No.79 THE MAGAZINE OF THE AUSTRALIAN … no.79 the magazine of the australian computer society september 1992 ai17v92 awards for achievement

PROFESSIONAL

COMPUTMGNo.79 THE MAGAZINE OF THE AUSTRALIAN COMPUTER SOCIETY SEPTEMBER 1992

AI17V92

AWARDS FOR ACHIEVEMENT

(I Do you have any involvement in management, supervisory or a purchasing role?

Do you need to keep up-to-date with the very latest products and equipment in your industry?

If you answered yes to even one of these questions then you need to be a regular subscriber to Professional Computing

youbeingkept■ ■■

At just $50 a year, it’s a small price to pay for the power of information.

»- Phone Connie Georgas on:(03) 520 5590 Melbourne or 000 335 190 (free call) for other

Peter Isaacson Publications45-50 Porter St Prahran Victoria 3181

PRESIDENT’S MESSAGE:

Technical edgeTHERE are many members who believe that, first and foremost, the ACS is a technical organisation dedicated to the introduction and support of IT in the community. Obviously, a large part of our professional expertise is firmly grounded in the technical area. The pervasion of IT into almost every aspect of our lives has been the result of unrelenting technological development and innovation.

The ACS has recognised that it is fundamental for members to “keep up” and has endeavored to provide an environment and range of member services that support the technological challenges of being a professional. The PCP scheme, which allows for self-directed continuing education, is an example of the encouragement of current expertise in the IT industry. We have recently announced the initiation of Certification for our members and work is already underway to complete the scheme and get it implemented next year.

In less formal ways, the CS is also working to provide other opportunities for members to gain and maintain the technological edge. Branch conferences, national conferences, seminars and professional development workshops are ways that members find new ideas and network with their peers. In recent years there have been several international conferences on issues as diverse as Very Large Databases, Computers in Education and AI.

One of the most important areas in the ACS for technical development, networking and participation has been the technical board. At the last council meeting, your branch councillors recognised that a succession of technical boards had been struggling to cover the enormous range of technical activities being demanded by the members.

Council voted to create two new technical boards in addition to the board currently in operation. The three TBs, with their range of technical activities, are shown in ACS in View. Essentially, they involve the three streams of computer science, computer systems and software engineering and information systems.

They also cover the 10 IFIP technical committees and the SEARCC SRIGs. In total, there are no less than 40 areas of interest currently defined.' Many of these will translate into conferences, meetings, seminars and activities, which allow you and I to maintain our technical knowledge.

Gopal Gupta, Karl Reed and Graeme Simsion have been appointed TB directors for CS, CS&SE and IS respectively. They are charged with revitalising the TBs and improving service to you, the customer.

I hope that many other members will get involved with the TBs and help make the technical side of the ACS absolutely brilliant for everyone. It’s a pretty important activity, isn’t it?

Geoff Dober, President

PROFESSIONAL

COMPUTINGCONTENTS: SEPTEMBER 1992

BUILDING DISTRIBUTED APPLICATIONS — NOW: You’ve crested the first wave. The network is running smoothly, the number of workstations in the system is growing (more slowly than it used to, perhaps, but the trend is up), but some real issues still hold back your development work. 2

OPEN SYSTEMS — AN AUSTRALIAN SURVEY: If it’s so good for you, why doesn’t everyone go ahead and do it? 4

LETTERS TO THE EDITOR: On membership and handicapped learning. 7

CHOOSING A SUPPLIER: A problem like that of the renaissance. 10

EVALUATING SYSTEM SECURITY — AN INTERNATIONAL REQUIREMENT: This is part 2 of the article started in the July/August issue. 13

ACS in VIEW: 20

HUMAN FACTORS IN PROFESSIONAL COMPUTING IN AUSTRALIA: People are often blinded by technology, a problem illustrated by a United States survey which indicates that 80 per cent of VCR owners cannot program their machines. 24

COVER: AITA ’92, sponsored by 1 cific Computer Weekly and Australian Computer Society, are A tralia’s most coveted computer ind try awards. AITA stands for the Aus lian Information Technology Awai designed to recognise the very best Australian innovation and achie ment.They are open to any individual company who has contributed to growth and development of inforr tion technology in Australia in the months to 23 September 1992, in following categories:— Software product.— Exporter.— Media advertising campaign.— Student.— IT manager.— IT consultant.— IT lecturer.— Achiever.A panel of judges nominated by ACS will decide the eight awards. ' year the awards will be presented in Melbourne in November.

