REVIEWER IT Application Tools in Business (IATB)

MODULE 6
“Blockchains”

Blockchain is a system of recording information in a way that makes it difficult or impossible to change, hack, or
cheat the system.
A blockchain is essentially a digital ledger of transactions that is duplicated and distributed across the entire
network of computer systems on the blockchain. Each block in the chain contains several transactions, and every time a
new transaction occurs on the blockchain, a record of that transaction is added to every participant’s ledger.
The decentralized database managed by multiple participants is known as Distributed Ledger Technology (DLT).
Blockchain is a type of DLT in which transactions are recorded with an immutable cryptographic signature called a
hash.

This means if one block in one chain was changed, it would be immediately apparent it had been tampered with. If
hackers wanted to corrupt a blockchain system, they would have to change every block in the chain, across all of the
distributed versions of the chain.
Blockchains such as Bitcoin and Ethereum are constantly and continually growing as blocks are being added to the
chain, which significantly adds to the security of the ledger.

Why is there so much hype around blockchain technology?

There have been many attempts to create digital money in the past, but they have always failed. The prevailing issue
is trust. If someone creates a new currency called the X dollar, how can we trust that they won't give themselves a
million X dollars, or steal your X dollars for themselves?

Bitcoin was designed to solve this problem by using a specific type of database called a blockchain. Most normal
databases, such as an SQL database, have someone in charge who can change the entries (e.g. giving themselves a
million X dollars). Blockchain is different because nobody is in charge; it’s run by the people who use it. What’s more,
bitcoins can’t be faked, hacked, or double-spent – so people that own this money can trust that it has some value.

How does a transaction get into the blockchain?

Before a transaction is added to the blockchain it must be authenticated and authorized.
 There are several key steps a transaction must go through before it is added to the blockchain. Today, we’re going to
focus on
• authentication using cryptographic keys,
• authorization via proof of work, the role of mining, and
• the more recent adoption of proof of stake protocols in later blockchain networks.

Authentication
The original blockchain was designed to operate without a central authority (i.e. with no bank or regulator
controlling who transacts), but transactions still have to be authenticated.
This is done using cryptographic keys, a string of data (like a password) that identifies a user and gives access to
their “account” or “wallet” of value on the system.
Each user has a private key and a public key that everyone can see. Using them both creates a secure digital identity
to authenticate the user via digital signatures and to ‘unlock’ the transaction they want to perform.

Authorization
Once the transaction is agreed upon between the users, it needs to be approved, or authorized, before it is added
to a block in the chain.
For a public blockchain, the decision to add a transaction to the chain is made by consensus. This means that the
majority of “nodes” (or computers in the network) must agree that the transaction is valid. The people who own the
computers in the network are incentivized to verify transactions through rewards. This process is known as ‘proof of
work’.

Proof of Work
Proof of Work requires the people who own the computers in the network to solve a complex mathematical
problem to be able to add a block to the chain. Solving the problem is known as mining, and ‘miners’ are usually
rewarded for their work in cryptocurrency.
But mining isn’t easy. The mathematical problem can only be solved by trial and error and the odds of solving the
problem are about 1 in 5.9 trillion. It requires substantial computing power which uses considerable amounts of energy.
This means the rewards for undertaking the mining must outweigh the cost of the computers and the electricity cost of
running them, as one computer alone would take years to find a solution to the mathematical problem.

The Power of Mining

The Cambridge Bitcoin Electricity Consumption Index estimates the bitcoin mining network consumes almost 70
terawatt-hours (TWh) of electricity per year, ranking it the 40th largest consumer of electricity by ‘country’. By way of
comparison, Ireland (ranked 68th) uses just over a third of Bitcoin’s consumption, or 25 TWh, and Austria at number 42
consumes 64.6 TWh of electricity per year, according to 2016 data compiled by the CIA.

The Problem with Proof of Work

To create economies of scale, miners often pool their resources together through companies that aggregate a large
group of miners. These miners then share the rewards and fees offered by the blockchain network.
As a blockchain grows, more computers join to try and solve the problem, the problem gets harder and the network
gets larger, theoretically distributing the chain further and making it ever more difficult to sabotage or hack. In practice
though, mining power has become concentrated in the hands of a few mining pools. These large organizations have the
vast computing and electrical power now needed to maintain and grow a blockchain network based on Proof of Work
validation.

