Download A-2 ICT Revison Booklet

Network Questions
June – 2011
Question B.
When designing a network for a company, the likely topology is one of the
areas to be looked at.

1) Compare and contrast the relative advantages and disadvantages of ring and
star topologies. [6]

2) A network manager uses remote management when managing the network.
Describe four tasks that the network manager could do using remote
management. [4]
Answers:
Indicative content: These points could be made but must be related to
each topology. Do not give opposites separate marks.
1) Advantages of ring
• Network not dependant on central computer
• Each computer has the same access as the others so no one computer can hog the
network
Advantages of star
• Fault tolerant – if one of the cables fails, then the other computers can still be used
• Load tolerant – extra computers can be added without much loss in performance
because all computers have their own path to the server
• Easy to add extra computers – extra computers can be added without disturbing the
network
Disadvantages of ring
o If there is a break in the connection then the whole network fails
o Faults are difficult to locate
o It is impossible to keep the network running whilst equipment is added or removed
because there is only one path for the data to follow
Disadvantages of star
• Higher cost – the large amount of cabling needed makes it more expensive
• Dependence on the central server
LAN or WAN The ring is a Local Area Network which means it can only be accessed
from within the building or organisation. Messages are passed around all devices on
the ring and repeated on to the next if not at the destination address. It is usually a
peer to peer network so all stations on the network have the same access rights.
The star is often a wide area network linking networks via gateways and a classic
example of this is the internet or when large banks link up their branches with the HQ
computers. All traffic goes through the fileserver.
Security and reliability There may be more than one fileserver on the ring network
and if one goes down the ring can still function by redirecting network traffic to the
functioning server. The ring network depends upon the repeaters sending the signal
around the network. If a repeater fails the signal cannot be forwarded but this does not
stop limited communication in one direction between some stations on the network.
In the star network if a node goes down the others can still function but if the central
fileserver/hub goes down then the network cannot function. Can add extra ‘nodes’
without disturbing the rest of the network.
In the star network everything goes through the central fileserver/hub which can have
firewalls and proxy servers allowing central control of message switching allow a
high degree of security. In the ring every device has access to the token before
repeating it on, making easier hacking or corruption possible.
Transmission speeds In the ring transmission is in one direction only and therefore
can be quite fast In the start you can have different transmission speeds on each of the
nodes some can be super fast e.g. between file and communications servers and others
e.g. to printers can be slower. Costs Cabling for a local area network such as the ring
is less and ethernet cable is probably sufficient. However wide area star networks may
need expensive fibre optic cabling or even satellite links. Gateways can also be
expensive.
2) Any 4
• See which users are using the network
• Check on emails being sent when should be working
• Check on which sites employees visit
• Check on hardware to see what needs upgrading
• Check to see right number of licences
• Guide users through problems
• Check to see no unauthorised software loaded on machines
• Log off users who have forgotten to do so
• Check on components to see if any failing
• Shut down stations
• Rebuild stations / re-setup stations / re-install/update software
• Send instant messages
• Control stations
• Clear printer queues at stations
NOT manage passwords / delete files / other tasks normally done at the server
January – 2011
Question C.
 7) Other than cost or size of the organisation, explain in detail three factors
that could influence the choice of a computer network for the organisation. [6]

8) Peer-to-peer and client server are two types of computer network. Compare
and contrast the two types of network. [6]
Question G.
 The improvement in computer power has led to more people being able to
work from home using computer networks, often called teleworking.

Discuss, with the aid of suitable examples, the advantages and disadvantages
to employees and companies of teleworking. [8]
Answers
Question C.
7)
NOT COST OR SIZE OF ORGANISATION
How the system will be used
• What type of applications do users require?/ Are the users going to require a wide
range of applications?
• Will they need large data storage?/ Are they going to store a large number of data
files?
• From where will they operate the network e.g. at home in office or remote access
from different locations. / Where does the processing get done?
Existing systems
• More often networks are not developed from scratch but need to fit in with existing
systems. Sometimes an extension is required e.g. when a new branch office opens.
• Therefore any new network must fit in with the existing operating systems and
protocols.
• It must support any peripherals already in use e.g. bar code readers, printers, etc.
• Can the current stock of PC’s and peripherals be used on the new network?
Performance in terms of: reliability / user friendliness / capacity / speed of
processing
Different parts of the organisation may have different performance requirements. e.g.
a realtime e-commerce system may require greater speeds and capacity and security
than the in house payroll system.
Condone security if reference to level of risk NOT hacking / viruses
If candidates only list 3 factors then maximum mark is 1.
Question G.
6-8 marks Candidates give a clear, coherent answer discussing advantages and
disadvantages of teleworking using suitable examples. They use appropriate
terminology and accurate spelling, punctuation and grammar.
3-5 marks Candidates discuss advantages and disadvantages and may give
examples but responses lack clarity. There are a few errors in spelling, punctuation
and grammar
1-2 marks Candidates simply make brief points and may give an advantage or
disadvantage. The response lacks clarity and there are significant errors in
spelling, punctuation and grammar.
0 marks No valid response.
Indicative content
Answers have to cover all 4 sections to get full marks. (lose 1 for every section
not covered)
The advantages of teleworking for the employee
• Teleworking makes it easier for people to live and work where they choose, as it is
possible for some staff to work from home (less stressful).
• It reduces traffic congestion and carbon dioxide emissions and is therefore ‘greener’
/this has an environmental benefit since there is no commuting to work.
• Not having to travel to work saves time/money.
• Flexibility of working hours / Work your own hours / Fit around family commitments /
No need to take time off to see workmen
• Ideal for disabled
The disadvantages of teleworking to the employee
• Home costs such as heating, lighting increase
• Employee may feel isolated
• Some employers may pay teleworkers less as there is more competition for jobs
• No workmates to go out with /socialise
• Boundary between home and work is lost
• Loss of status for some staff – no plush offices, etc.
• May not be a quiet place in the house to work
• Passed over for promotion
The advantages of teleworking to the company
• Smaller offices are needed
• Fewer backup staff need to be employed (e.g. cleaners, caretakers)
• Staff less likely to spend time off sick
• Reduced office overheads (electricity, gas, insurance, furniture etc)
• Staff may be more amenable to working flexible hours
• Retaining skilled workers / maternity
• Employ workers from a wider pool of talent
• Comfortable environment can lead to greater productivity
The disadvantages of teleworking to the company
• Change to organisational structure may be needed
• Hard to determine how hard staff are working (monitor progress)
• Harder for managers to manage the work
• Increased number of sites for ICT equipment may cause more security risks
• Employers usually pay for the employees’ ICT equipment
• More difficult to hold meetings face to face
• Health and Safety checks needed on employee home
• More security risks as more sites
June – 2010
 Network topologies have different properties.
(a) Draw and label a star network. [2]
(b) State two advantages of a ring network. [2]
(c) Other than topology issues, discuss in detail three factors that will influence the
choice of a network. [6]
Answer
2. (a) 1 mark for star shape and position of file server
1 mark for terminal/peripheral and labelling the cable
2. (b) Any 2 from
• There is no dependence upon a central host
• Very high transmission speeds are possible
• It is deterministic i.e. different performance levels can be determined for
different traffic levels
• Routing between devices is simple because messages normally travel in one
direction.
• As data is in one direction it can transmit large volumes of data
• No collisions
• Cabling costs - less than other topologies
• Each computer has the same access as others so no one node can dominate
the network
2. (c) 3 x (1 mark for giving each factor and a 2nd mark for a fuller description)
Cost of the network
• Initial purchasing of equipment
• Installation and training
• Maintenance / Personnel costs
• Size of the available budget will determine what can be done e.g. fibre optic
cable is faster but is also more expensive.
• Wireless systems are flexible but need more maintenance
Size of the organisation
• Needs can range from a small LAN to a global WAN.
• Some communications media are limited by the distance they have to travel.
• Amount of data processing required must also be considered.
How the system will be used
• What type of applications do users require?
• Will they need large data storage?
• From where will they operate the network e.g. at home in office or remote
access from different locations.
Existing systems to integrate
• More often networks are not developed from scratch but need to fit in with
existing systems. Sometimes an extension is required e.g. when a new branch
office opens.
• Therefore any new network must fit in with the existing operating systems and
protocols.
• It must support any peripherals already in use e.g. bar code readers, printers, etc.
Performance in terms of: reliability / user friendliness / capacity / speed of
processing
Different parts of the organisation may have different performance requirements. e.g.
a real-time e-commerce system may require greater speeds and capacity and security
than the in house payroll system.
Condone security if reference to level of risk NOT hacking / viruse
January – 2010
2. A company has moved into an old building and has decided to install a network.
(a) Compare and contrast the relative advantages and disadvantages of ring and star
topologies.[6]
The company is considering using a wireless network.
(b) Describe two advantages and two disadvantages for the company of using a
wireless network over a cabled network. [4]
3. A local doctor’s practice uses a network to manage patient records, appointments
and all its financial functions. The Practice Manager is worried about the
confidentiality of the patient records.
(a) Explain why the practice should have a security policy and give two examples of
what this should contain, other than user accounts and logs. [4]
(b) Describe the use of user accounts and logs as a way of ensuring the confidentiality
of patient records. [3]
6. ‘The increase in bandwidth has resulted in an increasing number of people being
able to work from home using computer networks, often referred to as teleworking.’
Discuss, with the aid of suitable examples, the advantages and disadvantages to
employees and organisations of such methods of working. [8]
Answers
2(a) Answers must mention both ring and star topologies making relative comments
for each mark.
Maximum two marks per section. Award each point once only.
LAN/small or WAN/large The ring is a LAN which means it can only be accessed from within the building or
organisation.
Messages are passed around all devices on the ring and repeated on to the next if not
at the destination address.
It is usually a peer to peer network so all stations on the network have the same access
rights.
The star can be a LAN or a WAN linking networks via gateways and a classic
example of this is the internet or when large banks link up their branches with the HQ
computers.
All traffic goes through the fileserver (hub).
Shape and Position of the fileserver - A ring network is a peer to peer network with
the fileserver and all peripherals and workstations on a ring.
In the star network is a client server network and the file server is in the centre of the
spokes with peripherals and workstations on the end of each spoke.
(Could be illustrated with labelled diagram).
Security and reliability
There may be more than one fileserver on the ring network and if one goes down the
ring can still function by redirecting network traffic to the functioning server.
The ring network depends upon the repeaters sending the signal around the network.
If a repeater fails the single cannot be forwarded but this does not stop limited
communication in one direction between some stations on the network.
In the star network is a spoke goes down the others can still function but if the central
file server goes down then the network cannot function.
Can add extra ‘spokes’ without disturbing the rest of the network.
In the star network everything goes through the central fileserver which can have
firewalls and proxy servers allowing central control of message switching allow a
high degree of security.
In the ring every device has access to the token before repeating it on making easier
hacking or corruption possible.
Transmission speeds
In the ring, transmission is in one direction only and therefore can be quite fast. In the
star you can have different transmission speeds on each of the spokes, some can be
super fast e.g. between file and communications servers and others e.g. to printers can
be slower.
Cabling costs
Cabling for a local area network such as the ring is less and Ethernet cable is probably
sufficient. However wide area star networks may need expensive fibre optic cabling
or even satellite links.
Gateways can also be expensive (if qualified).
Advantages of ring networks:
• the network is not dependent on a central computer
• each computer has the same access as the others so no one computer can ‘hog’ the
network.
• faster speeds possible because of uni direction.
Disadvantages of ring networks:
• if there is a break in the connection (wire or wireless), then the whole network fails
• faults are difficult to locate
• it is impossible to keep the network running whilst equipment is added or removed
because there is only one path for the data to follow.
Advantages of star topology networks:
• fault tolerant – if one of the cables fails, then the other computers can still be used
• load tolerant – extra computers can be added without much loss in performance
because all computers have their own path to the hub
• easy to add extra computers – extra computers can be added without disturbing the
network.
Disadvantages of star topology networks:
• higher cost – the large amount of cabling needed makes it a more expensive
topology
• dependence on the central hub, switch or router – if the device at the centre of the
network fails, then the whole network will fail.
2(b)
To get full marks have to have at least 1 advantage and 1 disadvantage (max 4)
Advantages of Wi-Fi:
• allows inexpensive LANs to be set up without cables
• allows people the freedom of working anywhere a signal can be received
• ideal for networks in old listed buildings where cables would not be allowed to be
installed
• global set of standards – you can use Wi-Fi all over the world
• health and safety – tidier desktop with no trailing cables.
Disadvantages of Wi-Fi:
• power consumption is high – which means laptops soon exhaust their rechargeable
batteries
• there may be health problems in using Wi-Fi
• there may be security problems even when encryption is used
• Wi-Fi networks have a very limited range (e.g. 150 ft)
• can get interference if wireless network signals start to overlap
• transmission speed slower than cable.
3(a)
DPA puts an onus on the practice to keep this information secure (1) because of its
potential for misuse (1).
Illustrated example of any two of the following points that may be in a security
policy:
Rules on Passwords and user id’s
Access rights
Firewalls
Virus checkers
Encryption
Physical security measures
Backup and restoration strategies
Staff code of conduct
Disciplinary procedures
Not accounts and logs and No marks for a list.
3(b) One mark for each relevant point
Auditing keeps a record of who has done what on the network.
Auditing keeps records of:
• usernames
• the times they logged on and off Who, what, when
• details of programs they used
• details of files accessed
• details of changes made
• details of from which machine.
Auditing is used to identify abuses of the systems by authorised staff (1) and also to
investigate instances of unauthorised access (i.e. by hackers) (1).
Managing user accounts by allocation of access levels to users
