some people have proposed establishing legal standards and regulations to govern safety-critical computer based systems.
Give and explain a few of the best arguments for and against such a proposal (at least two on each side). Give counter-arguments against the arguments for each side.
For any system standardization enhances and leads to a systematic functioning of it. Rules, policies, regulations are always essential for providing a robust system. In this case where the same standards, rules and regulations are depicted to govern critical computer based systems which is a safety system that is used to control the critical areas in several fields like infrastructure, medicine, nuclear engineering, transport etc. These systems perform functionalities in the intensive care area (medicine), controlling nuclear chain reactions (nuclear engineering etc). But one should know how to utilize these systems and thus these legal standards and regulations serves this purpose to a greater extent. However, there is a controversy behind this proposal of establishing the legal standards which lead to several arguments.
Arguments for the proposal
Legal standards always play a key role which makes to follow the rules of the system, thus leading the user to utilize the system in a right way to a maximum extent. Not only that, it also depicts the limitations of the system in different aspects of management, protection and regulation.
Several illegal activities can be avoided through these legal standards. Several problems which involve complexity issues, incursions and the most common problem of hacking can be avoided through these legal standards.
Arguments against the proposal
There have been arguments against the proposal which stated that these legal standards may obstruct the utilization of the optimum potential of these critical systems. They depicted that these legal standards does not allow achieving the goals and takes away the wanted freedom in the organization.
Thus these standards may cause lot of problems and leads to several malfunctions which may disrupt the effective functioning of the organization and results headaches to the administrators.
Counter Arguments for the proposal
Today technologies have developed to a greater extent. Many security topologies have been introduced. But the counter advancements are also developed to break these security topologies. Thus though these legal standards are depicted for the welfare of the organization, it is the fact that it is prone to several threats respectively.
These legal standards, as depicted earlier, obstructs many functionalities which are needed in case of emergency situations. Thus it results in a back step to take effective decisions at the right time in difficult situations.
Counter Arguments against the proposal
Emergency situational standards should be well designed and should be accumulated in the policy of the proposal so that there would not be future problems. The policies should have the flexibility to update accordingly after encountering bad experiences so that those situations do not arise in future.
Describe two provisions that may be included in such regulations. How effective do you feel each provision would be?
The provisions should be made to manage protect and regulate these safety critical computer based systems.
First Provision: The first provision should always focus on the technical administrators who manage these systems and as well as the supporting staff. This is mandatory because the technical administrator is the one who knows these systems to a maximum extent and thus it is necessary to have well trained technical administrators to maintain and manage these systems systematically. Thus complete responsibility lies on this staff and any incursions if aroused, they can be blamed. Thus the first provision should be on the administrators who are completely responsible to protect the information and ensure the authentication of the system.
Second Provision: Second provision should be made on the supervisors who are responsible for taking effective decisions on the emergency situations. This provision is completely related to the higher officials who are responsible for the regulation of the organizations and also orders the technical staff to work according to the situations. In case of any havocs they are the ones who take effective decisions and react to the situation accordingly. Thus this provision is apt enough which focus on the supervisors of the organization who is completely responsible for taking effective decisions through their orders and the effective functioning of the safety critical computer based systems through the technical staff support.
Q2) For the following scenario, identify at least 3 stakeholders. List at least 2 possible actions. How would each possible action affect each of the 3 stakeholders (give at least one possible consequence for each stakeholder and each possible actions - 6 total)? Which action would you take? Why?
The stakeholders identified in the scenario are the lead developers, the project managers, the company owner and the customers. As here it is necessary to mention only 3 stakeholders, I personally feel that the company owner, the programmers and the customers are the three important stakeholders.
Developers:
Since the programmers are subjected to a very less amount of time to perform the actions completely and effectively may not be possible for them. Since the owner was impressed to launch the product in a customer tradeshow which is four months ahead and thus the developers have only two months time for marketing and packing the product and who months for testing it.
So this situation results in a total mess up as it is required to deploy the product as soon as possible. If any issues arise or the customer points out any unsatisfactory comments then the owner is completely responsible for that as the developers have no responsibility.
If the product goes well in the market without much of the issues, then the whole credit should be given to the developers who are responsible for deploying the product on time effectively without any major issues.
Company Owner
As the owner is very much impressed about the customer tradeshow and wanted to launch the product in it, it can be said that he is aware about the show completely and he also know the benefits and the profits which he can get if his product is launched in that particular show.
It is naturally a crucial and a risk taking decision and he has the option to take a decision which is good for the company. Thus due to his decision, he is completely responsible for any degradation that may encounter after launching the product.
Customers
The customers have their own option to analyze the product and come to a decision whether they need to buy the product or not.
They have to follow all the norms while using the product and any illegal activities should not be committed by them through the product. The owner is not responsible if the customers perform any illegal activities through the product.
