Definition -

➔​ Relational DBMS (RDBMS):

A Relational DBMS stores data in tables (relations) consisting of rows and columns. Each
table represents an entity, and relationships between tables are maintained using keys.​
Example: A Students table and a Courses table can be linked using a student_id.

➔​ Primary Key:

A Primary Key is a field (or combination of fields) that uniquely identifies each record in a
table. It cannot be NULL or duplicated.​
Example: In the Students table, student_id can be the primary key.

➔​ Foreign Key:

A Foreign Key is a field in one table that refers to the Primary Key in another table. It is used
to establish a relationship between two tables.​
Example: In the Enrollments table, student_id is a foreign key referencing student_id
in the Students table.

➔​ Entity:

An Entity is a real-world object or concept that can be distinctly identified and stored in a
database. It can be a person, place, thing, or event.​
Example: In a school database, Student, Teacher, and Course are all entities.

➔​ Data Attribute:

An Attribute is a characteristic or property of an entity that holds data values. It describes or

defines the entity.​
Example: For the Student entity, attributes can include student_id, name, email, and
date_of_birth.

➔​ DBMS (Database Management System):

A Database Management System (DBMS) is a software system that enables users to create,
manage, and manipulate databases. It provides an interface for users to interact with
databases, ensuring that data is stored efficiently, retrieved quickly, and maintained securely.

➔​ SaaS (Software as a Service):

SaaS is a cloud-based service that allows users to access and use software applications
over the internet, instead of installing and maintaining them on local computers or servers. SaaS
applications are hosted and managed by a third-party provider.

●​ Example: Google Workspace, Microsoft 365, Dropbox.

➔​ Offshore:

Offshore refers to the practice of outsourcing business processes or services to a company or

team located in a different country, often to reduce costs or access specialized talent. This is
typically done in countries with lower labor costs.

●​ Example: A company based in the U.S. outsourcing software development to a team in

India.

➔​ BPR (Business Process Reengineering) Definition:

Business Process Reengineering (BPR) is the radical redesign of core business processes
to achieve dramatic improvements in productivity, efficiency, and quality. It involves analyzing,
simplifying, and redesigning business workflows to eliminate inefficiencies, reduce costs, and
optimize performance.

(* for section 1 )

Three Capabilities of a Data Dictionary:

1.​ Stores Metadata:​
It holds detailed information about the structure of the database—such as table names,
field names, data types, and constraints.​

2.​ Improves Data Consistency:​

Ensures uniform definitions and formats of data across the organization, reducing
confusion and errors.​

3.​ Supports Database Administration:​

Helps DBAs track changes, monitor data usage, and enforce rules for data entry and
access.
Three Capabilities of Data Manipulation:
1.​ Data Retrieval:​
Allows users to extract specific information from a database using queries.​
Example: SELECT name FROM Students WHERE department = 'CSE';​

2.​ Data Insertion:​

Enables adding new records to database tables.​
Example: INSERT INTO Students (id, name) VALUES (101, 'Arafat');​

3.​ Data Update and Deletion:​

Supports modifying or removing existing data in the database.​
Example:​
UPDATE Students SET name = 'Ratul' WHERE id = 101;​
DELETE FROM Students WHERE id = 101;

Data Definition:

It is the process of creating and modifying the structure of database objects like tables.

Example:

CREATE TABLE Student (

id INT,
name VARCHAR(50)
);

This defines a table named Student with two fields: id and name.

Three Capabilities of a DBMS:

1.​ Data Definition:​

Allows users to define the structure of database objects such as tables, fields, and data
types.​
Example: Creating tables using SQL CREATE TABLE.​

2.​ Data Manipulation:​

Enables users to insert, update, delete, and retrieve data from the database using SQL
commands.​
Example: SELECT * FROM Students WHERE department = 'CSE';​

3.​ Data Security and Access Control:​

Provides user authentication, roles, and permissions to control who can access or
 modify the data.​
Example: Only HR can access employee salaries.

