Comp 1 Project

download Comp 1 Project

of 13

Transcript of Comp 1 Project

  • 8/11/2019 Comp 1 Project

    1/13

    National Instant Criminal Background CheckSystem

    The National Instant Criminal Background Check System(NICS) is aU.S.system fordetermining if prospective firearms or explosives buyers are eligible to buy. It was mandated bytheBrady Handgun Violence Prevention Act(Brady Law) of 1993 and launched by theFederalBureau of Investigation(FBI) in 1998.

    After a prospective buyer completes the appropriate form, theFederal Firearms Licensee(FFL)initiates the background checkby phone or computer. Most checks are determined within minutes,but the FBI has up to three business days to make a determination. After that, the transfer maylegally proceed anyway.

    Background checks are not required for transfers between private parties. After the 1999ColumbineHigh School massacrethere were many calls to close the "gun show loophole": to create a federallaw making all gun-show gun sales - whether by FFLs or private parties - subject to backgroundchecks. No such law was passed. After the 2012Sandy Hook Elementary School shootingtherewere morecalls to create a federal "universal background check" law, making all gun sales (not just

    gun-show sales) subject to background checks. No such law was passed.

    Background

    Running background checks was discussed as early as the 1930s. TheGun Control Act of1968(GCA) mandated that individual and corporate firearms dealershave aFederal FirearmsLicense(FFL). It also created a system for keeping prohibited persons from buying guns that reliedupon buyers answering a series of "yes/no" questions such as, "Are you a fugitive from justice?".However, sellers, including FFL dealers, were not required to verify the answers.

    Coordinated efforts to create a national background check systemdid not materialize until after theMarch 1981assassination attempt on President Ronald Reagan.White House presssecretary,James Brady,was seriously wounded in the attack, and afterward his wife,Sarah Brady,

    spearheaded the push to pass the Brady Handgun Violence Prevention Act (Brady Act) of 1993.When signed into law in November of that year, the Brady Act included a GCA amendment thatcreated the National Instant Criminal Background CheckSystem (NICS).

    The Brady Act mandated that FFL dealers run background checks on their buyers. At first, the lawapplied only to handgun sales, and there was a waiting period (maximum of five days) toaccommodate dealers in states that did not already have background check systems in place. Thosedealers were to use state law enforcement to run checks until 1998, when the NICS would becomeoperational and come into effect. In 1997, the Supreme Court ruled against the five-day waitingperiod, but by 1998 the NICS was up and running, administered by the FBI, and applied to allfirearms purchases from FFL dealers, including long guns.

    How it worksNICS?

    After the prospective buyer completes and signs a Firearms Transaction Record (ATFForm4473), the FFL contacts the NICS by telephone or Internet. When the background check is initiatedthree databases are accessed: theNational Crime Information Center(NCIC), theInterstateIdentification Index(III), and the NICS Index. According to the FBI, checks are usually determinedwithin minutes of initiation. If there is no match in any of the checked databases, the dealer iscleared to proceed with the transfer. Otherwise, the FBI's NCIS Section must contacttheappropriate judicial and/or law enforcement agencies for more information. Per the Brady Act, the

    http://en.wikipedia.org/wiki/United_Stateshttp://en.wikipedia.org/wiki/United_Stateshttp://en.wikipedia.org/wiki/United_Stateshttp://en.wikipedia.org/wiki/Brady_Handgun_Violence_Prevention_Acthttp://en.wikipedia.org/wiki/Brady_Handgun_Violence_Prevention_Acthttp://en.wikipedia.org/wiki/Brady_Handgun_Violence_Prevention_Acthttp://en.wikipedia.org/wiki/Federal_Bureau_of_Investigationhttp://en.wikipedia.org/wiki/Federal_Bureau_of_Investigationhttp://en.wikipedia.org/wiki/Federal_Bureau_of_Investigationhttp://en.wikipedia.org/wiki/Federal_Bureau_of_Investigationhttp://en.wikipedia.org/wiki/Federal_Firearms_Licensehttp://en.wikipedia.org/wiki/Federal_Firearms_Licensehttp://en.wikipedia.org/wiki/Federal_Firearms_Licensehttp://en.wikipedia.org/wiki/Columbine_High_School_massacrehttp://en.wikipedia.org/wiki/Columbine_High_School_massacrehttp://en.wikipedia.org/wiki/Columbine_High_School_massacrehttp://en.wikipedia.org/wiki/Columbine_High_School_massacrehttp://en.wikipedia.org/wiki/Gun_show_loopholehttp://en.wikipedia.org/wiki/Gun_show_loopholehttp://en.wikipedia.org/wiki/Gun_show_loopholehttp://en.wikipedia.org/wiki/Sandy_Hook_Elementary_School_shootinghttp://en.wikipedia.org/wiki/Sandy_Hook_Elementary_School_shootinghttp://en.wikipedia.org/wiki/Sandy_Hook_Elementary_School_shootinghttp://en.wikipedia.org/wiki/Gun_Control_Act_of_1968http://en.wikipedia.org/wiki/Gun_Control_Act_of_1968http://en.wikipedia.org/wiki/Gun_Control_Act_of_1968http://en.wikipedia.org/wiki/Gun_Control_Act_of_1968http://en.wikipedia.org/wiki/Federal_Firearms_Licensehttp://en.wikipedia.org/wiki/Federal_Firearms_Licensehttp://en.wikipedia.org/wiki/Federal_Firearms_Licensehttp://en.wikipedia.org/wiki/Federal_Firearms_Licensehttp://en.wikipedia.org/wiki/Attempted_assassination_of_Ronald_Reaganhttp://en.wikipedia.org/wiki/Attempted_assassination_of_Ronald_Reaganhttp://en.wikipedia.org/wiki/James_Bradyhttp://en.wikipedia.org/wiki/James_Bradyhttp://en.wikipedia.org/wiki/James_Bradyhttp://en.wikipedia.org/wiki/Sarah_Bradyhttp://en.wikipedia.org/wiki/Sarah_Bradyhttp://en.wikipedia.org/wiki/Sarah_Bradyhttp://en.wikipedia.org/wiki/Form_4473http://en.wikipedia.org/wiki/Form_4473http://en.wikipedia.org/wiki/Form_4473http://en.wikipedia.org/wiki/Form_4473http://en.wikipedia.org/wiki/National_Crime_Information_Centerhttp://en.wikipedia.org/wiki/National_Crime_Information_Centerhttp://en.wikipedia.org/wiki/National_Crime_Information_Centerhttp://en.wikipedia.org/wiki/Interstate_Identification_Indexhttp://en.wikipedia.org/wiki/Interstate_Identification_Indexhttp://en.wikipedia.org/wiki/Interstate_Identification_Indexhttp://en.wikipedia.org/wiki/Interstate_Identification_Indexhttp://en.wikipedia.org/wiki/Interstate_Identification_Indexhttp://en.wikipedia.org/wiki/Interstate_Identification_Indexhttp://en.wikipedia.org/wiki/National_Crime_Information_Centerhttp://en.wikipedia.org/wiki/Form_4473http://en.wikipedia.org/wiki/Form_4473http://en.wikipedia.org/wiki/Sarah_Bradyhttp://en.wikipedia.org/wiki/James_Bradyhttp://en.wikipedia.org/wiki/Attempted_assassination_of_Ronald_Reaganhttp://en.wikipedia.org/wiki/Federal_Firearms_Licensehttp://en.wikipedia.org/wiki/Federal_Firearms_Licensehttp://en.wikipedia.org/wiki/Gun_Control_Act_of_1968http://en.wikipedia.org/wiki/Gun_Control_Act_of_1968http://en.wikipedia.org/wiki/Sandy_Hook_Elementary_School_shootinghttp://en.wikipedia.org/wiki/Gun_show_loopholehttp://en.wikipedia.org/wiki/Columbine_High_School_massacrehttp://en.wikipedia.org/wiki/Columbine_High_School_massacrehttp://en.wikipedia.org/wiki/Federal_Firearms_Licensehttp://en.wikipedia.org/wiki/Federal_Bureau_of_Investigationhttp://en.wikipedia.org/wiki/Federal_Bureau_of_Investigationhttp://en.wikipedia.org/wiki/Brady_Handgun_Violence_Prevention_Acthttp://en.wikipedia.org/wiki/United_States

  • 8/11/2019 Comp 1 Project

    2/13

    FBI has three business days to make its decision to approve or deny the transfer. If the FFL has notreceived the decision within that time it may legally proceed anyway.

