The Computer Revolution/Internet/Security

From Wikibooks

Security

Overview

Internet security falls into categories of software that have been developed to ensure that we all enjoy ourselves on the internet. There are three major areas of concern surrounding internet security: , Authentication of the information ( the information is authentic), authorization( the user has permission to use it), and confidentiality. Confidentiality is a area of major concern because many people shop online, bank online etc. We need to know that our information will not be published to the masses when we enter a site. There is an institutes that has complied a database and training program for the internet called CERT. \ The security is some times important since it can lead your life in danger ,you may create a new Email but for sure you can not delete the information which is stolen .

AQA Information and Communication Technology/Human-Computer Interaction

From Wikibooks

Definition

Human-Computer interaction is concerned with the design, evaluation and implementation of interactive computer systems, using Human-Computer interfaces in the safest and most healthy way.

Ergonomics

Ergonomics are the designs and functionality of the environment. Applying this would be a study of the environment to see how improvement can be made more comfortable for the users.

Measures to improve the ergonomics include:

• Improved lighting
• Furniture better suited

Why is this important?

• Could improve productivity
• Prevent RSI (Repetitive Strain Injury).
  • With adjusable chairs and furniture in the right positions, could be prevented.
• Energy Efficiency
• Improve Job satisfaction (motivates)

Psychological Factors

The understanding of how users receive, process and store information.

Information can be received by 4 main ways:

• Vision (seeing)
  • Distinguishing colours can effect how a person reacts to a situation (Red means Warning or Danger). This shouldn't be relied on because of colour blindness.
• Hearing
  • Most commonly sounds are used in warning messages - the Dong in Windows. This is standard and therefore the user knows straight away that it is a warning.
• Touch
  • Human nature wants something to ensure a button has been pressed - buttons allow that pressure to be enforced.
• Movement
  • The movement of small objects is understandably difficult.

AQA Information and Communication Technology/Database Management Concepts

From Wikibooks

Early databases were flat-file, meaning they were small, had lots of duplicated data and could not relate data to each other. As a result of data duplication, data can be inconsistent in separate parts of the database. Flat-files also tended to be unique to a particular program, making data portability difficult.

A database management system (DBMS) was conceived to help alleviate these shortcomings. This model gives three properties:

• Entities - An area of interest about which the data may be held
• Attributes - Properties of entities
• Relationships - A link between entities
  There are different types of relationships:
  • One-to-one - where an entity has a single link to another entity
  • One-to-many - where an entity may link to many other entities
  • Many-to-many - lots of one-to-ones

By using relationships, you can link data and have queries that will update linked data at the same time, saving time and increasing the accuracy of data. The Wikipedia has more information about DBMS's.

The role of a database administrator (DBA) is to manage and maintain the DBMS for most efficient usage. The DBA maintains access rights, relationships and updates the database of the design if need be.

Data normalisation is the process of increasing database efficiency by reducing duplication of records and producing the best possible database design. A normalised database is consistent and flexible.

Data consistency is ensuring that the data is consistent across all occurances of it (this is made simple using relationships).

Data integrity is the quality of the data held in the database.

Data redundancy is where data is unnecessarily duplicated.

Data independence is where data should be independent of any other changes in the database.

AQA Information and Communication Technology/Policy and Strategy Issues

From Wikibooks

The use of ICT has exploded, it is no longer used by just experts, so an IT policy is required to manage IT resources in an effective and efficient way and to avoid fragmentation between departments of IT systems.

A single IT policy allows for an overall view and control of an organisation's IT setup. It is important to ensure that the policy reinforces the overall strategy of the organisation.

If each section is allowed to develop individually, without an overall IT policy, it would make it difficult to introduce systems such as Management Information Systems

It is important to acknowledge the different needs of users when creating an overall IT policy, however.

• The graphics department may need a higher spec of machine to deal with image/video manipulation
• The publishing department may prefer using Macs.
• Operational users may need to interact with the system in a different way to the tactical/strategic users.

A good IT policy will deal with issues such as:

• Access to information - who needs it?
• How will internal communication work
• How will data be captured?

In order to be successful in the long-term, the IT policy will need to be flexible to deal with new technology, new requirements, and changes to the organisational structure.

Centralised approach

A centralised system is one where the whole IT system in an organisation is ran by a specific area of the company, sometimes called Information Systems.

It has various advantages, such as:

• Increased hardware and software compatability
• The ability to take advantage of economies of scale
• Ease of transfer of data
• Simpler maintenance
• Easier training/reuse of skills due to consistent interface

Decentralised approach

In this approach, each department has it's own strategy and allows for them to plan their IT system exactly to their needs. This has several disadvantages, such as a lack of coherence among the whole organisation, and the lack of expertise.

Upgrading systems

There are various reasons you may wish to upgrade a system. For example, you may have a legacy system that is no longer supported by the vendor and is difficult to maintain and is inefficient. However, even current software may need upgrading. It may not be meeting the needs of the organisation, or the organisation may wish to take advantage of features that may exist in newer versions of the software, or may just want to improve performance with faster hardware. Changes in the organisational structure, objectives, or just a "cutting-edge" business culture may result in upgrades.

Don't upgrade

• This is not always the cheapest option, although involves the least initial capital.
• Is upgrading really necessary?
• Is our current system sufficient to our needs?
• There's no training costs or change management required, and little risk
• The only costs are maintenance costs

Upgrade the entire system

• This involves a lot of capital expenditure
• Has large technical and support implications
• This may involve a totally new infrastructure set up
• High risk

Partial upgrade

• Only upgrade who needs it
• Cheaper than all at once
• May cause incompatibilites in the IT systems
• Medium risk

Future proofing

Future proofing is impossible, and it is impossible to know with certainty what the future will hold. It is only possible to prepare for what could happen.

This generally involves purchasing software with a clear upgrade path, or developing software making it easy to expand in the future. Alternatively, this could be purchasing systems with a higher specification than the organisation actually needs in order to allow for future growth.

A method of future-proofing is leasing, where an organisation leases it's IT systems, and does not actually own it. Therefore, upgrading occurs as part of the lease.

Emulation

Emulation is where software is used to run software which is not designed to run on a particular system. For example, software written to run on a specific hardware platform can be emulated to run on another using emulation software. Of course, it is impossible for this to be anywhere near as efficient as running it on the original hardware, but does reduce the hardware costs of having to buy many bits of different hardware. Additionally, an emulator may not fully emulate all the areas of the hardware it is emulating, so the program may not work as intended.

Hardware emulation also exists, where a piece of hardware emulates another piece to provide compatability with systems designed to use that hardware.