6 6-8 marks Candidates give a clear, coherent answer fully and accurately discussing,
with suitable examples the advantages and disadvantages of teleworking. They use
appropriate terminology and accurate spelling, punctuation and grammar.
3-5 marks Candidates discuss several advantages and disadvantages with some
examples but responses lack clarity. There are a few errors in spelling,
punctuation and grammar.
1-2 marks Candidates make brief points and may give an advantage, disadvantage or
example. The response lacks clarity and there are significant errors in spelling,
punctuation and grammar.
0 marks No valid response.
Indicative content
There has to be at least one advantage, one disadvantage and one example to get
full marks.
Cannot gain mark twice for use of reverse argument.
The advantages of teleworking for the employee
• Teleworking makes it easier for people to live and work where they choose, as it is
possible for some staff to work from home (less stressful).
• It reduces traffic congestion and carbon dioxide emissions and is therefore ‘greener’
/this has an environmental benefit since there is no commuting to work.
• Not having to travel to work saves time/money.
• Flexibility of working hours.
The disadvantages of teleworking to the employee
• Home costs such as heating, lighting increase
• Employee may feel isolated
• Some employers may pay teleworkers less as there is more competition for jobs
• No workmates to go out with
• Boundary between home and work is lost
• Loss of status for some staff – no plush offices, etc.
• May not be a quiet place in the house to work
• Passed over for promotion
The advantages of teleworking to the employer
• Smaller offices are needed
• Fewer backup staff need to be employed (e.g. cleaners, caretakers)
• Staff less likely to spend time off sick
• Reduced office overheads (electricity, gas, insurance, etc.)
• Staff may be more amenable to working flexible hours
• Retaining skilled workers / maternity
• Employ workers from a wider pool of talent
• Comfortable environment can lead to greater productivity
The disadvantages of teleworking to the employer
• Change to organisational structure may be needed
• Hard to determine how hard staff are working
• Harder for managers to manage the work
• Increased number of sites for ICT equipment may cause more security risks
• Employers usually pay for the employees’ ICT equipment
• More difficult to hold meetings
• Health and Safety checks needed on employee home
June 2009
6. A business has thirty staff each of whom have their own stand-alone computer. The
business is considering networking all these computers but is concerned at problems
this may create.
As an ICT consultant you have been asked to prepare a report for the company’s
owners, outlining the issues that networking the computers could bring.
Your report should include:
• The benefits and drawbacks of moving to a networked system
• The factors involved in choosing a network
• The extra communications facilities and possible changes in working practices that
this
network could provide. [18]
Quality of Written Communication. [2]
Answer
6.Any 18 points or 9 well argued or a mixture of both but have to cover all 4 sections
to get full marks
Benefits
•Data can be pooled and therefore accessed by a wide range of users. This helps to
ensure data integrity.
•Hardware resources such as printers and scanners can be shared. This is a much more
cost effective solution than providing each user with their own set of peripheral
devices.
•Software resources can be shared. One version of the software can be purchased and
installed centrally which cuts down on management needs.
•Security is centralised and so improved. The network manager can control access by
setting access rights and user permissions and by auditing computer use etc.
•Back up procedures are easier to complete if centrally located and managed. Instead
of each user being responsible for backing up their data, the network manager will
take responsibility for running regular back-ups and recoveries.
Disadvantages
•Setting up a network is more costly than running a group of standalone computers. In
addition to the stations a central server is needed.
•Networks are particularly vulnerable to viruses. If one machine is ‘infected’, it is
easier for this infection to spread than would be the case in a standalone environment.
•Network management requires a degree of specialist knowledge and this will mean
employing a network manager for this purpose.
•Networks are vulnerable to crashes and if the network crashes you cannot use any of
the computers.
•Networks require more maintenance. There are more things that can go wrong,
cables can break, network files can be corrupted, the system can be jammed due to
network traffic. Staff have to be employed to complete this maintenance.
Factors
•Cost of the network. Fibre optic cable cabling offers faster transmission rates than
other media but costs significantly more. One has to also take into account the
ongoing maintenance costs.
•The size of a network can vary depending on the size of the organisation and can go
from a small room containing one or two PCs to a global network.
•How the system will be used. Are the users going to require a wide range of
applications? Are they going to store a large number of data files? Where does the
processing get done?
•Existing systems. Can the current stock of PCs and peripherals be used on the new
network?
•Performance required. Speed of processing, reliability, user friendliness, capacity
•Security. Will they have to prepare for outsider access? etc.
•Topology
Communications / Changes in working practices
•Email and being able to transfer information between employees.
•Video conferencing to get expert help on particularly tricky work
•Internet access to research particular procedures or latest developments.
•Wireless access and its benefits
•Ability to telework
•Re-training of staff
June 2008
2. Network topologies have different properties.
(a) Draw and label a ring network. [2]
(b) State two advantages of a star network. [2]
(c) Other than cost or topology issues discuss in detail three factors that will influence
the choice of a network. [6]
Answer
2.(a) 1 mark for ring shape and labelling cable
1 mark for position of file server and terminal
(b) If cable breaks network can continue working
Very easy to add new machines
(c) 1 mark for naming each factor and 1 mark for fuller description x 3
(i) Security issues
• How secret is the data
• Consequences of others seeing it
• Firewall
• Number of users
• Spyware, viruses, hackers, etc.
(ii) Size of the organisation
• Needs can range from a small LAN to a global WAN
• Some communications media are limited to the distance they have to travel
• Amount of data processing required must also be considered.
(iii) How the system will be used
• What type of applications do users require?
• Will they need large data storage?
• From where will they operate the network e.g. at home in office or remote access
from different locations.
(iv) Existing systems to integrate
• More often networks are not developed from scratch but need to fit in with existing
systems. Sometimes an extension is required e.g. when a new branch office opens.
• Therefore any new network must fit in with the operating systems and protocols of
the existing.
• It must support any peripherals already in use e.g. bar code readers, printers, etc.
(v) Performance and speed required
Performance in terms of:
• reliability
• user friendliness
• capacity
• speed of processing.
Different parts of the organisation may have different performance requirements. e.g.
a real time e-commerce system may require greater speeds and capacity and security
than the in house payroll system.
June 2007
6. Networks can be arranged in several topologies.
(a) Draw and label a star network. [4]
(b) Describe a suitable use for a ring network. [2]
(c) Discuss in detail the advantages and disadvantages of a ring network. [6]
(d) Other than security and topology issues, discuss in detail two factors that will
influence the choice of a network. [4]
(e) Networks make use of intranets.
Explain the function of an intranet and give an example of how it could be used. [2]
Quality of Written Communication [2]
Answer
6. (a) 4 Marks
1 mark for star shape
1 mark for position of file server
1 mark for position of terminal or peripheral
1 mark for labelling the cable
Example
6. (b) 1 mark 2 marks
LAN or similar description
1 mark suitable use
 Peer to peer network
 School site
 Large offices
 Any reasonable answer
6. (c) 1 mark x 6 for advantages or disadvantages 6 Marks
(must be at least one of each)
Advantages of a Ring network
� There is no dependence upon a central host as data transmission is supported
by all devices on the ring.
Each node has sufficient intelligence to control the transmission of data from and to
its own node.
� Very high transmission speeds are possible.
� It is deterministic i.e. different performance levels can be determined for
different traffic levels.
� Routing between devices is simple because messages normally travel in one
direction.
� As data is in one direction it can transmit large volumes of data.
Disadvantages of a Ring network
� Systems depends upon the reliability of the ring repeater although it can be
designed to bypass faulty repeaters.
If one node malfunctions this can affect the operation of the network.
� Cabling costs
� Difficult to extend the ring.
6. (d) 1 mark for naming each factor and 1 mark for fuller
description x 2 4 marks
(i) Cost of the network
� Initial purchasing of equipment
� Installation and training
� Maintenance costs
� Size of the available budget will determine what can be done e.g. fibre optic cable
is faster but is also more expensive. Wireless systems are flexible but need more
maintenance
(ii) Size of the organisation
� Needs can range from a small LAN to a global WAN.
� Some communications media are limited to the distance they have to travel.
� Amount of data processing required must also be considered
(iii) How the system will be used
� What type of applications do users require?
� Will they need large data storage?
� From where will they operate the network e.g. at home in office or remote access
from different locations
(iv) Existing systems to integrate
� More often networks are not developed from scratch but need to fit in with existing
systems. Sometimes an extension is required e.g. when a new branch office opens.
� Therefore any new network must fit in with the operating systems and protocols of
the existing.
� It must support any peripherals already in use e.g. bar code readers, printers etc.
(v) Performance and speed required Performance in terms of;
� reliability
� user friendliness
� capacity
� speed of processing.
Different parts of the organisation may have different performance requirements. E.g.
a realtime e-commerce system may require greater speeds and capacity and security
than the in house payroll system
Mark for definition and 1 mark example 2 marks
Intranet is a facility only accessible within the organisations network.
e.g. bulletin boards / internal messages.
Quality of Communication 2 marks
6. (e) 1 mark for explanation 2 Marks
1 mark for example
An intranet is network set up entirely within a LAN and can only be accessed
internally.
Examples
� Web pages can be stored and accessed from anywhere on the network
� Email can be sent internally within the LAN.
� It can also be used for staff training or daily bulletins
Any reasonable answer
June 2006
3. (a) Other than cost or security issues, explain in detail two factors that could
influence the choice of a computer network for a company. 2 × [2]
(b) Two types of network that could be used are peer to peer and client server.
Compare and contrast these two types of network. [4]
Answers
3 (a) Any two factors, with explanation, such as: 2 x 2
size of organisation how the system will be used existing systems / what is already in
place performance required network configuration
3 (b)
Any four relevant points (1 mark each), but must make reference to features of both
systems to gain maximum four marks:
Peer to peer system
 Lower setting up costs
 Simpler to set up and/or maintain
 Does not rely on a single server
 Only suitable for small networks
 Data is not centrally stored
 Backup and security is not centralised
Client server system
 Generally quicker than peer to peer networks
 Security and backups are centrally managed
 Data is easily accessible to all users
 A server is required so it costs more to set up
 May need a network manager to run effectively
 If the central server crashes the whole network goes down.
Website Questions
June 2011
Question E. A multi-national company uses a website for its e-commerce activities.
9) Define two methods by which a customer could find the website and explain how
each might be used to find the website on the internet. [4]
10) Describe the four main requirements the company has to put in place for this
website to be used for interactive online shopping. [4]
Answers
9) Any 2 from x 2
• Use of a search engine (1) enter key words to find the information you require (1). (can
award marks for Boolean search if they mention putting in terms as well)
• Use the Uniform Resource Locator (URL) (1): if you know the web address (URL) of a site
you can simply type/enter it in (1). If you do not know the address of the sites of interest,
then you can buy books (called directories) (1) or buy one of the popular Internet magazines
that contain them (1).
• Surf the Internet by following hyperlinks (1): click on a link to move from one area of interest
to another (1).
• The use of a web crawler (1) which browses the web and keeps an index of what it finds (1)
Must have an action for second mark
10) Any four of the following, discussed in suitable detail: 4 x 1
• Maintaining a company website / need for trained staff
• Catalogue of stock / stock database/table
• Methods of secure payment / shopping trolley
• Database/table of customer orders/bids
• Order/bid tracking / email confirmation
If candidates just state four points then maximum mark is 1
June 2010
3. Many organisations use the Internet for commercial activity. Describe the facilities
that an organisation has to put in place in order to turn its web site into an e commerce
operation. [4]
Answer
3. Any four of the following, discussed in suitable detail: 4 x 1
 Maintaining a company website / need for trained staff
 Catalogue of stock, stock database
 Methods of secure payment / shopping trolley
 Database of customer orders/bids
 Order/bid tracking / email confirmation
If candidates just state four points then maximum mark is 1
January 2010
4. An organisation has a website on the internet to advertise its products and allow
customers to order online.
(a) Define and explain two methods by which a customer could find the website using
the Internet. [4]
(b) Explain, by giving an example, how each of the following could be used by the
organisation:
(i) File transfer protocol (FTP); [2]
(ii) On-line databases. [2]
Answers
4(a) Any 2 from:
The use of a web crawler continually searches the web looking for new pages (1)
and recording information they find (1) which browses the web and keeps an index of
what it finds (1).
Use of a search engine an application accessed over the internet that maintains
indexes of web pages. (1) and logical operators/key words to find the information you
require (1).
Use the Uniform Resource Locator (URL) the recognised method for referring to
resources on the internet. (1) If you know the web address (URL) of a site you can
simply type it in. (1)
Use hyperlinks an area of a web page that contains a link to another location on the
Web.(1)
You can surf the Internet, which means that you are using hyperlinks to move from
one area of interest to another. (1)
4(b)I FTP is a standard set of rules that have been established to allow the exchange
of (large) files over the internet (1).
Used for uploading a database of sales from one branch of the organisation to the
head office (1). Or Used for down/uploading a website from/onto the internet (1).or
other relevant example (1).
4(b)ii Product, customer and order information is readily available to the company
from anywhere (1) and customers can place their orders/check stock/etc over the
internet (1). A database of something on the internet (1) what it is used for (1)
June 2009
2. A sports shop wishes to set up an e-commerce system to offer its customers an online shopping service.
(a) Other than hardware, describe in suitable detail four requirements for a successful
on-line shopping service. [4]
(b) Discuss the advantages and the disadvantages of on-line shopping to both the
customer and the business. [6]
4. Recently the government urged internet service providers to ban websites which
promote illegal
activities.
Discuss the legal, moral and ethical issues raised by this request. [8]
Answer
2. (a) Any four of the following, discussed in suitable detail: 4 x 1
ISP
 Maintaining a company website/ need for trained staff
 Catalogue of stock, stock database so that one can immediately see if
something is available or whether there will be a delay.
 Methods of secure payment (i.e. use of systems such as Paypal or ensuring
that the system is secure from fraud).
 Database of customer orders/ shopping trolley so that immediate searches can
be made to find and update customer information.
 Tracking on-line orders, etc.
If candidates just state four points then maximum mark is 2.
(b) Any 6 points, but must include 1 of each type to get full marks