    States may implement their own NICS programs. Such states become the point of contact (POC)between their FFL dealers and the NICS. A few partial-POC states run FFL handgun checks, whilethe FBI runs long gun checks. FFLs in other, non-POC states access the NICS directly through theFBI.

    Authorized local, state, tribal, and federal agencies can update NCIS Index data via the NCICfrontend,or by electronic batch files. In addition, the NICS Section receives calls, often in emergencysituations, from mental health care providers, police departments, and familymembers requestingplacement of individuals into the NICS Index. Documentation justifying entry into the NICS Indexmust be available to originating agencies.

    Prohibited persons

    Under sections 922(g) and (n) of the GCA certain persons are prohibited from:

    Shipping or transporting any firearm or ammunition in interstate or foreign commerce;

    Receiving any firearm or ammunition that has been shipped or transported in interstate orforeign commerce.

    A prohibited person is one who:

    Has been convicted in any court of a crime punishable by imprisonment for a term exceedingone year;

    Is under indictment for a crime punishable by imprisonment for a term exceeding one year;

    Is a fugitive from justice;

    Is an unlawful user of or addicted to any controlled substance;

    Has been adjudicated as a mental defective or committed to a mental institution;

    Is illegally or unlawfully in the United States;

    Has been discharged from the Armed Forces under dishonorable conditions;

    Having been a citizen of the United States, has renounced U.S. citizenship;

    Is subject to a court order that restrains the person from harassing, stalking, or threatening anintimate partner or child of such intimate partner;

    Has been convicted in any court of a misdemeanor crime of domestic violence.

    Universal background check

    "Universal background check" is a term used by gun-control supporters that means requiringbackground checks for all gun sales.

    In November 1998, PresidentBill Clintondirected theU.S. Secretary of the Treasuryand theU.S.Attorney General(A.G.) to provide recommendations concerning the factthat 25 percent or more ofsellers at gun shows are not required to run background checks on potential buyers. This was calledthegun show loophole.Two months later, theDepartment of the Treasuryand theDepartment ofJusticereleased their report, Gun Shows: Brady Checks and Crime Gun Traces. The secretary andthe A.G. made seven recommendations, including expanding the definition of "gun show," andreviewing the definition of "engaged in the business." One recommendation said:

    "Require that all firearms transactions at a gun show be completed through an FFL. The FFLwould be responsible for conducting a NICS check on the purchaser and maintaining recordsof the transactions. The failure to conduct a NICS check would be a felony for licensees andnonlicensees."

    http://en.wikipedia.org/wiki/Front_and_back_endshttp://en.wikipedia.org/wiki/Front_and_back_endshttp://en.wikipedia.org/wiki/Front_and_back_endshttp://en.wikipedia.org/wiki/Front_and_back_endshttp://en.wikipedia.org/wiki/Bill_Clintonhttp://en.wikipedia.org/wiki/Bill_Clintonhttp://en.wikipedia.org/wiki/Bill_Clintonhttp://en.wikipedia.org/wiki/United_States_Secretary_of_the_Treasuryhttp://en.wikipedia.org/wiki/United_States_Secretary_of_the_Treasuryhttp://en.wikipedia.org/wiki/United_States_Secretary_of_the_Treasuryhttp://en.wikipedia.org/wiki/United_States_Attorney_Generalhttp://en.wikipedia.org/wiki/United_States_Attorney_Generalhttp://en.wikipedia.org/wiki/United_States_Attorney_Generalhttp://en.wikipedia.org/wiki/United_States_Attorney_Generalhttp://en.wikipedia.org/wiki/Gun_show_loopholehttp://en.wikipedia.org/wiki/Gun_show_loopholehttp://en.wikipedia.org/wiki/Gun_show_loopholehttp://en.wikipedia.org/wiki/United_States_Department_of_the_Treasuryhttp://en.wikipedia.org/wiki/United_States_Department_of_the_Treasuryhttp://en.wikipedia.org/wiki/United_States_Department_of_the_Treasuryhttp://en.wikipedia.org/wiki/United_States_Department_of_Justicehttp://en.wikipedia.org/wiki/United_States_Department_of_Justicehttp://en.wikipedia.org/wiki/United_States_Department_of_Justicehttp://en.wikipedia.org/wiki/United_States_Department_of_Justicehttp://en.wikipedia.org/wiki/United_States_Department_of_Justicehttp://en.wikipedia.org/wiki/United_States_Department_of_Justicehttp://en.wikipedia.org/wiki/United_States_Department_of_the_Treasuryhttp://en.wikipedia.org/wiki/Gun_show_loopholehttp://en.wikipedia.org/wiki/United_States_Attorney_Generalhttp://en.wikipedia.org/wiki/United_States_Attorney_Generalhttp://en.wikipedia.org/wiki/United_States_Secretary_of_the_Treasuryhttp://en.wikipedia.org/wiki/Bill_Clintonhttp://en.wikipedia.org/wiki/Front_and_back_endshttp://en.wikipedia.org/wiki/Front_and_back_ends

  • 8/11/2019 Comp 1 Project

    3/13

  • 8/11/2019 Comp 1 Project

    4/13

    Information Security Management SystemAn information security management system(ISMS) is a set of policies concernedwithinformation securitymanagement orIT related risks.The idioms arose primarily out ofBS 7799.

    The governing principle behind an ISMS is that an organization should design, implement andmaintain a coherent set of policies, processes and systems to manage risks to itsinformation assets,thus ensuring acceptable levels of information security risk.

    ISMS description

    As with all management processes, an ISMS must remain effective and efficient in the long term,adapting to changes in the internal organization and external environment. ISO/IEC27001:2005therefore incorporated the "Plan-Do-Check-Act" (PDCA), or Demingcycle, approach:

    The Planphase is about designing the ISMS, assessing information security risks andselecting appropriate controls.

    The Dophase involves implementing and operating the controls. The Checkphase objective is to review and evaluate the performance (efficiency and

    effectiveness) of the ISMS.

    In the Actphase, changes are made where necessary to bring the ISMS back to peakperformance.

    ISO/IEC 27001:2005is a risk based information security standard, which means that organizationsneed to have a risk management process in place. The risk management process fits intothePDCAmodel given above.

    However, the latest standard,ISO/IEC 27001:2013,does not emphasize the Deming cycle anymore.The ISMS user is free to use any management process (improvement) approach like PDCA orSixSigmasDMAIC.

    Another competing ISMS isInformation Security Forum'sStandard of Good Practice(SOGP). Itis morebest practice-based as it comes from ISF's industry experiences.

    Some best-known ISMSs for computer securitycertificationare theCommon Criteria(CC)international standard and its predecessorsInformation Technology Security EvaluationCriteria(ITSEC) andTrusted Computer System Evaluation Criteria(TCSEC).

    Some nations publish and use their own ISMS standards, e.g. the Department of Defense (DoD)Information Technology Security Certification and Accreditation Process (DITSCAP) of USA,theDepartment of Defense Information Assurance Certification and Accreditation Process(DIACAP)of USA, the GermanIT baseline protection,ISMS of Japan, ISMS of Korea, Information SecurityCheck Service (ISCS) of Korea.