II Aif

PROFESSIONAL COMPUTING. SEPTEMBER 1992 1

OPEN SYSTEMS

Building distributed applications tics O)

You’ve crested the first wave. The network is running smoothly, the number of workstations in the system is growing (more slowly than it used to, perhaps, but the trend is up), but some real issues still hold back your development work.

By Peter Westhorp

ALTHOUGH integrating disparate equipment is still one of the big issues (can a PC marry an X system and remain a PC?), there are newer issues, like getting pro

gramming productivity back up above pre-GUI levels.

There is an Australian tool that addresses this — the client-server version of OpenUI, the user interface management system from Open Software Associates.Opening the system

A widely accepted demarcation is that the desktop machine is ideal for managing the interaction with the user, leaving database and integration services to the more grunty corporate hub. In fact, it may also be that the desktop device still has spare cycles, and can take up some of the application load as well. Trying to create this model from scratch is too expensive, however it’s a model implemented easily and cheaply with OpenUI.User Interface Management OpenUI is a true User Interface Management System (UIMS). When used to create the user interface (UI) of an application it simplifies application code by managing user interaction, including data editing and validation, error correction and so on. It’s an analogy for a DBMS - OpenUI manages the user interaction, as a DBMS manages the file details, and presents user code with application-ready data through an elegant API. The structure of an application has evolved as shown in figure 1: the database manages the back end, and OpenUI the front. The remaining application code, written in the language of choice (including COBOL, C, C++ and Pascal), deals with business rules and heavy-duty computation.

OpenUI, as a true UIMS, encourages a clear separation of the semantics of an application from its presentation to the user. This separation is like the one enforced by a DBMS: application code need have no more concern with the location of something on the screen than it has for the position of data on the disk. Result: easier maintenance. Most requests for change concern the user interface, and with OpenUI you can do major rework of the UI design without having to change a line of application code.Choice of GUIs and terminals

OpenUI makes an application presentation independent. For a single development effort, a business application will run on Microsoft Windows, Presentation Manager, Macintosh, or OSF/Motif — again, without changing application code. Because OpenUI drives the standard GUI system, the application appears and behaves on each GUI as if it had been written specifically for that environment.

But because many enterprises still have a heritage of character terminals, OpenUI also includes

OUlrackcr (1? jg

SelectI pip

MQrdet Entry System;

OPEN SOCTWAKC

Conp.im/Ottent. Holier! :

t'oii f>m i 'iUnuytii

§nii-s/iK milyiuli

i)tU Until1j[riiJct»-TU3r> 0|>«

■dyru-ut

OUanekcfChequeAccount

■ EAWOrfcr.

An application presented in three styles through OpenUI. Top: “Terminal”, Middle: “Motif”, Bottom: “Windows”.

a full window manager for terminals (almost any terminals) that drive the new, GUI-designed application on the older technology. It means that users can evolve application development to new paradigms without scrapping existing investments, or creating a power struggle between islands of old and new technology.

OpenUI beats the lowest common denominator syndrome that cripples many cross-platform tools. It equalises GUIs by providing for shortfalls. For instance, where Windows and Macintosh have established Help systems, Motif has none. OpenUI provides a default Help system for platforms that lack one, but drives the standard Help system where one exists.

2 PROFESSIONAL COMPUTING, SEPTEMBER 1992

- -

. ; * - r"" « .

: I' Tfisc^fevfe;? •:-

MM—MMSmSSSmSSiS

StandardGUI

Applicationcode

OpenUI

Application

DBMSDBMS

i Evolution of application architecture over time.Open UI is a true User Interface Management System and provides similar structural benefits as a DBMS brings to the application.

And because OpenUI is native in each GUI environment, it leaves the way open for the level of interoperability desired. Of course, interaction through UI functionality like cutting and pasting via clipboards is fully supported, and user code can utilise other services such as DDE without limitation.

Client Server

This functionality has been available for a year now, winning awards (see Professional Computing August 1991) and customers in Europe and USA as well as Australia/NZ. One sure sign of the quality of the architecture is its support and

adoption by system vendors. Another is that the API did not need to change to incorporate the ’hot’ vector graphics in OpenUI 1.4.

Another measure of its strength comes with the announcement of the OpenUI Client and OpenUI Server products. Again, there is no change in the API. In other words, users change nothing in the code of an OpenUI application to move it from a stand-alone computer, to distribute it across a network. Simply install the OpenUI Client/Server products, and the user interface is immediately delegated to the desktop.