Appropriate advantages for shopper such as:
24 hour access, greater choice, no need to travel/order from comfort of home/
less stressful, allows disabled to shop more easily, better prices
Appropriate advantages for business such as:
cheaper as no need to pay high rates, wider customer base, takes pressure off
staff, offer wider choice due to ‘just in time’, make money from advertising,
saves on staff costs
Any possible problems such as: customer worries over security, anyone can
set up, no longer a social activity, fraud, power cut, hidden costs of carriage or
import tax, hidden costs and phone costs, what you get is not what you see/
cannot see/feel the item, harder to return (if well argued), initial set up costs,
need for specialist staff to maintain
Note – question mentions ‘describe’ not just ‘state’.
4. 4x2 or 2x4 if well argued.






Censorship / Freedom of speech – people have the right to say what they want.
You should not use the internet to promote illegal activities; by allowing them
there you are promoting them.
Certain people and children can be wrongly influenced by this type of material
and do things that they wouldn’t otherwise do.
By driving them from main sites you are making them more attractive and
more people will then look at them.
Who has the right to censor the internet? Will the government go on to ban
information that puts them in a bad light?
Is it practical to do it? Who is going to police it and resource the enforcement?
June 2008
7. Many businesses use the Internet for commercial activity.
(a) Describe the facilities a company has to put in place in order to turn its web site
into an e-commerce operation. [4]
(b) Evaluate the impact that e-commerce has had on businesses and their customers.
[14]
Quality of Written Communication [2]
Answer
7.(a)
At least one sentence to get a mark.
• Keeping a catalogue of stock for sale
• Methods of secure payment
• Database of customers’ orders
• Maintenance/monitoring of web site
• Some sites allow you to keep track of the progress of your order.
Any valid point 1mark (max 14). Very well argued point could be worth 2.Reasons
• They can advertise. It enables people to find out what they do and what they sell.
• People can email them with enquiries; orders; requests.
• They can reach an international audience.
• Technology has advanced and now made a lot more possible.
Services
• Companies can advertise goods and services only
• Companies sell goods and services e.g. Tesco home shopping, buying music,
making customised t-shirts
• Subscription services which sell information e.g. MetOffice weather data, research
papers, legal cases database
• Interactive sites which encourage feedback on products
• Auction sites such as Ebay
Advantages to customers
• There is no travelling – it can be done from home so saving in costs and time
• Allows disabled people to do more shopping
• Can be done 24/7
• Much quicker to do a price comparison
• Can find obscure goods not available locally
Advantages to businesses
• Overheads cut. Large savings on shops, warehouse and office space
• Wider customer base
• Customers can be kept in touch with by email and informed of new products.
Disadvantages
• Credit card fraud
• Fake websites - goods do not exist
• Copycat websites to extract bank account info
• Fewer shops on the High Street
• Lack of social interaction
• Increase in delivery vans
Other effects
• Code of conduct
• Security issues
• Firewalls
• Job loss
• Change in working practices
June 2007
2. Products can be purchased on the Internet using a company website.
(a) Describe two methods a customer could use to find the website.
(b) Describe two methods a customer could use to quickly find information within the
website.
Answer
2. (a) 1 mark for each method 1 mark for description of how used
Urls
Type in the exact address of the website into the address bar
Web crawlers /search engines
Type in a key word and select from given list
Boolean searches
Type in key words with AND and OR etc to give more precise list
(b) 1 mark for each method 1 mark for description of how used
Bookmarks / Hyperlinks
Predefined links which take you directly to part or the page
Hotspots
Click on an image of the product to find out more details of the product / go to
product section
Key word searches
Type in a keyword and go directly to that section
Internet Questions
June 2011
Question K.
The use of the internet causes major moral, social and ethical issues. Discuss using
appropriate examples these issues and the effect that they are having on modern
society. [18]
Answers
Issues
• Deliberately setting up websites containing incorrect information – people may rely on and
use this information thinking it is correct.
• Bullying – in chat rooms, by e-mail, in blogs, by text message is a problem especially for the
young.
• Inappropriate websites – people are able to view inappropriate material such as
pornography, racism, violent videos, how to make explosives, etc.
• Using e-mail to give bad news (e.g. redundancy, demotion, firing, etc.) when explaining
faceto- face would have been better.
• Spreading rumours – it is easy to spread rumours using the Internet. You only have to tell a
few people in a chat room and the rumour will soon spread. Normally, if someone started a
rumour that was untrue and it caused another person distress, then the person starting the
rumour could be sued. When rumours are started over the Internet it is difficult to identify the
person responsible.
• Plagiarism – copying material without attributing or referencing the source of the information.
This could also involve using websites which sell essays or coursework.
• Sending spam (i.e., the same advertising e-mail to millions of people) – people waste time
deleting spam if the spam filter allows it through.
• Companies monitoring staff use of the Internet and e-mail. Some organisations will even
read personal e-mails.
• Using someone’s wireless Internet connection without permission.
• Sometimes it is possible to connect to the Internet using an open network. The net result of
using the network is to slow the network down for legitimate users.
• Mobile phone stalking.
• Using photo editing software to distort reality – by using photo/video editing software you
can distort reality and you can no longer believe what you see in video, TV, newspapers,
magazines and on websites.
• Censorship Invasion of privacy by governments.
• Privacy issues – social networking sites, e-commerce sites, Internet service provider
records, e-mail monitoring at work, etc., all erode a user’s privacy.
• Gambling addiction – gambling can cause many social problems and it is on the rise with
the ease with which bets can be made using the Internet.
• Addiction to computer games – many children spend hours playing computer games and
their social skills and schoolwork can suffer as a result.
Have and have nots – Digital divide
Closing down of local stores
Example answers
Censorship
• No-one owns the Internet. It is international. Material which would be illegal if published in
hard copy form is freely available on the Internet e.g. racist propaganda, bomb making
instructions, pornography. Some say the Internet should be censored but who will do the
censoring and how can centralised control be implemented.
• If you ban sites will they become more appealing so people will search for them more avidly.
Issue
Accurracy
Privacy
Effects upon
communities
Ownership
Intellectual
property
rightsOwnership
rights
to data.
Discussion point
• There is no guarantee that any information on the Internet is accurate or true.
Some web sites giving medical advice have been known to give wrong
information but they are not held liable. Magazines can write untrue stories.
• Individuals can spread malicious rumours about people in emails.
• What about plagiarism – if you get thrown out of university because you copied
an essay of the Internet
• It is relatively easy to capture internet traffic.
• Freedom of speech
• Do we have the right to the privacy of our emails and data files?
• Do we have the right to encrypt our data?
In the light of the increase in Internet crime, security scares and increased terrorist
activity should the security services be allowed to monitor all Internet traffic
• Some argue that the Internet has increased;
• the number of valuable interactions e.g. keeping people in touch with families
whilst travelling using Internet cafes.
• increased awareness of geographically separated cultures
• Others argue that it has led to a lack of individual social interaction by frequent
Internet users e.g. you can work, shop or bank from home without ever having
to mix with others. This could cause small local business to go out of business
thus increasing social isolation.
• Exercises undue influence on vulnerable young people e.g. inciting people to
become terrorists
• Who owns the Internet?
• Who controls the Internet
• Because of the increased commercial value of activities on the internet will a
few media giants take control and effectively determine content?
• The law of individual countries is beginning to address some of the legal issues
such as intellectual property rights on the Internet but laws only apply to the
country which passed them. International laws may go some way to address
misuse of the Internet but this is still a long way off.
• If you put a joke on the Internet do you own it?
• If you see a joke on the Internet can you sell that joke to a professional
comedian?
• If you scan in the text of the book ‘The Da Vinci Code’ and put it on the Internet
for all to be freely read; are you breaking the law?
• Can you sue someone who sells you an essay which is full of factual errors?
• The growth and exchange of ideas on the Internet has led to many legal
disputes and lack of legal clarity as to ones intellectual property rights.
• Do the Copyright Laws of one country apply to another country?
January 2011
Question B. A multi-national company uses FTP.
 Describe in detail what is meant by FTP. [2]
 Describe an advantage it gives the company and give an example of its use.
 The company also makes use of the internet.
 Define and explain how the following can be used to access information:
 URL (Uniform Resource Locator) [2]
 Web crawler [2]
 Boolean search. [2]
Answers

FTP (File Transfer Protocol) is a standard Internet protocol providing a simple
way of transferring files between computers using the Internet, (by a process
which bunches the data into packages and sends messages back and forth to
say each package has been received.)
OR
FTP is a standard set of rules (1) that have been established to allow the
exchange of (large) files over the internet (1).
MUST BE CLEARLY NOT ABOUT EMAIL OR COMPRESSION
Not Instructions instead of rules or Data instead of files

You are not limited to file size unlike with email attachments / allows reliable
transfer of files between platforms / greater security in transfer of information /
can have greater control of remote computer (if well developed).
Used for uploading a database of sales from one branch of the organisation to
the head office (1).
(Always need to know what the data are)
Or to distribute information between the company and their customers and suppliers
Or Used for down/uploading a website from/onto the internet/server (1).
Or other relevant example (1) e.g. Transfer files from mac to pc. NO SCHOOL
EXAMPLES
 URL (Universal Resource Locator) is
the web address of a site / the address for a web page on the world wide web / the
recognised method for referring to resources on the internet / the unique address for
a file that is accessible on the Internet.
You simply type it in / click on it to go directly to the website you want. (action and
effect)
 A web crawler is
• a program that automatically browses all web pages (in a systematic manner).
• one type of software agent, or bot which (automatically) visits a list of URLs.
Provides data about web pages in order to produce an index (database/list) which
can be used by a search engine to enable fast searches.
Can be used for automating maintenance tasks on a Web site, such as checking
links or validating HTML code. Can be used to gather specific types of information
from Web pages, such as harvesting e-mail addresses.
 A Boolean search is a search using the operators AND, OR or NOT.
NOT YES or NO.
Using AND narrows a search by combining terms; it will retrieve documents that use
both the search terms you specify, (e.g. Portland AND Oregon)
Using OR broadens a search to include results that contain either of the words you
type in, (e.g. liberal OR democrat)
Using NOT will narrow a search by excluding certain search terms, (e.g. France NOT
Canada) It helps save time searching for information as it helps you narrow down a
search. Example for 2 marks
A Boolean search allows you to combine words and phrases using the words AND,
OR, NOT and NEAR to limit, widen, or define your search.
June 2010
8. The Internet, whilst bringing a number of benefits to society has also raised a
number of issues.
Discuss in detail moral, social or ethical issues associated with the use of the Internet.
Illustrate your answers with distinctly different examples for each issue.
Answers
Up to four of the following, discussed in detail, with different examples: 4 x 2
or any two of the following, discussed in greater detail: 2 x 4
• censorship - for example in Burma, China
• accuracy of information - if it is on the Net people believe it to be true
• privacy - e.g. people can look at photos which are meant to be for family only, etc.
• effects upon communities (e.g. corner shop closing)
• ownership and control / intellectual property rights – who owns the information
• Plagiarism (e.g. buying exam answers)
• lack of social interaction – people don’t go out and talk to other people
• gaming addiction – led to a big increase in addicts – online poker
• electronic bullying – pupils sending nasty emails to each other, etc.
• bad websites / inappropriate content/activity (suicide, racism, hard-core
pornography,Grooming, )
NOT crimes such as fake websites
January 2010
5. Many large research projects make use of distributed computing using the Internet.
(a) Explain what is meant by distributed computing. [3]
(b) Describe an application where distributed computing is used. [2]
(c) State the advantages and disadvantages of distributed computing. [4]
9. ‘There is no effective ownership or control of the Internet’.
Discuss, with suitable examples, whether you consider this statement to be true or
false. [8]
Answers
5(a) Distributed computing – where a series of computers are networked together (1)
and they each work on solving the same problem (1). Each computer shares data
processing, storage and bandwidth in order to solve a single problem (1)
5(b) 1 mark for a basic description with further mark for expansion with further detail
EXAMPLE
The SETI (Search for Extraterrestrial Intelligence) project
The purpose of the SETI project is to search for intelligent life outside the Earth and
to do this a radio telescope is used. (1)
In order to search for the narrow-bandwidth signals lots of computing power is
needed. At first supercomputers containing parallel processors were used to process
the huge amount of the data from the telescopes. Then someone came up with the idea
of using a virtual supercomputer consisting of a huge number of Internet-connected
home computers.
Popular Power project: helping to develop flu vaccines
5(c) At least one advantage and disadvantage for full marks
Advantages
• reduces cost because an expensive powerful computer such as a supercomputer is
not needed
• can pass work to computers anywhere in the world using the Internet
• improved performance as each computer can work on part of the data
• can improve performance by adding more computers.
Disadvantage
• issues with the security of data spread out on so many different computers
• issues with communication breakdowns.
9 6-8 marks Candidates give a clear, coherent answer with a full and accurate
discussion using suitable examples. They use appropriate terminology and accurate
spelling, punctuation and grammar.
3-5 marks Candidates discuss several points with some examples but
responses lack clarity. There are a few errors in spelling, punctuation and grammar.
1-2 marks Candidates make brief points and may give an example. The
response lacks clarity and there are significant errors in spelling, punctuation and
grammar.
0 marks No valid response.
Indicative content
Answers have to consider at least one point for and one against, with at
least two examples to get full marks. A well argued point or detailed
example can gain a further mark.
• The Internet is for everybody and no one actually owns it.
• There is little control over the content of the material on the Internet,
although some governments have started to control what can be seen.
• There is also no control over the people who can access the material on the Internet.
• This means that unless special software is used, children can easily gain
access to pornographic or violent images.
• The lack of ‘policing’ of the Internet also means that the information is not checked
to make sure that it is accurate.
• It is therefore up to the users of the Internet to check the material’s accuracy.
• When you are using information off the Internet you need to be able to
check the material for its suitability and accuracy.
• There are a lot of pornographic images/videos on the Internet.
• There are laws covering the production and distribution of this material but
as much of this material comes from other countries, where the material is
perfectly legal, there is not much that can be done to stop it.
• The main worry adults have is that young children could accidentally access this
material.
• Even with a software filter it is hard to be completely sure material is excluded.
• If a site is banned it could make it more popular.
June 2009
sports shop wishes to set up an e-commerce system to offer its customers an on-line
shopping service.
(a) Other than hardware, describe in suitable detail four requirements for a successful
on-line shopping service. [4]
(b) Discuss the advantages and the disadvantages of on-line shopping to both the
customer and the business. [6]
Answers
2. (a) Any four of the following, discussed in suitable detail: 4 x 1
ISP
 Maintaining a company website/ need for trained staff
 Catalogue of stock, stock database so that one can immediately see if
something is available or whether there will be a delay.
 Methods of secure payment (i.e. use of systems such as Paypal or ensuring
that the system is secure from fraud).
 Database of customer orders/ shopping trolley so that immediate searches can
be made to find and update customer information.
 Tracking on-line orders, etc. If candidates just state four points then maximum
mark is 2.
(b) Any 6 points, but must include 1 of each type to get full marks
Appropriate advantages for shopper such as:
24 hour access, greater choice, no need to travel/order from comfort of home/ less
stressful, allows disabled to shop more easily, better prices
Appropriate advantages for business such as:
cheaper as no need to pay high rates, wider customer base, takes pressure off staff,
offer wider choice due to ‘just in time’, make money from advertising, saves on staff
costs. Any possible problems such as: customer worries over security, anyone can set
up, no longer a social activity, fraud, power cut, hidden costs of carriage or import
tax, hidden costs and phone costs, what you get is not what you see/ cannot see/feel
the item, harder to return (if well argued), initial set up costs, need for specialist staff
to maintain
Note – question mentions ‘describe’ not just ‘state’.
June 2008
5. The Internet, whilst bringing a number of benefits to society has also raised a
number of issues.
Discuss in detail moral, social or ethical issues associated with the use of the Internet.
Illustrate your answers with a distinctly different example of each issue. [8]
Answers
5. Any four of the following, discussed in detail, with examples: 4 x 2 or 2 x 4
• censorship, for example in Burma, China
• accuracy of information – if it is on the Net people believe it to be true
• privacy – people can look at photos etc, which are meant to be for family only, etc.
• effects upon communities (e.g. corner shop closing)
• ownership and control / intellectual property rights – who owns the information
• plagiarism (buying exam answers)
• lack of social interaction – people don’t go out and talk to other people
• gaming addiction – led to a big increase in addicts – online poker
• electronic bullying – pupils sending nasty emails to each other, etc.
• bad websites / inappropriate content (suicide, racism, pornography)
If candidate mentions four crimes (e.g. bomb building instructions), maximum two
marks
June 2007
3. The Internet can be used to access many types of online distributed databases.
(a) Explain, using a suitable example, what is meant by a distributed database.
(b) Describe how distributed databases can be beneficial to an organisation.
(c) Landscape gardeners can use wireless technology to access a library of garden
designs held on a database in their office.
Describe in detail two other applications which use wireless technology.
4. Many bank customers have online bank accounts. Customers can complete online
forms to pay bills and transfer money between their accounts using the Internet.
Verification or validation procedures are used to reduce data entry errors.
(a) Explain, giving a different example in each case, how both the bank and the
customer can minimise data entry errors when filling in the online forms.
(b) The bank must protect data from accidental loss or malicious damage.
Discuss in detail the security measures the bank needs to introduce to prevent:
(i) accidental loss due to;
(I) human error;
(II) fire or flood; 2 × [2]
(ii) malicious damage by unauthorised users. [2]
(c) The bank has undertaken a ‘risk analysis’ in order to produce a strategy to protect
data.
Identify two factors which should be taken into account when determining how much
money a company spends on controlling and minimising risk. [2]
Answers
3. (a) 1 mark Shared processing across the Internet/networks / Distributed
databases are different databases stored at different locations but linked together so
they appear to be one large database.
1 mark description of example
e.g. SETI research into radio signals. SETI, or the Search for Extraterrestrial
Intelligence, is a scientific effort seeking to determine if there is intelligent life outside
Earth. SETI, listens for artificial radio signals coming from other stars.
E.g. A hotel chain may store details of guests booking on its local network but
because each hotel is networked a distributed database can be used and staff in one
hotel can see booking in another hotel and managers can monitor booking across the
whole chain. Similarly for a chain of shops.
Example might give explanation of 'distributed database'.
(b) Benefits 2 Marks
 Allows the local processor to be used to share processing when not being used
for other activities
 Data used locally can be stored locally and network traffic kept to a minimum
 If data lost on central site it could be reduplicated from local site
 Allows sharing of data and of the results of processing of the data.
 New locations can be added to the database without the need for rewriting the
entire
 database.
(c) 1 mark for each example 2 Marks
Both must be description 1 mark can be awarded for simply naming two
examples.
 Wireless PDA's used by Doctors at the scene of an accident can accessing
patient records.
 Wireless networks may be used as part of a LAN e.g. a mobile bar code reader
in a warehouse transmitting data to a shop or HQ
 A delivery driver using a hand held device to confirm deliveries with a central
database.
 Hand held chip and pin data entry in restaurants for entering details of cars
payments.
 Wireless PCMCI cards used in a laptop and linked to GSM satellite links
which give access to Internet without need for wireless nodes e.g. used by
travelling businessmen.
 Wireless remote controls used to turn over TV channels.
 Wireless devices such as Printers/ keyboards/mobile phones and description of
use.
Any reasonable answer
4. (a) 1 mark for customer measure and 1 mark for bank measure Customer.
Verification procedures
 Read data in forms carefully before submitting e.g. when purchasing online
 Double entry keying e.g. when creating passwords for accounts
Bank. Validation procedures
Range checks; presence checks; check digits; format checks; input masks etc
(b) 1 mark for each problem and 1 mark for each corresponding prevention
(allow one type of prevention only once)
Must have at least one accidental loss. And one malicious damage
ACCIDENTAL LOSS
Accidental destruction of files due to fire, terrorism, floods
Backup systems must be described
 keep back up files – offsite - and in fireproof containers
 use an online tape or disc streamer which automatically backs up data on a
network
 use grandfather father son security system in batch processing systems. e.g.
payroll
 RAID systems – mirror discs (Redundant Array of Inexpensive Disc)
Accidental destruction of files due to human error etc
Prevent overwriting
 put the write protect notch on your disc
 make hard discs read only
MALICIOUS DAMAGE
Hacking – unauthorised access
Prevention
Define security status and access rights for users
All authorised users should be given user names and passwords. This will limit
unauthorised access to the network.
Hierarchy of Passwords
 Identification User Name
 Authentification Password
 Authorisation – What files you can see and what your allowed to do
Restrict physical access to files e.g. smart cards to control entrance to rooms.
Secured areas to hold servers
Biometric scans such as voice or hand prints; retina scans;
Firewalls. a special environment set up to trap a hacker logging in over remote
connections. It authenticates messages coming into the network and verifies the
legitimacy of the user to enter the network.
Proxy servers
This device tries to stop intruders from identifying the IP (Internet Protocol) address
of a user workstation accessing the Internet.
Call Back procedures
Some companies operate a dial-back system. A user logs on to a computer which
immediately disconnects the line and dials the user back. This would stop a user
logging on with someone else's password.
Encryption
Data transmitted over a network is coded before transmission. This means that
anybody intercepting the transmitted data would not be able to understand it. The data
needs to be de-coded by the proper recipient.
Spreading a computer virus
These are programs introduced into computer systems which destroy or alter files by
rewriting over data or by copying themselves over and over again until computer
system is full and cannot continue.
Prevention
 Don't' download unknown programs from the Internet straight to hard disc.
Only use reputable sources.
 Write protect media so can't be written onto
 Don't copy illegal software
 Use a virus scanning software and virus eradication program. Make sure this
is kept up to date with the latest virus definitions – available from the
Internet.
 Use diskless workstations on networks
 Control access to portable media and do not let users use own disk etc on
the organisations system.
Computer fraud – white-collar crime
 Bogus data entry when entering data
 Bogus output – output may be destroyed to prevent discovery of fraudulent
data entry or processing
 Alteration of files e.g. employee alters salary rate or hours worked
 Prevention or 'White Collar' computer crimes
 Monitor all programs and users actions should be monitored and logged. All
users should be identifiable and all files capable of being audited keep online
transaction logs
 Auditing procedures to detect fraud