    Other frameworks such asCOBITandITILtouch on security issues, but are mainly geared toward

    creating a governance framework for information and IT more generally. COBIT has a companionframeworkRisk ITdedicated to Information security.

    http://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/IT_riskhttp://en.wikipedia.org/wiki/IT_riskhttp://en.wikipedia.org/wiki/IT_riskhttp://en.wikipedia.org/wiki/BS_7799http://en.wikipedia.org/wiki/BS_7799http://en.wikipedia.org/wiki/BS_7799http://en.wikipedia.org/wiki/Asset_(computing)http://en.wikipedia.org/wiki/Asset_(computing)http://en.wikipedia.org/wiki/Asset_(computing)http://en.wikipedia.org/wiki/ISO/IEC_27001:2005http://en.wikipedia.org/wiki/ISO/IEC_27001:2005http://en.wikipedia.org/wiki/ISO/IEC_27001:2005http://en.wikipedia.org/wiki/ISO/IEC_27001:2005http://en.wikipedia.org/wiki/PDCAhttp://en.wikipedia.org/wiki/PDCAhttp://en.wikipedia.org/wiki/PDCAhttp://en.wikipedia.org/wiki/ISO/IEC_27001:2005http://en.wikipedia.org/wiki/ISO/IEC_27001:2005http://en.wikipedia.org/wiki/PDCAhttp://en.wikipedia.org/wiki/PDCAhttp://en.wikipedia.org/wiki/PDCAhttp://en.wikipedia.org/wiki/ISO/IEC_27001:2013http://en.wikipedia.org/wiki/ISO/IEC_27001:2013http://en.wikipedia.org/wiki/ISO/IEC_27001:2013http://en.wikipedia.org/wiki/Six_Sigmahttp://en.wikipedia.org/wiki/Six_Sigmahttp://en.wikipedia.org/wiki/Six_Sigmahttp://en.wikipedia.org/wiki/DMAIChttp://en.wikipedia.org/wiki/DMAIChttp://en.wikipedia.org/wiki/DMAIChttp://en.wikipedia.org/wiki/Information_Security_Forumhttp://en.wikipedia.org/wiki/Information_Security_Forumhttp://en.wikipedia.org/wiki/Information_Security_Forumhttp://en.wikipedia.org/wiki/Standard_of_Good_Practicehttp://en.wikipedia.org/wiki/Standard_of_Good_Practicehttp://en.wikipedia.org/wiki/Standard_of_Good_Practicehttp://en.wikipedia.org/wiki/Best_practicehttp://en.wikipedia.org/wiki/Best_practicehttp://en.wikipedia.org/wiki/Best_practicehttp://en.wikipedia.org/wiki/Common_Criteriahttp://en.wikipedia.org/wiki/Common_Criteriahttp://en.wikipedia.org/wiki/Common_Criteriahttp://en.wikipedia.org/wiki/Information_Technology_Security_Evaluation_Criteriahttp://en.wikipedia.org/wiki/Information_Technology_Security_Evaluation_Criteriahttp://en.wikipedia.org/wiki/Information_Technology_Security_Evaluation_Criteriahttp://en.wikipedia.org/wiki/Information_Technology_Security_Evaluation_Criteriahttp://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteriahttp://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteriahttp://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteriahttp://en.wikipedia.org/wiki/Department_of_Defense_Information_Assurance_Certification_and_Accreditation_Processhttp://en.wikipedia.org/wiki/Department_of_Defense_Information_Assurance_Certification_and_Accreditation_Processhttp://en.wikipedia.org/wiki/Department_of_Defense_Information_Assurance_Certification_and_Accreditation_Processhttp://en.wikipedia.org/wiki/IT_baseline_protectionhttp://en.wikipedia.org/wiki/IT_baseline_protectionhttp://en.wikipedia.org/wiki/IT_baseline_protectionhttp://en.wikipedia.org/wiki/COBIThttp://en.wikipedia.org/wiki/COBIThttp://en.wikipedia.org/wiki/COBIThttp://en.wikipedia.org/wiki/ITILhttp://en.wikipedia.org/wiki/ITILhttp://en.wikipedia.org/wiki/ITILhttp://en.wikipedia.org/wiki/Risk_IThttp://en.wikipedia.org/wiki/Risk_IThttp://en.wikipedia.org/wiki/Risk_IThttp://en.wikipedia.org/wiki/Risk_IThttp://en.wikipedia.org/wiki/ITILhttp://en.wikipedia.org/wiki/COBIThttp://en.wikipedia.org/wiki/IT_baseline_protectionhttp://en.wikipedia.org/wiki/Department_of_Defense_Information_Assurance_Certification_and_Accreditation_Processhttp://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteriahttp://en.wikipedia.org/wiki/Information_Technology_Security_Evaluation_Criteriahttp://en.wikipedia.org/wiki/Information_Technology_Security_Evaluation_Criteriahttp://en.wikipedia.org/wiki/Common_Criteriahttp://en.wikipedia.org/wiki/Best_practicehttp://en.wikipedia.org/wiki/Standard_of_Good_Practicehttp://en.wikipedia.org/wiki/Information_Security_Forumhttp://en.wikipedia.org/wiki/DMAIChttp://en.wikipedia.org/wiki/Six_Sigmahttp://en.wikipedia.org/wiki/Six_Sigmahttp://en.wikipedia.org/wiki/ISO/IEC_27001:2013http://en.wikipedia.org/wiki/PDCAhttp://en.wikipedia.org/wiki/ISO/IEC_27001:2005http://en.wikipedia.org/wiki/PDCAhttp://en.wikipedia.org/wiki/ISO/IEC_27001:2005http://en.wikipedia.org/wiki/ISO/IEC_27001:2005http://en.wikipedia.org/wiki/Asset_(computing)http://en.wikipedia.org/wiki/BS_7799http://en.wikipedia.org/wiki/IT_riskhttp://en.wikipedia.org/wiki/Information_security

  • 8/11/2019 Comp 1 Project

    5/13

    Below table illustrate the certification structure comparison of some best-known ISMSs:

    BS 7799 Common CriteriaIT SecurityEvaluation Criteria

    OperationArea

    England About 25 Countries European Countries

    BasicStructure

    - 6 Managementphases- 11 Security domains- 139 Control objectives- 133 Security controls

    - 3 Parts- 11 Security functionalrequirements- 8 Assurancerequirements

    - 4 Phases- 6 Levels

    ManagementProcess

    1- Define policy2- Define scope3- Assess risk4- Manage risk5- Select controls to beimplemented andapplied6- Prepare a statementof applicability

    1- PP/ST introduction2- Conformance claims3- Security problem definition4- Security objectives5- Extended componentsdefinition

    6- Security requirements7- TOE summary specification

    1. Requirements2- ArchitecturalDesign3- Detailed Design4- Implementation

    Difference of

    Process

    Emphasis on

    managerial security

    Emphasis on technical securityEmphasis on

    managerial security

    SpecificationControl Point

    Provide best code ofpractice for informationsecurity management

    Provide common set ofrequirements for the securityfunctionality of IT products

    Provide common set ofrequirements for thesecurity functionality ofIT products

    EvaluationMethod

    Use the PDCA modelcycle

    Follow each certificationevaluation procedure

    Follow commission ofEuropean communities

    There are a number of initiatives focused to the governance and organizational issues of securinginformation systems having in mind that it is businessand organizational problem, not only atechnical problem:

    Federal Information Security Management Act of 2002is aUnited States federal lawenactedin 2002 that recognized the importance ofinformation securityto the economic and nationalsecurity interests of the United States. The act requires eachfederal agencyto develop,document, and implement an agency-wide program to provideinformation securityfor theinformation andinformation systemsthat support the operations and assets of the agency,including those provided or managed by another agency,contractor,or other source.

    Governing for Enterprise Security Implementation Guide of theCarnegie MellonUniversitySoftware Engineering InstituteCERTis designed to help business leaders

    http://en.wikipedia.org/wiki/Federal_Information_Security_Management_Act_of_2002http://en.wikipedia.org/wiki/Federal_Information_Security_Management_Act_of_2002http://en.wikipedia.org/wiki/United_States_federal_lawhttp://en.wikipedia.org/wiki/United_States_federal_lawhttp://en.wikipedia.org/wiki/United_States_federal_lawhttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Government_agency#Government_agencies_in_the_United_Stateshttp://en.wikipedia.org/wiki/Government_agency#Government_agencies_in_the_United_Stateshttp://en.wikipedia.org/wiki/Government_agency#Government_agencies_in_the_United_Stateshttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Information_systemshttp://en.wikipedia.org/wiki/Information_systemshttp://en.wikipedia.org/wiki/Information_systemshttp://en.wikipedia.org/wiki/Government_contractorhttp://en.wikipedia.org/wiki/Government_contractorhttp://en.wikipedia.org/wiki/Government_contractorhttp://en.wikipedia.org/wiki/Carnegie_Mellon_Universityhttp://en.wikipedia.org/wiki/Carnegie_Mellon_Universityhttp://en.wikipedia.org/wiki/Carnegie_Mellon_Universityhttp://en.wikipedia.org/wiki/Software_Engineering_Institutehttp://en.wikipedia.org/wiki/Software_Engineering_Institutehttp://en.wikipedia.org/wiki/CERT_Coordination_Centerhttp://en.wikipedia.org/wiki/CERT_Coordination_Centerhttp://en.wikipedia.org/wiki/CERT_Coordination_Centerhttp://en.wikipedia.org/wiki/CERT_Coordination_Centerhttp://en.wikipedia.org/wiki/Software_Engineering_Institutehttp://en.wikipedia.org/wiki/Carnegie_Mellon_Universityhttp://en.wikipedia.org/wiki/Carnegie_Mellon_Universityhttp://en.wikipedia.org/wiki/Government_contractorhttp://en.wikipedia.org/wiki/Information_systemshttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Government_agency#Government_agencies_in_the_United_Stateshttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/United_States_federal_lawhttp://en.wikipedia.org/wiki/Federal_Information_Security_Management_Act_of_2002

  • 8/11/2019 Comp 1 Project

    6/13

    implement an effective program to govern information technology (IT) and informationsecurity.