This delegation might sound familiar to X aficionados, but in fact there are significant differences. They stem mainly from the level of the

MNetwork front Network back

Restricted API

—

4 OpenUI Client and OpenUI Server each offer an API, allowing for application code elements to be distributed across the network without special programming requirements.

PROFESSIONAL COMPUTING, SEPTEMBER 1992 3

OPEN SYSTEMS

Programmers can ignore the network and focus on the application.

API. With OpenUI a single API call can delegate a great deal of processing to the UIMS, so that network efficiency is maximised. Instead of creating network traffic for every mouse movement, OpenUI operates in a record-oriented mode, passing whole blocks of data (of user specification) to the application code at one time.

Another improvement is that users do not need to move non-UNIX PCs into the world of X to get the benefits of client-server computing. Since OpenUI provides the client-server separation, and also drives the native GUI on each platform, it means users can integrate any desktop device into a client-server architecture immediately, and for a single development effort. Architecture is natural

The OpenUI architecture overview in figure 2 shows how its done (The restricted API and Callback Code is discussed later). The API is unchanged, so the change to client-server is transparent to application code. Programmers can ignore the network and focus on the application.

Libraries are provided in the OpenUI Client and OpenUI Server products to handle the networking protocols on behalf of user code, with support available initially for TCP-IP with sockets, and others following as options. But there is a hidden strength within OpenUI that opens great flexibility and power.

Real distribution

OpenUI allows either process-driven programming (typical of older COBOL programs) and event-driven programming (typical of GUI programs). As part of the latter, it allows the registration of callbacks, routines of application code which are called under the control of the UIMS when specified events occur.

This becomes particularly powerful with the OpenUI Client/Server products, because, as shown in figure 2, they actually both present an API (with the OpenUI Client restricted so that the application code on the backend machine always remains in ultimate control). Hence, callbacks of application code can be located on either the front-end or back-end computer, transparently to the code. What’s more, the two APIs even allow for different languages, so users can write the main application in COBOL on a hub computer, with callbacks written in C in the front end.

There’s obvious potential for designing and quickly building an application that is much more distributed than a traditionally client-server one. The benefits of better utilisation of the network-as-system depend on particular situations.

However user application development evolves, the simplicity and transparency of OpenUI provide a key to really make systems open.

Author: Peter Westhorp is Managing Director of Open Software Associates. Tel (03) 871 1666.programming requirements.

An Australian Survey

THE Australian User Alliance For Open Systems conducted an “Australian Barriers To Open Systems” survey, throughout Australia in April/May 1992.

The survey endorsed the barriers and actions identified by the US User Alliance, a body formed from the ‘Houston 30’ in 1990, and identified further challenges specific to the Australia ‘IT’ environment. Over 95% of respondents to the survey together with attendees of the meeting, strongly endorsed the need for a user alliance within Australia to address the various issues of open systems education and awareness.

Results of the survey are to be refined and published in a report: “Open Systems — Challenges and Actions” later this year. This report will set the agenda for future activities of the Alliance. A regular review of this document will be undertaken to ensure its relevance.

We present here a summary of the results from a survey sent to 240 leading Australian IT user organisations, based on the US User Alliance (Houston 30) Barriers Report first published in January 1991.

The survey shows an overall strong correlation between Australian and US user views on open systems and the actions necessary to overcome impediments to adoption.

The following two tables summarise the results of the survey carried out in April and May this year. Of special interest is that a number of the barriers identified in the US report receive less support in Australia, however all proposed actions to overcome the barriers are strongly supported.

Legacy systems and culture generated many comments, particularly from a number of users responsible for large mainframe environments, a number of respondents suggesting that the culture of the staff in their organisation is the most significant barrier. On the issue of tactical and strategic planning, many commented that they never really had time to consider strategic planning and it is not part of the business culture. This view could be the reason why this barrier only obtained 72% agreement. One respondent reported “it’s always difficult to keep our IT services up with the business requirements — who’s got time for planning?”

On a positive note the majority of respondents indicated that the barrier “fear of being unable to compete” would not effect their decision to adopt open systems (assuming stable


products exist) as it was noted that a phased approach would result in limited technical risk with proven and emerging open system IT technologies. The reduction in concern today, may also be due to a clearer understanding of open system environment profiles, the status of standards and the greater availability of products since late 1990, when the US survey was first undertaken.