Proof of Stake
Later blockchain networks have adopted “Proof of Stake” validation consensus protocols, where participants must
have a stake in the blockchain - usually by owning some of the cryptocurrency - to be in with a chance of selecting,
verifying & validating transactions. This saves substantial computing power resources because no mining is required.
In addition, blockchain technologies have evolved to include “Smart Contracts” which automatically execute
transactions when certain conditions have been met.
 MODULE 7
“Business Processing Modelling Part 1”

Business process modeling is mainly used to map a workflow so you can understand, analyze and make positive
changes to that workflow or process. Usage of a diagram helps you to visualize this process and make better decisions

1. Business Process Modeling Notation (BPMN)

Simply put BPMN is a graphical representation of your business process using standard objects. If you want to get
more technical It can also be defined as a set of graphical objects and rules defining available connections between the
objects.
BPMN consists of the following basic building blocks;
• Flow objects: events (circles), activities (rectangles with rounded corners), and gateways (diamonds)
• Connecting objects: mainly comprising arrows, these indicate sequence flow (filled arrows), message flow
(dashed arrows), and associations
• Swim lanes: pools (graphic container) and lanes (sub-partition of the pool)
• Artifacts: data objects, groups, and annotations

The biggest advantage of BPMN is that it’s a standard with well-defined syntax. So many business analysts are
familiar with it which makes collaboration much easier. Also, most modeling tools support BPMN which makes it much
easier to share and edit if even using different software. All these together make BPMN the most popular business
process modeling technique at the moment.

2. UML Diagrams
UML is a modeling language mainly used for the specification, visualization, development, and documenting of
software systems. But business professionals have adapted it as a powerful business process modeling technique.
With 14 different UML diagram types, it offers a flexible and powerful way to visualize almost any business
process. They are typically used for modeling the detailed logic of a business process. In many ways, UML diagrams are
the object-oriented equivalent of flow charts.
As mentioned above one of its main advantages is its flexibility. But with 14 different diagram types, some might
find it difficult to understand the diagrams. Add to that the same process can be modeled using different UML diagrams.
So probably not the most popular choice among analysts.
Our UML software supports drawing of all UML diagram types. We have templates, separate libraries for various
UML diagrams and knowledge article to guide you through the process.
Business process modeling goes back a long time and BPMN and UML evolved from some techniques used a while
back. However, some of these earlier techniques are still been used in business process modeling.

3. Flowchart Technique
Flowcharts are probably the most popular diagram type in the world. Because it has few standard symbols it can be
easily understood by many. Simplicity makes it powerful and an effective tool. In fact, BPMN can be considered as an
advanced version of the basic flowchart technique. Also, most drawing software support creation of flowcharts it is
used by a much wider audience as well.
Flowchart uses a sequential flow of actions and does not support a breakdown of the activities. The Flow Chart
model is possibly the first process notation. It has frequently been used over many years although there is no exact date
for its origin.

4. Data Flow Diagrams – Yourdon’s Technique

Data flow diagrams (DFD) show the flow of data or information from one place to another. DFDs describe the
processes showing how these processes link together through data stores and how the processes relate to the users and
the outside world.
They are used to record the processes analysed as a part of the design documentation. A DFD can be seen as a
method of organizing data from its raw state. DFDs are the backbone of structured analysis that was developed in the
early sixties by Yourdon.
5. Role Activity Diagrams – RAD
Roles are abstract notations of behavior describing a desired behavior within the organization. They are often
organizational functions. They also include software systems, customers and suppliers. RADs provide a different
perspective of the process and are particularly useful in supporting communication. They are intuitive to read, easy to
understand, and present a detailed view of the process and permitting activities in parallel.

