Upload
dinhkhuong
View
216
Download
0
Embed Size (px)
Citation preview
IMPORTANT AREAS OF CHAPTER 7
INFORMATION TECHNOLOGY REGULATORY ISSUES
Information Technology Infrastructure Library (ITIL) It is a Set of practices for IT Service Management (IT SM) for Aligning IT Services with need of business. Under
ITIL, Minimum level of competency is established. It is used to demonstrate compliance and to measure
improvement. ITIL is published in a series of 5 core publications which forms part of ITSM lifecycle stages which
are Service Strategy, Service Design, Service Transition, Service Operation and Continuous Service Improvement.
A. Service Strategy This provides guidance on clarification and prioritization of SP investments in services.
1. IT Service Generation: IT Service Management (ITSM) refers to the implementation and management of
quality information technology services and is performed by IT service providers through People, Process
and Information Technology.
2. Service Portfolio Management: It is the application of systematic management to the investments,
projects and activities of enterprise IT departments.
3. Financial Management: It aims for IT Services’ to give accurate and cost effective management of IT assets
and resources used in providing IT Services.
4. Demand Management: It is a planning methodology used to manage and forecast the demand of products
and services.
5. Business Relationship Management: It is a formal approach to understanding, defining, and supporting a
broad spectrum of inter-business activities related to providing and consuming knowledge and services via
networks.
B. Service Design
It translates strategic plans and objectives and creates the designs and specifications for execution through
service transition and operations. 1. Service Catalogue Management: It ensures Accurate details, dependencies & interfaces of all services
made available to customers.
2. Capacity Management: These support the optimum and cost-effective provision of IT services by helping
organizations match their IT resources to business demands. Deals with high level capacities like workload
management, demand management, capacity planning etc.
3. Service Level Management: They are the primary interface with customers which is responsible for
delivery of IT services.
4. Availability Management: They Addresses IT components abilities like reliability, maintainability, service
ability, resilience & security.
5. Supplier Management: Their Purpose is to obtain value for money from supplier.
6. IT Service Continuity Management: Even after a serious incident occurs organization should ensure that IT
services can recover.
7. Information Security Management: They Protect information asset from risk & maintain their value.
CA FINAL I
SCA BY C
A KARTIK
IYER
C. Service Transition
It provides guidance on managing the complexity of changes to services and to prevent undesired
consequences while seeking innovation.
1. Service Transition Planning & Support: It provides orderly transition of new & modified service
2. Change Management & Evaluation: Standardised procedure should be used for efficient handling of all
changes.
3. Service Asset & Configuration Management: The focus is on maintaining information about configuration
items required to deliver an IT service
4. Release & Deployment Management: It is done by a software migration team for platform independent &
automatic distribution of hardware & software
5. Service Validation & Testing: It focusses to ensure that deployments are meeting results & customer
expectations.
6. Knowledge Management: It is a process of capturing developing sharing and effectively using organizational
knowledge.
D. Service Operations
It provides guidance on the management of a service through its day-to-day production life. 1. Functions
a. Service Desk: It Includes incidents, request & providing as interface for other IT SM processes. Features
include single point of contact single point of entry & exit etc.
b. Application Management: It improves the overall quality of IT software development & support.
c. IT Operations: It is concerned with number of specific sub processes like database monitoring, system
monitoring etc.
d. IT Technical Support: It provides a number of specialist function like research & evaluation, market
intelligence, etc.
2. Incident Management: It assists to Restore normal service operation as quickly as possible & minimize
adverse effect on business.
3. Request Fulfilling: The focus is on fulfilling service request
4. Event Management: This may indicate that something is not functioning correctly leading to an incident
being logged.
E. Continual Service Improvement It provides guidance on the measurement of service performance through the service life-cycle, suggesting
improvements to ensure that a service delivers the maximum benefit.
It provides guidance on linking improvement efforts and outcomes with service strategy, design, and transition,
focusing on increasing the efficiency, maximizing the effectiveness and optimizing the cost of services and the
underlying IT Service Management processes.
CA FINAL I
SCA BY C
A KARTIK
IYER
Reserve Bank of India (RBI) requirements for System Controls and Audit The bank was constituted to Regulate the issue of bank notes, Maintain reserves with a view to securing
monetary stability and to Operate the credit & currency system.