4. (c) 1 mark for each factor 2 Marks
Identify potential threat
Likelihood of risk occurring
Short and long term consequences of the threat
How well equipped is the company to deal with the threat
June 2006
2. A pet shop wishes to offer customers an interactive on-line shopping service.
(a) Other than hardware, discuss in suitable detail, four requirements needed to
implement such an interactive on-line shopping service. [4]
(b) (i) Give two advantages to the customer of on-line shopping. [2]
(ii) Give two advantages to the business of on-line shopping. [2]
(iii) Describe two possible problems when shopping on-line. [2]
4. Other than crime, discuss in detail four of the major moral, social or ethical issues
associated with the Internet. Use distinctly different examples in each case. 4 × [2]
Answers
2 (a) 1 mark
• Accurate data is correct / truthful / has no errors
2 (b) 1 mark for clear explanation of difference
It would pass any range or format checks but it would not be accurate.
1 mark for specific example
Example: a customer completes a form with DOB which is correct. e.g. 12/10/84
A data entry clerk makes a transcription error and types in the numbers the wrong
way around 10/12/84.
Good example showing the differences clearly worth two marks.
4
Any four of the following, discussed in detail, with examples: 4 x 2
 censorship, for example in China
 accuracy of information
 privacy
 effects upon communities (e.g. corner shop closing)
 Ownership and control / intellectual property rights
 plagiarism (buying exam answers)
 lack of social interaction
 gaming addiction
 electronic bullying
 bad websites / inappropriate content (suicide, racism, pornography)
 If candidates mention four crimes (e.g. bomb building instructions), maximum
two marks.
Human Computer Interface’s Questions – HCI
June 2011
Question A. The Human Computer Interface (HCI) on a computer can be adapted for
different tasks.

Describe in detail, three factors, other than layout appropriate to task, using
different examples that should be taken into account when designing a good
HCI. [6]

Describe the factors that should be taken into account when designing an
appropriate layout of an HCI that would be used by a young child learning
how to read. [4]
Answers
 Any three of the following, discussed in detail: 3x2
1 mark per factor - 1 mark per explanation. (No Factor no mark for extension)
If mistake in factor but good extension can gain extension mark Note explanations
must be distinctly different and match the factor.
NOT Layout appropriate to the task.
Consistency of signposting and pop up information
e.g. Every ‘Next’ should be in the same place using the same icon.
Navigation around the program should be clear consistent and easy to follow. – intuitive, learn
faster
Clear navigational structure
e.g. It speeds things up if there is a similar route through the programs (if it is clear) as users
do not have to keep learning things / Helps users learn their way around the system.
There should be standard ‘feel’ to software.
e.g. Large/minimal text for a child to minimise reading which builds up user
confidence / Bright colour scheme to attract a young child’s attention.
Doing a repetitive task such as entering holiday bookings means you have less guidance on
the screen. Note Nothing to do with devices
Customisable to suit the needs of the user
e.g. Makes it more efficient if the user can change items to suit their work preference.
Location of where machine is to be used
e.g. No sound in a noisy area.
Touch screens in museums / factories / etc (with explanation of why).
House Style/Ethos (Not Consistent Layout)
e.g. So that it conveys who the organisation is and all the company docs look/feel the same.
Specific point about colour blindness
e.g. Design to avoid red/green combination - blue/yellow best combination.
On Screen / online helpfiles (built in with software)
e.g. Rather than wasting time looking in manuals, important if no outside help available when
working / Tool tips telling the user what to do / interactive user manual that answers general
FAQ.
No marks if can be read as a Google search.
Disabled Access (If get explanation and factor mixed up can gain 1 mark)
e.g. If a person is blind then the computer could recognise voice input / Braille keyboard.
Expertise of the user/ ability of user / difference between novice and expert user An expert
user will need shortcuts so that the task can be completed as quickly as possible whereas a
novice will need a number of steps to guide them.
CONDONE: Font size – (but not as a factor) readability, appropriate to level of user, avoid
eye strain
 Any 4 points
• Have a minimum amount of text on screen
• Use child friendly font/size of font
• Use bright colours to attract the child’s attention
• Have an uncluttered appearance
• Involve minimal use of the keyboard / alternative input devices
• Use speech synthesis / sound so that they can hear the words
• Animation/videos to keep their interest
• Instant feedback on their responses
• Interactivity e.g. quizzes, educational games
• Visual prompts e.g. pictures of a cat
January 2011
Question A.
As computer systems have become more complex the interface has become
increasingly important. Other than differentiation between user expertise, describe
four factors that should be taken into account when designing a good human
computer interface and for each factor describe why it is important. [8]
Answers
Any four of the following, discussed in detail: 4 x 2
1 mark per factor - 1 mark per explanation. (No Factor no mark for extension)
Note explanations must be distinctly different and match the factor.
NOT differentiation between user expertise.
Consistency of signposting and pop up information
e.g. Every ‘Next’ should be in the same place using the same icon.
Navigation around the program should be clear consistent and easy to follow. –
intuitive, learn faster Clear navigational structure
e.g. It speeds things up if there is a similar route through the programs (if it is clear)
as users do not have to keep learning things / Helps users learn their way around the
system.
Layout appropriate to the task
There should be standard ‘feel’ to software.
e.g. Large/minimal text for a child to minimise reading which builds up user
confidence./ Bright colour scheme to attract a young child’s attention.
Doing a repetitive task such as entering holiday bookings means you have less
guidance on the screen. Note Nothing to do with devices
Customisable to suit the needs of the user
e.g. Makes it more efficient if the user can change items to suit their work preference.
Location of where machine is to be used
e.g. No sound in a noisy area.
Touch screens in museums / factories / etc, (with explanation of why).
House Style/Ethos (Not Consistent Layout)
e.g. So that it conveys who the organisation is and all the company docs look/feel the
same.
Specific point about colour blindness
e.g. Design to avoid red/green combination - blue/yellow best combination.
On Screen / online helpfiles (built in with software)
e.g. Rather than wasting time looking in manuals, important if no outside help
available when working. / Tool tips telling the user what to do. / interactive user
manual that answers general
FAQ. No marks if can be read as a Google search.
Disabled Access
e.g. If a person is blind then the computer could recognise voice input / Braille
keyboard.
CONDONE: Font size –(but not as a factor) readability, appropriate to level of user,
avoid eye strain
List of 4 =1 mark
June 2010
1. The Human Computer Interface (HCI) is an important part of an ICT system.
Describe four factors which should be taken into account when designing a good HCI.
Explain why each factor is important.
Answer
1. Any 4 of the following well discussed
1 mark per factor. 1 mark per explanation.
Note explanations must be distinctly different and match factor.
Consistency of signposting and pop up information
e.g. Every ‘Next’ should be in the same place using the same icon.
Navigation around the program should be clear consistent and easy to follow.
Clear navigational structure
e.g. It speeds things up if there is a similar route through the programs (if it is clear)
as
users do not have to keep learning things / Helps users learn their way around the
system.
Layout appropriate to the task
There should be standard ‘feel’ to software
e.g. Large/minimal text for a child to minimise reading which builds up user
confidence
Doing a repetitive task such as entering holiday bookings means you have less
guidance on the screen
Note Nothing to do with devices
Customisable to suit the needs of the user
e.g. Makes it more efficient if the user can change items to suit their work preference.
Location of where machine is to be used
e.g. No sound in a noisy area.
Touch screens in museums / factories / etc, (with explanation of why).
Differentiation between user expertise – type of user
e.g. HCI needs to differentiate between non-technical and technical users.
Technical users do not need a set of steps to get to a place, a travel agent who is
using a system daily does not need guidance as they do the same steps daily.
House Style/Ethos
e.g. So that it conveys who the organisation is and all the company docs look/feel the
same.
Specific point about colour
e.g. Effect of colour blindness, blue/yellow best combination.
On Screen help
e.g. Rather than wasting time looking in manuals, etc.
Disabled Access
e.g. If a person is blind then the computer could recognise voice input.
January 2010
1. The Human Computer Interface (HCI) is an important part of an ICT system.
(a) Examine the different needs of an expert user and a novice user and describe how
they can
be met when designing the HCI. [5]
(b) Discuss using examples, the features of a HCI that would be suitable for the
disabled user.[4]
Answers




1(a) The novice user’s priority will be ease of learning/intuitive (1) and easy
access to help (1).
The expert user will want to get the job done in the least possible time (1).
Novice user will need clear navigation structure (1).
Novice user will use wizards which are not as flexible as setting it out yourself
(1).






Expert user knows the commands (1) and will find it quicker than clicking
through a series of windows (1) (dos window to use ipconfig compared to
getting the same info from
windows (1))
Increased number of ways of performing the same operation (1).
Shortcuts which the experienced user can use rather than going through a
series of menus (1).
Colour scheme making it easier to use (1)
If candidates make four or more valid points but do not differentiate between
users then Max 2.
Condone well argued points made about specific application.
1(b) One mark for each point to a maximum of 4 marks.
 Use of speech recognition rather than keyboards for users who cannot use
keyboard or mouse (1).
 Use of specialist input devices such as those which use blow pipes or eye
movements (1)
 Ability to magnify areas of the screen to aid users with bad eyesight (1).
 Ability to increase the font size to aid users with poor eyesight (1).
 Use of correct colour schemes to help people who are colour blind / dyslexia
(1).
 Illustrated use of Braille device (1).
 Illustrated use of text to speech output (1).
 Use visual messages rather than beeps or warning noises for users who are
deaf (1).
 Use of a large mouse for people with poor coordination (1).
 Use plenty of contrast between the text and the background to aid people with
poor eyesight (1).
Condone example of not using frames or patterned backgrounds,
or DDA requirements for comments attached to images for blind users.
June 2009
1. A good Human Computer Interface (HCI) is vital for an information system to
work well. Describe four factors which should be taken into account when
designing a good HCI, explaining why each factor is important. [4 × 2]
Answer
1.Any four of the following, discussed in detail: 4 x 2
 Font size – readability, appropriate to level of user, avoid eye strain
 Consistency of signposting and pop up information – intuitive, learn faster
 On screen help – important if no outside help available when working
 Layout appropriate to task – faster to type in for expert or good example of
differentiation between user expertise/ intended audience/age




Clear navigation structure – saves time wasting, easier to work through
Colour – blue/yellow good combination (green/red blindness), ability to
customise.
Who is going to use it – need to differentiate between non-technical and
technical users
Disabled use
June 2008
1. The Human Computer Interface (HCI) is an important part of an ICT system.
(a) Other than on screen help, state two factors which should be taken into account
when designing a good user interface.
Explain why each factor is important. [4]
There are different types of HCI.
(b) Describe a different, sensible use and benefit of the following types of HCI.
(i) Biometric. [2]
(ii) Voice. [2]
Answer
1.(a) 1 mark per factor (max 2) 1 mark per explanation (max 2)
Consistency of signposting and pop up information
Example every ‘Next’ should be in the same place using the same icon.
Navigation around the program should be clear consistent and easy to follow.
Layout appropriate to the task
There should be standard ‘feel’ to software which builds up user confidence e.g. large
text for a child.
Differentiation between user expertise
HCI need to differentiate between non-technical and technical users.
Technical users do not need a set of steps to get to a place, a travel agent who is using
a system daily does not need guidance as they do the same steps daily.
Clear navigational structure
It speeds things up if there is a similar route through the programs (if it is clear) as
users do not have to keep learning things.
Customisable to suit the needs of the user
Makes it more efficient if the user can change items to suit their work preference
b(i) 1 mark Description of use
e.g. retina scan/iris recognition to gain access to room, thumbprints to take out a
library book
1 mark Benefit
Individual / difficult to copy
Accuracy (incl. an explanation of why)
Smart cards can be lost or stolen
Greater security because ….
(ii) 1 mark Description of use
Slow typist dictating an essay directly into the computer.
Handicapped person dictating work into a computer.
1 mark Benefit
Allows people without arms to enter work into a computer.
Allows people with poor co-ordination to work faster.
Allows people in work which uses their hands to dictate commands to a computer.
June 2008
1. Several types of Human Computer Interfaces (HCIs) are used with computer
systems. Each type of HCI provides specific benefits to the user.
(a) Describe a sensible use and benefit of the following types of HCI.
You should describe a different use and benefit in parts (i) and (ii).
(i) Touch sensitive screen. [2]
(ii) A biometric device. [2]
(b) Name an application which uses a voice interface and discuss any problems
associated with the use of voice interfaces. [3]
Answers
1. (a) (i) A Touch sensitive screen.
1 mark Description of use
e.g. Shop POS – don't have to remember prices
– no typing /more accurate
Public information system such as in museums
– no need for a mouse or keyboard which could get stolen or broken easily
Disabled use – overcomes difficulties with spelling/dyslexia
(ii) biometric device
1 mark Description of use
e.g. retina scan/iris recognition to gain access to room, thumbprints to take out a
library book
1 mark Benefit
Individual / difficult to copy
Accuracy
Can lose smart cards
(b) 3 Marks 1 mark example 2 marks for two problems
Or 2 marks for two examples and one mark for problem
Speech recognition systems
E.g.Voice control in car navigation systems
Security systems
Control systems
Problems
Have to train computer to recognise voice which takes a long time
Delays in getting commands recognised
Natural language interfaces
E.g. Giving instruction / asking question such as in expert systems
Problems
 Users may speak different languages; local accents may not be recognised;
 some words sound the same – two, to, too: there, their, whether, weather
 punctuation has to be said e.g. user must say 'comma' which is not a natural
way of talking.
 Use of sound makes high demands on memory and processor speed.
Speech synthesis
This is the computer speaking to the user e.g. giving out telephone numbers or
telephone selection systems.
Problems
 The sound is very flat
 Users complain of confusion and a lack of personal contact if your enquiry
isn't on the list of options given or you don't know which option it is in.
June 2006
1. The Human Computer Interface is an important part of an ICT system. Name
four factors which must be taken into account when designing a good user
interface. Explain why each factor is important. 4 × [2]
Answer
Any four of the following, discussed in detail: 4 x 2






Font size – readability, appropriate to level of user, avoid eye strain
Consistency of signposting and pop up information – intuitive, learn faster
On screen help – important if no outside help available when working
Layout appropriate to task – faster to type in for expert or good example of
differentiation between user expertise/ intended audience
Clear navigation structure – saves time wasting, easier to work through
Colour – blue/yellow good combination (green/red blindness), ability to
customise
Working With ICT
June 2011
Question F. The introduction of a new ICT system can cause a number of changes in
the
workplace.