6. Role Interaction Diagrams – RID

Activities are connected to roles in a type of matrix. Activities are shown vertically on the left axis and the roles are
shown horizontally at the top. Text and symbols are used together in order to represent the process.
Although slightly more complex than flow diagrams, RIDs are fairly intuitive to understand and easy to read but they
tend to be messy, with many arrows pointing left and right and are therefore quite hard to build.
Inputs to and outputs from the activities are not modeled. Therefore, important information is lost. RIDs are not as
flexible as flowcharts, for example. They have quite rigid notation. But compared with other modeling techniques, RIDs
are nevertheless flexible. They can be drawn using an Activity Diagram Tool

MODULE 8
“Business Processing Modelling Part 2”

Business process modeling is mainly used to map a workflow so you can understand, analyze and make positive
changes to that workflow or process. Usage of diagram helps you to visualize this process and make better decisions

7. Gantt Charts
Gantt charts relate a list of activities to a time scale. Although it can be used to represent a process graphically it’s
strength lies in the ability to monitor the current situation, project timeline, and resource allocation. Although things like
dependencies can be highlighted in it the modeling part is severely lacking. Probably the reason why it isn’t popular
anymore.
A Gantt chart is a matrix that lists on the vertical axis all the tasks or activities to be performed in a process. Each
row contains a single activity identification, which usually consists of a number and a name. The horizontal axis is
headed by columns indicating estimated activity duration, skill level needed to perform the activity, and the name of the
person assigned to the activity, followed by one column for each period in the project’s duration. Each period may be
expressed in hours, days, weeks, months, and other time units. In some cases, it may be necessary to label the period
columns as period 1, period 2, and so on.

8. Integrated Definition for Function Modeling (IDEF)

IDEF is a family of methods that support a paradigm capable of addressing the modeling needs of an enterprise and
its business areas (IDEF, 2003). The IDEF family is used according to different applications. The most important parts are:
IDEF0, IDEF1, IDEF1X, IDEF2, IDEF3, IDEF4 and IDEF5. However, for business process modeling, the most useful versions
are IDEF0 and IDEF3.

9. Colored Petri Nets ( CPN )

Colored Petri nets are a graphical oriented language for design, specification, simulation and verification of systems.
It is particularly well suited for systems that consist of a number of processes, which communicate and synchronize.
Colored nets are extended Petri nets in which symbols are differentiated by ‘COLORS’. A CPN model consists of a set
of modules which each contain a network of places, transitions and arcs. The graphical representation makes it easy to
see the basic structure of a complex CPN model, i.e. to understand how the individual processes interact with each
other. CP-nets have a formal, mathematical representation with a well-defined syntax and semantics. This
representation is the foundation for the definition of the different behavioral properties and the analysis methods

10. Object Oriented Methods

This method is based on three concepts: objects that represent a real-world entity. An object has a state, i.e. one of
the possible conditions in which the object may exist represented by the values of the properties (attributes). State
changes are reflected by the behavior, i.e. how an object acts and reacts determined by the set of operations the object
can perform on itself, and also knowing its interface, functions and methods. A set of similar objects is called class. For
example, the attributes for the class animal are having four legs and a tail. Its behaviors are sleeping and eating. Then
possible instances or objects of the class animal are cat, elephant, and horse.
Finally, messages are requests for the receiver objects to carry out the indicated method or behavior and return the
result of that action to the sender objects. States change through behavior when the object receives a message. There
are many different techniques based on OO. Unified Modelling Language (UML) is considered the standard OO modeling
language. Coad and Yourdon’s method precedes UML.

11. Workflow Technique

Workflow is a flow of tasks between computer applications or people in an organization. Two or more members of
a workgroup to reach a common goal can define a workflow as well as any task performed in series or in parallel. The
work flow is more than a technique to model a process. It is a method to analyze and improve a process, including its
modeling.
The workflow development process uses work flow models to capture the relevant information of the processes.
This process comprises four stages: Information Gathering, Business Process Modelling, Work flow Modelling,
Implementation and Verification & Execution. You can get started easily using our workflow diagram templates.

12. Simulation
Simulation model comes in handy when you want to study a complex real-world system. You want to learn more
about the system to make an informed decision but the complexity of the system prevents you from doing that directly.
Therefore you proceed indirectly by creating and studying another entity (the simulation model), which is sufficiently
similar to the real-world system. Simulation can have many forms (for example, discrete-event simulation, continuous
simulation, system dynamics, Monte-Carlo simulation, qualitative simulation, etc.).