A. Systems Controls 1. Duties of System Designer should not be
assigned to persons operating the system &
there should be separate persons dedicated to
system design.
2. Contingency plans in case of failure of system
should be introduced/tested at periodic
intervals
3. Control measure to protect the computer
system from attacks of unscrupulous elements
4. Uniformity of software by branches should exist
by using formal method of incorporating change
5. Board of Directors and senior management are
responsible for ensuring that an institution’s
system of internal control operates effectively
6. Annual review of IS Audit Policy or Charter
7. Banks are required to conduct a quality
assurance, atleast once every three years on
the bank’s Internal Audit including IS Audit to
validate the approach & practices adopted by
them in the discharge of its responsibilities.
B. System Audit 1. Separate IS Audit function within an Internal
Audit department led by an IS Audit Head
reporting to the Head of Internal Audit
2. Auditors will also be required to be independent,
competent and exercise due professional care
3. Independent of the auditee, both in attitude &
appearance
4. Access to information and applications
5. Right to conduct independent data inspection &
analysis
6. Professionally competent, having skills
knowledge, training & relevant experience.
Appropriately qualified, have professional
certifications & maintain professional competence.
7. IT governance, information security governance
related aspects, critical IT general controls
8. IS Audits should also cover large and medium
branches
9. A post implementation review of application
controls
CA FINAL I
SCA BY C
A KARTIK
IYER
Securities and Exchange Board of India (SEBI) requirements for System Controls and Audit The SEBI is the regulator for the securities market in India.
Information Technology Act – Refer separate sheets provided
IMPORTANT AREAS OF CHAPTER 8
EMERGING TECHNOLOGIES
A. Auditor Selection Norms {diag. part 1}
Auditor must have:
1. Atleast 3 years experience in IT audit of
Securities Industry participants
2. Experience in / Direct access to
experienced resources in the areas
covered in TOR.
3. IT Audit / Governance frameworks like
COBIT
Auditor must NOT have:
1. Conflict of Interest in conducting fair audit
of Exchange / Depository
2. Any cases pending against its previous
auditees under SEBI’s jurisdiction
B. System Audit {diagram part 2} 1. It must be conducted as per the Terms of References
(TOR) and SEBI guidelines. Auditor can perform max 3
successive audits.
2. Stock Exchange may negotiate and its board may
appoint auditors.
3. Audit schedule shall be submitted to SEBI, atleast 2
months in advance, with the scope of audit.
4. Scope of the Audit may be extended by SEBI.
5. Audit is conducted and the Audit Report is submitted
to the Auditee with specific compliance or non-
compliance issues, observations etc.
6. The Auditee management provides comment on
Non-Confirmities and observations. For each Non-
Conformity, corrective action must be taken and
reported to SEBI within 3 months.
7. After conducting follow-up audit on the correction of
Non-Conformities by the auditor, comments shall be
submitted to SEBI within 1 month of completion of
Audit alongwith Management Comments.
C. System Controls {diagram part 3} 1. Along with the Audit Report, declaration from the
MD/CEO of Stock Exchange/Depositories is required
for certifying the security and integrity of IT systems
2. Proper Audit Trail of upload / modifications /
downloads KYC data is to be maintained.
D. Audit Report Norms {diagram part 4} 1. Systems Audit Reports & Compliance Status
should be placed before Governing Body of
Stock Exchanges / Depositories.
2. Audit Report and Comments of Stock
Exchanges should be communicated to SEBI.
3. Audit Report should have explicit coverage
of each Major Area mentioned in the Terms
of Reference, Non-conformity or
Observations.
4. Qualitative inputs on ways to improve based
best practice.
What is Cloud Computing (CC)? 1. Use of computing resources as service through network
typically the internet
2. Users can access database resources via the internet from
anywhere
3. CC can be accessed using a simple front end interface like a web
browser
4. Users don’t have to worry about maintenance and
management of resources
5. Database is highly scalable and dynamic
6. CC provides service on demand over the network by accessed
shared resources and common infrastructure (ASRACI)
7. Service consumers use ‘what they need’ on the internet and
pay only for ‘what they use’
{Diagram}
CA FINAL I
SCA BY C
A KARTIK
IYER
Cloud Computing Environment Private Cloud
This CC environment resides within the boundaries of an organization and is used exclusively for the organization’s
benefits. These are also called Internal Clouds or Corporate Clouds. They are built primarily by IT departments
within enterprises, who seek to optimize utilization of infrastructure resources.