Backup Strategies

This should be part of the corporate IS security policy, as backups are often a weakpoint in security of IS.

A backup strategy should ask these 3 basic questions:

• How often? (the frequency)
• What? (areas to backup)
• Where? (storage of backup)

When deciding on an appropriate backup strategy, we must consider:

• Value of data
• Quantity of data
• Frequency of data change
• Resources available

Backup media

A range of backup media is available, from the old fashioned, but still popular, magnetic tape, Zip drives, or more recently, recordable DVDs and USB flash drives.

Other methods of backup could be online, including RAID (a redundant array of independent disks) which makes backups of data constantly.

Backup strategies

• Full backups
  • All data is backed up
  • For large amounts of data, this takes a long time and requires a lot of space

• Partial backups
  • Only part of the data is backed up at a time. For example, one night might backup the Payroll database, and on the next night, the e-mails are backed up
  • Makes large data sources more managable

• Incremental backups
  • Full backups are made occasionally
  • Incremental backups only back up what's different from the last full backup

• Batch process
  • Similar to incremental backups, but used for databases

• Grandfather-Father-Son Backup
  • Most popular method of backing up
  • A copy of the masterfile and transaction is made at the grandfather level
  • At the father level, a copy of the transaction file and the masterfile as a result of the grandfather master file and transaction file is made.
  • At the son level, a copy of the transaction file and the masterfile as a result of the father master file and transaction file is made.

AQA Information and Communication Technology/User Support

From Wikibooks

User support is now a crucial part of most commerical packages available today. As software becomes more and more complex, users require support in order to use the software.

A good level of support will cost the company more money, but this can be passed on in either the purchase costs, or in a yearly subscription. However, the company's reputation will improve if it has a reputation for good support.

Help desk

A help desk is a form of expert system, or knowledge base. It contains a clever search system, and users can also browse categories to see if their problem has been documented. All common problems, and a lot of not-so-common problems are documented on a help desk.

Technical support line

This is a telephone support line manned by real people, who normally access a knowledge base and walk people through procedures.

Technical support lines are often manned by experts who may have difficulty communicating with managers and business users.

On-screen help

This is normally context sensitive. For example, pressing F1 will bring up the help screen for the task you're currently attempting to perform.

Also, on-screen tutorials and wizards exist to make the package easier to use by walking the user through tasks.

On-site support

This is where the developers attend on-site to assist people with their software installations. This only typically happens with large/complex orders, or with custom software, as the cost of such support is very high.

Patches/bug fixes

If a company discovers a bug in their software, they may release a patch that fixes that image. Patches are typically distributed over the Internet, or on CD-ROM from a technical support line.

Peer support

This is where usergroups exist (mainly on forums or Usenet) who help people with problems.

BBS

This is an area of the Internet where files and upgrades to items are shared, there are typically also message boards here where peer support and also technical support takes place

Mailing lists

Similar to a message board, if you subscribe to a mailing list, then you receive a copy of all e-mails sent to it.

Documentation

There are different levels of documentation for different levels of user. This is typically paper or PDF based.

• Installation documentation
• System documentation (explanation on dataflows, database schema, etc)
• Software documentation (how to use specific features)
• Operational documentation (day-to-day running of the system)

Training

A company needs well-trained employees who can execute their job efficiently. Training can either be for new employees (induction training) or existing employees (if jobs change, there's new technology or new procedures).

Well trained employees are more likely to get promoted (and are therefore better motivated) and have a better-defined career path. Training can lead to:

• Increased sales
• Better service
• Better products
• Better safety
• Lower staff turnover

Different levels of users need different levels of training (workers, middle management, senior management, etc).

Senior managers who understand ICT are more likely to make better informed decisions than their less well informed colleagues on matters such as the corporate IS strategy.

Middle managers need to ensure that IT systems are used efficiently, and also implement the IS strategy.

For workers, the level of training depnds on their level of responsibility and skill. They can use

• skills-based training, for developing general IT skills
• task-based training, for things specific to the IS employed

Even experienced users need to learn new skills if the system changes, so skill-refreshing is also an important part.

There are two main training methods:

1. Computer based - this is is often very cost effective for large groups of people and ensures a consistent standard of training. Users can also work at their own pace and when work is slow.
2. Instructor based - delivered by experienced instructors and has a personal touch, meaning people are more motivated.

There are other training methods, mainly:

• Video training
• Interactive video training
• On line tutorials
• Step by step guides

AQA Information and Communication Technology/Legal Aspects

From Wikibooks

Corporate Information Systems Security Policies

A corporate information systems (IS) security policy exists to protect the company from threat. This security policy should be part of the organisations strategic management. It is important to get it right as

• costs are involved in providing the security the company needs to protect itself
• users are sceptical of computer systems for security and are highly aware of the risks involved
  People don't want to be involved in a company that is known to be insecure

IS security policies exist to

• secure systems against loss of availability, integrity or confidentiality
• prevent and detecting misuse, both against the relevant Acts and the company's internal policies
• investigate and deal with any misuse based on the procedures laid out in the policy
• limit and recover from damage

The three lines of defence in IS security are:

1. prevention
2. detection
3. recovery

The corporate IS policy should include considerations to training and promoting awareness of general security to the end-users of the system, as that is where lapses in security are likely to happen.

They should be educated on matters such as downloading unknown executables from the Internet, or not using easy to guess, common passwords.

Audit Requirements

An audit is a survey taken by a company of its software and hardware. An audit exists to minimise errors of the company's resources database (often used for insurance purposes), to monitor efficiency of systems and to ensure that their software is complying with the appropriate licenses.

The results of an audit are used to increase the accuracy of the company hardware database, allowing for better support and capacity planning.

Many companies use external auditors to minimise the chance of internal fraud, but some companies do internal auditing for the sake of cost. An audit of financial records is required every year under law (for registered companies).

Audits may also cover the accuracy of systems, especially financial systems. There are three type of auditing techniques, where the auditor calculates by hand the expected output of a system and checks that it matches.

• Live data testing - where the auditor uses the actual data the system is figuring at this time. This has the disadvantage of being unable to check all possible data types.
• Historical data testing - in this situation, the auditor puts old data through the system again, so in addition to the manual checks the auditor can check the system agrees with itself both times.
• Dummy data testing - here, the auditor generates fake data that can test all eventualities

This kind of auditing has the problem of whilst the system is being made available to the auditor, it can not be used for its normal functions, and it only provides a snapshot of the system at that moment in time.

Audit trails

An audit trail is a log created by a system that shows what's been changed and who did what. (The Mediawiki has a great example of this, see the history page for this page, for example.)