MODULE 9
“Knowing the Computer Malware”

Malware (malicious software) is the general name used in describing programs that perform harmful things to a
computer system such as viruses, Trojan horses, worms, and all other similar programs. Many computer users are not
familiar with the term malware – “computer virus” is the most common used term to describe a malware.
A computer virus is a program or a piece of code that loads itself and infects a computer without the user knowing it.
It can replicate itself by copying its own generated code over and over again. A computer virus spreads from computer
to computer using a host program. An uninfected computer will be subjected to virus attack once an infected program is
loaded into its memory. This may happen for instance when a user tries to load an infected removable (such as diskette,
flash drive, et.) into a computer.

Generally, there are three classes of computer virus.

1. File Infectors
A file infector is a computer virus that attaches itself to computer files. Usually, the virus infects executable
files such as .COM and .EXE files. It can also affix itself to files with an extension name of .OBJ, .PRG, .MNU, .SYS,
.BAT for which execution and/or interpretation is requested. A file infector virus can be:
a. (Memory) Resident – Virus that instantaneously infects files by storing itself into the computer memory. It
does not require running an infected file to infect other files.
Sample: Jerusalem and Cascade virus
b. Non-resident – Virus that spreads to the computer memory when an infected program is executed. This
type of virus does not attach itself to the computer memory.
Sample: Vienna virus
2. System/Boot-Record Infectors
The virus infects the boot record of secondary storage such as floppy disks and hard disks, specifically in the
system area. It infects executable programs or codes used for system start-up located in a disk system area. By
nature, it is memory-resident so once an infected floppy disk is used to start up a computer, all active secondary
devices that are not write-protected will become infected.
Sample: Michelangelo, Stoned and Brain virus
3. Macro Viruses
 This is a type of computer virus that infects files through the macro programming capabilities of some
application programs. If an application program used in opening an infected document has macro capabilities
turned on, the macro virus becomes active. The virus can then spread to other files and documents in the
system. This type of virus commonly infects Windows office application programs such as MS Word, MS Excel,
and others. According to recent survey, 75% of the viruses created today are macro viruses. Once activated, it
can embed itself in all future documents you create using the application.

The most common misconception about “Trojan horse” and “Worm” is that these are types of computer viruses.
The terms are also very often used interchangeably but these are not the same. PC users must familiarize themselves
with these three common malicious programs to protect computers against their damaging effects.

1. Virus – It is a program or code that attaches itself to a host program to load itself into a computer without the
knowledge of the user to perform malicious actions.
2. Worm – By design, this may be considered a sub-class of a virus. It is capable of spreading from computer to
computer without user intervention. Unlike a virus, a worm does not need to attach itself to a host program. A
worm uses the transport features of files and information to spread itself into different systems. It can replicate
itself at a very fast rate. Instead of sending a single worm, it could send out hundreds or thousands of copies of
itself, creating a very huge devastating effect on the receiving computer system. The Blaster Worm was
designed to allow malicious user to remotely control a computer by tunneling into the computer system.
3. Trojan horse – It is a code or program that is named after the wooden gift horse used by the Greeks to gain
entry to Troy according to legend. Just like the Trojan horse of the legend, this destructive program
masquerades itself as legitimate software. A user that receives a Trojan horse may also create/open a backdoor
to the computer system so that a malicious user can access the system. Unlike worms and viruses, Trojan horses
do not replicate themselves. The Trojan horse is simply a vessel for other malware.

Other types of Malware

 Spyware – It is a computer program installed secretly/sneakily inside the PC to partially control the user and PC
interaction without the user knowing it.
 Keylogger – It is originally used as a diagnostic tool that monitors keystrokes. This program is useful in espionage
especially if the user wants to monitor what other users do on his computer when he is absent. It has the
capability to capture and record all keystrokes done in the PC.
 Adware – Short for advertising software, is a program code that automatically loads and displays advertising
items into a PC once an application is run.
 Bot – These are Internet programs that automatically perform what users do. It is like having a simulated user in
the system. Although it is a program, a bot can also interact with network services allotted for user as if it is a
user itself.