Chapter - 6
Section - 2 (Broad Questions-B)

B1) Tools for Obtaining Information from Big Data?

As the volume, variety, and velocity of data grow, organizations require specialized tools to
extract meaningful insights from Big Data. These tools help in storing, managing, analyzing,
and visualizing massive datasets for better decision-making. Below are some of the most
effective tools and technologies used:

1. Hadoop

Hadoop is an open-source framework that enables the distributed storage and parallel
processing of large datasets across clusters of inexpensive computers. It includes tools like

📌
HDFS (Hadoop Distributed File System) for storage and MapReduce for processing.​
Example: Yahoo and Facebook use Hadoop to manage petabytes of user data.

2. Data Warehouse

A data warehouse is a centralized repository that stores integrated data from multiple sources.
It supports advanced queries, historical analysis, and business reporting without affecting

📌
operational systems.​
Example: A company uses a data warehouse to analyze 5 years of sales performance.

3. Data Mart

A data mart is a smaller, specialized version of a data warehouse, focused on a specific

department or business function such as finance, marketing, or sales. It provides faster access

📌
to targeted data for specific users.​
Example: The marketing team uses a data mart to analyze campaign effectiveness.

4. In-Memory Computing

This tool stores data in the RAM instead of traditional disk, allowing faster data retrieval and

📌
real-time analytics. It is highly effective for processing complex queries on big datasets quickly.​
Example: Financial firms use in-memory computing for instant fraud detection.

5. Analytical Platforms
These are high-performance systems designed specifically for fast processing of structured
and unstructured big data. They often combine both relational and non-relational database

📌
tools. Examples include IBM Watson, SAP HANA, and Google BigQuery.​
Example: Retailers use analytical platforms to predict customer buying trends.

B2) How Does a DBMS Solve the Problems of the Traditional File
Environment?

A Database Management System (DBMS) addresses the limitations of the traditional file
environment by offering centralized control, consistent access, and advanced tools for data
management. Below are the major problems and how DBMS solves each of them:

1. Solves Data Redundancy​

In a DBMS, data is stored in a centralized database, which means each piece of data is stored
only once and can be accessed by multiple applications.​
Example: A customer's address is stored in one place and used by both billing and shipping
departments, eliminating duplicate records.

2. Solves Data Inconsistency​

Since data is centralized and updated in one place, all users access the most recent and
consistent data.​
Example: When an employee’s contact info is updated in the database, both HR and Payroll
systems instantly reflect the new information.

3. Removes Program-Data Dependence​

DBMS separates data structure from application programs. This means changes in the
database structure do not require changes in application code.​
Example: Adding a new column “alternate email” does not affect the payroll or attendance
software as long as they don’t use it.

4. Increases Flexibility​
DBMS supports ad hoc queries and reporting tools like SQL. Users can easily create reports
without writing new programs.​
Example: A manager can generate a sales summary by region using a simple query without
needing a developer to code it.

5. Improves Security​
DBMS provides robust security features such as user roles, access control, and data
encryption. Administrators can restrict who can view, edit, or delete data.​
Example: Only HR staff can access salary information, while other departments can view
general employee info.
6. Enhances Data Sharing and Availability​
Data in a DBMS is accessible to authorized users across departments and locations, promoting
collaboration and consistency.​
Example: The sales team and inventory department can both access real-time stock levels to
avoid over-promising to customers.

