Unit 2 - Global Information

2 Main Types Of Websites

• Static
• Dynamic

A static site is one that is usually written in plain HTML and what is in the code of the page is what is displayed to the user. (spiderwriting.co.uk)

A dynamic site is one that is written using a server-side scripting language such as PHP, ASP, JSP, or Coldfusion. In such a site the content is called in by the scripting language from other files or from a database depending on actions taken by the user. (spiderwriting.co.uk)

Advantages of using a Dynamic Website

• By connecting them to databases you can easily pull in information in an organised and structured way to create product pages or categories of related products sorted in a variety of different ways depending on how the user wants to view them. (spiderwriting.co.uk)
• This ability to connect to a database means that you can also create a content managment system an interface which allows the client to input and manage data via a web-based series of administration pages.(spiderwriting.co.uk)
• There are little or no ongoing costs unless there is a change in the basic design or an extra capability added. (spiderwriting.co.uk)

CIA = Confidentiality, Integrity, Availability

Hightened risk of breaching the individual's rights to privacy

text (different character sets, e.g. Western, Cyrillic, Arabic, etc.)

graphic (e.g. logo, photograph, diagram)

video (e.g. instructions on how to carry out asoftware update, live broadcast of a music festival)

animated graphic (e.g. pop-up book character,operation of the human heart)

audio (e.g. spoken instructions, music track)

numerical (e.g. profit, date and time)

braille text (e.g. written report printed on a Brailleprinter)

tactile images (e.g. NASA's Hubble SpaceTelescope images converted into tactile images forpeople who cannot explore the images by sight)

subtitles (e.g. translated speech for a film in aforeign language)

boolean (e.g. yes or no answer on a form)

tables and spreadsheets (e.g. simple databasetables and spreadsheets)

charts and graphs (e.g. identifying trends, makingcomparisons

sensitive

non-sensitive

private

public

personal

business

confidential

classified

partially anonymised

completely anonymised

impacts on different stakeholders

• characteristics (e.g. valid, bias, reliable, comparable)

• importance of good quality information to stakeholders (e.g. innovation, agility, improved strategic decision making and focus)

• consequences of poor quality information on stakeholders (e.g. misinformation, reputational damage)

collecting, storing and retrieving (e.g. adding a new member to a cycling club membership database)

manipulating and processing (e.g. producing a graph from a table of data)

analysing (e.g. looking for patterns in annual rainfall in an area)

securing (e.g. storing patient records on an encrypted hard drive)

transmitting (e.g. posting a printed school report to a parent)

impact on individuals and organisations (e.g. additional costs associated with keeping sensitive information secure)

data-raw, unorganised facts that need to be processed, information-data which is processed, organised and structured into a meaningful context.

communication (e.g. to send an email to a relation living overseas)

education and training (e.g. by a student to check their current grades on a hand written feedback sheet from their teacher)

entertainment (e.g. to read a film review in a magazine)

planning (e.g. to use a shared electronic diary to arrange meeting dates)

financial (e.g. to use a bank statement to help plan saving for a holiday)

research (e.g. to look up a recipe online)

location dependent (e.g. to search for emergency dental care when on holiday)

benefits and limitations

create an accurate model of key markets)

management information systems (MIS) (e.g. to monitor staff training in a hospital; the location and contact details of each charity worker in a disaster area; personnel record of all staff)

marketing, promotion and sales (e.g. to identify patterns or trends in sales figures)

financial analysis and modelling (e.g. to determinethe top selling products; cash flow each week over a year)

contact management (e.g. to keep track ofappointments at a doctor’s surgery)

decision making (e.g. to decide the number of tentsto be sent to a disaster area by a charity; thepercentage of faulty items made each month by amanufacturer)

internal and external communication (e.g. to informall staff of office closures over the Christmasperiod)

big data, i.e.:

oany data that is either too large or too complexfor traditional data analysis techniques to beused, e.g. the annual web clicks of a majoronline retailer, health data on the population ofan entire country

benefits and limitations

identify the need (e.g. what information is needed?what do we want to find out?)