Describe three of the changes which are likely to be a cause of stress to the
staff and the worries each might bring. [6]

Describe, using examples, two things that management could do to lessen any
worries that the staff might have about the introduction of the new system. [4]
Question H. A system analyst has just designed a new ICT system for an
organisation.


Discuss two of the different changeover strategies that the organisation could
use for conversion to the new system. [6]
After the new system is working, it will have to be maintained.
Describe two different methods of system maintenance, illustrating each
method with an appropriate distinct example. [6]
Answer
Question F.
(a) (1 mark for statement of change and 1 mark for explanation of why) 3 x 2
• Job losses or fear of job losses (1) - new system may replace staff who performed
manual processes e.g. filing, etc (1)
• Having to learn new skills (1) /(Don’t know how to use system) - older staff may be
stressed by appearing to look stupid in front of younger staff who have the skill (1)
• Fear of change of organisational structure /Relocation (1) - loss of authority by being
bypassed by younger staff or having to move location which could make the journey
to work harder (1)
• Change in work patterns (1) - split shifts or change of hours or night work, 24/7
• Change in internal procedures (1) - may make staff take on extra responsibilities for
no extra money (1)
• Health fears (1) - Concerned about the health risks of prolonged use of ICT
equipment (1)
• Big brother watching
B)1 mark for brief description of the factor and
1 mark for further explanation or an example x 2
• Appropriate training/retraining – to ensure all staff understand the new system and
wondering what to do.
• Explanation of the advantages – so that staff can see how they will benefit by making the
job easier/ more interesting / answer any queries
• Spell out the implications of the new system (meetings)– to help stop rumours which give
people stress / allow staff to express worries
• Opportunity to learn new skills – enable staff to improve their job prospects
• Involvement in the development of the new system – so that the staff can have a system
which is straightforward to use.
• Keeping social groups together / not disrupt working relationships – less stress / work
together as a team
Question H
A)mark for the correct name and brief explanation for each strategy
1 mark for the benefit/advantage of the method
1 mark for a drawback/limitation/disadvantage of the method x 2
Direct changeover – stop using the old system one day and start using the new system the
next day (1). Element of risk particularly if the hardware and software are cutting edge (1). If
the system fails then it can be disastrous to the business (1). Requires fewer resources
(people, money, equipment) and is simple, provided nothing goes wrong (1).
Need more than easiest/quickest and not just cheapest
Parallel changeover – Old ICT system is run alongside the new ICT system for a period of
time until all the people involved with the new system are happy it is working correctly (1).
Used to minimise the risk in introducing a new ICT system (1). Can compare results and be
sure it is working properly (1)
Disadvantages: lots of unnecessary work (as the work is being done twice) and is therefore
expensive in people’s time (1). It also adds to the amount of planning needed for the
implementation (1).
Accept also:
Phased conversion – a module at a time can be converted to the new system in phases until
the whole system is transferred (1). Advantage that IT staff can deal with problems caused by
a module before moving on to new modules (1). Disadvantage: is only suitable for systems
consisting of separate modules (1).
Pilot conversion – this method is ideal for large organisations that have lots of locations or
branches where the new system can be used by one branch and then transferred to other
branches over time (1). Advantage: implementation is on a much smaller and manageable
scale (1).
Disadvantage is that is takes longer to implement the system in all the branches (1).
QWC
B) Any two of the following methods:
Perfective maintenance (1) – improving the performance of the software (1).
Examples: Configuring the network management software to improve performance such as
improving access times to data, speed at which reports are produced, etc. (1). Software may
need to be modified to improve the user interface upon feedback from users who are finding it
more difficult to use than it needs to be (1). Developing on-line tutorials and more help
screens to help new staff learn the software (1). The software provider provides upgrades
which will improve the performance of the software (1).
Corrective maintenance (1) – bugs in the software which were not discovered during testing
may need correcting (1). Example: A piece of software may crash when being used with
another piece of software (1). A piece of software may crash when used with a particular item
of hardware (1). Software may present a security risk which needs correcting (1). Problems
with reports not being printed out properly (1)
Adaptive maintenance (1) – software may need to be changed owing to the changing needs
of the business or organisation (1). Example: Software may need altering so that it is more
flexible in supplying the managers with information which was not envisaged at the time of
development (1). Changes to values such as the percentage rate of VAT or changes to
income tax rates will result in Changes to the software (1). The organisation expands so the
software needs to be altered so it is able to cope with an increased number of users (1).
Adapting the software to work with newly developed operating systems software or new
hardware (1). A new virus threat/hacker threat means that the software will need to be
adapted to protect against this (1) QWC
January 2011
Question C. A large company has branches all over the UK and uses its ICT systems
to manage customer records and all its financial dealings. The company’s Data
Officer has written a security policy to protect the data held by the company.
 Describe the use of user accounts and logs as a way of ensuring the
confidentiality of customer records. [2]

Explain two other factors which the company should take into account when
designing its security policy. [4]
Question F. A hospital has a ‘code of conduct’ for all of its employees using ICT
systems.


Describe what is meant by a ‘code of conduct’ and describe four guidelines it
should contain. [6]
Explain how the hospital management can enforce the code of conduct. [2]
Answer
Question F.
Max 2 marks for definition
An employee code of conduct consists of rules/agreement (1) drawn up by the senior
management or their advisors that set out what an employee is/is not allowed to do in
the course of their employment. (1) It also details the sanctions which will be applied
should the employee not obey the rules. (1). ( 2 out of 3)
Description of any 4 from: – List gets 1 mark
 Responsibilities
 Respecting rights of others
 Abiding by current legislation
 Protecting hardware and software from malicious damage
 Complying with licensing agreements
 Authorisation – what parts of the system they can use
 Permissions on data access
Security defining rules about password disclosure, data transfer rules and personal
use of emails and the Internet Consequences of breaking the code
June 2010
4. Having investigated and analysed a system, a systems analyst will then have to
consider which changeover strategy he is going to suggest for the implementation.
(a) Describe and evaluate two alternative changeover strategies the analyst could use.
[6]
(b) Over time, users may become dissatisfied with their ICT system. Discuss why this
might be the case. [4]
7. ICT systems have an effect in the workplace.
(a) Describe three possible health issues which could have occurred with the
introduction of ICT systems and the actions that an organisation should take to
prevent them. [3×2]
(b) Describe in detail the impact ICT systems could have upon jobs and work
patterns.
Illustrate your answers with three distinctly different examples. [6]
Answer
4. (a) One mark for the correct name and correct brief explanation for each
strategy
One mark for an advantage and one mark for a disadvantage of each method 2

Direct changeover – stop using the old system one day and start using the
new
system the next day (1).

Disadvantage - Element of risk particularly if the hardware and software are
cutting
edge (1). If the system fails then it can be disastrous to the business (1).

Advantage - Requires fewer resources (people, money, equipment) and is
simple,
provided nothing goes wrong (1).

Parallel changeover – Old ICT system is run alongside the new ICT system
for a
period of time until all the people involved with the new system are happy it is
working
correctly (1)

Advantage - Used to minimise the risk in introducing a new ICT system (1).
The old
system is then abandoned and all the work is done entirely on the new system
(1).
Disadvantage - Lots of unnecessary work (as the work is being done twice)
and is therefore expensive in people’s time (1). It also adds to the amount of
planning needed
for the implementation (1).
Phased conversion – A module at a time can be converted to the new system
in
phases until the whole system is transferred (1).
Advantage - IT staff can deal with problems caused by a module before
moving on to
new modules (1).
Disadvantage - Is only suitable for systems consisting of separate modules (1).
Pilot conversion – This method is ideal for large organisations that have lots
of
locations or branches where the new system can be used by one branch and
then
transferred to other branches over time (1).
Advantage - Implementation is on a much smaller and manageable scale (1).
Disadvantage - Takes longer to implement the system in all the branches (1).