Disaster Recovery Management

Threats to security and integrity

• Human error (mistakes in data entry, program errors, operator errors)
• Computer crime (Hacking, illegal modification of data, virii and logic bombs)
• Natural disasters (Fire, earthquake, hurricane, flood)
• War and terrorist activity (Bombs, fire)
• Hardware failure (power failure, disk head crash, network failure)

Building security tends to protect the premises against break-in, unauthorised visitors, etc.

Authorisation software involves user ID's and passwords. It forces a user to log in to access their computer and network, and can enforce "access rights", limiting rights to certain files and folders.

Communications security can use call back (when triggered, dials you, instead of you dialling in – confirms your identity), handshaking (a predetermined exchange between two computers, often following an algorithm) and encryption – altering text by a set algorithm only known by the two communicating systems.

Operational security involves using logs to show usage of the system and creating an audit trail.

Personnel security is necessary because personnel are often the most exploitable part of an IS. Basic user knowledge on security is required in order to prevent access using “social engineering”. Unmotivated employees may also become destructive to company data. By splitting the tasks in a transaction so multiple people are required to be involved, this reduces fraud.

Risk analysis

This is part of the overall corporate ICT security policy, and is something which managers, rather than technical staff need to do. The risk analysis could include finding answers to questions such as:

• What is the nature of the data being stored in the system?
• How is the data used?
• Who has access to the system?
• How much money does the company stand to lose if the data is lost, corrupted or stolen?

Disaster planning

Disaster planning generally only concerns the mission-critical aspects of the business, with less vital functions generally being too costly.

To guard against the failure of a business in a catastrophe, two “controls of last resort” can be put in place – insurance and a disaster recovery plan. Insurance is not a prevention method, but it does help to reduce the financial impact of loss.

A disaster recovery plan has to contain provision for backup facilities which can be used in the event of a disaster. Some possibilities are:

• A company owned backup facility, geographically diverse – sometimes known as a “cold standby” site.
• A reciprocal arrangement with another company that runs a compatible computer system.
• A subscription to a disaster recovery service.

How do you select an appropriate recovery plan? Various criteria are used:

• The scale of the organisation and its ICT systems
• The nature of the operation: an on-line system may need to be restored within a few hours, whereas a batch billing process could survive being offline for a few days.
• I The relative costs of the different options: a company with several sites linked by telecoms may be able to formulate a DRP which temporarily moves operations to an alternate site.
• The perceived chance of disaster occurring. A company in Intake may need a plan to cope with theft, but not with earthquakes.

Legislation

We've already touched on the legislature covering ICT in ICT1. For ICT4, you'll need to be able to recall the Data Protection Act, the Copyright, Designs and Patent Act, the Computer Misuse Act and the Health and Safety Act. When designing a corporate IS strategy, the company should ensure that it complies with the relevant legislature.

AQA Information and Communication Technology/IS Within Organisations

From Wikibooks

Information Systems

Data processing systems are systems which capture data and store it in a more useful form for later use, such as an EPOS system storing a list of items sold in a transaction file.

Information systems (IS) take data (generally taken from the data capture system) and turn them into information which can be used to make decisions. For example, a supermarket information system may take the transaction files of the EPOS and turn them into a “best selling” list for decision making.

Information systems are important in decision making as they help managers collate the large amount of data that is at their disposal into the more usable form of information. Good quality and efficient processing of information results in better decision making.

Management Information Systems

Management Information Systems (or MIS) exist to take information from internal (such as EPOS data) and external (such as market research) sources and turn them into useful information. Appropriate information is then relayed to managers at different levels, for the task they are responsible for.

An effective MIS becomes an integral part of the organisation to work together to meet the business objectives. Taking the systems approach to the MIS, we have the Inputs (external and internal data), Processing, and Outputs (reports, query results and expert systems)

The development and lifecycle of an IS

The systems lifecycle is a convenient lifecycle most systems follow (not just IS). The stage of the system in the lifecycle depends on which type of development is currently taking place on the system.

The systems life cycle has 6 stages.

Feasibilty Study

Why have a new system? The feasibility study aims to identify the reasons for having one (or not having one, if the existing system works well).

• The current system may not meet the requirements of the organisation
  This could occur if the needs of the business change, or the previous system was not implemented correctly.
• The current system may be outdated
  Technological advances may mean that the current system is inefficient, and potentially incompatible and becomes hard to maintain. For example, an old EPOS system may not be able to take advantage of the new "Chip & Pin" systems being deployed.
• The system may be become difficult to maintain
  Old systems running on dated hardware may become difficult to locate replacements for, and developers who can develop in COBOL (for example) may be difficult to find.

The feasibility study primarily checks 5 areas of feasibility, called TELOS.

• Technical feasibility - Does the technology exist to be able to create the system?
• Economic feasibility - Is the capital available to develop the system? Are there cheaper ways of developing the same system?
• Legal feasibility - Has the law been taken into account? (For example, the Data Protection Act)
• Operational feasibility - Can current work practices support the new system?
• Schedule feasibility - Can the system be developed in the required timeframe?

Analysis

An analysis of the current system and user requirements must be performed at an early stage when developing the system.

Staff at all levels of the organisation must be involved in the analysis stage for an accurate analysis to be performed. This can be done with

• Interviews
• Document inspection
• Questionnaires
• Observation (such as a Time and Motion study)

The finished analysis report will:

• show what (not how) the new system will work
• document the data flows of the organisation (including the inputs and outputs)
• analyse the costs and benefits of the system
• explain how the system will be implemented
• explain how the system will fit in with the organisational structure, and any changes to working practices required
• consider alternatives (hardware configuration, software design, etc)

Design

This is where it is explained how the system will work. An explanation of hardware and software requirements should be included in the design document.

It should contain how the inputs and outputs of the system will be captured/output - including any validation checks for the input data, and an explanation of the processes of the system should be included.

The user interface should be described (usually with the aid of diagrams) here also.
Most modern systems are developed modually, so a breakdown of the modules and tasks of each will also be part of your design document.

Your design should also include your test plan. Your test plan should cover extreme, erroneous and normal data for each input, and the expected output of such.

The final section of the design document is the changeover plan. Here, we should be considering how we'll be implementing the finished system and changing over from the new one.

Implementation and Testing

This stage is where the creation of the system from the design plan is performed. Ideally, the system should be tested continually with the test plan to identify problems as soon as possible for correction. There should also be milestone targets, where the system should be tested again.

Installation

Once the system has been created, it should be implemented into the organisation (as per the changeover plan).