Difference between on-premise Private Cloud and Outsourced Private Cloud {MSN SloPe} On-premise Private Cloud Outsourced Private Cloud Management Managed by the organization itself. Managed by the third party.
Service level
Agreements
(SLAs)
SLAs are defined between the
organization and its users. Users have
broader access rights than general public
cloud users.
These are usually followed strictly as it is a
third party organization.
Network Network management and network issue
resolving are easier. The networks usually
have high bandwith and low latency.
The cloud is fully deployed at the third party
site and organizations connect to the third
party by means of either a dedicated
connection or through Internet.
Security and
Data Privacy
Comparatively, it is more resistant to
attacks than any other cloud and the
security attacks are possible from an
internal user only.
Cloud is relatively less secure and the security
threat is from the third party and the
internal employee.
Location The data is usually stored in the same
geographical location where the cloud
users are present.
The cloud is located off site and when there
is a change of location the data need to be
transmitted through long distances.
Performance The performance depends on the network
and resources and can be controlled by
the network management team.
The performance of the cloud depends on
the third party that is outstanding the cloud.
Characteristics of Private Cloud
1. Secure: The private cloud is secure as it is deployed and managed by the organization itself and
hence there is least chance of data being leaked out of the cloud.
2. Central Control: As usual, the private cloud is managed by the organization itself, there is no
need for the organization to rely on anybody and its controlled by the organization itself.
3. Weak Service Level Agreements (SLAs): SLAs play a very important
4. role in any cloud service deployment model as they are defined as agreements between the user
and the service provider in private cloud. In private cloud, either Formal SLAs do not exist or are
weak as it is between the organization and user of the same organization. Thus, high availability
and good service may or may not be available.
CA FINAL I
SCA BY C
A KARTIK
IYER
Public Cloud
The public cloud is the cloud infrastructure that is provisioned for open use by the general public.
Typically, public clouds are administrated by third parties or vendors over the Internet and the services
are offered on pay-per-use basis. These are also called Provider Clouds.
Advantages of Private Cloud {A2SH} Limitations of Private Cloud {BIL}
Improves average server utilization; allow usage of
low-cost servers and hardware while providing
higher efficiencies; thus reducing the costs that a
greater number of servers would otherwise entail.
Budget is a constraint in private clouds.
It is small in size and controlled and maintained by
the organization.
IT teams in the organization may have to
invest in buying, building and managing the
clouds independently. It provides a high level of security and privacy to
the user.
Private Clouds have loose SLAs.
Characteristics of Public Cloud {S↑↓o A↑✓✓✓✓}
1. Highly Scalable – The resources are large in
number and the service providers make sure
that all requests are granted.
2. Less Secure – Since it is offered by a third party
and they have full control over the cloud, the
public cloud is less secure out of all the other
deployment models.
3. Stringent SLAs – This is because the service
provider’s reputation and customer strength
are totally dependent on the cloud services.
4. Highly Available – Anybody from any part of the
world can access the public cloud with proper
permission.
5. Affordable – The cloud is offered to the public
on a pay-as-you-go basis. Hence the user has to
pay only for what he or she is using (using on a
per-hour basis).
Advantages of Public Cloud {SA2No}
1. Strict SLAs are followed.
2. It allows the organizations to deliver highly
scalable and reliable applications rapidly and at
more affordable costs.
3. It is widely used in the development, deployment
and management of enterprise applications, at
affordable costs.
4. There is no need for establishing infrastructure
for setting up and maintaining the cloud.
5. There is no limit for the number of users.
Limitations of Public Cloud {SaPo}
1. Security assurance is lacking.
2. Privacy and organizational autonomy are not
possible.
CA FINAL I
SCA BY C
A KARTIK
IYER
Hybrid Cloud The method of using the hybrid cloud is to have a private cloud initially, and then for additional
resources, the public cloud is used. The hybrid cloud is like a private cloud extended to the public cloud
and aims at utilizing the power of the public cloud by retaining the properties of the private cloud.