7. (a) 1 mark for the Issue and 1 mark for the Prevention
RSI (repetitive strain injury) / (CTS) Carpal Tunnel Syndrome caused by
prolonged working at computers or computer games
Ergonomic keyboards / wrist and foot supports / correct chair positioning
Eye Strain or epileptic fits
Non flickering screens / Screen filters to remove glare / correct lighting in the room /
Take regular breaks from looking at the screen
Back problems
Adjustable chairs foot supports / tilting screens / take regular breaks and walk around
the room
Stress from having to learn the system
Better training
Ozone irritation from laser printers
Locate personal laser printer 1 metre away from user
Radiation affects embryos leading to miscarriages
Screen filters
Use of Wi-fi
Only switch on when needed / any reasonable answer
7. (b) 1 mark for each named example 1 mark for further description x 3
• Teleworking – working from home using computer networks saves on
transport cost, time, etc.
• Video conferencing – allows remote meetings
• Condone re-location – ICT has allowed companies to centralise forcing
people to move
• Lost jobs – unskilled manual jobs such as filing clerks. Call Centres replacing
bank clerks / Call Centres have caused many people to lose jobs as they have
been moved abroad where labour is cheaper leading to ICT 'sweat shops'.
• New skills required / retraining – acquire skills to use databases,
spreadsheets, emails, programming, etc.
• New jobs – systems analysts, programmers, data clerk
• Collaborative working – working together on same electronic document
4. (b) One mark for each point up to a max of four.
Example answers include:
• The full range of user requirements has not been met, so the system does not live up
to user expectations.
• Change in business needs means system cannot deal with new demands placed on it.
• Failure to supply users with the information they require.
• User interface causes many user problems with increased help-desk use.
• Problems with the software or system crashing owing to lack of rigorous testing.
• Network performance or speed of access to stored data becomes unacceptable as
more users are added to the system.
• Modifications to the system are needed regularly and the system needs replacement
with a new one.
• Too much time is spent updating to the new system.
• The cost of user support is too high.
• There are security breaches which were not envisaged when the system was first
developed.
• Speed – hard drive filling up – demands of software
• Fashion – hardware satisfaction
• Compatibility issues using newer versions of software
January 2010
7. Some employees can misuse an organisation’s ICT facilities.
(a) Many organisations have a code of conduct to deter their employees from
misusing their ICT facilities. Describe what a code of conduct is and describe three
things it should contain. [5]
(b) Describe three ways in which an employee can misuse the organisation’s ICT
facilities and give two possible penalties for misuse. [5]
Answers
7(a) Max 2 marks for definition
An employee code of conduct consists of rules (1) drawn up by the senior
management or their advisors that set out what an employee is/is not allowed to
do in the course of their employment. (1) (It also details the sanctions which will be
applied should the employee not obey the rules. (1))
Description of any 3 from:
 Responsibilities
 Respecting rights of others
 Abiding by current legislation
 Protecting hardware and software from malicious damage
 Complying with licensing agreements
 Authorisation – what parts of the system they can use
 Permissions on data access
 Security defining rules about password disclosure, data transfer rules and
 personal use of emails and the Internet
 Consequences of breaking the code
7(b) Description of any 3 from:
• Introduction of viruses – by downloading games, not scanning portable media, not
keeping virus scanners up-to-date, etc.
• Misuse by employees of the ICT facilities, e.g. using telecommunications for own
purposes (e.g. phone calls, e-mail, videoconferencing, etc.) and using printers for
personal use.
• Distribution of material that is racially or sexually offensive – for example,
sending offensive jokes by e-mail or text messages, circulating offensive
images over the organisation’s network, etc.
• Misuse of data for illicit purposes – for example, using e-mails and text
messaging to bully someone at work or school/college.
• Using data to set up own business, etc.
• Blackmail, computer fraud or selling to other organisations.
• Violating terms of copyright or software agreements thus causing the
company to face legal action from software suppliers or other affected
organisations.
• Taking data from the system and not protecting it, e.g. losing laptop
Any 2 from:
• informal (verbal) warnings
• written warnings
• dismissal
• prosecution
June 2009
3. A County Council has decided to introduce a code of a conduct for all its ICT
users. Describe three problems which might have prompted this decision and suggest
suitable guidelines which could be included in the code of conduct, to avoid such
problems in the future.
5. A national building society wants to ensure that its financial systems are secure
against fraud, as they are used to transfer money and financial information.
Other than needing a code of conduct, describe four factors that should be included in
an ICT security policy for this company. [8]
Answers
3. Any three possible problems & appropriate solutions:
Problems
• Introduction of viruses / own disks
• Personal use of equipment, software or Internet
• Running up phone bills
• Personal email
• Distribution of racial or sexual materials
• Fraud
• Swapping identities (theft or given)
• Abusive emails
• Slowing down of network
• Games playing
• Illegal use of software
Not looking after logon/password
Using data for personal use
Solutions
• Responsibilities
• Respecting rights of others
• Warning about monitoring
• Abiding by current legislation
• Protecting hardware and software from malicious damage
• Complying with licensing agreements
• Authorisation
• Permissions on data access
• Security defining rules
• Rules about personal use
5. Four points well argued 4x2
 Physical security – Locking the building/rooms where the computers are kept,
making sure that if it is a wireless network appropriate security is used.
 Prevention of misuse – firewalls to prevent hacking, appropriate username and
passwords.
 Audit trails for detection, so that access can be traced and to see who has done
what.
 Continuous investigation of irregularities – always checking logs looking for
anything out of the ordinary.
 System Access – establishing procedures for accessing data such as log on
procedures, firewalls.
 Personnel administration – vetting, etc.
 Operational procedures including disaster recovery planning and dealing with
threats from viruses.
 Disciplinary procedure
June 2007
7. An organisation has introduced new ICT systems. These new systems have had a
great impact upon employment opportunities and the way in which people work
within the organisation.
(a) Discuss three potential health issues which might occur with the introduction of
these new ICT systems and describe measures the organisation could take to prevent
them.
(b) Discuss in detail the impact these new ICT systems could have upon jobs and
work patterns. Illustrate your answers with three distinctly different examples in each
case.
(c) Employees must be aware of both legal and moral issues relating to the use of
ICT systems. Explain the differences between legal and moral issues with respect to
codes of conduct of employees in the organisation. Illustrate your answers with three
distinctly different examples.
Quality of Written Communication [2]
Answers
(b) 1 mark for each named example 1 mark for further description
 Teleworking – working from home using computer networks saves on
transport cost time etc..
 Video conferencing – allows remote meetings
 Lost jobs – unskilled manual jobs such as filing clerks. Call centres replacing
bank clerks Call centres have caused many people to lose jobs as they have
been moved abroad where labour is cheaper leading to ICT 'sweat shops'.
 New skills required / retraining – acquire skills to use databases
spreadsheets emails, programming etc.
 New jobs – systems analysts, programmers.
(c) 1 mark for discussion /identification of the law 1 mark for identification and
example of a moral issues raised
(i) DISINFORMATION
Not supplying customers with up to date and relevant information/ concealment of
information
Estate Agent
Legal Issues
Properties Act covers legal conveyancing
Moral example
A property developer not telling his client the property has subsidence problems or a
violent history
Hardware and software sales;
Legal Issues
Trades Descriptions Act covers suitability of purpose
Moral example
Not fully informing potential customers or clients of all available facts concerning
products or services
Prohibit salespersons from selling hardware and software soon to become obsolete
Ensure salesmen do not pressurise unwilling customers to accept loyalty cards.
(ii) PRIVACY
Informing data subjects of their legal rights and the processes for complying with
those rights
Legal Issues
Data Protection Act
Moral example
An employee using company data to create mailing lists for his own private business
Monitoring company emails. Electronic monitoring systems can be used to track
emails. A systems technician might open other people's emails to detect misuse or
simple to be nosey.
(iii) EQUITY
Information poor and information rich societies.
Legal Issues
Patent laws /Trade laws
Moral Example
Ownership and access to information can often determine which organisations will be
successful and which will fail. As these technologies have to be paid for the richer
organisations can afford the technology whilst poorer organisation cannot.
Consequentially, the rich organisations get richer and the poorer ones get relatively
poorer and the gap between them gets greater, e.g. subsidising food production in
Europe or putting taxes on imports to prevent the poorer countries obtaining access to
richer markets.
(iv) INTELLECTUAL PROPERTY RIGHTS
Ownership rights to data.
Legal Issues
Copyright Laws / Patent laws prevent copying
Moral examples
If you put an idea on the Internet do you own it?
If you see a design on the Internet can you sell that design to a company?
If you scan in the text of the book and put it on the Internet for all to be freely
read; are you breaking the law?
Can you sue someone in another continent who sells you a report on you
which is full of factual errors?
Quality of Communication – 2 marks
ICT Security Policies Questions
June 2011
Question G.
Describe in detail two of the factors an organisation needs to consider when
producing a risk analysis. [4]
Answer:
1 mark for brief description of the factor and 1 mark for further explanation or an example x 2
• Identify potential risks - e.g. viruses / fire / natural damage / hacking / systems failure /
fraud, etc
• Likelihood of risk occurring - some things such as power cut are inevitable but explosions
much less likely - senior managers have to assess the likelihood of each risk occurring and
put in the necessary security
• Short and long term consequences of threat - resources (staff equipment, etc) need to be
directed towards recovering the data / may have to pay compensation / financial loss due to
loss of business through not being able to take orders / embarrassment/ prosecution / loss
of integrity / bankruptcy / cost of replacing equipment
• How well equipped is the company to deal with the threat (What procedures are in place) has to be reviewed periodically because of changing needs - disaster recovery programme
– backup strategy
NB Should not be talking about H & S
January 2011
Question H.
A large travel agency has concerns about losing data. They are reviewing their
disaster
recovery procedures.
Explain with reasons four factors which should be included in a disaster recovery
plan. [8]
Answers
6-8 marks Candidates give a clear, coherent answer explaining four factors with
reasons. They use appropriate terminology and accurate spelling, punctuation and
grammar.
3-5 marks Candidates explain briefly and may give reasons but responses lack clarity.
There are a few errors in spelling, punctuation and grammar
1-2 marks Candidates simply make brief points and may give a reason. The response
lacks clarity and there are significant errors in spelling, punctuation and grammar.
0 marks No valid response.
Make 2 points about each factor x4
The plan will usually cover the following:
Cost
Set up a budget for it What backup medium should be used? Tape or disc/ Raid systems
depending upon the speed or money available to recover the data
Hardware can be replaced how much money have they got
Software can be re-installed. (or de-bugged by the programming department).
Risk
What problems could occur?
Likelihood of them occurring e.g. are they going to get an earthquake in UK
On site or off site depending upon costs and the likelihood of the risk occurring and the
criticality of the data.
Data
No business can afford to lose its data.
Backups of all data should be regularly made. This means that the worst case scenario is
that the business has to go back to the situation of the last backup and carry on from
there. Backups may take a Long time – often tape-streamed at night.
Hardware/Software/Communications
The total or partial loss of computing equipment or software
The complete or partial loss of telecommunications equipment or services
The complete or partial loss of the premises housing the IT equipment.
The loss of essential services such as electricity, heating or air conditioning
Alternative communication /computer systems may be arranged in case a network goes
down or alternative power supply.
Personnel, Responsibilities and Training
The loss of certain key employees (e.g., losing all the qualified network staff in one go
due to them choosing to form their own facilities organisation)
The loss of maintenance or support
Make one person responsible for backups so people don’t think others are doing it and it
does not get done or do they use online backup companies or both!
Screening potential employees
Routines for distributing updated virus information and virus scanning procedures
Define procedures for downloading from the Internet, use of floppy discs, personal
backup procedures
Define staff code of conduct for using computer systems e.g. no abusive emails. No illicit
use etc.
What response should staff make when the disaster occurs
Procedures
Produce procedures for minimising the risks
Test the plan on a regular basis to make sure it still sufficient
Establish physical protection system (firewalls etc.)
Establish security rights for file access and updating web pages
Establish a disaster recovery programme. This starts with a backup policy to secure the
data so it can be recovered later e.g. backup procedures required.
How often should backups be taken?
Restoration policy backup every day/hour and rotate tapes to ensure there is always a
copy to restore files
What type of backup? Where the backup is to be stored?
Decide upon types of backup full, incremental or differential depending upon how many
items of data are changed
Set up auditing procedures (Audit trails) to detect misuse
Premises relocation
June 2010
6. A Health Authority is very dependent on their ICT system for administration. The
Health Authority is undertaking a risk analysis.
(a) Describe in detail two of the factors the Health Authority should take into account
when deciding how to develop, control and minimise the risk to data. [2×2]
(b) Identify a problem that could arise if steps are not taken to minimise the risk,
discuss its possible impact and describe in detail a suitable strategy to overcome it. [4]
9. Most organisations now have ICT security policies.
(a) Discuss in detail the potential threats to data and the possible consequences of
accidental or deliberate destruction of data. Illustrate your answer with distinctly
different examples in each case. [9]
(b) Discuss four methods which could be used to prevent the deliberate destruction or
misuse of data. [4×2]
Answers
6. (a) 1 mark for each factor and 1 for each further explanation Context must relate to
a Health Authority
• Identify potential threats / who has access
• What is the likelihood of risk occurring / value of data to other people / location
• Short and long term consequences of the threat / loss of data
• How well equipped is the health authority to deal with the threat
• How much money the health authority has
6. (b) Problem (1) expansion in context of impact (consequence) (1) strategy (1)
expansion in context (1)
Example
Problem: Staff unaware of who actually is in their buildings (1 mark) this could be
very
dangerous if there is a fire or looking for an at risk patient, etc. (2nd mark for more
detail)
Strategy: Have a backup system on paper or off site (1 mark) which staff could have
emergency access to, to look up information. (2nd mark more detail).
Other strategies: set up a disaster recovery system, employ a RAID system.
Hackers getting in – firewalls as prevention.
9. (a) One mark explanation per relevant point, up to nine: Answers must be
sentences and not a list. Consequences must match threats. List of threats 1
mark. List of consequences 1 mark.
Threats
• Terrorism
• Natural disasters
• Sabotage
• Fire
• Theft
• Poor training (condone)
Note: Hacking and viruses are not a threat in themselves. Insert a virus to deliberately
destroy data is sabotage. Hacking to take data is theft.
Consequences
• Loss of business and income
• Loss of reputation
• Legal action
• Costs of recovering data (Not just data loss)
Note - must cover at least two ‘threats’ and two ‘consequences’ for maximum
marks.
9. (b) Any four methods, discussed in appropriate detail:
Methods for controlling access to computer rooms
 Methods of securing integrity of transmitted data
 Methods including private and public keys
 Call back procedures for remote access
 Establish firewalls
 Use virus scanners
 Proxy servers
 Password systems
 Methods to define security status and access rights for users
 Methods for physical protection of hardware and software
 Security of document filing systems
 Condone backup held off-site
Note - no credit for simply ‘backup’
January 2010
8. Describe the factors an organisation needs to consider when producing a risk
analysis.
Answers
8 Most organisations have a corporate information technology security review which
looks at the computer processed information with a view to identifying the risks of
unavailability, errors and omissions, abuse, unauthorised disclosure and to
determining their potential implications. Each risk will need to be examined from
the point of view of the security and the loss assessed and its likely occurrence.
The aim is to identify those systems crucial to the organisation and to look at the
possible consequences of loss of such systems. Organisations will need to look at
how well they are equipped to deal with potential threats and how much they are
prepared to spend to minimise the risk.
One mark for a list of four key points.
June 2009
4. A large college has invested heavily in their ICT system for administration.
The college is undertaking a risk analysis.
(a) Describe in detail two of the factors the college should take into account when
deciding how to develop, control and minimise the risk to data. [4]
(b) Identify a problem that could arise if steps are not taken to minimise the risk,
discuss its possible impact and describe in detail a suitable strategy to overcome it. [4]
Answers
4.(a)
1 mark for each factor and 1 for each further explanation
• Identify potential threats
• Likelihood of risk occurring
• Short and long term consequences of the threat
• How well equipped is the college to deal with the threat
• How much money the college has
(b) Example Problem: Staff unaware of who actually is in college (1 mark) this could
be very dangerous if there is a fire or looking for an at risk pupil, etc. (2nd mark for
more detail)
Steps: Have a backup system (1 mark) which staff could have emergency access to
lookup information. (2nd mark more detail).
Other points: set up a disaster recovery system, employ a RAID system
June 2006
6. Most organisations now have ICT security policies.
(a) Discuss in detail the potential threats to data and the possible consequences of
accidental or deliberate destruction of data. Illustrate your answer with distinctly
different examples in each case. [10]
(b) Discuss four methods which could be used to prevent the deliberate destruction or
misuse of data. 4 × [2] Quality of Written Communication [2]
Answers
6 (a) One mark per relevant point, up to ten: 10 x 1
 Threats
 Terrorism
 Natural disasters
 Sabotage
 Fire
 Theft
 Poor training (accept, but not condone)
 Consequences
 Loss of business and income
 Loss of reputation
 Legal action
(Not just data loss)
Note - must cover at least two points from ‘threats’ and ‘consequences’ for maximum
6 (b)
Any four methods, discussed in appropriate detail: 4 x 2
 Methods for controlling access to computer rooms
 Methods of securing integrity of transmitted data e.g. encryption
 Methods including private and public keys.
 Call back procedures for remote access
 Establish firewalls
 Use virus scanners
 Proxy servers
 Password systems
 Methods to define security status and access rights for users
 Methods for physical protection of hardware and software
 Security of document filing systems
Note – no credit for simply ‘backup’.
Quality of Communication – award marks using the following criteria:
straightforward ideas expressed clearly, if not always fluently. Sentences and
paragraphs may not always be well connected. Arguments may sometimes stray from
the point or be weakly presented. There may be some errors of grammar, punctuation
and spelling, but not such as to suggest a weakness in these areas – 1 mark;
moderately complex ideas expressed very clearly and fluently. Sentences and
paragraphs will follow on from each other smoothly and logically. Arguments will be
consistently relevant and well structured. There will be few, if any, errors of grammar,
punctuation and spelling – 2 marks.
Database System Questions
June 2011
Question J. A public library in a large town uses a relational database for their book
lending system. When a borrower takes out a book, the loan is recorded.
Relational databases hold the data in a number of tables. In this library system there is
a table for Borrower, which is partially shown below:
BORROWER [BorrowerID, Surname, Firstname, ....]
where BorrowerID is the primary key.



Explain what is meant by a primary key and a foreign key. [2]
Give two other suitable tables, you would expect to see in this library loan
system, identifying any primary or foreign keys. [7]
Give three reasons why relational databases are more secure than the flat file
approach. [3]
The Council’s library service uses a data warehouse to hold details about all library
loans throughout its area. Holding this large central store of data allows the library
staff to use data mining.
 Describe what is meant by a data warehouse and explain the advantages it
might give the library service. [3]
 Explain what is meant by data mining and give an example of how the library
staff might use it. [3]
Answers

A primary key is unique and used to identify a record/table. / and other fields depend
on it A foreign key is a field of one table which is also the primary key of another table
/ used to establish relationships/links between tables.
 2 x (1 mark table name, 1 mark for primary key field, 1 mark for foreign key)
and 1 mark for 2 other fields in each table
BOOK [BookNo, Title, Author, Genre, ISBN, etc]
LOAN [LoanID, BorrowerID#, BookNo#, StartDate, Length, etc]
Where underlined are primary keys and # are foreign keys
If candidates have produced a fully working real solution using more than three tables full
marks can still be awarded.
 Hierarchy of passwords -- passwords to see separate parts
Storage of data separate to programs
Access rights to parts of the program.
 Large, Archive and used for Decision Making – Look for two of these three (1 mark)
Data warehouse refers to large amounts of data which are stored together, usually in a single
location, for further processing (a huge database specifically structured for information access
and reporting) (1) or A database used to store an organisation’s historical data which is used
by a MIS to extract information to help managers make decisions. (1)
Advantages
Allows the council to store information about every book. (1)
Allows the council to see who has borrowed books and when. (1)
Can use it to plan future changes or developments in their library system. (1)
Allows the library system to use data mining. (1)
Speeds up searching at the local library. (1)
Allows the library to find the most popular book and buy more (1)
 Issues
• Deliberately setting up websites containing incorrect information – people may rely on and
use this information thinking it is correct.
• Bullying – in chat rooms, by e-mail, in blogs, by text message is a problem especially for the
young.
• Inappropriate websites – people are able to view inappropriate material such as
pornography, racism, violent videos, how to make explosives, etc.
• Using e-mail to give bad news (e.g. redundancy, demotion, firing, etc.) when explaining
faceto- face would have been better.
• Spreading rumours – it is easy to spread rumours using the Internet. You only have to tell a
few people in a chat room and the rumour will soon spread. Normally, if someone started a
rumour that was untrue and it caused another person distress, then the person starting the
rumour could be sued. When rumours are started over the Internet it is difficult to identify the
person responsible.
• Plagiarism – copying material without attributing or referencing the source of the information.
This could also involve using websites which sell essays or coursework.
• Sending spam (i.e., the same advertising e-mail to millions of people) – people waste time
deleting spam if the spam filter allows it through.
• Companies monitoring staff use of the Internet and e-mail. Some organisations will even
read personal e-mails.
• Using someone’s wireless Internet connection without permission.
• Sometimes it is possible to connect to the Internet using an open network. The net result of
using the network is to slow the network down for legitimate users.
• Mobile phone stalking.
• Using photo editing software to distort reality – by using photo/video editing software you
can distort reality and you can no longer believe what you see in video, TV, newspapers,
magazines and on websites.
• Censorship Invasion of privacy by governments.
• Privacy issues – social networking sites, e-commerce sites, Internet service provider
records, e-mail monitoring at work, etc., all erode a user’s privacy.
• Gambling addiction – gambling can cause many social problems and it is on the rise with
the ease with which bets can be made using the Internet.
• Addiction to computer games – many children spend hours playing computer games and
their social skills and schoolwork can suffer as a result. Have and have nots – Digital divide
Closing down of local stores
Example answers
Censorship
• No-one owns the Internet. It is international. Material which would be illegal if published in
hard copy form is freely available on the Internet e.g. racist propaganda, bomb making
instructions, pornography. Some say the Internet should be censored but who will do the
censoring and how can centralised control be implemented.
• If you ban sites will they become more appealing so people will search for them more avidly.
January 2011
Question J. Relational databases are becoming increasingly important to all
organisations that handle data.
Explain what is meant by each of the following terms:
 data consistency,
 data redundancy,
 data integrity,
 data independence. [4]

A village sports club uses a database management system to operate a membership
and fixture system. Members normally register for more than one sport. Fixtures
against other villages are arranged in a wide variety of sports involving a large
number of teams.
One table in this database could be:
SPORT[Sportid, Sport name, Home venue]
with Sportid being the primary key.
 Give two other suitable tables you could expect to see in this database,
identifying any primary or foreign keys. [8]
A commercial company uses a data warehouse to hold details about customers and
their purchases.
 Describe what a data warehouse is and explain the advantages it gives this
company.[5]
 Explain what is meant by data mining and give an example of how the
company might use it.
Answers


Data consistency is the relationship between the input data, the processed
data and the output data as well as other related data. If the system is
working properly the data will be correct at each stage and is said to be
consistent. OR
Data consistency is using one file to hold a central pool of data. A company
may hold all its customer data in one file. This avoids the need to input data
twice so that if data is changed in one file it won’t need to be changed in
another and remains consistent. OR Data being inconsistent in a flat file due
to possibility of different formats etc and being consistent in a RDBMS as
each record is only stored once so cannot have different attributes
Data redundancy is where you store an item of data more than once/
A company may hold its data in different files. This is wasteful because some
data may need to be input twice and if data is changed in one it will need to be
changed in the other. / Data which is repeated unnecessarily is called redundant
data.