Maintenance

Sometimes referred to as evaluation.

Once the system has been succesfully installed, it needs to be reviewed to ensure that it is meeting the needs of the organisation as laid out in the analysis. If it is not, then there are types of maintenance that can be performed:

• Perfective - Improvements to the system not originally identified in the analysis
• Adaptive - Alterations to the system, say if the needs of the organisation change
• Corrective - Solving problems in the system that were not identified during testing

Success or failure of an MIS

Developers might only have one indicator of the success of a MIS. Whether or not it works. However, just because it works doesn't mean the MIS is successful. No-one may use the completed MIS, for example.

There are better indicators of MIS success.

• Does the system get used?
• Are the end-users happy with the system?
• Does the system meet the original objectives laid out in the analysis?

Factors leading to success

• User involvement
  • Involving users in the analysis and testing phases tends to lead to a better system that will increase end-user satisfaction
• System complexity
  • Highly complex systems tend to fail if they're undertaken by inexperienced teams
• Development management
  • A poorly managed project is more likely to suffer from
    • Cost over-runs
    • Delays
    • Performance problems
• Support from the management
  • New systems must be backed by the management of the organisation the system is being developed for
    • Correct funding must be made available
    • Manpower must be made available
    • Changes to the existing system must be supported

Factors leading to failure

MIS can fail at any point in the lifecycle, but failures often become more apparant later on the lifecycle, when it becomes very expensive and difficult to correct them.

The most likely point of failure is at the analysis stage.

• A poor analyst was appointed with poor analysis skills
• The wrong type of research was done, especially with regard to the current system
• Poor staffing levels for the analysis to take place
• Users were not sufficiently involved

Failure at the design stage can be because of

• Inability of the system to meet future needs
• Major changes to working practices are required
• Users were not sufficiently involved

At the implementation stage, the failure could be due to

• An underestimate of coding time
• Lack of necessary software development skills
• A poor design
• Poor internal communication
• Low level of allocated resources
• No proper test plan is designed, and therefore no proper testing occurs
• The end-users are not involved in testing, and there are no acceptance tests

At the installation stage,

• No conversion plan was developed
• Insufficient funds allocated to conversion
• Poor documentation of the new system
• There are no performance evaluations

AQA Information and Communication Technology/Organisational Structure

From Wikibooks

An organisation is a group of resources that join together to fulfil a purpose. For example, it may produce goods (as in a business), or provide a service to help people (such as a charity).

Levels of management

Most organisations typically have a hierarchical structure, and different aspects of an ICT system are required to fulfil the different aspects of the hierarchy. A simple hierarchy may consist of:

• Senior management (strategical)
• Middle management (tactical)
• Workers/staff (operational)

Senior management

Senior management are interested in strategies and objectives – setting goals to meet and timeframes to meet them - this is over a long time period - years. This means that the information they require must be broad, but doesn't have to be detailed.

Middle management

Middle management prepares the tactics – the means in which to achieve these strategies - this is over a medium time period - months. This means they require information that is less broad than senior management, but is more detailed.

Workers/staff

The workers perform the tasks assigned to them by middle management to fulfil the objectives of the organisation, and they communicate between themselves the operational data required to perform their task- this is over a short time period - days. The workers only require information that is very specific about their area of work, so lacks breadth, but is very detailed

AQA Information and Communication Technology/Corporate IS Strategy

From Wikibooks

The IS strategy is part of the business strategy. The business strategy is a long-term plan showing where the business is going. It provides the long-term objectives for the business. Planning is very important for business survival.

A business strategy should consist of:

• The business objectives in the mission statement
• A SWOT analysis of the business (this shows the strengths, weaknesses, opportunities and threats of a business)
• Substrategies for separate parts of the business (marketing, sales, operations, IS, etc)

Obviously, we'll be focussing on the IS strategy. The IS strategy should be allocated resources and should be needs-led, not technology-led. (This means the IS strategy should be fulfilling the needs of the business, not just supplying the latest technology).

The IS strategy should consider:

• Resources
  • People
  • Technology
  • Organisation
• Threats to the business (as identified in the SWOT analysis)

Information flow

We can deduce 3 types of information flow in an organisation:

• Strategic
• Tactical
• Operational

Many organisations rely on a constant flow of information, both up and down the layers of hierarchy. Information can flow either:

• Formally (through meetings, etc) – where the information flow is standardised and consistent
• Informally (phone calls, discussions over the water cooler, etc) – this is where the information flow does not follow a set of rules and can be inconsistently distributed, and therefore unreliable.

How information is dealt with is dependant on where the end-user is in the hierarchy.

Unless information has a free flow, there can be constraints on the way the information flows and it could be limited.

Personnel

As we discussed | earlier on, most hierarchies can be broken down into 3 types.

As such, we have the following levels of the heirarchy making different decisions:

• Senior management make the strategic decisions
• Middle management make the tactical (or implementation) decisions
• The workers make the operational decisions.

Or, what we're going to do, how we're going to do it, and the specifics of production.

AQA Information and Communication Technology/Project Management

From Wikibooks

A project is a short-term activity with specified objectives that is usally part of a larger plan. Most projects have a team of varied skills.

Projects have specific characteristics, such as:

• Specified objectives
• Specific budgets
• Specified schedule
• Temporary teams

Projects are headed by a project manger - someone who has a degree of technical skills in addition to managerial skills. The project manager plans the project and recruits staff. He or she monitors project progress and reports the status. He or she controls budgets, prepares performance appraisals and acts as an intermediary between the users, the managers and the developers.

The project manager hires the development team and has to balance the size. If the team is too small, the workload becomes unmanagable, and if it is too large, morale drops, absenteeism occurs and labour turnover rises.

The 5 principles of staffing are:

1. Employee the top talent (fewer, better people)
2. Job matching (match skills to tasks)
3. Team balancing
4. Phase out unsuitable staff
5. Allow career progression

The characteristics of a good team is one where

• The leadership provides inspiration and motivation
• Tasks are allocated well (the best person for each job)
• Standards are set and observed (procedures, documentation, etc)
• The costs, schedules and progression of the project are monitored and controlled.

The project plan should cover a task definition (what needs to be done), skill identification (who can do it) and training (who needs to be able to do what).

AQA Information and Communication Technology

From Wikibooks

Sections

The coursework unit is marked according to a number of different sections, listed below.

Specification

In this section, the candidate is expected to explain the requirements of the end user and produce a list of requirements. At this state, they should also develop a test plan.

Implimentation

This is when the candidate should produce the working system that should meet the end users requirements, if designed correctly. This section should contain screen prints to document the candidates work, partly to prove that it is their own work.

