying that functions are executed according to the design document, with a focus on output results for input data? a) b) c) d)
Q52.
Top-down test Bottom-up test Black box test White box test
Which of the following conditions is the most appropriate for changing and adding a program to a system that is currently live? a) After finishing changes to the program, perform tests using the same conditions as the production environment, before determining whether to go live. ) b When adding a program, changes are made directly to the live system by judging the right time to make the changes. ) c If the system is live, shutdown all systems first before swiftly adding the program, since it is not possible to test the program that will be added. ) d It is sufficient to test only the portion that is added, to confirm that the added program operates normally.
A black box test is to be performed for a system that is under development. The effective scope of variable A is an integer expressed by 0
View more...
Comments