Data integrity – the correctness of the data. Truthful, Accuracy

Data independence – the data and the applications/programs used to access
it are independent/separate. / New applications can be developed to access
the data without changing the data./ New systems can still use existing data.
 Example of possible tables
MEMBERS [memberid, name, email, phone, DOB etc]
FIXTURES [fixtureid, date, home/away, sportid#, memberid#]
Underline = primary, # = foreign
1 mark per table name
1 mark per foreign key
1 mark per primary key
1 mark per extra 2 fields per table
 Large, Archive and used for Decision Making – Look for 2 of these 3
Data warehouse refers to large amounts of data which are stored together (1),
usually in a single location, for further processing ( a huge database specifically
structured for information access and reporting) (1) or
A database used to store an organization’s historical data (1) which is used by a MIS
to extract information to help managers make decisions. (1)
Alternate second halves
• stored in a consistent order
• to make interrogation more productive.
• Data is non-volatile and time invariant (archive data).
• Used to support organisational decision making.
Advantages
Can be mined It allows the company to store all the details of what it has sold to
every customer. The company can see who uses a loyalty card and exactly what
they have bought and what method they used to pay for it.
Can compare information like the sickness data from different stores.
Storing all this historical data better equips managers to make their decisions.
NOT JUST MAKING BETTER DECISIONS/MORE INFORMED DECISIONS -MUST SAY
WHY OR EXTENSION
June 2010
10. (a) A hospital uses a relational database management system for storing patient
records. Staff and patients are allocated to wards.
(i) Explain what is meant by the term data normalisation. [2]
(ii) One table in this database could be STAFF (Staff Id, Name, Contact no, Ward no)
With Staff Id being the primary key and Ward no the foreign key.
 Give two other suitable tables you could expect to see in this database,
identifying any primary or foreign keys. [6]
(iii) Explain why relational databases are more secure than a flat file approach for
storing patient records. [2]
(b) Most Health authorities now use distributed databases. Explain what is meant by
the term distributed database and discuss their advantages and disadvantages. [7]
Answers:
10. (a) (i) Suitable definition of data normalisation, such as:
A staged (mathematical) process (1) which removes repeated groups of data and
inconsistencies. (1) Or Simplifying data structures (1) so that attributes in each table
only relate to the entity.
10. (a) (ii) WARD( Ward no, NumberOfBeds, StaffId)
PATIENT ( Patient no, Name, illness, admission date, consultant, address, contact,
Ward no)
Marking – award one mark for each table name, one mark for each primary key field,
one mark for both foreign keys and one mark for two other relevant fields.
10. (a) (iii) Explanation involving any two relevant reasons:
 Hierarchy of passwords
 Storage of data separate to programs
 Access rights to parts of the program
10. (b) 2 marks for definition and 5 for advantages/disadvantages
(Must to have at least two of each)
A distributed database is a single database that is under the control of a DBMS where
the storage devices are not all attached to a common processor. Instead the data is
stored in storage devices attached to multiple computers usually located across a
network.
Or
A distributed database has data stored on a number of computers at different locations
but appears as one logical database.
Advantages:
• Faster response to user queries of the database
• Non-dependence on one central huge store of data
• Easy to backup and copy data from one server to another
• If one server fails then the other servers can be used
• Reduces network traffic as local queries can be performed using the data on the local
server.
Disadvantages:
• Heavy reliance on networks and communications which may not always be reliable
• Security issues particularly if sensitive personal data is being transferred
• If one of the links to a server failed then the data could not be obtained from that
server
• Increased costs owing to the use of expensive communication lines
• Greater chance of data inconsistency
• Harder to control the security of data spread in many different locations.
January 2010
11. A mail order company uses a relational database management system for storing
details of orders. Stock and customers are allocated to orders.
(a) Explain what is meant by a relational database. [2]
(b) One table in this database could be
STOCK [StockID, Stock name, Price, Size, ManufacturerID]
With StockID being the primary key and ManufacturerID the foreign key.

Give two other suitable tables you could expect to see in this database,
identifying any primary or foreign keys. [5]
(c) The company uses a data warehouse to hold details about customers and their
transactions.
 Explain how the data warehouse and data mining could be useful to a mail
order company. [4]
(d) Describe the advantages of a relational database approach over a flat-file approach
in relation to data redundancy, data integrity and data consistency. [6]
11(a) Suitable definition of a relational database, such as:
A large collection of data items and links between them (1)
structured in such a way that it allows it to be accessed by a number of different
applications programs (1)
a group of tables linked together by primary and foreign keys (1).
11(b) Award one mark for each table name, One mark for each primary key field,
One mark for two sensible foreign keys.
Example of one possible full mark answer:
CUSTOMER (CustomerID, Name, contact no, address1, address2, etc.)
ORDERS (OrderID, Date, StockID, CustomerID)
11(c) Data Warehousing (any two points)
The mail order company generates huge quantities of data stored in a consistent order
to make interrogation more productive.
Data is non-volatile and time invariant (archive data).
Used to support organisational decision making.
Data Mining (any two points)
 Is interrogating the data
 It is a speculative process / investigates potential patterns
 Presumption is that dormant within the data are undiscovered patterns /
groupings/ sequences / associations.
 Software uses complex algorithms to search for patterns.
 Returned information can be tested for plausibility.
 Data if of value can be processed into a report to help decision making.
 Could allow company to find a previously unknown relationship between
regions of the country and food preferences and they can then target special
promotions.
11(d) Two marks for each description One mark for definition and second mark
for expansion or example. (x 3)
Data redundancy
It refers to the unnecessary duplication of data.
In a flat-file database details about such information as customer details will be
duplicated. In a well designed relational database there should be no ‘repeating
attributes', no piece of data should be unnecessarily repeated.
Data integrity
The integrity of data is the correctness, i.e. the extent to which it truthfully
represents the original information. One of the problems of maintaining integrity
arises when updating occurs, and every record has to be changed in a flat-file
database, if one record was left unchanged the data would no longer be wholly
correct. In a relational database you only have to change data in one table and all
other references in any other table will automatically be changed.
Data consistency
When data is held in more than one file it should be stored in a consistent way.
A date field could be stored in file as a text field but in another field as a date/time
field and the data would be incompatible. In a relational database because the
attributes of any one entity are contained within one file, there is no risk of the
same attribute being stored in a different format in a different file (Spelling
mistakes in names)
June 2009
7. (a) A school uses a relational database management system for storing pupil subject
choices. A pupil may take many subjects taught by many teachers.
(i) Explain what is meant by a relational database. [2]
(ii) One table in this database could be:
TEACHER (Teacher Code, Name, Room)
with Teacher Code being the primary key.
 Give two other suitable tables you could expect to see in this database,
identifying any primary and foreign keys. [8]

(iii) Explain why relational databases are more secure than a flat file approach for
storing subject choices. [2]
(b) (i) Explain, using a suitable example, what is meant by a distributed database.
(ii) Hospitals use distributed medical databases. Describe the problems that could
arise when using such distributed medical databases. [4]
Quality of Written Communication. [2]
Answers:
7. (a)
(i) Suitable definition of a relational database, such as A large collection of data items
and links (1) between them, structured in such a way that it allows it to be accessed by
a number of different applications programs. (1) (mention of tables and relationships
and different views)
(ii) PUPIL [Pupil Code, Name, Form, DOB, Gender]
1 for suitable table name
1 for suitable primary key field and 1 for other 2 suitable fields
SUBJECT (Subject Code, Pupil Code, Teacher Code, Time, Day, Room)
1 for suitable table name
1 for suitable primary key field
1 for Pupil Code as foreign field
1 for Teacher Code as foreign field and 1 for other 2 suitable fields
Or other suitable structure marked with similar rules.
(iii) Any two relevant reasons: 2 x 1
 Hierarchy of passwords
 Storage of data separate to programs
 Access rights to parts of the program
(b) (i) A distributed database is a collection of (different) interrelated databases spread
over a network. Some computers on the network each hold part of the data and cooperate in making it available to the user. A hotel chain might use distributed
databases to store details of reservations. Each hotel stores its own reservations on a
local computer.
(ii) Look for four separate points or two very well argued points for maximum marks:
4 x 1 or 2 x 2 (second mark could be for relating the answer to medical databases)
 More complex hence more expensive to install and maintain
 Increased security risk from transfer
 If one location fails might hinder others
 Could get data inconsistency
 Quality of Written Communication
June 2008
6. (a) A large medical practice uses a relational database management system for
storing patient records and running their appointment systems. The practice has
several doctors and many patients. Each patient can make one or more appointments
with a doctor. The practice receptionist records which patient has made an
appointment with which doctor and the time and date of the appointment.
(b) (i) Explain what is meant by the term relational database. [2]
(ii) One table in this database could be
DOCTOR (Doctor Code, Name, Room, Tel Num)
Give two other suitable tables you could expect to see in this database, identifying
any primary or foreign keys. [6]
(c) Distributed databases are now widely used.
(i) Explain what is meant by the term distributed database and discuss their
advantages and disadvantages in general terms. [6]
(ii) Research is ongoing on the use of Electronic Patient Records (EPR). Discuss the
specific benefits that the EPR system would bring to medicine and the main concern
about its use. [4]
Answer
6.(a) A relational database is a large collection of data items and links between them
structured in such a way that allows it to be accessed by a number of different
application programs. (2nd mark) or use of primary and foreign keys.
Accept underline or asterisk as indication of key field and over line as an indication of
foreign keys.
(b) PATIENT (Patient Code, Name, Address, DOB, Gender)
1 for suitable table name
1 for suitable primary key field
APPOINTMENT(Appointment Code, Patient Code, Doctor Code, Time, Date, Room)
1 for suitable table name
1 for suitable primary key field
1 for Patient Code as foreign field
1 for Doctor Code as foreign field
(c(i) Distributed databases are different databases stored at different locations but
linked together so they appear to be one large database. 1 mark per point (max 6) (at
least 1 of each to get 6)
Advantages
• Data used locally can be stored locally and network traffic kept to a minimum
• If data lost on central site it could be reduplicated from local site
• Allows sharing of the data and the results of processing the data
• New locations can be added to the database without the need for rewriting the
entire database
Disadvantages
• Software more complex than a centralised database system
• Because data is transferred it presents more of a security risk by hackers
• As all the data is not stored in one location if a local site does not have adequate
backup then this data might be lost to others.
• If data is stored and updated in more than one place there is an increased chance
of data inconsistency.
(ii) Any 3 benefits at a mark each and 1 concern
If you were taken into any hospital anywhere in Britain they could call up your notes
and see if you are, for example, on any medication at the moment. This can only lead
to better diagnosis of patient’s problems and improve the chances of survival.
The computerising of the patient records would also create a huge database of all the
people in Britain. This could also allow an epidemiological investigation to take
place.
People’s records could be compared to see what treatment worked and what other
factors there may have been for some complex illness. Trends could be spotted at
their early stage and remedial action taken to stop them quickly. This information
would be available no matter where the hospital was or what the condition of it is.
A database such as this can also be seen as a step towards a national identity
programme where to get treatment one would have to have proof of nationality and
proof of residence in this country. You would have to exist on the database before you
could be dealt with. Immigrants, legal or otherwise would have to prove their
adherence to these rules.
The main concern is big brother watching you or the danger of someone getting your
data (hacking) and misusing it.
June 2007
5. A college keeps details of students, staff and courses in a file. Part of this file is
shown below.
The data in this file is not normalised.
(a) Using data from the above file to illustrate your answer, describe two different
problems associated with data not being normalised.
(b) The above data can be re-organised into a normalised relational database with
tables linked using primary and foreign keys.
Re-organise this data into a normalised relational database using two tables.
You should clearly indicate the table names and any primary or foreign keys that you
use.
Answers
5. (a) 1 mark for disadvantage and 1 mark for example x 2 4 Marks
Data is duplicated causing unnecessary waste of storage space.
Example - the lecturer name H Smith' is repeatedly stored in the above data.
Data inconsistency - if data is stored more than once there may be differences [egg in
spelling] or transcription errors.
Example J Evans might be mistyped as 'J Evins' or the course code 186 might
be mistyped as 816. The computer will not know which one is correct.
5. (b) 1 mark for table x 2 5 Marks
1 mark for primary key x 2
1 mark for foreign key in other table
Primary and foreign keys must be clearly identified
Examples could be;
Student [Student No, Student Name, Date of birth, Gender, Course No#]
Course [Course No, Course Name, Lecturer No#, Lecturer Name]
June 2006
7. (a) A hospital uses a relational database management system for storing patient
records. Staff and patients are allocated to wards.
(i) Explain what is meant by a relational database. [2]
(ii) One table in this database could be
WARD (WardId, NumofBeds, StaffId )
with WardId being the primary key and StaffId the foreign key.
Give two other suitable tables you could expect to see in this database, identifying
any primary or foreign keys. [6]
(iii) Explain why relational databases are more secure than a flat file approach for
storing patient records. [2]
(b) Hospitals use distributed medical databases. Describe the problems that could
arise when using such distributed medical databases. [4]
(c) The use of video conferencing has now become important in the Health Service.
With reference to appropriate examples, discuss two uses of video conferencing in the
Health Service. [4]
Quality of Written Communication [2]
Answers:
7 (a) (i) Suitable definition of a relational database, such as 2
A large collection of data items and links between them, structured in such a way that
it allows it to be accessed by a number of different applications programs.
7 (a) (ii) STAFF ( Staff no, Name , expertise, pager no, contact no, Ward no)
PATIENT ( Patient no, Name, illness, admission date, consultant, address, contact,
Ward no) Marking – award one mark for each table name, 1 mark for each key field,
1 mark for both foreign keys and 1 mark for two other relevant fields.
7 (a) (iii) Any two relevant reasons: 2 x 1
 Hierarchy of passwords
 Storage of data separate to programs
 Access rights to parts of the program
7 (b) Look for four separate points or two very well argued points for maximum
marks: 4 x 1 or 2 x 2
 More complex hence more expensive to install and maintain
 Increased security risk from transfer
 If one location fails might hinder others
 Could get data inconsistency
7 (c) Any two reasonable uses, discussed in appropriate detail, such as: 2 x 2
 Regional meetings
 Consultation at a distance e.g. skin cases referred to experts
Management of change Questions
Textbook Question
An old established company has been bought and the new managers want to increase
the profitability of the business by using the latest ICT systems. These new systems
will have a great impact on the way the company works and also on the staff they
employ.
(A) Explain what is meant by the term ‘management of change’
(B) Describe the impact that the new ICT system could have on job and the work
patterns. Illustrate your answer with three distinctly different examples.
IDEAL ANSWER
(A) No marks for the answer that refer simply to the manages managing the
change. One mark for mention of the following with a brief description
 New skills required
 Changes to organisational structure
 Alteration of work patterns
 Changes to internal procedures
 Worries by the workforce
(B) One mark for each point to a maximum of six. Only a maximum of four
marks should be given if there if there are no examples. May have to work
in a different location (1) as downsizing of offices may occur owing to less
paperwork/staff/ computer space needed(1)
Telecommuting/teleworking – it may be possible to work from home using
computers and telecommunications (1) thus saving the employee travelling
cost and time/fitting in with personal life better/environment improvement
(1). Retraining – may need to learn new skills (1) in order to use the new
ICT systems such as database skills, use of e-mail, data mining skills,
website updating skills(1).
Different hour of work (1) – new system may operate 24/7 so staff may
need to work more flexibly (1).
New jobs will be created (1) such as web designers, systems analysts,
help-desk staff, network administrators (1), etc.
Some jobs will move abroad to call centres (1) wing to cheaper labour cost
and the availability of well-qualified staff (1)
June 2011
Question F. The introduction of a new ICT system can cause a number of changes in
the
workplace.