The need for acceptance guide-lines on determining what products and vendor product strategies will fit within an acceptable open systems environment (OSE) or architecture received most support as a critical action.

Actions to address the education requirement were strongly endorsed. Bob Grant of Colonial Mutual indicated that “education should focus on the needs of Business Managers”. Mark Toomey of DMR said that “the real challenge is to get the whole business involved in the education process’. Clearly the User Alliance will need to make education a priority and explore the best mechanisms for the delivery of new courses on open systems through self study, tertiary institutions and commercial providers.

The need to define the term open systems was strongly supported. Mike Williams of AWA Defence industries stated that “a better interpretation of existing definitions is needed”. Frank Vardanaga, Director, Communications branch at Brisbane City Council believes “it is essential to get the definition right if users are to truly embrace open systems.”

A requirement raised by a number of respondents is the need to publish “genuine” case studies on open systems implementations, which also address the issue of migration and co-existence with proprietary systems. Without these materials open systems could founder as “just another academic bandwagon”. This point logically covers a number of actions including education, the business case and promoting the importance of strategic planning.

Lobbying a range of policy making bodies attracted some interesting comments. The need for Government to play a leading role in promoting adoption was identified by a number of respondents who noted governments role as a major user and policy maker. Perhaps recognising the difficulty of the task, few respondents identified specific bodies/organisations that should be lobbied to assist create the best environment for adopting open systems.Additional barriers and proposed actions

The User Alliance also requested that Australian organisations identify additional barriers that could effect the local uptake of open systems. The following new barriers may be incorporated in the Australian report.

Australia is remote and only a consumer of IT — This factor may be highly significant as it implies that Australian users will need to push vendors harder to be offered open system solutions, and reinforces the need to maintain an active role in international developments.

“At SMS our goal is our

clients’ success”

Practice Development ManagerStewart Niemann

“Clients use IT consultancies because they want results. I can honestly promise clients that with SMS they will get practical „

|j solutions to their business IT problems, not buzz words,pretty || pictures or off the shelf methodologies. At SMS we are committed to delivering real solutions. If this means getting involved and ||

11 making the hard decisions, then we will do it. Tough problems are jf || not solved by soft options.” ||

SMS is looking for tough, pragmatic, independent minded IT || professionals to help us grow into Australia's best IT Management | f Consultancy. 11

SMS Consulting Group Pty LtdGround Floor, 441 St Kilda Road

Melbourne VIC 3004.Fax: (03) 820 0002 Phone: (03) 820 0899

Level 6,90 Mount Street,North Sydney, NSW 2060.

Fax: (02) 955 5796 Phone: (02) 954 4729

Also an Office in Canberra adc.32355 I £


“If it’s running OK, leave it alone” has great appeal.

No open systems on the desktop —This is a perception held by many users. The Alliance working with vendors should demonstrate what is possible now, plus what will happen in the next 12 to 18 months as vendors release “windows” based applications supporting open system standards.

Timing of IT investment — Recognising that many organisations are “locked” into proprietary IT environments it will take some years before migration is perceived as practical by some organisations.

Fear of change generates uncertainty — The general view “if its running OK, leave it alone” has greater appeal to the majority of users than “let’s adopt open systems because it will meet long-term company goals.” When related to the general lack of awareness to open system this factor is significant.

Acceptance of the role of standards —Few MIS professionals and IT users have moved beyond identifying their preferred

equipment suppliers, or nominating PC software permitted on the network. Therefore most have not recognised the role of international standards when developing an IT strategy and don’t understand the potential benefits.

Perception that Government is doing little to promote open systems — A number of government lead activities such as the IESC open system sub-committee need to demonstrate to the wider community (State government and commercial user) that gov ernment is actively developing policies to adopt open systems. Government support of awareness and education activities should also be considered.

The “Unix is open systems” syndrome — It was reported by a number of respondents to the survey that too many IT users still see “only Unix is open systems”. Clearly work on the open systems definition and on practical examples of working open systems environments should dispel this misconception.