Sample Worms and Viruses

1. Love Bug Virus – It is a virus with VB script that sends a very large number of emails with the subject line “I LOVE
YOU.” Once the receiver opens the email, the virus is activated and will destroy graphics and saved files. It was
first detected in May of 2000 in Hongkong with an estimated damage of 10 to 15 billion dollars. It was later
found out that the virus was originated from the Philippines and was developed by a student from AMA
Computer College named Onel de Guzman.
2. Math Test Virus – It is a type of virus that infects .COM and .EXE files. The PS-MPC virus creation toolkit was
used to create this virus and once activated it requires the user to solve a math problem. If the response of the
user is incorrect, their command will not be performed or executed.
3. Code Red – It is a computer worm designed by Chinese that is considered the “Most Expensive in the History of
the Internet”. In a period of one week, it had a projected damage of 2 billion dollars – a n average of 200 million
dollars per day. The virus was self-reconstructing.
4. Blaster (2003) – It is also known as Lovesan or MSBlast worm. When activated, it exploited a weakness in
Windows XP and 2000 operating system. The attack typically causes the system to be so unstable leading to
automatic system shutdown. It had an estimated damage cost of 2 to 10 billion dollars.
 5. Sasser – It is a worm that got its name by spreading itself in the system using the buffer overflow in the Local
Security Authority Subsystem Service (LSASS). The side effect of the Sasser program is the termination of the
LSASS which leads to automatic system shutdown
6. VBS/Monopoly – It is a virus created using a VB program code and uses e-mail attachments to spread to other
systems the virus automatically mailed itself to all Outlook contacts.
7. Marburg Virus – It only affects Windows 95 systems and broadcasts it presence during the first three months of
infection with Windows error icons randomly placed on the screen.
8. Phantom1 Virus – It is a virus that displays the image of a skull. It is a memory resident polymorphic virus but
does only little damage to the computer system. This virus is not damaging and only infects .COM and .EXE files.
9. Tequila Virus – It is a memory resident virus that infects the Master Boot Record (MBR) and .EXE files. It is also
considered a stealth virus because of its capability not to be detected by user. It uses complex encryption
method and distortion to avoid user detection. Once activated in the system, Tequila virus displays a crude
Mandelbrot set on the computer display.
10. Globe 8001 Virus – This virus display a globe, it is not very damaging and it attaches to the executable file.

Computer Virus Symptoms

1. The computer suddenly slows down.
2. Application programs that used to run suddenly stop responding.
3. Computer starts to behave strangely. For example, the disk drive LED indicator flashes indicating that a hard
drive is being accessed.
4. Windows OS will not load upon opening the computer.
5. The system produces a double extension on documents that were recently created or modified, such as .jpg,
.vbs, .gif, .exe, and .doc
6. Any unexpected changes in the content of the files.
7. Out of memory error messages appear even though your computer has plenty of RAM.
Virus Detection/Protection Tips
1. Always install Antivirus protection program on your PC.
2. Always consider any removable secondary storage device to be a potential virus carrier and may infect your
system.
3. Do not open any e-mail files coming from unknown sources.
4. Always be cautious when downloading files from the internet.
5. Download only from sites that are legitimate and reputable to make sure that the files do not contain any
malware.
6. Always delete chain emails and junk mail coming from unknown sources.
7. Always enable Microsoft Office macro virus protection.
8. Back-up files on a regular basis.
9. Don not open e-mail attachments unless you are certain of the contents of the file.
10. Use an internet firewall.

MODULE 10
“Internet”

“The internet belongs to everyone and no one”

What is the internet?

The internet is the wider network that allows computer networks around the world run by companies, governments,
universities and other organisations to talk to one another. The result is a mass of cables, computers, data centres,
routers, servers, repeaters, satellites and wifi towers that allows digital information to travel around the world.
It is that infrastructure that lets you order the weekly shop, share your life on Facebook, stream Outcast on Netflix,
email your aunt in Wollongong and search the web for the world’s tiniest cat.
How big is the internet?
One measure is the amount of information that courses through it: about five exabytes a day. That’s equivalent to
40,000 two-hour standard definition movies per second.
It takes some wiring up. Hundreds of thousands of miles of cables criss-cross countries, and more are laid along sea
floors to connect islands and continents. About 300 submarine cables, the deep-sea variant only as thick as a garden
hose, underpin the modern internet. Most are bundles of hair-thin fibre optics that carry data at the speed of light.
The cables range from the 80-mile Dublin to Anglesey connection to the 12,000-mile Asia-America Gateway, which
links California to Singapore, Hong Kong and other places in Asia. Major cables serve a staggering number of people. In
2008, damage to two marine cables near the Egyptian port of Alexandria affected tens of millions of internet users in
Africa, India, Pakistan and the Middle East.
Last year, the chief of the British defence staff, Sir Stuart Peach, warned that Russia could pose a threat to
international commerce and the internet if it chose to destroy marine cables.