Testing

For this stage of the coursework the candidate is required to use their test plan, which may have been altered or extended as necessary for this stage, to test whether their system meets requirements of the user and functions properly. Testing generally includes the use of valid, invalid and extreme data.

Evaluation

This is where the candidate should critically analyse their solution in accordance with the requirements of the end user- 'does the system do what the end user required?'.

User Guide

The user guide section may vary greatly in its depth and layout depending on each individual's problem that they are solving. However, essentially the user guide is like an instruction manual for the end users of the candidates solution. It should include information on how the user should use the system as well as including a list of common problems, and how the user can solve them.

AQA Information and Communication Technology

From Wikibooks,

How can data be captured?

manually by typing into the keyboard or capturing the data by some sort of automatic method such as OMR, OCR, Barcode reader or MICR.

Data is not just entered into the traditional computer (PC) but is used in many ways by other devices.

For example many areas use sensors to inform motorists that they are over the speed limit. These do not issue speeding ticket but act as a deterrent in order to reduce accidents. Motorways such as the M6 use an average speed limit calculation to issue tickets to motorist who slow down as they approach a speed camera but then increase their speed as they pass it. Traditional speed cameras used film to record a speeding car majority have now moved to digital meaning they can store many more images and do not need to be replaced.

What is the role of government in the development of e-commerce in developing countries?

by Zorayda Ruth B. Andam

While it is generally agreed that the private sector should take the lead role in the development and use of e-commerce, the government plays an instrumental role in encouraging e-commerce growth through concrete practicable measures such as:

1. Creating a favorable policy environment for e-commerce; and

2. Becoming a leading-edge user of e-commerce and its applications in its operations, and a provider to citizens of e-government services, to encourage its mass use.

What is a favorable policy environment for e-commerce?

Among the public policy issues in electronic commerce that governments should take heed of are:

• “bridging the digital divide” or promoting access to inexpensive and easy access to information networks;

• legal recognition of e-commerce transactions;

• consumer protection from fraud;

• protection of consumers’ right to privacy;

• legal protection against cracking (or unauthorized access to computer systems); and

• protection of intellectual property.

Measures to address these issues must be included in any country’s policy and legal framework for e-commerce. It is important that government adopt policies, laws and incentives that focus on promoting trust and confidence among e-commerce participants and developing a national framework that is compatible with international norms on e-commerce (covering for instance, contract enforcement, consumer protection, liability assignment, privacy protection, intellectual property rights, cross-border trade, and improvement of delivery infrastructure, among others).

How can government use e-commerce?

Government can use e-commerce in the following ways:

• E-procurement. Government agencies should be able to trade electronically with all suppliers using open standards-through ‘agency enablement’ programs, ‘supplier enablement’ programs, and e-procurement information systems.

• Customs clearance. With the computerization of customs processes and operations (i.e., electronic submission, processing and electronic payment; and automated systems for data entry to integrate customs tables, codes and pre-assessment), one can expect more predictable and more precise information on clearing time and delivery shipments, and increased legitimate revenues.

• Tax administration. This includes a system for electronic processing and transmission of tax return information, online issuances of tax clearances, permits, and licenses, and an electronic process registration of businesses and new taxpayers, among others.

More often than not, the e-commerce initiatives of government are a barometer indicating whether or not the infrastructure supports e-commerce use by private firms. This means that if government is unable to engage in e-procurement, secure records online, or have customs fees remitted electronically, then the private sector will also have difficulties in e-commerce uptake. Virtually, the benefits from e-commerce accrue to the government, as the experiences of some countries reflect.

Are existing legal systems sufficient to protect those engaged in e-commerce?

Unfortunately, the existing legal systems in most developing countries are not sufficient to protect those engaged in e-commerce. For instance, with respect to contracts, existing laws were conceived at a time when the word “writing,” “document” and “signature” referred to things in paper form. On the other hand, in today’s electronic business transactions paper is not used for record-keeping or entering into contracts.

Another important and common legal issue faced by many developing countries is uncertainty regarding whether the courts will accept electronic contracts or documents and/or electronic signatures as evidence. One view is that the issue of admissibility of electronically generated evidence will not be resolved unless a law specifically referring to it is passed. This gap in existing legal systems has caused the emergence of at least two divergent views: one bordering on the conservative interpretation of the word “document” as to exclude non-paper-based ones; and the other involving a liberal construction, which allows electronic counterparts of documents.

In the ASEAN region, only three countries-Singapore (Singapore Electronic Transactions Act), Malaysia (Cyberlaws), and the Philippines (Philippine E-commerce Act)-have a legal framework for e-commerce. These frameworks provide for the legal recognition of electronic documents and signatures and penalize common crimes and offenses committed in cyberspace.

What other relevant policy issues should be addressed?

Other policy issues concern basic prerequisites of infrastructure for successful e-commerce, as follows:

1. Telecoms pricing and performance

One of the aims of telecommunications policy and legislation should be to ensure that the public has access to basic telecommunications services at a reasonable cost. The goal should ultimately be universal accessor widespread access to reliable information and communication services at a reasonable cost and its availability at a reasonable distance.

To enhance the quality of telecommunications services, policies should encourage:

• open access, which refers to the absence of non-competitive practices by network providers;

• open architecture, which pertains to the design of a system that facilitates interconnection among different systems and services currently and as they develop over time; and

• flexible access, which pertains to interconnected and interoperable networks of telecommunications, broadcasting, and electronic publishing, where the format will be digital and the bandwidth will be adjusted according to the demands of the user and the character of communications.

2. Quality and speed of distribution logistics (i.e., roads and bridges)

Roads and bridges, especially in developing countries, still form part of the e-commerce infrastructure. Very few goods are delivered over the information infrastructure or the Internet (the exceptions are music and software). Most of the goods purchased over the Internet are still delivered the conventional way (i.e., physical delivery). Hence, poor roads and bridges, inefficient transport systems, coupled with the high cost of international parcel services and bureaucratic customs clearance processes, are major obstacles in the uptake of e-commerce in developing countries. Government should therefore create a policy environment that will:

• encourage investments in the national physical and transport infrastructure; and
• provide for electronic customs clearance processing to streamline the bureaucracy and allow for more transparent, predictable and efficient customs operations.

Both of these will contribute to the reduction of distribution and logistics costs.

How can government intervene in the promotion and development of e-commerce among SMEs?