Community Cloud It may be owned, managed, and operated by one or more of the organizations in the community, a third
party or some combination of them, and it may exist on or off premises. In this, a private cloud is shared
between several organizations.
Characteristics of Hybrid Cloud {S3Ccm} 1. Scalable - The hybrid cloud has the property of public cloud with a private cloud environment
and as the public cloud is scalable; the hybrid cloud with the help of its public counterpart is also
scalable.
2. Partially Secure - The private cloud is considered secured and public cloud has high risk of
security breach. The hybrid cloud thus cannot be fully termed as secure but as partially secure. 3. Stringent SLA - Overall the SLAs are more stringent than the private cloud and might be as per
the public cloud service providers.
4. Complex Cloud Management - Cloud management is complex as it involves more than one type
of deployment models and also the number of users is high.
Advantages and Limitations of Hybrid Cloud Advantages – {SB}
1. It is highly scalable and gives the power of both private and public clouds.
2. It provides better security than the public cloud.
Limitations – {SC}
1. Security features are not as good as the private cloud.
2. It is complex to manage.
Characteristics of Community Clouds {CdPC}
1. Collaborative and Distributive Maintenance
No single company has full control over the whole
cloud. This is usually distributive and hence better
cooperation provides better results.
2. Partially Secure
In this few organizations share the cloud, so there is
a possibility that the data can be leaked from one
organization to another, though it is safe from the
external world.
3. Cost Effective
As the complete cloud is being shared by several
organizations or community, not only the
responsibility gets shared; the community cloud
becomes cost effective too.
Advantages of Community Cloud
1. It allows collaborative work on the
cloud.
2. It allows sharing of responsibilities
among the organizations.
3. It has better security than the public
cloud.
4. It allows establishing a low-cost
private cloud.
Limitation of Community Cloud
1. It is not suitable in the cases where
there is no collaboration.
2. Autonomy of the organization is
lost
3. Security features are not as good as
the private cloud CA FINAL I
SCA BY C
A KARTIK
IYER
Cloud Computing Service Models CC is a model that enables the end users to access the shared pool of resources such as compute, network,
storage, database and application as an on-demand service without the need to buy or own it. The services are
provided and managed by the service provider, reducing the management effort from the end user side. The
National Institute of Standards and Technology (NIST) defines three basic service models –
Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
IaaS It’s a hardware-level service, provides computing resources such as processing power, memory, storage and
networks for cloud users to run their application on-demand. This allows users to maximize the utilization of
computing capacities. Examples of IaaS providers include Amazon Web Services (AWS), Google Compute Engine.
{Diagram}
Services provided by a typical IAAS provider
1. Compute : Computing as a Service includes
virtual Central Processing Inputs (CPUs) and
virtual main memory for the Virtual
Machines (VMs) that are provisioned to the
end users.
2. Storage : STaaS provides back-end storage
for the VM images. Some of the IaaS
providers also provide the back end for
storing files.
3. Network : Network as a Service (NaaS)
provides virtual networking components
such as virtual router, switch, and bridge
for the VMs. 4. Load Balancers : Load balancing as a
Service may provide load balancing
capability at the infrastructure layer.
Characteristics of IaaS
1. Centralised Management
Management console can control resources so
that it ensures effective resource management
and effective resource utilization.
2. Elasticity and Dynamic Scaling
IaaS services can provide the resources and
elastic services where the usage of resources
can be increased or decreased according to the
requirements.
3. Web access to the resources
It enables the IT users to access infrastructure
resources over the Internet.
4. Shared Infrastructure
It follows a one-to-many delivery model. It
allows multiple IT users to share the same
physical infrastructure.
5. Metered Services
It allows the IT users to rent the computing
resources and they are charged based on usage.
Different Instances of IaaS 1. Network as a Service (NaaS) – It provides users with needed data communication capacity to
accommodate bursts in data traffic such as video conferencing or large file downloads. Eg. VPN, MNV
2. Storage as a Service (SaaS) - It allows the end users to access the files at any time from any place. The
provider provides the virtual storage that is abstracted from the physical storage of any cloud data center.
3. Database as a Service (DBaaS) – It provides users with seamless mechanisms to create, store and access
databases at a host site on demand.