    ACapability Maturity Model(CMM) for system securityengineering was standardizedinISO/IEC 21827.

    Information Security Management Maturity Model(known as ISM-cubed or ISM3) is anotherform of ISMS. ISM3 builds on standards such asISO 20000,ISO 9001,CMM,ISO/IEC

    27001,and general information governance and security concepts. ISM3 can be used as atemplate for an ISO 9001-compliant ISMS. WhileISO/IEC 27001is controls based, ISM3 isprocess based and includes process metrics. ISM3 is a standard for security management(how to achieve the organizations mission despite of errors, attacks and accidents with agiven budget). The difference between ISM3 and ISO/IEC 21827 is that ISM3 is focused onmanagement, ISO 21287 on Engineering.

    Need for an ISMS

    Security experts say:

    information technology security administrators should expect to devote approximately one-

    third of their time addressing technical aspects. The remaining two-thirds should be spentdeveloping policies and procedures, performing security reviews and analyzing risk,addressing contingency planning and promoting security awareness;

    security depends on people more than on technology;

    employees are a far greater threat to information security than outsiders;

    security is like a chain. It is only as strong as its weakest link;

    the degree of security depends on three factors: the risk you are willing to take, thefunctionality of the system and the costs you are prepared to pay;

    security is not a status or a snapshot, but a running process.

    These factsinevitably lead to the conclusion that security administration is a management issue,and not a purely technical issue.

    The establishment, maintenance and continuous update of an ISMS provide a strong indication that

    a company is using a systematic approach for the identification, assessment and management ofinformation security risks. Critical factors of ISMS:

    Confidentiality: Protecting information from unauthorized parties.

    Integrity: Protecting information from modification by unauthorized users.

    Availability: Making the information available to authorized users.

    A company will be capable of successfully addressinginformation confidentiality, integrityand availabilityrequirements which in turn have implications:

    business continuity;

    minimization of damages and losses;

    competitive edge; profitability and cash-flow;

    respected organization image;

    legal compliance

    The chief objective of information security management is to implement the appropriatemeasurements in order to eliminate or minimize the impact that various securityrelatedthreatsandvulnerabilitiesmight have on an organization. In doing so, information securitymanagement will enable implementing the desirable qualitative characteristics of the servicesoffered by the organization (i.e. availability of services, preservation of data confidentiality and

    http://en.wikipedia.org/wiki/Capability_Maturity_Modelhttp://en.wikipedia.org/wiki/Capability_Maturity_Modelhttp://en.wikipedia.org/wiki/Capability_Maturity_Modelhttp://en.wikipedia.org/wiki/ISO/IEC_21827http://en.wikipedia.org/wiki/ISO/IEC_21827http://en.wikipedia.org/wiki/ISO/IEC_21827http://en.wikipedia.org/w/index.php?title=ISM3&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=ISM3&action=edit&redlink=1http://en.wikipedia.org/wiki/ITILhttp://en.wikipedia.org/wiki/ITILhttp://en.wikipedia.org/wiki/ITILhttp://en.wikipedia.org/wiki/ISO_9001http://en.wikipedia.org/wiki/ISO_9001http://en.wikipedia.org/wiki/ISO_9001http://en.wikipedia.org/wiki/Capability_Maturity_Modelhttp://en.wikipedia.org/wiki/Capability_Maturity_Modelhttp://en.wikipedia.org/wiki/Capability_Maturity_Modelhttp://en.wikipedia.org/wiki/ISO/IEC_27001http://en.wikipedia.org/wiki/ISO/IEC_27001http://en.wikipedia.org/wiki/ISO/IEC_27001http://en.wikipedia.org/wiki/ISO/IEC_27001http://en.wikipedia.org/wiki/ISO/IEC_27001http://en.wikipedia.org/wiki/ISO/IEC_27001http://en.wikipedia.org/wiki/ISO/IEC_27001http://en.wikipedia.org/wiki/Threat_(computer)http://en.wikipedia.org/wiki/Threat_(computer)http://en.wikipedia.org/wiki/Threat_(computer)http://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/wiki/Threat_(computer)http://en.wikipedia.org/wiki/ISO/IEC_27001http://en.wikipedia.org/wiki/ISO/IEC_27001http://en.wikipedia.org/wiki/ISO/IEC_27001http://en.wikipedia.org/wiki/Capability_Maturity_Modelhttp://en.wikipedia.org/wiki/ISO_9001http://en.wikipedia.org/wiki/ITILhttp://en.wikipedia.org/w/index.php?title=ISM3&action=edit&redlink=1http://en.wikipedia.org/wiki/ISO/IEC_21827http://en.wikipedia.org/wiki/Capability_Maturity_Model

  • 8/11/2019 Comp 1 Project

    7/13

    integrity etc.). By preventing and minimizing the impacts of security incidents, ISMS ensuresbusiness continuity, customer confidence, protect business investments and opportunities, or reducedamage to the business.

    Large organizations, banks and financial institutes, telecommunication operators, hospitalandhealth institutes and public or governmental bodies have many reasons for addressing informationsecurity very seriously. Legal and regulatory requirements which aim at protecting sensitive or

    personal data as well as general public security requirements impel them to devote the utmostattention and priority to information security risks.

    Under these circumstances, the development and implementation of a separate and independentmanagement process - namely an ISMS - is the only alternative.

    The development of an ISMS framework based onISO/IEC 27001:2005entails the following sixsteps:

    1. Definition of security policy,2. Definition of ISMS scope,3. Risk assessment (as part of risk management),4. Risk management,

    5. Selection of appropriatecontrolsand6. Statement of applicability

    Critical success factors for ISMS

    To be effective, the ISMS must:

    have the continuous, unshakeable and visible support and commitment of the organizationstop management;

    be managed centrally, based on a common strategy and policy across the entireorganization;

    be an integral part of the overall management of the organization related to and reflecting the

    organizations approach to risk management, the control objectives and controls and thedegree of assurance required;

    have security objectives and activities be based on business objectives and requirementsand led by business management;

    undertake only necessary tasks and avoiding over-control and waste of valuable resources;

    fully comply with the organization philosophy and mindset by providing a system that insteadof preventing people from doing what they are employed to do, it will enable them to do it incontrol and demonstrate their fulfilled accountabilities;

    be based on continuous training and awareness of staff and avoid the use of disciplinarymeasures and police or military practices;

    be a never ending process;

    Dynamic issues in ISMSThere are three main problems which lead to uncertainty in information security managementsystems (ISMS):

    Dynamically changing security requirements of an organization

    Rapid technological development raises new security concerns for organizations. The existingsecurity measures and requirements become obsolete as new vulnerabilities arise with the

    http://en.wikipedia.org/wiki/ISO/IEC_27001:2005http://en.wikipedia.org/wiki/ISO/IEC_27001:2005http://en.wikipedia.org/wiki/ISO/IEC_27001:2005http://en.wikipedia.org/wiki/Security_controlhttp://en.wikipedia.org/wiki/Security_controlhttp://en.wikipedia.org/wiki/Security_controlhttp://en.wikipedia.org/wiki/Security_controlhttp://en.wikipedia.org/wiki/ISO/IEC_27001:2005

  • 8/11/2019 Comp 1 Project

    8/13

    development in technology. To overcome this issue, the ISMS should organize and managedynamically changing requirements and keep the system up-to-date.