Barriers to the adoption of open systems

Barriers to adoption Australianagreement

1 Legacy svstems and organisation culture 90%

2 Insufficient ODen svstems 87%

3 Users lack of a process to define requirements 87%

4 No shared vision 79%

5 Users lack a vehicle to voice reauirements 76%

6 Tactical Dlanning verses strategic Dlanning 72%

7 No National vision 66%

8 Non linkage of ODen svstems to a business case 64%

9 Fear of being unable to compete 41%

Actions to overcome the barriers

Australian actions Australianagreement

1 Establish acceptance guide-lines 97%2 Create a user alliance for open system 95%3 Create an education process 95%4 Define the term open system 94%5 Publish a list of actions for user organisations 92%6 Promote the importance of strategic planning 92%7 Define a user reauirements process 88%8 Build a model business case methodology 84%9 Establish a bodv of research 82%

10 Lobby policy making bodies 79%


On MembershipDear Editor,

I would like to comment on the letter recently published in the June 1992 issue of Professional Computing from Peter King-Smith.

First of all, let me say that I agree with everything Peter said, and I would like to add the following comments:-

• In his reply to Peter King-Smith the CEO did not mention the percentage of members who actually replied to the recent survey;

• Many of the 77 per cent (ACJ) and 87 per cent (Pro.Comp.) mentioned in the survey who do read these publications may be like myself, i.e. searching in vain for something of interest to them;

• The articles quoted by the CEO as being difficult to define as ‘... academic ramblings... etc,’ are really just a drop in a bucket overflowing with articles and papers published that are currently of very little interest to a commercially orientated applications systems analyst or programmer;

• I consider myself to be highly professional in my attitude and application to my position, duties and responsibilities, I have progressive ideas and use state-of-the-art techniques, membership in the ACS has not had any influence on these attributes;

• I have considerable experience in all aspects of commercial computing and I have tertiary qualifications which were achieved only recently after many years in the industry without them; currently employed as a Systems Analyst, I was one of the original NSW ACS members back in 1964, being at that time a member of the first EDP group at Westpac (then the Bank of NSW), and incidentally the first female computer programmer in the Bank;

• Since entering this industry I have never been unemployed and have never had any problems changing jobs (despite the ups and downs of the economic climate), membership in the ACS has not contributed to this as many employers have not been interested in whether I was a member or not; out here in the “real world” it is ability and performance that counts;

• There have already been 2 occasions in the past when I became ‘fed- up’ and dropped my ACS member

A MATTER OF DEBATE

ship, rejoining when I thought there was a chance of change, but enough is enough.

Therefore, I would be pleased if (like Peter King-Smith) you could convert my membership to ‘dormant’ status, in the hope that one day should the ACS change (before I retire) I may also retain the option to reinstate my membership.M/s Lorraine Smith,North Sydney

More membershipDear Editor

Reading Peter King-Smith’s letter in the June issue of Professional Computing left me in two minds. I too have made heavy weather of some of the articles and papers in the Society’s publications. However this seems to be a pretty poor reason for leaving the Society. Quite the reverse, it is one of the best reasons for staying!

It is quite common for academics and professionals to be poor writers. In the field of computing, where you cannot pick your nose without the appropriate qualification, people seem to write books, articles and paper with no training or talent.

Writing is a skill, a knack and a gift, but computer professionals regard writing as something that just anyone can do. Even worse, there is a growing body of opinion which says that readability is something that can be measured by an index based on word length, sentence length, and so on.

It is not difficult to see where this thinking comes from. A colleague was telling me enthusiastically of her essay for a postgraduate course. She felt really proud of it, until she realised that she was one thousand words short of the target. So she sat down and wrote another thousand words! This seems to be a fairly common problem in universities.

Years of searching for ways to say in ten words what only requires two have created in our graduates a writing style that is wordy in the extreme. Other professionals copy this style in order to sound more educated! This creates a sort of elitism of verbosity.

Any good writer knows that once you have chosen the right words and said what you want to say, more words just obscure the meaning.

I can hear the response already “simple words are all very well but one

does not always want to say simple things, or to say them to simple people.” However the preacher of antiquity says it best: “a fools voice is known by multitude of words”.

Let me finish off with a juicy cliche. A society is a just collection of people. The Australian Computer Society is not the executive committee, or the people who write those articles and papers. It is you, Peter, and me and everyone else who is a member. We cannot ask others to make the society relevant to us, we must become involved. Let’s balance the dry academics with articles which demystify these subjects. Let’s all try to rein in the jargon.Robin Herbert

The Artificial Intelligence of the handicapped mindDear Editor,

The article, “The Artificial Intelligence of the Handicapped Mind’, written by Roger Coldwell, recently published in the June 1992 issue of Professional Computing, discusses the merits of computer-aided learning, to enhance the talents and intellectual capacities of students in integrated school settings who have intellectual disabilities. He poses that this may be a tentative solution to the problems faced by the teachers of integrated students in mainstream classrooms, attempting to cope with the associated extra responsibilities and work pressures. It provides a solution to the problem of the deficit in the pupil- teacher ratio that exists in many of our schools that are providing education for these students with disabilities.