4. Backend as a Service (BaaS) - provides web and mobile app developers a way to connect their
applications to backend cloud storage with added services like push notifications, user management etc.
5. Desktop as a Service (DTaaS) - DTaaS is a pay-per-use cloud service delivery model in which the service
provider manages the back-end responsibilities of data storage, backup, security and upgrades.
CA FINAL I
SCA BY C
A KARTIK
IYER
PaaS
PaaS provides the users the ability to develop and deploy an application on the development platform provided
by the service provider. In traditional application development, the application will be developed locally and will be
hosted in the central location. For eg. Google AppEngine, Windows Azure Compute etc.
SaaS SaaS provides ability to the end users to access an application over the Internet that is Hosted and managed by
the service provider. SaaS changes the way the software is delivered to the customers. Since SaaS is delivered as
an on-demand service over the Internet, there is no need to install the software to the end-user’s devices.
Characteristics of PaaS {ABCD WO}
1. All in one - Most of the PaaS providers offer services like
programming languages to develop, test, deploy, host and maintain
applications in the same Integrated Development Environment
(IDE).
2. Built-in Scalability - PaaS services provide built-in scalability to an
application that is developed. This ensures that the application is
capable of handling varying loads efficiently.
3. Collaborative Platform - To enable collaboration among
developers, most of the PaaS providers provide tools for project
planning and communication.
4. Diverse Client Tools - PaaS providers offer a wide variety of client
tools like Web User Interface (UI), Application Programming
Interface (API) etc. to help the developers to choose the tool of
their choice.
5. Web access to the development platform - PaaS provides web
access to the development platform that helps the developers to
create, modify, test and deploy different applications on the same
platform.
6. Offline Access - To enable offline development, some of the PaaS
providers allow the developer to synchronize their local IDE with
the PaaS services. The developers can develop an application locally
and deploy it online whenever they are connected to the Internet.
Services Provided {PADO}
1. Programming Languages -
PaaS providers provide a
wide variety of programming
languages like Java, Python
etc. for the developers to
develop applications.
2. Application Frameworks -
PaaS vendors provide
application development
framework like WordPress,
Sinatra etc. for application
development.
3. Database: PaaS providers
provide some of the popular
databases like ClearDB,
Cloudant etc. so that
application can
communicate with the
databases.
4. Other Tools: PaaS providers
provide all the tools that are
required to develop, test and
deploy an application.
Characteristics of SaaS {Diagram}
1. Centralised management: Since SaaS are hosted and managed from central location, the SaaS providers
perform the automatic updates to ensure that each customer is accessing the most recent version of the
application without any user-side updates.
2. Better scalability: Most of the SaaS services can leverage PaaS and IaaS for its development and
deployment and ensure a better scalability than traditional software.
3. Web Access: SaaS services allow the end users to access the application from any location of the device
through the internet.
4. One to Many: SaaS is delivered as one-to-many models where a single instance of the application can be
shared by multiple customers.
5. Multi-device support: SaaS services can be accessed from any end user devices such as desktops, laptops,
smartphones etc.
6. High Availability: SaaS ensures 99% of availability of user data as back-up and recovery.
7. API Integration: They have the capability to integrate with other software / service.
CA FINAL I
SCA BY C
A KARTIK
IYER
Services provided by SaaS
1. Business Services: SaaS providers provide business
services to startup companies that includes ERP,
CRM, billing, sales, and human resources.
2. Social Networks: As users of the social networking
sites are increasing exponentially, cloud computing
is the perfect match for handling the variable load.
3. Document Management: Most of the SaaS
providers provide services to create, manage, and
track electronic documents.
4. Mail Services: To handle the unpredictable
number of users, most of the email providers offer
their services as SaaS services.
The different instances of SaaS
Testing as a Service (TaaS) : This provides users
with software testing capabilities such as
generation of test data, generation of test cases,
execution of test cases and test result evaluation
on a pay-per-use basis.
Email as a service (EaaS) : This provides users with
an integrated system of emailing, office
automation, records management, migration, and
compliance features.
API as a service (APIaaS) : This allows users to
explore functionality of Web services such as
Google Maps, Payroll processing, and credit card
processing services etc.