    Externalities caused by a security system

    Externality is an economic concept for the effects borne by the party that is not directly involved in a

    transaction. Externalities could be positive or negative. The ISMS deployed in an organization mayalso cause externalities for other interacting systems. Externalities caused by the ISMS areuncertain and cannot be predetermined before the ISMS is deployed. The internalization ofexternalities caused by the ISMS is needed in order to benefit internalizing organizations andinteracting partners by protecting them from vulnerable ISMS behaviors.

    Obsolete evaluation of security concerns

    The evaluations of security concerns used in ISMS become obsolete as the technology progressesand new threats and vulnerabilities arise. The need for continuous security evaluation oforganizational products, services, methods and technology is essential to maintain an effectiveISMS. The evaluated security concerns need to be re-evaluated. A continuous security evaluationmechanism of ISMS within the organization is a critical need to achieve information security

    objectives. The re-evaluation process is tied with dynamic security requirement managementprocess discussed above.

  • 8/11/2019 Comp 1 Project

    9/13

    Geographic Information SystemA geographic information system(GIS) is a computer systemdesigned to capture, store,manipulate, analyze, manage, and present all types ofgeographical data.TheacronymGIS issometimes used for geographical information scienceor geospatial information studiesto referto the academic discipline or careerof working with geographicinformation systemsand is a largedomain within the broader academic discipline ofGeo informatics.

    GIS can be thought of as a system that provides spatial data entry, management, retrieval, analysis,and visualization functions. The implementation of a GIS is often driven by jurisdictional (such as acity), purpose, or application requirements. Generally, a GIS implementation may be custom-designed for an organization. Hence, a GIS deployment developed for an application, jurisdiction,enterprise, or purpose may not be necessarily interoperable or compatible with a GIS that has beendeveloped for some other application, jurisdiction, enterprise, or purpose. What goes beyond a GISis aspatial data infrastructure,a concept that has no such restrictive boundaries.

    In a general sense, the term describes anyinformation systemthat integrates, stores, edits,

    analyzes, shares, and displaysgeographicinformation for informingdecision making.GISapplicationsare tools that allow users to create interactive queries (user-created searches), analyzespatial information, editdata in maps, and present the results of all these operations.Geographicinformation scienceis the scienceunderlying geographic concepts, applications, and systems.

    The first known use of the term "Geographic Information System" was byRoger Tomlinsonin theyear 1968 in his paper "A Geographic Information System for Regional Planning".

    [Tomlinson is also

    acknowledged as the "father of GIS".

    Applications

    GIS is a relatively broad term that can refer to a number of different technologies, processes, andmethods. It is attached to many operations and has many applications related to engineering,

    planning, management, transport/logistics, insurance, telecommunications, and business. For thatreason, GIS and location intelligence applications can be the foundation for many location-enabledservices that rely on analysis, visualization and dissemination of results for collaborative decisionmaking. GIS provides a technologically strong platform to every kind of locationbased businesspersonals to update data geographically without wasting time to visit the field andupdate in database manually. GIS when integrated with other powerful enterprise solutions like SAP,helps creating powerful decision support system at enterprise level.

    History of development

    One of the first applications of spatial analysis inepidemiologyis the 1832 "Rapport sur la marche etles effets du cholra dans Paris et le dpartement de laSeine".

    [7]The French geographer Charles

    Picquet represented the 48 districts of the city ofParisby halftone color gradient according to the

    percentage of deaths bycholeraper 1,000 inhabitants.

    In 1854John Snowdepicted acholeraoutbreak inLondonusing points to represent the locations ofsome individual cases, possibly the earliest use of a geographic methodology in epidemiology. Hisstudy of the distribution of cholera led to the source of the disease, a contaminated waterpump(theBroad Street Pump,whose handle he disconnected, thus terminating the outbreak).

    http://en.wikipedia.org/wiki/Geographic_datahttp://en.wikipedia.org/wiki/Geographic_datahttp://en.wikipedia.org/wiki/Geographic_datahttp://en.wikipedia.org/wiki/Acronymhttp://en.wikipedia.org/wiki/Acronymhttp://en.wikipedia.org/wiki/Acronymhttp://en.wikipedia.org/wiki/Information_systemhttp://en.wikipedia.org/wiki/Information_systemhttp://en.wikipedia.org/wiki/Information_systemhttp://en.wikipedia.org/wiki/Geoinformaticshttp://en.wikipedia.org/wiki/Geoinformaticshttp://en.wikipedia.org/wiki/Geoinformaticshttp://en.wikipedia.org/wiki/Spatial_data_infrastructurehttp://en.wikipedia.org/wiki/Spatial_data_infrastructurehttp://en.wikipedia.org/wiki/Spatial_data_infrastructurehttp://en.wikipedia.org/wiki/Information_systemshttp://en.wikipedia.org/wiki/Information_systemshttp://en.wikipedia.org/wiki/Information_systemshttp://en.wikipedia.org/wiki/Georeferencehttp://en.wikipedia.org/wiki/Georeferencehttp://en.wikipedia.org/wiki/Georeferencehttp://en.wikipedia.org/wiki/Decision_makinghttp://en.wikipedia.org/wiki/Decision_makinghttp://en.wikipedia.org/wiki/Decision_makinghttp://en.wikipedia.org/wiki/GIS_applicationshttp://en.wikipedia.org/wiki/GIS_applicationshttp://en.wikipedia.org/wiki/GIS_applicationshttp://en.wikipedia.org/wiki/GIS_applicationshttp://en.wikipedia.org/wiki/Geographic_information_sciencehttp://en.wikipedia.org/wiki/Geographic_information_sciencehttp://en.wikipedia.org/wiki/Geographic_information_sciencehttp://en.wikipedia.org/wiki/Geographic_information_sciencehttp://en.wikipedia.org/wiki/Roger_Tomlinsonhttp://en.wikipedia.org/wiki/Roger_Tomlinsonhttp://en.wikipedia.org/wiki/Roger_Tomlinsonhttp://en.wikipedia.org/wiki/Geographic_information_system#cite_note-5http://en.wikipedia.org/wiki/Geographic_information_system#cite_note-5http://en.wikipedia.org/wiki/Geographic_information_system#cite_note-5http://en.wikipedia.org/wiki/Epidemiologyhttp://en.wikipedia.org/wiki/Epidemiologyhttp://en.wikipedia.org/wiki/Epidemiologyhttp://en.wikipedia.org/wiki/Seinehttp://en.wikipedia.org/wiki/Seinehttp://en.wikipedia.org/wiki/Seinehttp://en.wikipedia.org/wiki/Geographic_information_system#cite_note-7http://en.wikipedia.org/wiki/Geographic_information_system#cite_note-7http://en.wikipedia.org/wiki/Geographic_information_system#cite_note-7http://en.wikipedia.org/wiki/Parishttp://en.wikipedia.org/wiki/Parishttp://en.wikipedia.org/wiki/Parishttp://en.wikipedia.org/wiki/Cholerahttp://en.wikipedia.org/wiki/Cholerahttp://en.wikipedia.org/wiki/Cholerahttp://en.wikipedia.org/wiki/John_Snow_(physician)http://en.wikipedia.org/wiki/John_Snow_(physician)http://en.wikipedia.org/wiki/John_Snow_(physician)http://en.wikipedia.org/wiki/Cholerahttp://en.wikipedia.org/wiki/Cholerahttp://en.wikipedia.org/wiki/Cholerahttp://en.wikipedia.org/wiki/Londonhttp://en.wikipedia.org/wiki/Londonhttp://en.wikipedia.org/wiki/Londonhttp://en.wikipedia.org/wiki/Broad_Street_Pumphttp://en.wikipedia.org/wiki/Broad_Street_Pumphttp://en.wikipedia.org/wiki/Broad_Street_Pumphttp://en.wikipedia.org/wiki/Broad_Street_Pumphttp://en.wikipedia.org/wiki/Londonhttp://en.wikipedia.org/wiki/Cholerahttp://en.wikipedia.org/wiki/John_Snow_(physician)http://en.wikipedia.org/wiki/Cholerahttp://en.wikipedia.org/wiki/Parishttp://en.wikipedia.org/wiki/Geographic_information_system#cite_note-7http://en.wikipedia.org/wiki/Seinehttp://en.wikipedia.org/wiki/Epidemiologyhttp://en.wikipedia.org/wiki/Geographic_information_system#cite_note-5http://en.wikipedia.org/wiki/Roger_Tomlinsonhttp://en.wikipedia.org/wiki/Geographic_information_sciencehttp://en.wikipedia.org/wiki/Geographic_information_sciencehttp://en.wikipedia.org/wiki/GIS_applicationshttp://en.wikipedia.org/wiki/GIS_applicationshttp://en.wikipedia.org/wiki/Decision_makinghttp://en.wikipedia.org/wiki/Georeferencehttp://en.wikipedia.org/wiki/Information_systemshttp://en.wikipedia.org/wiki/Spatial_data_infrastructurehttp://en.wikipedia.org/wiki/Geoinformaticshttp://en.wikipedia.org/wiki/Information_systemhttp://en.wikipedia.org/wiki/Acronymhttp://en.wikipedia.org/wiki/Geographic_data