The following are the more relevant areas for government intervention with respect to SME uptake of e-commerce:

E-SME Development. The market ultimately drives e-commerce development, but it is the private sector that fuels it. Government can provide incentives to encourage widespread e-commerce use by SMEs. An “e-SME development program” in which various sectors can provide technical assistance to SMEs to promote e-commerce uptake, can also be developed. Banks, financial lending and training institutions, and corporations should be encouraged to develop “SME desks” that will address the specific needs of SMEs. In particular, steps should be taken to:

• provide incentives to individuals to become entrepreneurs by lowering borrowing rates;
• provide incentives to SMEs that intend to use e-commerce in their business operations;
• broaden credit extension facilities to SMEs in order for them to use ICT and e-commerce; and
• offer discounts on business solution software packages and software licenses.

Moreover, big businesses and corporations should be encouraged to transfer technology to SMEs by offering them free training in ICT and e-commerce.

Awareness Campaign. Evidence suggests that SMEs have insufficient knowledge of information technology and e-commerce. Many SMEs have identified their lack of knowledge of technology as one of the main barriers to using e-commerce. Government and private sector partnerships can engage in a campaign to disseminate information to SMEs about e-commerce policies, best practices, success stories, and opportunities and obstacles relating to the use of ICTs and e-commerce. These awareness campaigns could include free training courses and workshops on e-commerce, security and privacy, awards programs, and information centers to assist SMEs. Ultimately, this information campaign should come in the form of an overall e-commerce development strategy for the economy, focusing on its various innovative applications for SMEs.

E-Government. Government should be the lead-user of e-commerce if various business and private-sector related activities are to be prompted to move online. In effect, government becomes a positive influence. E-government can take the form of various online transactions such as company registration, taxation, applications for a variety of employee- and business-related requirements, and the like.

Network Infrastructure and Localization of Content. A developed national information infrastructure is a necessary, though not a sufficient, condition for e-commerce uptake of SMEs. Without reliable and inexpensive telecommunications and other information services, SMEs will not be able to go online. An important strategy in this regard is the construction of “telecenters” or electronic community centers that would serve as a community-shared access and connectivity platform especially in the rural areas (e.g., an electronic agri-information center which provides market information to farmers in rural areas). These telecenters can also be a venue for capacity building, skills enhancement, training, communications and content development. Government can also adopt agglomerative approaches to Internet use to reduce costs (e.g., export aggregators, such as B2B or B2C portals/exchanges for SMEs, which will facilitate trading with fellow SMEs and with other companies in the international market).

Strengthening Consumer Protection. Among the more common trust-related issues that SMEs take note of in considering whether to engage in e-commerce are: where and how payment takes place (whether real or virtual); when settlement takes place (before, during or after the transaction); who settles; whether the transaction is B2B or B2C; and whether settlement can be traced. Generally, however, among e-commerce users in developing countries, including SMEs, there is very low willingness to provide sensitive financial information over the Internet. On the other hand, consumers have reservations about transacting with SMEs through the Internet due to the lack of a clear policy on returns and use of data. To address this concern, government can encourage companies/ SMEs to make their privacy policy explicit in their Web sites.

A more comprehensive measure that government can undertake to ensure security in e-commerce transactions is the establishment of a Certification Authority, which verifies seller and buyer identities, examines transactions and security procedures, and issues digital certificates to those who are able to meet the set security standards. A good example of this government effort is Singapore’s Certification Authority, Netrust. This suggestion does not to discount the importance of private-driven security solutions such as Web sites like Hypermart, which host and build storefronts for SMEs while providing them a common system for secure payments.

Data Protection and Transaction Security

Transaction security pertains to three important components and related issues, namely:

• Transaction Privacy, which means that transactions must be held private and intact, with unauthorized users unable to understand the message content;

• Transaction Confidentiality, implying that traces of transactions must be dislodged from the public network and that absolutely no intermediary is permitted to hold copies of the transaction unless authorized to do so; and

• Transaction Integrity, which pertains to the importance of protecting transactions from unlawful interference-i.e., transactions must be kept unaltered and unmodified. In an open network like the Internet, it seems difficult to ensure these. There are, however, technological solutions that seek to address these security concerns. These solutions usually come in the form of authorization schemes, i.e., programs that make sure that only authorized users can gain access to information resources such as user accounts, files, and databases. Typical examples of authorization schemes are: password protection, encrypted smart cards, biometrics (e.g., fingerprinting, iris-scanning), and firewalls. A firewall is a system of cryptographic methods supported by perimeter guards to ensure the safe arrival and storage of information and its protection from internal and external threats. The most common data and transaction and data security scheme is encryption, which involves a set of secret codes that defends sensitive information crossing over online public channels. It makes information indecipherable except to those with a decryption/decoding key.

Government can also provide guidelines for SMEs in the development of a system of collaborative ratings, which these entrepreneurs can display on their Web sites not only to inform but also to assure their consumers of security. For instance, in electronic exchanges, customers should be able to rate suppliers in terms of quality of product or service and speed of delivery, among others. To minimize fraud, certain safeguards should be built into the rating system like imposing the requirement of presenting evidence of purchase before one’s rating can count, with ratings of regular customers having more weight. Trends in ratings and comments should be made readily available to all users. SMEs should also be encouraged through appropriate government incentive schemes to participate in internationally accredited Web-based online rating schemes.

Government can also design and establish a legal and judiciary framework that provides for minimum standards of and requirements for transparency, impartiality and timeliness. While in many developing countries this may be a very ambitious goal, in the medium term SMEs may use self-regulated codes of conduct covering, for example, return policy, data protection, and acceptable forms of content, that are applicable within associations, cooperatives or their respective groups of peers and e-entrepreneurs. It is important to have not only a rating system but also an enforcement regime that people trust.

Human Resources Development. The government can initiate pilot projects and programs for capability-building, training and e-commerce support services, such as Web design. In Kenya, for instance, the youth from Nairobi’s slums are being trained in Web design skills.

In general, government initiatives should be in line with current efforts in the foregoing areas of concern. Coordination with development cooperation agencies is important to avoid any duplication of initiatives and efforts.

Is e-commerce helpful to the women sector? How has it helped in empowering women?

by Zorayda Ruth B. Andam

In general, the Internet and e-commerce have empowered sectors previously discriminated against. The Guyanan experience can attest to this.

Women have gained a foothold in many e-commerce areas. In B2C e-commerce, most success stories of women-empowered enterprises have to do with marketing unique products to consumers with disposable income. The consumers are found largely in developed countries, implying that there is a need for sufficient infrastructure for the delivery of products for the business to prosper and establish credibility. For example, if an enterprise can venture into producing digital goods such as music or software that can be transmitted electronically or if such goods can be distributed and/or delivered locally, then this is the option that is more feasible and practicable.