But the customers have the right to question the owner if the product is not functioning properly. They are allowed to take appropriate actions.
Consequences that affect each stake holders
Developers
Since the original alpha and beta phases are cut down to a greater extent, it may not be possible for the developers to design a robust product in a very little span of time. Since the product is subjected to a little phase of testing the software may not resist or last for long.
Owner
The owner is completely responsible if the product doesn't go well in the market. Due to his risk taking decision to launch the product much sooner, cut downs the development stage of the product. If the product goes well in the product then the credit should be given to the developers who worked very hard to deploy a minimum robust product in a less span.
Consumers
Since the developers worked overtime to cover up the developing stage of the product and to enhance testing, the product may be fruitful by chance or may not. The customers can question the owner and they have every right to claim if they face any problems with the product. I strongly feel that the customers may experience minimum quality of the product.
Q3)
Describe the role the manufacturer, the hospitals/clinics, and the programmer each played in the Therac-25 radiation overdose incidents.
Therac-25 is a radium therapy machine which is used to treat cancer patients and this device was introduced by the Atomic Energy of Canada Limited. This is not a new machine as there were previous versions like therac-6 and therac-20. The role of the manufacturer, the hospitals/clinics and the programmer played crucial role in the overdose incidents of therac-25 as it can be understood that without their negligence or involvement such a continuous occurring of disasters may not be possible.
Role of the manufacturer in the Therac-25 radiation disaster
The manufacturer is a crucial victim of this therac-25 radiation disaster as he neglected to check the functionality of the device. His role was to test the device, check the errors, correct it and then launch the device. But, this did not happen. This is considered as a very serious issue as it is related to the medical sciences and it involve the health of the patients. The negligence factor by the manufacturer was discovered at the compatibility corner where he neglected to check the compatibility in a new version or in the new software platform. Thus this resulted in therac-25 radiation disaster.
Hospitals/Clinics
The hospitals and clinics had obviously had the role in the therac-25 radiation disaster. Without their contribution this disaster would not have been possible. Hospital officials neglected many errors that showed up during the practical curing of the patients. In other words they did not perform their duties correctly. Though patients complained that they were facing severe problems after the treatment the hospital officials covered up and convinced the patients and not even bothered to check what the problem is and what the reasons for those side effects are. Thus they were very much irresponsible and contributed to the therac-25 disaster to a greater extent.
Programmer
The therac-25 is an enhanced version of therac-20. But the programmer did not even bother to check the compatibility of the software as the software used for therac-25 device was the same, which is used for therac- 20. Thus the programmer neglected to check the compatibility of the software as he felt that the software of therac- 20 would effectively fit for the therac-25. This practically did not happen and thus led to the radiation disaster which took many lives. It is a minimum responsibility and a common sense to check or test a product before deploying it or before implementing it. Thus not only the programmers, it's the role of every individual or the associates of the medical sciences, the manufacturers etc contributed to the therac-25 radiation disaster.
b) Briefly describe the major factors that contributed to the failure of each of the following: the Denver Airport baggage system failure, the Ariane 5 rocket malfunction, and an A320 Airbus crash
A) Factors that contributed to the Denver Airport Baggage System:
Denver baggage system implemented the existing baggage system of Frankfurt. The Frankfurt system was small when compare to Denver airport in size. They were least bothered and they focused on the functionality and thus they encountered several issues which delayed the effective functioning of the airport.
The baggage delivery calculations went wrong in this case as there were compatibility issues which are obvious when a small size compatible system wants to fit into a large size system.
The software was not supportive, so as the design which raised several issues thus stopping the functionality of the airport.
Factors that contributed to the failure of Airane 5 rocket
This case was also due to the inability of the functionality of the software. As in the therac- 25 case the software of the previous version was used and tried to implement it in the newer version which practically did not work out.
The Airane 5 rocket was designed to support high speed unlike the Airane 4 rocket.
Thus the calculations were messed up. The software which is used to perform several velocities related and other speed related calculations was performing late when embedded in Airane 5 rocket which resulted in the stoppage of the entire system.
Factors that contributed to the failure of A320 Airbus crash
This disaster occurred as the pilots did not have adequate knowledge of the system. The report said that it was a human error. But in fact there were some technical issues which aroused in the system and the pilots were not aware of it.
The traffic system was messed up and was very complex to manage and when issues aroused, it became even tougher to understand and handle the system.
The Airbus has landing issues and speeding issues and the signals which are emitted at certain situations were not understood by the pilots and the system failed to respond to those signals thus leading to a poor functioning of the system.
Factors that would have prevented these disasters
Therac-25
Therac-25 would have been prevented if the programmer had checked the compatibility of the software and then proceed for the implementation
It would have been prevented if the hospital staff did their work correctly without exhibiting any negligence.
It would have been prevented if the manufacturer has tested it and ensure the safety of launching the device.