  • 8/11/2019 Comp 1 Project

    10/13

    E. W. Gilbert's version (1958) ofJohn Snow's 1855 map of the Soho cholera outbreak showing the clusters of cholera

    cases in theLondonepidemic of 1854

    While the basic elements oftopographyand theme existed previously incartography,the John Snowmap was unique, using cartographic methods not only to depict but also to analyze clusters ofgeographically dependent phenomena.

    The early 20th century saw the development ofphotozincography,which allowed maps to be splitinto layers, for example one layer for vegetation and another for water. This was particularly used forprinting contoursdrawing these was a labour-intensive task but having them on a separate layer

    meant they could be worked on without the other layers to confuse the draughtsman.This work wasoriginally drawn on glass plates but laterplastic filmwas introduced, with the advantages of beinglighter, using less storagespace and being less brittle, among others. When all the layers werefinished, they were combined into one image using a large process camera. Once color printingcame in, the layers idea was also used for creating separate printing plates for each colour. Whilethe use of layers much later became one of the main typical features of a contemporary GIS, thephotographic process just described is not considered to be a GIS in itselfas the maps were justimages with no database to link them to.

    Computer hardwaredevelopment spurred bynuclear weaponresearchled to general-purposecomputer "mapping" applications by the early 1960s.

    The year 1960 saw the development of the world's first true operational GIS inOttawa, Ontario,Canada by the federal Department of Forestry and Rural Development. Developed by Dr. RogerTomlinson,it was called theCanada Geographic Information System(CGIS) and was used to store,analyze, and manipulate data collected for theCanada Land Inventoryan effort to determine theland capability for rural Canada by mapping information aboutsoils,agriculture, recreation,wildlife,waterfowl,forestryand land use at a scale of 1:50,000. A rating classification factor was alsoadded to permitanalysis.

    CGIS was an improvement over "computer mapping" applications as it provided capabilities foroverlay, measurement, anddigitizing/scanning. It supported a national coordinate system thatspanned the continent, coded lines asarcshaving a true embeddedtopologyand it stored the

    http://en.wikipedia.org/wiki/E._W._Gilberthttp://en.wikipedia.org/wiki/E._W._Gilberthttp://en.wikipedia.org/wiki/John_Snow_(physician)http://en.wikipedia.org/wiki/John_Snow_(physician)http://en.wikipedia.org/wiki/John_Snow_(physician)http://en.wikipedia.org/wiki/Londonhttp://en.wikipedia.org/wiki/Londonhttp://en.wikipedia.org/wiki/Londonhttp://en.wikipedia.org/wiki/Topographyhttp://en.wikipedia.org/wiki/Topographyhttp://en.wikipedia.org/wiki/Topographyhttp://en.wikipedia.org/wiki/Cartographyhttp://en.wikipedia.org/wiki/Cartographyhttp://en.wikipedia.org/wiki/Cartographyhttp://en.wikipedia.org/wiki/Photozincographyhttp://en.wikipedia.org/wiki/Photozincographyhttp://en.wikipedia.org/wiki/Photozincographyhttp://en.wikipedia.org/wiki/Draughtsmanhttp://en.wikipedia.org/wiki/Draughtsmanhttp://en.wikipedia.org/wiki/Draughtsmanhttp://en.wikipedia.org/wiki/Plastic_filmhttp://en.wikipedia.org/wiki/Plastic_filmhttp://en.wikipedia.org/wiki/Plastic_filmhttp://en.wikipedia.org/wiki/Computer_hardwarehttp://en.wikipedia.org/wiki/Computer_hardwarehttp://en.wikipedia.org/wiki/Nuclear_weaponhttp://en.wikipedia.org/wiki/Nuclear_weaponhttp://en.wikipedia.org/wiki/Nuclear_weaponhttp://en.wikipedia.org/wiki/Ottawa,_Ontariohttp://en.wikipedia.org/wiki/Ottawa,_Ontariohttp://en.wikipedia.org/wiki/Ottawa,_Ontariohttp://en.wikipedia.org/wiki/Roger_Tomlinsonhttp://en.wikipedia.org/wiki/Roger_Tomlinsonhttp://en.wikipedia.org/wiki/Roger_Tomlinsonhttp://en.wikipedia.org/wiki/Roger_Tomlinsonhttp://en.wikipedia.org/wiki/Canada_Geographic_Information_Systemhttp://en.wikipedia.org/wiki/Canada_Geographic_Information_Systemhttp://en.wikipedia.org/wiki/Canada_Geographic_Information_Systemhttp://en.wikipedia.org/wiki/Canada_Land_Inventoryhttp://en.wikipedia.org/wiki/Canada_Land_Inventoryhttp://en.wikipedia.org/wiki/Canada_Land_Inventoryhttp://en.wikipedia.org/wiki/Soilhttp://en.wikipedia.org/wiki/Soilhttp://en.wikipedia.org/wiki/Soilhttp://en.wikipedia.org/wiki/Waterfowlhttp://en.wikipedia.org/wiki/Waterfowlhttp://en.wikipedia.org/wiki/Waterfowlhttp://en.wikipedia.org/wiki/Forestryhttp://en.wikipedia.org/wiki/Forestryhttp://en.wikipedia.org/wiki/Forestryhttp://en.wikipedia.org/wiki/Digitizinghttp://en.wikipedia.org/wiki/Digitizinghttp://en.wikipedia.org/wiki/Digitizinghttp://en.wikipedia.org/wiki/Directed_edgehttp://en.wikipedia.org/wiki/Directed_edgehttp://en.wikipedia.org/wiki/Directed_edgehttp://en.wikipedia.org/wiki/Topologyhttp://en.wikipedia.org/wiki/Topologyhttp://en.wikipedia.org/wiki/Topologyhttp://en.wikipedia.org/wiki/File:Snow-cholera-map.jpghttp://en.wikipedia.org/wiki/File:Snow-cholera-map.jpghttp://en.wikipedia.org/wiki/File:Snow-cholera-map.jpghttp://en.wikipedia.org/wiki/File:Snow-cholera-map.jpghttp://en.wikipedia.org/wiki/Topologyhttp://en.wikipedia.org/wiki/Directed_edgehttp://en.wikipedia.org/wiki/Digitizinghttp://en.wikipedia.org/wiki/Forestryhttp://en.wikipedia.org/wiki/Waterfowlhttp://en.wikipedia.org/wiki/Soilhttp://en.wikipedia.org/wiki/Canada_Land_Inventoryhttp://en.wikipedia.org/wiki/Canada_Geographic_Information_Systemhttp://en.wikipedia.org/wiki/Roger_Tomlinsonhttp://en.wikipedia.org/wiki/Roger_Tomlinsonhttp://en.wikipedia.org/wiki/Ottawa,_Ontariohttp://en.wikipedia.org/wiki/Nuclear_weaponhttp://en.wikipedia.org/wiki/Computer_hardwarehttp://en.wikipedia.org/wiki/Plastic_filmhttp://en.wikipedia.org/wiki/Draughtsmanhttp://en.wikipedia.org/wiki/Photozincographyhttp://en.wikipedia.org/wiki/Cartographyhttp://en.wikipedia.org/wiki/Topographyhttp://en.wikipedia.org/wiki/Londonhttp://en.wikipedia.org/wiki/John_Snow_(physician)http://en.wikipedia.org/wiki/E._W._Gilbert

  • 8/11/2019 Comp 1 Project

    11/13

    attribute and locational information in separate files. As a result of this, Tomlinson has becomeknown as the "father of GIS", particularly for his use of overlays in promoting the spatial analysis ofconvergent geographic data.