Describe three of the changes which are likely to be a cause of stress to the
staff and the worries each might bring. [6]

Describe, using examples, two things that management could do to lessen any
worries that the staff might have about the introduction of the new system.
Answers
Question F.
 (1 mark for statement of change and 1 mark for explanation of why) 3 x 2
• Job losses or fear of job losses (1) - new system may replace staff who performed
manual processes e.g. filing, etc (1)
• Having to learn new skills (1) /(Don’t know how to use system) - older staff may be
stressed by appearing to look stupid in front of younger staff who have the skill (1)
• Fear of change of organisational structure /Relocation (1) - loss of authority by being
bypassed by younger staff or having to move location which could make the journey
to work harder (1)
• Change in work patterns (1) - split shifts or change of hours or night work, 24/7
• Change in internal procedures (1) - may make staff take on extra responsibilities for
no extra money (1)
• Health fears (1) - Concerned about the health risks of prolonged use of ICT
equipment (1)
• Big brother watching
 mark for brief description of the factor and
1 mark for further explanation or an example x 2
• Appropriate training/retraining – to ensure all staff understand the new system and
wondering what to do.
• Explanation of the advantages – so that staff can see how they will benefit by making the
job easier/ more interesting / answer any queries
• Spell out the implications of the new system (meetings)– to help stop rumours which give
people stress / allow staff to express worries
• Opportunity to learn new skills – enable staff to improve their job prospects
• Involvement in the development of the new system – so that the staff can have a system
which is straightforward to use.
• Keeping social groups together / not disrupt working relationships – less stress / work
together as a team
Management Information SystemsQuestions
June 2011
Question I.
More and more organisations are now using Management Information Systems
(MIS). Describe using appropriate examples three factors that can lead to an effective
MIS. [6]
Answer
Any three well developed points from: Second mark for good example or expansion x 2
• Accuracy and relevancy of the data
� The data used from the transaction systems that supply data to the management
system must be accurate.
� Avoid information overload by not producing any data that is not needed as this can
waste time and make the information harder to use.
• Flexibility of the system
� Managers of different sections have different requirements and the MIS must be
able to cope with this.
� Managers of different parts of the business such as marketing and finance have
vastly different needs.
� Allows individual project planning.
� Managers can set up their queries own quickly
• Providing data/information in an appropriate form (not format)
� Managers will need the data presented in the easiest form for them to interpret,
some will want it in tabular form and some in graphical.
• Accessible to a wide range of users
� Can be used by managers who have a range of ICT skills and knowledge.
• Give information when required
� Timing is critical as there is no point in giving good information after the date it is
needed for.
January 2011
Question I. Many schools are now heavily dependent on their Management
Information System (MIS).
 Define what is meant by a MIS and describe, using an appropriate example, a
task
that could best be accomplished using the MIS. [4]
 Describe in detail four features of a good MIS. [8]
 Describe in detail four factors which can lead to a poor MIS. [8]
Answers

Systems that convert data from internal or external sources (1) into
information and resources
designed to support the decisions of managers(1).
OR
MIS are organised collections of people, procedures and resources (1) designed to
support the decisions of managers(1).
OR
MIS are programs designed to produce timely, relevant and accurate information to
help managers make good decisions. (1)
Examples of use similar to the following:
• Looking at pupil attendance figures to try and see if there are patterns and to
ensure that less pupils truant.
• Looking at exam results to try and find strategies to improve their target figures, etc
• A head teacher in a school analysing those pupils who are falling behind in their
work as evidenced by test results and whose attendance is poor so that interviews
with parents can be arranged.

Any four well developed points from: Second mark for good example or
expansion.
Features of good MIS
• Accuracy of the data
• Flexibility of data analysis
• Providing data in an appropriate form
• Accessible to a wide range of users and support a wide range of skills and
knowledge
• Improve interpersonal communications amongst management and employees
• Allow individual project planning
• Avoid information overload
• Allow speedy decisions for urgent situations
Examples of possible responses
• Accuracy of the information produced usually dependent on the accuracy of the
data input.
• Ability to allow managers to set up their own queries flexibly.
• Presents the data in an appropriate form, for example a graph, to make it easy to
understand.
• Can be used by managers who have differing experience and skills in the use of
ICT.
• Ability to be transferred to other packages for further processing/analysis such as
spreadsheet package.

Any four well developed points from: Second mark for good example or
expansion from:
Factors which can lead to poor MIS
• Complexity of the system
• Inadequate initial analysis
• Lack of management involvement in initial design
• Inappropriate hardware and software
• Lack of management knowledge/training about computer systems and their
capabilities
• Poor communications between professionals
• Lack of professional standards
Examples of possible responses
• Inadequate consultation with managers during the analysis of the system to find out
what their requirements from the system are.
• Lack of training for managers means many managers do not use the system as
they should.
• Inappropriate hardware or software being used. For example, the network may run
slowly when processing the information needed when producing MIS reports.
• Inadequate initial analysis. The system does not do exactly what it should do.
June 2010
5. (a) Describe what is meant by a management information system (MIS). Include in
your answer one example of how an MIS can be used. [5]
(b) Describe the factors which make a good or a poor MIS using examples to illustrate
your
answer. [8]
Answers
5. (a) A management information system (MIS) is an organised collection of people,
procedures and resources (1) designed to support the decisions of managers. (1)
Examples of use similar to the following:
• A head teacher in a school analysing those pupils who are falling behind in their
work as evidenced by test results and whose attendance is poor so that interviews
with parents can be arranged.
• A production manager of a company using the MIS to make predictions as to how
many of a certain product to make based on the sales from the same quarter in
previous years.
4-5 marks Candidates give a clear, coherent answer fully and accurately describing
MIS illustrated with an example. They use appropriate terminology and accurate
spelling, punctuation and grammar.
2-3 marks Candidates describe MIS, but responses lack clarity. There are a few errors
in spelling, punctuation and grammar.
1 mark Candidates give a brief comment on MIS. The response lacks clarity and
there are significant errors in spelling, punctuation and grammar.
0 marks No appropriate response.
5. (b) Candidates may describe some of the following:
Factors which make a good MIS
• Accuracy of the data
• Flexibility of data analysis
• Providing data in an appropriate form
• Accessible to a wide range of users and support a wide range of skills and
knowledge
• Improve interpersonal communications amongst management and employees
• Allow individual project planning
• Avoid information overload
• Allow speedy decisions for urgent situation
Factors which can lead to poor MIS
• Complexity of the system
• Inadequate initial analysis
• Lack of management involvement in initial design
• Inappropriate hardware and software
• Lack of management knowledge about computer systems and their capabilities
• Poor communications between professionals
• Lack of professional standards
Examples of possible responses
Features of a good MIS include the following:
• Accuracy of the information produced usually dependent on the accuracy of the data
input.
• Ability to allow managers to set up their own queries flexibly.
• Presents the data in an appropriate form, for example a graph, to make it easy to
understand.
• Can be used by managers who have differing experience and skills in the use of ICT.
• Ability to be transferred to other packages for further processing/analysis such as a
spreadsheet package.
Factors which can lead to a poor MIS:
• Inadequate consultation with managers during the analysis of the system to find
out what their requirements from the system are.
• Lack of training for managers means many managers do not use the system as they
should.
• Inappropriate hardware or software being used. For example, the network may run
slowly when processing the information needed when producing MIS reports.
• Inadequate initial analysis. The system does not do exactly what it should do.
6-8 marks Candidates give a clear, coherent answer fully and accurately describing
both good and poor factors illustrated with examples. They use appropriate
terminology and accurate spelling, punctuation and grammar.
3-5 marks Candidates describe both good and poor factors with at least one example,
but responses lack clarity. There are a few errors in spelling, punctuation and
grammar.
1-2 mark Candidates simply list good or poor factors or give a brief description of
one. The response lacks clarity and there are significant errors in spelling, punctuation
and grammar.
0 marks No appropriate response. List of three factors 1 mark (can award twice)
January 2010
10. (a) An effective Management Information System (MIS) has become very
important to organisations. Describe what is meant by a MIS. Compare and contrast
the factors which make the difference between an effective MIS and a poor MIS,
using appropriate examples.
(b) Despite rigorous testing, it is sometimes necessary for software developers to
maintain the systems they have produced. Explain why this situation might arise and
describe, using suitable examples, some of the different types of maintenance that
might have to be undertaken.
Answers
10(a) Management Information Systems (MIS) are organised collections of people,
procedures and resources designed to support the decisions of managers. (1)
At least four pros and four cons to gain 8 marks.
Candidates may include some of the following:
Features of good MIS
• Accuracy of the data
• Flexibility of data analysis
• Providing data in an appropriate form
• Accessible to a wide range of users and support a wide range of skills
and knowledge
• Improve interpersonal communications amongst management and employees
• Allow individual project planning
• Avoid information overload
• Allow speedy decisions for urgent situations
Factors which can lead to poor MIS
• Complexity of the system
• Inadequate initial analysis
• Lack of management involvement in initial design
• Inappropriate hardware and software
• Lack of management knowledge about computer systems and their capabilities
• Poor communications between professionals
• Lack of professional standards
10(b) One mark for each point up to max 8.
e.g.
Corrective
‘Bugs' (1) which may not have been identified during the testing process (1)
become apparent when the system is operating in a live environment (1) Perfective
Users may, after a period of time (1) find a particular aspect of the software
unsatisfactory (1) e.g. tables may be difficult to format for printing (1) A security
issue (1) e.g. a virus threat (1) may emerge which means that the
system requires an extra level of protection (1) The software provider may discover a
way to make the application run more efficiently (1) e.g. floating editing windows (1)
Adaptive Changes in the business environment (1) e.g. change in legislation (1) may
mean that the software is required to perform tasks it wasn't originally designed for
(1) New software or hardware may be purchased (1) the integration of which requires
changes to existing systems (1) e.g. purchase of new printers with incompatible
drivers (1) Condone one mark for use of terms, corrective, perfective, adaptive.
System Development Life Cycle (SDLC) Questions
January 2011
Question E.
The first step in producing a new computer system is to investigate the existing
system
and produce a feasibility report.
 Describe two different ways a systems analyst can gather information about
the
existing system. [4]
 Describe the purpose of the feasibility report and what should be included in
the
report. [4]
Question H. A system analyst has just designed a new ICT system for an
organisation.


Discuss two of the different changeover strategies that the organisation could
use for conversion to the new system. [6]
After the new system is working, it will have to be maintained.
Describe two different methods of system maintenance, illustrating each
method with an appropriate distinct example. [6]
Answers
Question E.
 (2 marks for each of 2 points)
One mark for describing method and one mark for expansion / purpose /
specific use
A detailed description of a point can be given 2 marks
Interviews – interviews with managers normally reveal how the departments work
and any current problems. Normally will say how they want the new system to work
and what information they want. Operational staff can supply fine detail on how the
current system works. Very time consuming as a lot of people have got to be
contacted. Needs skilled interviewers to get the correct information out of people.
Observation ( inspect/ look at / shadow) – sit and watch how somebody does their
job at present so that one can understand what they do, how and what information
flows, the processes that are performed and any time delays, crashes or
interruptions. Can be time consuming and span several weeks before you can see
everything.
Inspection of records – studying the paper based information produced by the
company at the moment. Allows one to see what information is currently held and the
way it is communicated between different departments or customers and the
company. Documents include organisational charts, manuals, reports, minutes of
meetings and all documentation.
Questionnaires – ideal way to collect information as you do not have to waste time
talking to people and can stick to the important points without digressing. Economical
to reproduce and distribute. Problem is that people forget to fill them in and hence an
incomplete picture. Response rate from posted surveys is often poor. Respondents
may misunderstand some of the questions. Cost involved in hiring people to ask
others to fill in questionnaires and collect results can be significant.
 1 mark for definition, 3 marks for what it includes
A feasibility report:
is the summary of an initial investigation to look at the likelihood of being able to
create a new system with stated aims and objectives at reasonable cost. The
document is used by senior managers to assess whether it is worth continuing with
the project.Or
Considers the request for a new system from different perspectives, (usually
economic, operational and technological) to determine whether it is worth the
organisation undertaking the project. ( Could be looking at cost benefit)
Should include e.g.
• User requirements should be identified (aims and objectives).
• Definition of the scope of the present system (outline current system).
• Major data processing functions and processes (data flow).
• Identification of problems with the current system.
• Cost benefit analysis of the new system / Consider cost implications in terms of
human resources, consultancy fees, training requirements, hardware upgrading,
payment to third party providers, licences and fees, etc
• Details of existing hardware and software. / Consider technical issues including: do
they have equipment to implement; do they have in-house technical expertise; are
there compatibility issues with existing systems
• Consider operational issues including: impact on day to day work; what training will
be required; will re-structuring be necessary; other logistic and practical issues
• Potential improvements / benefits on the new system
• Conclusions /Is it worth proceeding.
Question H.
6-8 marks Candidates give a clear, coherent answer explaining four factors with
reasons. They
use appropriate terminology and accurate spelling, punctuation and grammar.
3-5 marks Candidates explain briefly and may give reasons but responses lack clarity.
There are a few errors in spelling, punctuation and grammar
1-2 marks Candidates simply make brief points and may give a reason. The response
lacks clarity and there are significant errors in spelling, punctuation and grammar.
0 marks No valid response.
Make 2 points about each factor x4 The plan will usually cover the following:
Cost
Set up a budget for it
What backup medium should be used? Tape or disc/ Raid systems depending upon the
speed or money available to recover the data
Hardware can be replaced how much money have they got
Software can be re-installed. (or de-bugged by the programming department).
Risk
What problems could occur?
Likelihood of them occurring e.g. are they going to get an earthquake in UK
On site or off site depending upon costs and the likelihood of the risk occurring and the
criticality of the data.
Data
No business can afford to lose its data.
Backups of all data should be regularly made. This means that the worst case scenario is
that the
business has to go back to the situation of the last backup and carry on from there.
Backups may take a
long time – often tape-streamed at night.
Hardware/Software/Communications
The total or partial loss of computing equipment or software
The complete or partial loss of telecommunications equipment or services
The complete or partial loss of the premises housing the IT equipment.
The loss of essential services such as electricity, heating or air conditioning
Alternative communication /computer systems may be arranged in case a network goes
down or
alternative power supply.
Personnel, Responsibilities and Training
The loss of certain key employees (e.g., losing all the qualified network staff in one go
due to them
choosing to form their own facilities organisation)
The loss of maintenance or support
Make one person responsible for backups so people don’t think others are doing it and it
does not get
done or do they use online backup companies or both!
Screening potential employees
Routines for distributing updated virus information and virus scanning procedures
Define procedures for downloading from the Internet, use of floppy discs, personal
backup procedures
Define staff code of conduct for using computer systems e.g. no abusive emails. No illicit
use etc.
What response should staff make when the disaster occurs
Procedures
Produce procedures for minimising the risks
Test the plan on a regular basis to make sure it still sufficient
Establish physical protection system (firewalls etc.)
Establish security rights for file access and updating web pages
Establish a disaster recovery programme. This starts with a backup policy to secure the
data so it can
be recovered later e.g. backup procedures required.
How often should backups be taken?
Restoration policy backup every day/hour and rotate tapes to ensure there is always a
copy to
restore files
What type of backup? Where the backup is to be stored?
Decide upon types of backup full, incremental or differential depending upon how many
items of
data are changed
Set up auditing procedures (Audit trails) to detect misuse
Premises relocation
8