B3) Problems with the Traditional File Environment

Problems with the Traditional File Environment

1.​ Data Redundancy:​

Duplication of the same data in multiple places is a major drawback in traditional file
systems. This redundancy not only increases storage costs but also leads to
inconsistency when different versions of the same data exist across departments. As
data is stored separately by different units, any updates made in one place may not
reflect in others, causing confusion and inefficiency.
2.​ Data Inconsistency:​
When redundant data becomes outdated or modified differently in various files, it results
in data inconsistency. This means the same data item shows conflicting information in
different systems. For example, a customer’s contact number may be updated in one file
but remain old in another, leading to inaccurate reporting and poor decision-making.
3.​ Program-Data Dependence:​
In traditional systems, application programs are tightly linked with data structures. If any
change is made in the file format or structure, all programs using that data must be
rewritten. This creates a lack of flexibility and increases the cost and effort required for
maintenance.
4.​ Lack of Flexibility:​
Generating new reports or modifying existing ones is difficult in a file-based system.
Since each program is designed for specific tasks, adapting to new information needs
requires writing new code from scratch, which is both time-consuming and inefficient.
5.​ Poor Security:​
Traditional file systems offer minimal control over who can access or modify data. With
separate files maintained by different departments, ensuring consistent data protection
becomes challenging. This leads to risks of unauthorized access, data breaches, or
accidental modification.
6.​ Limited Data Sharing and Availability:​
Since files are isolated within departments, sharing data across the organization
becomes difficult. This results in duplication of efforts, delays in information flow, and a
lack of coordinated decision-making. Employees may not have timely access to data
from other departments, hindering collaboration.
 Chapter - 8
B1) Why Systems are Vulnerable?

Information systems are essential to modern businesses, but they are often vulnerable to a wide
range of threats and challenges. These vulnerabilities arise from both internal and external
factors, including hardware and software issues, human errors, and malicious attacks. Below
are some of the key reasons why systems are vulnerable:

🔹 1. Accessibility of Networks
As organizations increasingly rely on networks for communication and transactions, network
vulnerabilities have become one of the biggest threats. External access to company systems
via the internet creates potential entry points for hackers, allowing unauthorized access to
sensitive data.​
Example: A hacker exploiting a weak spot in a company's network firewall can gain access to
confidential customer data.

🔹 2. Hardware Problems
Hardware failures, including breakdowns, configuration errors, or damage from improper
use, pose significant risks to system reliability. For example, a malfunctioning hard drive can
cause data loss, affecting system performance and integrity.​
Example: A server crash due to overheating can result in data loss, downtime, and recovery
costs.

🔹 3. Software Issues
Software vulnerabilities, such as programming errors, installation mistakes, or unauthorized
changes to software, make systems prone to security breaches. These issues can be exploited
by attackers to gain control over systems or cause malfunctions.​
Example: A vulnerability in the operating system may be exploited by malware, giving attackers
unauthorized access to sensitive files.

🔹 4. Malicious Software (Malware)

Malware, including viruses, worms, trojan horses, and spyware, can disrupt system
functionality, steal data, or cause damage. Malware is often spread through email attachments,
downloads, and social media links.​
Example: A ransomware attack locks a company's files until a ransom is paid, causing
business disruption and financial loss.

🔹 5. Internal Threats
Employees, either due to negligence or malicious intent, can pose significant risks to an
organization's security. Internal threats often involve misuse of access to data or systems, or
failing to follow security protocols.​
Example: A disgruntled employee may intentionally leak sensitive customer information,
leading to a data breach.

🔹 6. Disasters
Natural disasters or human-caused incidents like floods, fires, or power outages can damage
physical infrastructure, making it difficult for organizations to recover critical data or maintain
operations.​
Example: A server room flooded during a storm may result in the loss of customer data, halting
business operations for days.

🔹 7. Use of Networks/Computers Outside of Firm’s Control

With the growing trend of remote work and mobile platforms, systems are vulnerable when
used outside the organization’s controlled environment. Portable devices like laptops or
smartphones can be lost or stolen, compromising system security.​
Example: An employee’s laptop is stolen, exposing sensitive company data stored locally.

B2) Steps of Risk Assessment & Table with hypothetical data

Risk assessment involves identifying, analyzing, and evaluating risks to determine how they will
affect an organization and to prioritize actions for mitigation. Below are the key steps in
conducting a risk assessment:

1. Identify the Risks

In the first step, the organization identifies potential threats that could impact the systems or
operations. These could be internal (e.g., employee error) or external (e.g., cyberattacks,
natural disasters).