Characteristics of CC {Girl magician On-Stage story}
1. Pay per use mode: SLAs between the provider and the
user must be defined. APIs may be offered to the users
so they can access services on the cloud. 2. Multi-sharing: With the cloud working in a distributed
and shared mode, multiple users and applications can
work more efficiently with cost reductions.
3. High scalability: Cloud environments enable servicing of
business requirements for larger audiences, through
high scalability.
4. Performance: It is monitored and consistent and loosely
coupled architectures are constructed using web
services as the system interface. 5. Maintenance: The cloud computing applications are
easier, as they are not to be installed on each computer. 6. High availability and reliability: High Availability of
servers minimizes chances of infrastructure failure.
7. Agility: The cloud shares resources among users and
tasks in a ‘distributed mode ‘environment.
8. Virtualisation: By easy migration from one physical
server to another, it allows servers and storage devices
to increasingly share and utilize applications.
Advantages of CC {GM backstage story} 1. Cost effectively: CC is the most cost
efficient method as there are many one-
time-payments, pay-as-you-go basis etc.
2. Easy access to information: One can access
the information from anywhere, where
there is an Internet connection.
3. Quick deployment: In this method of
functioning, the entire system can be fully
functional in a matter of a few minutes.
4. Unlimited storage: There is no worry about
running out of storage space or increasing
the current storage space availability.
5. Backup and recovery: In cloud, backing the
data and restoring the same is relatively
much easier than on physical device.
6. Automatic Software Integration: In the
cloud, software integration occurs
automatically. This means that we do not
need to take additional efforts to customize
and integrate the applications.
Challenges in CC {GM and Boyfriend story} 1. Confidentiality - Prevents unauthorized disclosure of data
2. Integrity - Prevents unauthorized modification of data
3. Availability - No withholding and fully available
4. Governance - Control should be kept using policies, procedures and standards
5. Trust - Trust should be there between user and cloud provider
6. Audit - To check what is happening in cloud environment
7. Identity management - Secure identity, authentication and authorisaiton
8. Software isolation - Virtualisation and logical isolation of different tenants
9. Privacy - Embedded in each phase of cloud designing
10. Data stealing - If server is used from other service provider, then it is less secured
11. Incident response - Transparent, response process and sufficient sharing mechanism after incident
12. Application security - General security issues of application
13. Architecture - Control over security and privacy
14. Legal issues and compliance - Understanding of various laws
CA FINAL I
SCA BY C
A KARTIK
IYER
Important Approaches of SDLC Incremental Model
The product is decomposed into a number of components, each of which are designed and built
separately (termed as builds). This model of development also helps to ease the traumatic effect of
introducing completely new system all at once. In Incremental Model, a little more is added each time.
1. Series of mini-waterfalls are performed. One part is completed with all phases & then next
increment is started.
2. Overall requirements are defined.
3. Initially waterfall approach is used and then it is followed by Iterative prototyping.
Strengths Weaknesses
1. Continuous knowledge is gained from earlier increment for
developing later increments.
2. Moderate control is maintained through written
documentation and approval/signoff is taken at major
milestones.
3. Concrete evidence of progress is provided to stakeholders.
4. It is More flexible and less costly to change requirements.
5. It Mitigates risk related to integration and architecture.
6. It provides Delivery of series of implementations i.e.
gradually more complete and can go into production after
release.
1. Lack of overall consideration of
the business problem and
technical requirements for the
overall system.
2. Each phase is Rigid and do not
overlap
3. System Architectural problem
arise because all requirements
are not gathered upfront.
4. Work completed much earlier
than others.
Pertinent / Implementation / Adaptation Issues in Cloud Computing {ThEft of USHI} 1. Threshold Policy: This involves checking how the policy enables to detect sudden increases in the demand
and results in the creation of additional instances to fill in the demand. Also, how unused resources are to
be de-allocated and turned over to other work needs to work out in the context.