define scope (e.g. content, detail, timescales,constraints)

identify potential sources (e.g. sales figures,customer surveys)

source and select information (e.g. determineaccuracy and reliability of sources, selecting thebest)

select the most appropriate tools (e.g. charts,graphs, regression, trend analysis)

process and analyse data (e.g. set up a spreadsheet to produce a graph)

record and store information (e.g. write a report based on the results of the processing)

share results (e.g. send the report to stakeholders)

data tables (e.g. a database table of patients)

visualisation of data (e.g. a pie chart showing sales of five leading trainers)

trend and pattern identification (e.g. a line graph of last year’s sales per month)

data cleaning (e.g. removing customers who have not made a purchase in the last two years)

geographic information system/location mapping (e.g. tracking the movement of shipping containers around the world)

• open systems
• closed systems 
• characteristics 
• benefits and limitations

• Current UK legislation and regulation 

Data Protection Act (DPA) 1998

Regulation of Investigatory Powers Act (RIPA) 2000

Protection of Freedoms Act 2012

Privacy and Electronic Communications

Regulations 2003 (amended 2011)

Freedom of Information Act 2000

Computer Misuse Act 1990

Information Commissioner’s Office (ICO) codes of practice

Copyright, Designs and Patents Act 1988

Equality Act (EQA) 2011

regulation relating to data protection outside the UK (e.g. USA, France, Far East and Africa)

comparison between data protection legislation and regulation in different countries (e.g. similar legislation in many countries, but not all)

UN Convention on the Rights of Persons with Disabilities (UNCRPD):

global requirements on organisations and individuals

United Nations Climate Change Summits

UK Government policy (e.g. Greening Government ICT Strategy (2011))

reducing carbon footprint

purpose (e.g. sustainability)

benefits (e.g. enhanced brand image, reduced energy costs)

internal source (e.g. internal financial reports, market analysis)

external source (e.g. supplier price lists, financial report from a third party)

primary data (e.g. reports direct from employees, foot measurements taken in a shoe shop)

secondary data (e.g. survey results received from a market research organisation, interest rate charged on a loan from a bank)

qualitative data (e.g. the colour of products, the names of employees)

quantitative data (e.g. expiry date of medicines, the number of staff working in an organisation)

purpose

external entities

processes

data stores

data flows

standard symbols used

connectivity rules for drawing Level 1 DFDs

at least one input or output for each external

entity

data flows only in one direction

every data flow is labelled

every data flow connects to at least one process

at least one input data flow and/or at least one output data flow for each process

• impacts affecting the flow of information in information systems

confidentiality – information can only be accessed by individuals, groups or processes authorised to do so

integrity – information is maintained, so that it is up to date, accurate, complete and fit for purpose

availability – information is always available to and usable by the individuals, groups or processes that need to use it

unauthorised or unintended access to data (e.g. espionage, poor information security policy)

accidental loss of data (e.g. human error, equipment failure)

intentional destruction of data (e.g. computer virus, targeted malicious attack)

intentional tampering with data (e.g. fraudulent activity, hacking)

loss of intellectual property

loss of service and access

failure in security of confidential information

loss of information belonging to a third party

loss of reputation

threat to national security

recent cases of failures of information security

• Policies

staff access rights to information

responsibilities of staff for security of information

disaster recovery

information security risk assessment

effectiveness of protection measures

training of staff to handle information

locks, keypads and biometrics used on:

o workstations

o server room access

placing computers above known flood levels

backup systems in other locations

security staff

shredding old paper based records

locks, keypads and biometrics used on:

o workstations

o server room access

placing computers above known flood levels

backup systems in other locations

security staff

shredding old paper based records

tiered levels of access to data

firewalls (hardware and software)

anti-malware applications

obfuscation

encryption of data at rest

encryption of data in transit

password protection