Example:Cyberattack, Data breach,Hardware failure

2. Analyze the Risks

Once the risks are identified, they are analyzed to understand their nature, potential impact, and
the likelihood of occurrence. This helps in evaluating how each risk could affect the business.

Example:
 ●​ The risk of a cyberattack can be high in industries with sensitive data (e.g., healthcare,
finance).​

●​ Data breaches are more likely when data is stored without proper encryption.​

3. Evaluate the Risk

After analyzing the risks, organizations assess the probability of each risk occurring and the
potential impact on business operations. This is often done using a risk matrix to prioritize
risks.

Example:

●​ A high-impact risk with a high probability (e.g., cyberattack in a financial organization)

would be prioritized for mitigation.​

●​ Low-impact risks with low probability (e.g., natural disaster) may be given lower priority.​

4. Develop a Risk Mitigation Plan

A strategy is developed to mitigate the risks. This includes implementing preventive measures,
creating contingency plans, and preparing response strategies.

Example:

●​ Strengthen network security to prevent cyberattacks.​

●​ Implement data backups in case of hardware failure.

5. Monitor and Review

Risk assessment is an ongoing process. Risks, mitigation strategies, and security measures
should be regularly reviewed and updated to ensure that they remain effective and relevant.

Example:

●​ Periodically update software patches and antivirus definitions to combat new malware
threats.​

B3) What are the tools & technology for Safe guarding?

1. Firewalls
A firewall monitors and controls network traffic, acting as a barrier between trusted and
untrusted networks.​
Example: Blocking unauthorized access to internal networks.

2. Intrusion Detection Systems (IDS) / Intrusion Prevention Systems (IPS)

IDS monitors network traffic for suspicious activity, while IPS prevents and responds to potential
threats.​
Example: Blocking malicious traffic based on predefined rules.

3. Anti-malware Software

Protects systems from malicious software like viruses, ransomware, and spyware.​
Example: Scanning and removing viruses from devices.

4. Encryption

Encrypts data to ensure it remains unreadable by unauthorized users.​

Example: Using SSL/TLS to secure data transmitted over the internet.

5. Identity & Access Management (IAM)

Controls user access by verifying identities and enforcing permissions.​

Example: Implementing Two-Factor Authentication (2FA).

6. Data Loss Prevention (DLP)

Prevents unauthorized sharing or leakage of sensitive data.​

Example: Blocking emails with confidential information being sent outside the organization.

7. VPN (Virtual Private Network)

Secures remote connections by encrypting data transmitted over the internet.​

Example: Employees using VPN to access company resources securely from outside the
office.

8. Backup & Disaster Recovery

Ensures data recovery in case of system failure or disaster.​

Example: Cloud-based backups to restore data after a server crash.
For Section -1)
Encryption definition? Types of Encryption?

Encryption Definition:

Encryption is the process of converting plaintext (readable data) into ciphertext (unreadable
format) to prevent unauthorized access. Only authorized users with the decryption key can
convert it back to its original form.

Types of Encryption:

1.​ Symmetric Key Encryption:​

In this method, the same key is used for both encryption and decryption.​

○​ Example: AES (Advanced Encryption Standard)​

○​ Pros: Fast encryption/decryption process.​

○​ Cons: The key must be securely shared between parties.​

2.​ Asymmetric Key Encryption (Public-Key Encryption):​

Uses a pair of keys: a public key for encryption and a private key for decryption.​

○​ Example: RSA (Rivest-Shamir-Adleman)​

○​ Pros: No need to share private keys, making it more secure for communication.​

○​ Cons: Slower compared to symmetric encryption.​

3.​ Hybrid Encryption:​

Combines both symmetric and asymmetric encryption to optimize security and
performance.​

○​ Example: SSL/TLS encryption used for secure communication on the web.