    CGIS lasted into the 1990s and built a large digital land resource database in Canada. It wasdeveloped as amainframe-based system in support of federal and provincial resource planning andmanagement. Its strength was continent-wide analysis of complexdatasets.The CGIS was never

    available commercially.

    In 1964 Howard T. Fisher formed the Laboratory for Computer Graphics and Spatial Analysis attheHarvard Graduate School of Design(LCGSA 19651991), where a number of importanttheoretical concepts in spatial data handling were developed, and which by the 1970s haddistributed seminal software code and systems, such as SYMAP, GRID, and ODYSSEY thatserved as sources for subsequent commercial developmentto universities, research centers andcorporations worldwide.

    By the early 1980s, M&S Computing (laterIntergraph)along with Bentley Systems Incorporated fortheCADplatform, Environmental Systems Research Institute (ESRI), CARIS (Computer AidedResource Information System),MapInfo Corporationand ERDAS (Earth Resource Data AnalysisSystem) emerged as commercial vendors of GIS software, successfully incorporating many of the

    CGIS features, combining the first generation approach to separation of spatial and attributeinformation with a second generation approach to organizing attribute data into database structures.In parallel, the development of two public domain systems (MOSSandGRASS GIS)began in thelate 1970s and early 1980s.

    In 1986, Mapping Display and Analysis System (MIDAS), the first desktop GIS product emerged fortheDOSoperating system. This was renamed in 1990 to MapInfo for Windows when it was portedto theMicrosoft Windowsplatform. This began the process of moving GIS from the researchdepartment into the business environment.

    By the end of the 20th century, the rapid growth in various systems had been consolidated andstandardized on relatively few platforms and users were beginning to explore viewing GIS data overtheInternet,requiring data format and transfer standards. More recently, a growing number offree,open-source GIS packagesrun on a range of operating systems and can be customized to perform

    specific tasks. Increasinglygeospatial dataandmapping applicationsare being made available viatheworld wide web.

    GIS techniques and technology

    Modern GIS technologies use digital information, for which various digitized data creation methodsare used. The most common method of data creation is digitization, where a hard copy map orsurvey plan is transferred into a digital medium through the use of a CAD program, and geo-referencing capabilities. With the wide availability ofortho-rectified imagery(both from satellite andaerial sources), heads-up digitizing is becoming the main avenue through which geographic data isextracted. Heads-up digitizing involves the tracing of geographic data directly on top of the aerialimagery instead of by the traditional method of tracing the geographic form on a separatedigitizingtablet(heads-down digitizing).

    Relating information from different sources

    GIS uses spatio-temporal (space-time)location as the key index variable for all other information.Just as a relational database containing text or numbers can relate many different tables usingcommon key index variables, GIS can relate unrelated information by using location as the key indexvariable. The key is the location and/or extent in space-time.

    Any variable that can be located spatially, and increasingly also temporally, can be referenced usinga GIS. Locations or extents in Earth spacetime may be recorded as dates/times of occurrence, and

    http://en.wikipedia.org/wiki/Mainframe_computerhttp://en.wikipedia.org/wiki/Mainframe_computerhttp://en.wikipedia.org/wiki/Mainframe_computerhttp://en.wikipedia.org/wiki/Data_sethttp://en.wikipedia.org/wiki/Data_sethttp://en.wikipedia.org/wiki/Data_sethttp://en.wikipedia.org/wiki/Harvard_Graduate_School_of_Designhttp://en.wikipedia.org/wiki/Harvard_Graduate_School_of_Designhttp://en.wikipedia.org/wiki/Harvard_Graduate_School_of_Designhttp://en.wikipedia.org/wiki/Intergraphhttp://en.wikipedia.org/wiki/Intergraphhttp://en.wikipedia.org/wiki/Intergraphhttp://en.wikipedia.org/wiki/Computer-aided_designhttp://en.wikipedia.org/wiki/Computer-aided_designhttp://en.wikipedia.org/wiki/Computer-aided_designhttp://en.wikipedia.org/wiki/ESRIhttp://en.wikipedia.org/wiki/ESRIhttp://en.wikipedia.org/wiki/ESRIhttp://en.wikipedia.org/wiki/MapInfo_Corporationhttp://en.wikipedia.org/wiki/MapInfo_Corporationhttp://en.wikipedia.org/wiki/MapInfo_Corporationhttp://en.wikipedia.org/wiki/Map_Overlay_and_Statistical_Systemhttp://en.wikipedia.org/wiki/Map_Overlay_and_Statistical_Systemhttp://en.wikipedia.org/wiki/Map_Overlay_and_Statistical_Systemhttp://en.wikipedia.org/wiki/GRASS_GIShttp://en.wikipedia.org/wiki/GRASS_GIShttp://en.wikipedia.org/wiki/GRASS_GIShttp://en.wikipedia.org/wiki/DOShttp://en.wikipedia.org/wiki/DOShttp://en.wikipedia.org/wiki/DOShttp://en.wikipedia.org/wiki/Microsoft_Windowshttp://en.wikipedia.org/wiki/Microsoft_Windowshttp://en.wikipedia.org/wiki/Microsoft_Windowshttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/List_of_GIS_software#Open_source_softwarehttp://en.wikipedia.org/wiki/List_of_GIS_software#Open_source_softwarehttp://en.wikipedia.org/wiki/List_of_GIS_software#Open_source_softwarehttp://en.wikipedia.org/wiki/List_of_GIS_software#Open_source_softwarehttp://en.wikipedia.org/wiki/Geospatialhttp://en.wikipedia.org/wiki/Geospatialhttp://en.wikipedia.org/wiki/Geospatialhttp://en.wikipedia.org/wiki/Web_mappinghttp://en.wikipedia.org/wiki/Web_mappinghttp://en.wikipedia.org/wiki/Web_mappinghttp://en.wikipedia.org/wiki/World_wide_webhttp://en.wikipedia.org/wiki/World_wide_webhttp://en.wikipedia.org/wiki/World_wide_webhttp://en.wikipedia.org/wiki/Orthophotohttp://en.wikipedia.org/wiki/Orthophotohttp://en.wikipedia.org/wiki/Orthophotohttp://en.wikipedia.org/wiki/Graphics_tablethttp://en.wikipedia.org/wiki/Graphics_tablethttp://en.wikipedia.org/wiki/Graphics_tablethttp://en.wikipedia.org/wiki/Graphics_tablethttp://en.wikipedia.org/wiki/Space-timehttp://en.wikipedia.org/wiki/Space-timehttp://en.wikipedia.org/wiki/Space-timehttp://en.wikipedia.org/wiki/Space-timehttp://en.wikipedia.org/wiki/Graphics_tablethttp://en.wikipedia.org/wiki/Graphics_tablethttp://en.wikipedia.org/wiki/Orthophotohttp://en.wikipedia.org/wiki/World_wide_webhttp://en.wikipedia.org/wiki/Web_mappinghttp://en.wikipedia.org/wiki/Geospatialhttp://en.wikipedia.org/wiki/List_of_GIS_software#Open_source_softwarehttp://en.wikipedia.org/wiki/List_of_GIS_software#Open_source_softwarehttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Microsoft_Windowshttp://en.wikipedia.org/wiki/DOShttp://en.wikipedia.org/wiki/GRASS_GIShttp://en.wikipedia.org/wiki/Map_Overlay_and_Statistical_Systemhttp://en.wikipedia.org/wiki/MapInfo_Corporationhttp://en.wikipedia.org/wiki/ESRIhttp://en.wikipedia.org/wiki/Computer-aided_designhttp://en.wikipedia.org/wiki/Intergraphhttp://en.wikipedia.org/wiki/Harvard_Graduate_School_of_Designhttp://en.wikipedia.org/wiki/Data_sethttp://en.wikipedia.org/wiki/Mainframe_computer

  • 8/11/2019 Comp 1 Project

    12/13

    x, y, and zcoordinatesrepresenting,longitude,latitude,andelevation,respectively. These GIScoordinates may represent other quantified systems of temporo-spatial reference (for example, filmframe number, stream gage station, highway mile-marker, surveyor benchmark, building address,street intersection, entrance gate, water depth sounding,POSorCADdrawing origin/units). Unitsapplied to recorded temporal-spatial data can vary widely (even when using exactly the same data,seemap projections), but all Earth-based spatialtemporal location and extent references should,

    ideally, be relatable to one another and ultimately to a "real" physical location or extent in spacetime.