2. Environmental Friendly CC: It refers to reducing the number of hardware components needed to run
applications on the company's internal data centre and replacing them with cloud computing systems
reduces energy for running and cooling hardware. 3. Unexpected Behaviour: It is important to test the application in the cloud. Examples of tests include how
the application validates credit cards, and how, in the scenario of the buying crunch, it allocates resources
and releases unused resources, turning them over to other work. 4. Software Development Cloud: To develop software using high-end databases, the most likely choice is to
use cloud server pools at the internal data corporate centre and extend resources temporarily for testing
purposes. This allows project managers to control costs, manage security and allocate resources to clouds
for a project. The cost per hour or usage with the development cloud is most likely lower than the
production cloud, as additional features, such as SLA and security, are allocated to the production cloud. 5. Hidden Cost: Like any such services in prevailing business systems, cloud computing service providers do
not reveal ‘what hidden costs are’. For instance, companies could incur higher network charges from their
service providers for storage and database applications containing terabytes of data in the cloud.
6. Interoperability: If a company outsources or creates applications with one cloud computing vendor, the
company may find it difficult to change to another computing vendor that has proprietary Application
Programming Interfaces (APIs) and different formats for importing and exporting data.
CA FINAL I
SCA BY C
A KARTIK
IYER
7. Gradual implementation provides ability to monitor and
make adjustments before organization is negatively
impacted.
5. It is Difficult to demonstrate
early success to the
management.
Rapid Application Development (RAD Model)
1. Key objective is Fast Development and delivery of High Quality system at low cost.
2. In RAD, we try to Break the project into smaller segments for ease of change. 3. RAD aims to produce high quality systems using Graphic User Interface (GUI) builders, Computer Aided
Software Engineering (CASE) tools, Database Management Systems (DBMS) etc. 4. Emphasis of RAD is on fulfilling business needs is more important than engineering excellence.
5. RAD includes “Joint Application Development”, where users are intensely involved in system design.
6. In RAD, delivery deadlines or “timeboxes” are defined. If the project starts to slip, emphasis is on
reducing requirements to fit the timebox.
7. Iteratively produces production software, as opposed to a throwaway prototype.
Spiral Model The Spiral model is a software development process combining elements of both design and prototyping-in-
stages. The spiral model is intended for large, expensive and complicated projects. Game development is an area
where the spiral model is used and needed because of the size and the constantly shifting goals of large projects.
List of features of spiral model are:
1. New system requirements are defined in as much detail as possible by usually by interviewing internal and
external users.
2. Preliminary design is created wherein All possible alternatives are considered and All possible risks are
considered.
3. 1st prototype is constructed which is usually a scaled-down system. This is an approximation of the
characteristics of the final product.
4. 2nd prototype is evolved by
- Evaluating 1st prototype in terms of {SWaR} Strengths, Weaknesses and Risks
- Defining requirements of 2nd prototype
- Planning and Designing 2nd prototype
- Constructing and Testing 2nd prototype
Strengths Weaknesses
1. It is available much earlier than Waterfall,
Incremental or Spiral frameworks.
2. RAD produces systems more quickly and is
business focused.
3. Quick initial reviews are possible.
4. RAD encourages customer feedback.
5. Users gain a sense of ownership of a system.
Developers get satisfaction from producing
successful systems quickly.
6. User viewpoint is concentrated regarding essential
system elements.
7. There is a Tighter fit between user requirement &
system specifications
1. Quality may be affected due fast speed & low
cost.
2. Project may end up with more requirements than
needed (gold-plating).
3. More features are added to the system over the
course of development.
4. Inconsistent designs within & across system can
occur.
5. Violation of programming standards maybe
caused.
6. Formal reviews and audit are more difficult to
implement.
7. Tendency for difficult problems to be pushed to
the future to demonstrate early success to
management.
CA FINAL I
SCA BY C
A KARTIK
IYER
Strengths {RaOde Mix} Weaknesses {ECoSkiNo}
1. It enhances Risk Avoidance
2. It is useful for Optimal
Development of Software
based on project risk.
3. It is a Mix of Waterfall,
Prototyping and.
Incremental methodologies.
1. Exact composition of development methodologies is difficult to determine
in Spiral approach.
2. Quite complex and limits re-usability as it may be customized to each
project.
3. Spiral Model requires skilled and experienced project manager to
determine how to apply it to any given project.
4. There are no firm deadlines with risk of not meeting the budget/schedule.
5. No established controls exist for moving from one cycle to another cycle.
CA FINAL I
SCA BY C
A KARTIK
IYER