How much energy does the internet use?

The Chinese telecoms firm Huawei estimates that the information and communications technology (ICT) industry
could use 20% of the world’s electricity and release more than 5% of the world’s carbon emissions by 2025. The study’s
author, Anders Andrae, said the coming “tsunami of data” was to blame.
In 2016, the US government’s Lawrence Berkeley National Laboratory estimated that American data centres –
facilities where computers store, process and share information – might need 73bn kWh of energy in 2020. That’s the
output of 10 Hinkley Point B nuclear power stations.

What is the world wide web?

The web is a way to view and share information over the internet. That information, be it text, music, photos or
videos or whatever, is written on web pages served up by a web browser.
Google handles more than 40,000 searches per second, and has 60% of the global browser market through Chrome.
There are nearly 2bn websites in existence but most are hardly visited. The top 0.1% of websites (roughly 5m) attract
more than half of the world’s web traffic.
Among them are Google, YouTube, Facebook, the Chinese site Baidu, Instagram, Yahoo, Twitter, the Russian social
network VK.com, Wikipedia, Amazon and a smattering of porn sites. The rise of apps means that for many people, being
on the internet today is less about browsing the open web than getting more focused information: news, messages,
weather forecasts, videos and the like.

What is the dark web?

A search of the web does not search all of it. Google the word “puppies” and your browser will display web pages
the search engine has found in the hundreds of billions that has logged in its search index. While the search index is
massive, it contains only a fraction of what is on the web.
Far more, perhaps 95%, is unindexed and so invisible to standard browsers. Think of the web as having three layers:
surface, deep and dark. Standard web browsers trawl the surface web, the pages that are most visible. Under the
surface is the deep web: a mass of pages that are not indexed. These include pages held behind passwords – the kind
found on the office intranet, for example, and pages no one links to, since Google and others build their search indexes
by following links from one web page to another.
Buried in the deep web is the dark web, a bunch of sites with addresses that hide them from view. To access the
dark web, you need special software such as Tor (The Onion Router), a tool originally created by the US navy for
intelligence agents online. While the dark web has plenty of legitimate uses, not least to preserve the anonymity of
journalists, activists and whistleblowers, a substantial portion is driven by criminal activity. Illicit marketplaces on
the dark web trade everything from drugs, guns and counterfeit money to hackers, hitmen and child pornography.

What are intranets and extranets?

You know a little about your company’s intranet, but what exactly is it - and what’s the difference between an
‘intranet’ and an ‘extranet’? Our short guide should clear up any confusion.
An intranet is a private network, operated by a large company or other organization, which uses internet
technologies, but is insulated from the global internet.
 An extranet is an intranet that is accessible to some people from outside the company, or possibly shared by more
than one organization.
For decades, many organizations have used in-house networks to connect their computers and make applications
available to their staff. These networks were often expensive and could be hard to use. When the internet became
popular, its networking software became widely available and, usually, free. It therefore made sense for organisations to
adopt the same software for internal use.

What intranets do?

Intranets typically start by publishing web pages about company events, health and safety policies, and staff
newsletters. Popular applications follow, such as forms to reclaim expenses or request holidays. All these help eliminate
paperwork and speed up workflows.
As more features are added, an intranet can become essential to the operation of an organization. It becomes a
portal that provides access to all the things workers need.
The intranet is protected from the global internet by firewalls and by the need to log on with a secure password.
Staff working outside the organization may be able to access the intranet by using a VPN (virtual private network). This
means all communications between the intranet and the user’s personal computer are encrypted.

What extranets do?

Extranets take this process a step further, by providing access to people who work for different organisations. For
example, a company could provide access to a supplier for online ordering, order tracking and inventory management.
Instead of sending information to suppliers, it lets them fetch it on a self-service basis. Another example would be a
hospital providing local GPs with access to a booking system so they can make appointments for their patients.
1. An extranet should be more efficient because everyone has access to the same data in the same format.
Because all extranet communications can be encrypted over a VPN, it should also be more secure than sending
data over the public internet.