    Related by accurate spatial information, an incredible variety of real-world and projected past orfuture data can be analyzed, interpreted and represented to facilitate education anddecisionmaking.This key characteristic of GIS has begun to open new avenues of scientific inquiry intobehaviors and patterns of previously considered unrelated real-world information.

    GIS uncertainties

    GIS accuracy depends upon source data, and how it is encoded to be data referenced. Landsurveyors have been able to provide a high level of positional accuracy utilizing the GPS-derivedpositions.

    [ High-resolution digital terrain and aerial imagery, powerful computers and Web

    technology are changing the quality, utility, and expectations of GIS to serve society on a grand

    scale, but nevertheless there are other source data that have an impact on overall GIS accuracy likepaper maps, though these may be of limited use in achieving the desired accuracy since the aging ofmaps affects their dimensional stability.

    In developing a digital topographic data base for a GIS, topographical maps are the main source,andaerial photographyand satellite images are extra sources for collecting data and identifyingattributes which can be mapped in layers over a location facsimile of scale. The scale of a map andgeographical rendering area representation type are very important aspects since the informationcontent depends mainly on the scale set and resulting locatability of the map's representations. Inorder to digitize a map, the map has to be checked within theoretical dimensions, then scanned intoa raster format, and resulting raster data has to be given a theoretical dimension byarubbersheeting/warping technology process.

    A quantitative analysis of maps brings accuracy issues into focus. The electronic and otherequipment used to make measurements for GIS is far more precise than the machines ofconventional map analysis. All geographical data are inherently inaccurate, and these inaccuracieswill propagate through GIS operations in ways that are difficult to predict.

    http://en.wikipedia.org/wiki/Coordinatehttp://en.wikipedia.org/wiki/Coordinatehttp://en.wikipedia.org/wiki/Coordinatehttp://en.wikipedia.org/wiki/Longitudehttp://en.wikipedia.org/wiki/Longitudehttp://en.wikipedia.org/wiki/Longitudehttp://en.wikipedia.org/wiki/Latitudehttp://en.wikipedia.org/wiki/Latitudehttp://en.wikipedia.org/wiki/Latitudehttp://en.wikipedia.org/wiki/Elevation_(geography)http://en.wikipedia.org/wiki/Elevation_(geography)http://en.wikipedia.org/wiki/Elevation_(geography)http://en.wikipedia.org/wiki/Point_of_salehttp://en.wikipedia.org/wiki/Point_of_salehttp://en.wikipedia.org/wiki/Point_of_salehttp://en.wikipedia.org/wiki/CADhttp://en.wikipedia.org/wiki/CADhttp://en.wikipedia.org/wiki/CADhttp://en.wikipedia.org/wiki/Map_projectionhttp://en.wikipedia.org/wiki/Map_projectionhttp://en.wikipedia.org/wiki/Map_projectionhttp://en.wikipedia.org/wiki/Decision_makinghttp://en.wikipedia.org/wiki/Decision_makinghttp://en.wikipedia.org/wiki/Decision_makinghttp://en.wikipedia.org/wiki/Decision_makinghttp://en.wikipedia.org/wiki/Geographic_information_system#cite_note-17http://en.wikipedia.org/wiki/Geographic_information_system#cite_note-17http://en.wikipedia.org/wiki/Geographic_information_system#cite_note-17http://en.wikipedia.org/wiki/Aerial_photographyhttp://en.wikipedia.org/wiki/Aerial_photographyhttp://en.wikipedia.org/wiki/Aerial_photographyhttp://en.wikipedia.org/wiki/Rubberhttp://en.wikipedia.org/wiki/Rubberhttp://en.wikipedia.org/wiki/Rubberhttp://en.wikipedia.org/wiki/Rubberhttp://en.wikipedia.org/wiki/Aerial_photographyhttp://en.wikipedia.org/wiki/Geographic_information_system#cite_note-17http://en.wikipedia.org/wiki/Decision_makinghttp://en.wikipedia.org/wiki/Decision_makinghttp://en.wikipedia.org/wiki/Map_projectionhttp://en.wikipedia.org/wiki/CADhttp://en.wikipedia.org/wiki/Point_of_salehttp://en.wikipedia.org/wiki/Elevation_(geography)http://en.wikipedia.org/wiki/Latitudehttp://en.wikipedia.org/wiki/Longitudehttp://en.wikipedia.org/wiki/Coordinate

  • 8/11/2019 Comp 1 Project

    13/13

    PoliceInformation

    Systems

    Submitted by: Jessah Mae L. Manuel BSFS-1A

    Submitted to: Mr. Raymond Liboon


Comp 766 - Final Project Report Stochastic ... - McGill CIMsiddiqi/COMP-766-2004/projects/shiyan.pdf · Project Report Comp 766 - Final Project Report Stochastic Completion Field

Comp 766 - Final Project Report Stochastic ... - McGill CIMsiddiqi/COMP-766-2004/projects/shiyan.pdf · Project Report Comp 766 - Final Project Report Stochastic Completion Field

Final Project Comp

Final Project Comp

Jamie Kelly - Project 1 & 2 - Comp 3027

Jamie Kelly - Project 1 & 2 - Comp 3027

University of Hawaii at Manoa · 2014-08-28 · University of Hawaii at Manoa Your Inst Comp 1 Comp 2 Your Inst Comp 1 Comp 2 Your Inst Comp 1 Comp 2 First-time Full-time Freshmen

University of Hawaii at Manoa · 2014-08-28 · University of Hawaii at Manoa Your Inst Comp 1 Comp 2 Your Inst Comp 1 Comp 2 Your Inst Comp 1 Comp 2 First-time Full-time Freshmen

COMP 246 GROUP PROJECT PART-B v.2

COMP 246 GROUP PROJECT PART-B v.2

Project Sa Comp

Project Sa Comp

Comp. main. 1 project

Comp. main. 1 project

Bipin Relaince Project Totla Comp Hrd Bound

Bipin Relaince Project Totla Comp Hrd Bound

Comp Project Final

Comp Project Final

Kallee Hills Comp Project

Kallee Hills Comp Project

Comp 2_Board 1

Comp 2_Board 1

Comp 1181-project report structure

Comp 1181-project report structure

Mobile Comp 1

Mobile Comp 1

COMP 6703 eScience Project Semantic Web for Museums

COMP 6703 eScience Project Semantic Web for Museums

Galleon Comp[1]

Galleon Comp[1]

COMP 558: Final Project Report - McGill CIMsiddiqi/COMP-558-2012/eric-alexandre.pdf · COMP 558: Final Project Report Surface reconstruction using the level set method Alexandre Vassalotti

COMP 558: Final Project Report - McGill CIMsiddiqi/COMP-558-2012/eric-alexandre.pdf · COMP 558: Final Project Report Surface reconstruction using the level set method Alexandre Vassalotti

TouriSME Comp Project presentation november_2016-1

TouriSME Comp Project presentation november_2016-1

Ludlow Comp 1

Ludlow Comp 1

COMP 7370 Advanced Computer and Network Security Comments on Project 1

COMP 7370 Advanced Computer and Network Security Comments on Project 1

First-time, Full-time Freshmen · 2020-05-27 · University of South Carolina-Columbia Your Inst Comp 1 Comp 2 Your Inst Comp 1 Comp 2 Your Inst Comp 1 Comp 2 2014 CIRP Freshman Survey

First-time, Full-time Freshmen · 2020-05-27 · University of South Carolina-Columbia Your Inst Comp 1 Comp 2 Your Inst Comp 1 Comp 2 Your Inst Comp 1 Comp 2 2014 CIRP Freshman Survey