Denver baggage system
It would have been prevented if the airport personnel realized that the Denver airport is a lot bigger airport than the Frankfurt airport and the baggage system of Frankfurt cannot be implemented in the Denver airport system.
Prior realization and testing or the sample implementation may have prevented this failure.
Ariane 5 rocket disaster
The same negligence was exhibited by the programmers as they did not test the software, but directly implemented the Ariane 4 software in the Ariane 5 rocket.
If the programmers have made the testing and designed the software that worked for all numbers and depicts the global functionality for all systems.
Airbus A320 disaster
This disaster would have prevented if the pilots knew the system completely. If the pilots are subjected to skilful training then this disaster would be definitely avoided.
If the traffic control system is designed in such a way that it is easy to handle and if there is a supportive airbus staff to handle emergency situations and they if are effectively utilized, then this disaster would have been definitely prevented.
4. Recall the computer models developed to predict the change in health care costs that would result if the U.S. adopted a Canadian style national health plan and the computer models developed to determine if reusable (cloth) diapers are better for the environment than disposable diapers. In both cases the results from multiple models varied widely. For each, give three reasons why the results varied.
A) The Canadian style health plan is emerged with the help of three computer models which depicted the technological roots and the corresponding estimations. These two models have own fluctuations and have also varied the health care costs. The first model estimates drastically increased the costs of health care and same is the case with the second computer model. The third computer model estimates diminished the health costs to a greater extent. Each computer model has its own estimations and its own strategies which helped in its development and lead to determine the fluctuations and the results of the health care costs and its changes. As the first two models increased the health care costs because it could not make the right estimations in critical areas.
Reasons
The design decisions could not be made effectively with these first two computer models. Moreover it could not analyze the system and its technical issues. There were practical issues which could not be recognized and could not be solved effectively. Whereas the third model estimates diminished the health care costs and thus had a different prediction and approach on health care costs so thus there was a contradiction in the design decisions and selection and the health plan estimates and policies varied accordingly.
The computer models developed to decide between the reusable cloth diapers and disposable diapers and many assumptions or estimations were made during the development of these models. I personally feel that reusable diapers are better for the environment than disposable diapers as there are many disadvantages of using disposable diapers. Disposable diapers may involve chemicals and their decomposition may affect the environment causing pollution and other harmful effects. So this resulted to consider the estimations and consequences that may result if these disposable diapers are used. Thus research was being made on the areas like what chemicals are used for designing disposable diapers, the usage of the diapers and the corresponding harmful effects caused by it.
5.
a) Briefly define identity theft.
The illegal activity which embezzles others personal, identifying information for their own profits is known as identity theft. Personal information is nothing but the social security number, credit card and bank account numbers, usernames, passwords etc. These identity thefts are committed by cyber crime groups or other crazy individuals.
b) Describe two techniques criminals can use to gather the information they need to steal an identity.
There are many ways of identity theft techniques which are used by the criminals to steal an identity. They are phishing, mail theft, hacking, dumpster driving etc. I personally feel that phishing and hacking are the most common techniques used by the hackers to steal an identity.
Phishing
The consumers are deceived through the duplicate emails and websites that are created by the criminals which resembles usually genuine business and the consumers are thus deceived by the e-mail and on clicking the link, he is directed to the criminal's website and thus his identity is trapped by the criminals. This technique is most commonly used by the criminals
Hacking
Hacking is the other common technique used by the criminals to trap the individual's identity. The criminals through different hacking programs and procedures have the ability to break the security code and enter into personal computer databases, credit card processors, and payment gateway service providers to gather personal information to be used for fraudulent purposes.
Describe two ways a person can protect their identity.
An individual has many ways to protect himself from identity theft. The following are a few precautions that should be taken by an individual to protect him from identity theft.
Do not ever respond to unidentified or unknown e-mails or telephone calls which ask you for the personal information such as SSN, passwords or bank account numbers etc.
Be sure that when your card is swiped for processing, the information on the magnetic stripe is not copies through a skimming device.
Use good spyware filters, antivirus, e-mail filters and firewall programs to protect your computers from intruders and make sure that while online transactions 'padlock' icon on your browser status bar is turned on to ensure that the transactions are carried out securely.
d) Describe two ways a business can protect its customers from identity thieves.
It's the primary responsibility of the businesses to guide and educate their customers regarding the identity theft scams that occur most commonly. They should provide the precautions that the customers should take while doing online transactions. Phishing is the common identity theft technique related to businesses which is used by the criminals to grab individual's personal information. They generally use exciting statements to attract customers to respond quickly. So, proper guidelines by the businesses to the customers may lead to effective protection from identity thefts.
There should be secured payment methods and procedures for the online transactions like paying bills, shipping transactions which involve personal information of the customers. Effective secured tools should be implemented for safe transactions to avoid identity thefts to a maximum extent.