○​

Chapter - 13
B1) 4 Organizational Changes Due to Information Systems Development

Building new information systems can lead to significant organizational changes. These
changes affect not only the technical aspects of the business but also the operational, cultural,
and managerial processes. Below are the four key types of organizational changes driven by
the development of new information systems:

🔹 1. Automation
Automation refers to the use of technology to replace manual tasks and streamline operations,
thereby improving efficiency and reducing errors. It helps organizations perform routine tasks
with minimal human intervention, freeing up resources for more value-added activities.​
Example: Automating payroll processing, where data is automatically calculated and payments
are issued without manual input.

🔹 2. Rationalization of Procedures
Rationalization involves streamlining existing processes to make them more efficient by
removing unnecessary steps, redundancies, and bottlenecks. This change is often part of
continuous improvement efforts like Total Quality Management (TQM) or Six Sigma.​
Example: Redesigning a customer service process to eliminate unnecessary approval steps,
making it faster for customers to receive support.

🔹 3. Business Process Redesign (BPR)

Business Process Redesign is the fundamental rethinking and reengineering of business
processes to achieve significant improvements in critical areas such as cost, quality, service,
and speed. This involves analyzing current processes, identifying inefficiencies, and creating
new, optimized workflows.​
Example: A company redesigning its order-to-delivery process, integrating it with an automated
inventory system to improve delivery speed.

🔹 4. Paradigm Shifts
A paradigm shift involves a major change in the fundamental business model or
organizational structure. It requires a shift in the way the organization operates, often
redefining how business is conducted and how value is delivered to customers.​
Example: A retail company shifting from brick-and-mortar stores to an e-commerce model,
requiring changes in logistics, marketing, and customer support.

B2)Steps of SDLC (Waterfall)

Waterfall Model Definition:

The Waterfall Model is a linear and sequential approach to software development, where
each phase of the SDLC must be completed before moving on to the next. It is called "Waterfall"
because the process flows in one direction, like a waterfall, from one phase to the next.

Phases of the Waterfall Model:

1.​ Requirement Analysis:​

In this phase, the system’s requirements are gathered and documented. These
requirements define what the system should do and set the foundation for the rest of the
project.​
​
Example: A company wants a new inventory management system; the requirements for
tracking stock, generating reports, and integrating with the sales system are gathered.​

2.​ System Design:​

After requirements are defined, the system’s architecture and design are planned.
This includes designing the user interface, database structure, and overall system
components.​
​
Example: Designing the layout of the inventory management software and the
database schema.​

3.​ Implementation (Coding):​

Once the design is approved, developers begin coding the system based on the design
specifications.​
​
Example: Writing the code to implement the features specified during the design phase,
such as adding products, updating stock levels, and generating reports.​

4.​ Integration and Testing:​

After coding, the system is integrated and thoroughly tested for bugs, errors, and to
ensure it meets the specified requirements.​
​
Example: Testing the inventory management system to ensure stock updates correctly,
and reports generate as expected.​

5.​ Deployment (Implementation):​

The fully developed system is deployed to the production environment and made
available to users.​
​
Example: Installing the inventory management system on user devices and configuring
it for use.​
 6.​ Maintenance:​
After deployment, the system enters the maintenance phase, where it is updated and
repaired as necessary. This phase continues until the system is retired.​
​
Example: Fixing any bugs that arise or adding new features to improve the system.

Phased Approach Definition:

The Phased Approach is a method of system development where a project is broken down into
smaller, manageable phases. Each phase is completed and tested before moving on to the
next, allowing for gradual implementation and adjustment.

Phases of the Phased Approach:

1.​ Planning & Requirements Gathering: Define system objectives and gather
requirements.​

2.​ Design & Development (First Phase): Build core system features.​

3.​ Testing & Evaluation: Test the first phase for issues and gather feedback.​

4.​ Implementation: Deploy the first phase to a small group of users.​

5.​ Subsequent Phases: Develop and deploy additional features in stages.​

6.​ Full System Implementation: Complete the final system rollout.