Aside from the Guyanan experience, there are many more successful cases of e-commerce ventures that the women sector can emulate. Some concrete examples are: Tortasperu.com ( http://www.tortasperu.com.pe), a business involving the marketing cakes in Peru run by women in several Peruvian cities; Ethiogift ( http://www.ethiogift.com), involving Ethiopians buying sheep and other gifts over the Internet to deliver to their families in other parts of the country, thereby dispensing with the physical delivery of goods abroad; and the Rural Women’s Association of the Northern Province of South Africa, which uses the Web to advertise its chickens to rich clients in Pietersburg.

While most of the examples involve B2C e-commerce, it must be noted that women are already engaged in wholesale distribution businesses in developing countries. Thus, they can begin to penetrate B2B or B2G markets.

Women Empowerment in Bangladesh: The Case of the Grameen Village Phone Network

The Grameen Village Phone Network is a classic example of women’s empowerment in Bangladesh. Operators of the village phones are all poor women (who have been selected for their clean and strong credit record). These village phones are regularly visited by members of male-dominated villages. Notably, the women entrepreneurs (village operators) enjoy wider discretion in expending their profits from their phone services than with their household income.

How important is e-commerce to SMEs in developing countries? How big is the SME e-business market?

by Zorayda Ruth B. Andam

For SMEs in developing countries e-commerce poses the advantages of reduced information search costs and transactions costs (i.e., improving efficiency of operations-reducing time for payment, credit processing, and the like). Surveys show that information on the following is most valuable to SMEs: customers and markets, product design, process technology, and financing source and terms. The Internet and other ICTs facilitate access to this information. In addition, the Internet allows automatic packaging and distribution of information (including customized information) to specific target groups.

However, there is doubt regarding whether there is enough information on the Web that is relevant and valuable for the average SME in a developing country that would make investment in Internet access feasible. Underlying this is the fact that most SMEs in developing countries cater to local markets and therefore rely heavily on local content and information. For this reason, there is a need to substantially increase the amount and quality of local content (including local language content) on the Internet to make it useful especially to low-income entrepreneurs.

ICT-4-BUS: Helping SMEs Conquer the E-Business Challenge45

The Information and Communication Technology Innovation Program for E-business and SME Development, otherwise known as the ICT-4-BUS, is an initiative by the Multilateral Investment Fund and the Information Technology for Development Division of the Inter-American Development Bank (IDB) to enhance the competitiveness, productivity and efficiency of micro-entrepreneurs and SMEs in Latin America and the Carribean through the provision of increased access to ICT solutions. This is in line with the regional and worldwide effort to achieve a viable “information society.” Programs and projects under this initiative include the dissemination of region-wide best practices, computer literacy and training programs, and coordination efforts to facilitate critical access to credit and financing for the successful implementation of e-business solutions. The initiative serves as a strategic tool and a vehicle for maximizing the strong SME e-business market potential in Latin America manifested in the $23.51 billion e-business revenues reached among Latin American SMEs.

eMarketer estimates that SME e-business revenues will increase: from $6.53 billion to $28.53 billion in Eastern Europe, Africa and the Middle East combined; $127.25 billion in 2003 to $502.69 billion by 2005 in the Asia-Pacific region; $23.51 billion in 2003 to $89.81 billion by 2005 in Latin America; from $340.41 billion in 2003 to $971.47 billion by 2005 in Western Europe; and from $384.36 billion in 2003 to $1.18 trillion by 2005 in Northern America.

How is e-commerce useful to developing country entrepreneurs?

There are at least five ways by which the Internet and e-commerce are useful for developing country entrepreneurs:

1. It facilitates the access of artisans47 and SMEs to world markets.

2. It facilitates the promotion and development of tourism of developing countries in a global scale.

3. It facilitates the marketing of agricultural and tropical products in the global market.

4. It provides avenues for firms in poorer countries to enter into B2B and B2G supply chains.

5. It assists service-providing enterprises in developing countries by allowing them to operate more efficiently and directly provide specific services to customers globally.

IFAT: Empowering the Agricultural Sector through B2C E-Commerce

The International Federation for Alternative Trade (IFAT) is a collective effort to empower the agricultural sector of developing countries. It is composed of 100 organizations (including 70 organizations in developing countries) in 42 countries. Members of the organization collectively market about $200-400 million annually in handicrafts and agricultural products from lower income countries. In addition, IFAT provides assistance to developing country producers in terms of logistical support, quality control, packing and export.

Offshore Data Processing Centers: E-commerce at Work in the Service Sector

ffshore data processing centers, which provide data transcription and “back office” functions to service enterprises such as insurance companies, airlines, credit card companies and banks, among others, are prevalent in developing countries and even in lowwage developed countries. In fact, customer support call centers of dot-coms and other ICT/e-commerce companies are considered one of the fastest growing components of offshore services in these countries. India and the Philippines pride themselves in being the major locations of offshore data entry and computer programming in Asia, with India having established a sophisticated software development capability with highly skilled personnel to support it.48

Developing country SMEs in the services sector have expanded their market with the increased ability to transact directly with overseas or international customers and to advertise their services. This is especially true for small operators of tourism-related services. Tourism boards lend assistance in compiling lists of service providers by category in their Web sites.

In addition, for SMEs in developing countries the Internet is a quick, easy, reliable and inexpensive means for acquiring online technical support and software tools and applications, lodging technical inquiries, requesting repairs, and ordering replacement parts or new tooling.

The Internet is also instrumental in enabling SMEs in developing countries to join discussion groups with their peers across the globe who are engaged in the same business, and thereby share information, experiences and even solutions to specific technical problems. This is valuable especially to entrepreneurs who are geographically isolated from peers in the same business.50

What is the extent of ICT usage among SMEs in developing countries?

Currently the Internet is most commonly used by SME firms in developing countries for communication and research; the Internet is least used for e-commerce. E-mail is considered an important means of communication. However, the extent of use is limited by the SMEs’ recognition of the importance of face-to-face interaction with their buyers and suppliers. The level of confidence of using e-mail for communication with both suppliers and buyers increases only after an initial face-to-face interaction. E-mail, therefore, becomes a means for maintaining a business relationship. It is typically the first step in e-commerce, as it allows a firm to access information and maintain communications with its suppliers and buyers. This can then lead to more advanced e-commerce activities.

ICT usage patterns among SMEs in developing countries show a progression from the use of the Internet for communication (primarily e-mail) to use of the Internet for research and information search, to the development of Web sites with static information about a firm’s goods or services, and finally to use of the Internet for e-commerce.

E-Mail and the Internet in Developing Countries

To date, e-mail is the predominant and most important use of the Internet in developing countries. In Bangladesh, 82% of Internet use is attributed to e-mail, vis-à-vis 5% in the United States. The Web accounts for about 70% of Internet use in the U.S. This is due to the relatively high Internet access costs in most developing countries. However, the Internet is considered an inexpensive, although imperfect, alternative to the telephone or facsimile machine-i.e., it is inexpensive due to the higher speed of information transmission, and imperfect because it does not provide two-way communication in real time unlike the telephone.

Many firms use the Internet to communicate with suppliers and customers only as a channel for maintaining business relationships. Once firms develop a certain level of confidence on the benefits of e-mail in the conduct of business transactions and the potential of creating sales from its use, they usually consider the option of developing their own Web site.

Studies commissioned by The Asia Foundation on the extent of ICT use among SMEs in the Philippines, Thailand and Indonesia, show common use patterns, such as:

1. wide use of the Internet for e-mail because of the recognized cost and efficiency benefits;

2. use of Web sites more for promotion than for online sales or e-commerce, indicating that SMEs in these countries are still in the early stages of e-commerce;

3. common use of the Internet for basic research; and

4. inclination to engage more in offline transactions than in e-commerce because of security concerns.

SMEs go through different stages in adopting e-commerce. They start with creating a Web site primarily to advertise and promote the company and its products and services. When these firms begin generating traffic, inquiries and, eventually, sales through their Web sites, they are likely to engage in e-commerce.

Women and Global Web-Based Marketing: The Case of the Guyanan Weavers’ Cooperative

The Guyanan Weavers’ Cooperative is an organization founded by 300 women from the Wapishana and Macushi tribes in Guyana, northern South America. The cooperative revived the ancient art of hammock weaving using 19th century accounts and illustrations of the hammocks made by European travelers and the cultivation of cotton on small family plots and hand-weaving. The organization then hired someone to create a Web site, which was instrumental in bringing their wares online. Not long after, in the mid-1990s, the group of weavers (the Rupununi Weavers Society) was able to sell hammocks to Queen Elizabeth, Prince Philip, the Smithsonian Institute, and the British Museum. Since 1998, they have sold about 20 hammocks through the Internet at $1,000 per piece. This case also shows that SMEs have great potential to compete in markets for high-end, bespoke products despite the low sales volume.

In addition, many Web sites providing market and technical information, agronomic advice and risk management tools for SMEs (to coffee and tea farmers in developing countries, for example) have emerged.

What are the obstacles, problems and issues faced by SMEs in their use of ICT in business or in engaging in e-commerce?

According to recent surveys conducted in select Southeast Asian countries, the perceived external barriers to e-commerce include the unfavorable economic environment, the high cost of ICT, and security concerns. The internal barriers are poor internal communications infrastructure within SME firms, lack of ICT awareness and knowledge as well as inadequacy of ICT-capable and literate managers and workers, insufficient financial resources, and the perceived lack of relevance or value-added of ICTs to their business.

In general, the main issues of concern that act as barriers to the increased uptake of information technology and e-commerce are the following:

• Lack of awareness and understanding of the value of e-commerce. Most SMEs in developing countries have not taken up e-commerce or use the Internet because they fail to see the value of e-commerce to their businesses. Many think e-commerce is suited only to big companies and that it is an additional cost that will not bring any major returns on investment.

• Lack of ICT knowledge and skills. People play a vital role in the development of e-commerce. However, technology literacy is still very limited in most developing countries. There is a shortage of skilled workers among SMEs, a key issue in moving forward with using information technology in business. There are also doubts about whether SMEs can indeed take advantage of the benefits of accessing the global market through the Internet, given their limited capabilities in design, distribution, marketing, and post-sale support. While the Internet can be useful in accessing international design expertise, SMEs are not confident that they can command a premium on the prices for their goods unless they offer product innovations. They can, however, capitalize on returns on the basis that they are the low cost providers.

Furthermore, more often than not, the premium in design has already been captured-for example, in the textile products industry-by the branded fashion houses. SMEs doubt whether Web presence will facilitate their own brand recognition on a global scale.

• Financial costs. Cost is a crucial issue. The initial investment for the adoption of a new technology is proportionately heavier for small than for large firms. The high cost of computers and Internet access is a barrier to the uptake of e-commerce. Faced with budgetary constraints, SMEs consider the additional costs of ICT spending as too big an investment without immediate returns.

Many SMEs find marketing on the Internet expensive. Having a Web site is not equivalent to having a well-visited Web site. One reason is that there may be no critical mass of users. Another reason is the challenge of anonymity for SMEs. Because of the presence of numerous entrepreneurs in the Internet, it seems that brand recognition matters in order to be competitive. Moreover, it is not enough that a Web site is informative and user-friendly; it should also be updated frequently. Search engines must direct queries to the Web site, and news about the site must be broadly disseminated. Significantly, the experience of many OECD countries attests to the fact that the best e-marketing strategies are not better substitutes for the conventional form of media. One solution may be to encourage several SMEs to aggregate their information on a common Web site, which in turn would have the responsibility of building recognition/branding by hyperlinking or updating, for example.

• Infrastructure. The national network/physical infrastructure of many developing countries is characterized by relatively low teledensity, a major barrier to e-commerce. There are also relatively few main phone lines for business use among SMEs.

• Security. Ensuring security of payments and privacy of online transactions is key to the widespread acceptance and adoption of e-commerce. While the appropriate policies are in place to facilitate e-commerce, lack of trust is still a barrier to using the Internet to make online transactions. Moreover, credit card usage in many developing countries is still relatively low.

Also, consumers are reluctant to use the Internet for conducting transactions with SMEs due to the uncertainty of the SMEs’ return policy and use of data.

• Other privacy- and security-related issues. While security is commonly used as the catch-all word for many different reasons why individuals and firms do not engage in extensive e-commerce and use of Internet-based technologies, there are other related reasons and unresolved issues, such as tax evasion, privacy and anonymity, fraud adjudication, and legal liability on credit cards. In many countries, cash is preferred not only for security reasons but also because of a desire for anonymity on the part of those engaged in tax evasion or those who simply do not want others to know where they are spending their money. Others worry that there is lack of legal protection against fraud (i.e., there is no provision for adjudicating fraud and there may be no legal limit on liability, say, for a lost or stolen credit card). It is necessary to distinguish these concerns from the general security concerns (i.e., transaction privacy, protection and security) since they may not be addressed by the employment of an effective encryption method (or other security measure).