He also argues that the cognitive patterns of intellectually handicapped students can be traced when they are using problem solving type software. He proposes that this trace could be used as a means of... “exploring different ways of problem solving that are not apparent to minds which are not intellectually handicapped, just as blind people develop acute hearing ability, intellectually handicapped people have a similar faculty to compensate for the handicap”.

I have a number of concerns related to sections of this article. His views on teacher control in the classroom suggest that computer-aided learning will


LETTERS

offer instant gratification, enhanced learning, increased access to information gathering and processing strategies for intellectually disabled students. It will alleviate the stress and burden of over crowded classrooms, due to the inappropriate funding, unworkable pupil/teacher ratio levels or inadequate policy implementation that may exist in our schools. He states “... computer aided learning is proposed as a tentative aid in solving the integration dilemma”.

My experience of integration is that many schools are poorly funded and resourced when catering to the inclusion and provision of services to intellectually disabled students. The fact remains that teachers must offer suitable and equitable curricula for these students. Hardships do exist. I must disagree with Mr Coldwell in that computer aided learning (CAL) does NOT provide a solution to teachers’ problems. It usually has an opposite effect.

Teachers have had inadequate computer inservicing and many are reluctant to use microcomputers in their teaching. They have one or less computers at their disposal for periods for less than two to three hours a day, and in some schools, a week. Most schools do not possess large “banks” of problem solving software packages. Time to initiate CAL, organisation of the programme, assessment and evaluation of learning outcomes and accountability of the teacher would eventuate in increased time and resource provision for that student.

Integration stresses involvement, equal access, equity and the promotion of the rights of the individual to mainstream education, alongside peers in an appropriate learning environment. I would argue that Mr Coldwell’s interpretation of integration is quite different when he proposes that a microcomputer and open ended problem solving software can offer appropriate solutions to these already disadvantaged students.

Mr Coldwell views computers generally as “user friendly”. Which computer types, software types, configurations and teaching packages does he propose? What component of teacher inservicing has been considered? Who will monitor progress and assess performance? How will the processes of learning be accounted for and who will

document this? Where will the extra funds come from and what basic microcomputer standard does he suggest?

Many schools are struggling within constraints of limited or diminishing resources and are experiencing difficulties in keeping up with advances in microcomputer related technologies. Many have acquired microcomputers for their integrated students, usually through submission writing. Others have used philanthropic mechanisms to help equip students with enabling technologies. Once the equipment has been purchased through, further considerations must be dealt with and investigated.

Time and knowledge to set up and install the equipment correctly must be organised. Provision of sufficient time to inservice all of the relevant staff needs to be researched. This might need to be done extremely, at a cost and often proves to be very difficult for schools in remote areas. Other considerations include the time to list and document the teaching processes, the time to introduce the student, teacher assistant or parents to the equipment, the time to gather resources and develop curricula. It all doesn’t happen by chance. Coldwell’s views of compensation to teachers to overcome the additional degrees of difficulty in coping with integrated students does not match present realities nor does it offer feasible and tangible solutions.

He has worked “... with autistic children. Down’s syndrome, multiple sclerosis, cerebral palsy and other kinds of intellectually handicapped children at computer terminals.” His view that these children can profit considerably from using logic-based software of different sorts cannot be discounted. It remains that he is working within defined sets of students who have various forms of disability. His generalised comments to not refer to the wider target audience that has previously been referred to earlier in the article. His premise centres on the employment of this type of software “... used sensibly by teacher”. What constitutes sensible usage? How do you assess teacher performance and how often do you use the software?

There has been documented some exemplary good teacher practice in Australia schools where teachers have initiated compute aided programs in

special settings as well as mainstream classrooms for intellectually and physically disabled students. The literature has already highlighted the need for increased resources and time with students at the microcomputer. The notion, though, that the disabled student works alone, flies in the face of current thinking and philosophy. The special needs computer interest group support systems all actively encourage “group work” at the computer. Students should work together on tasks. This promotes meaningful interaction, dialogue, turn-taking, co-operative learning and equity. Coldwell’s interpretation of computer empowerment seems to be diametrically opposed to the mainstream opinion.

Distant supervision of CAL in the classroom, proposed by Coldwell, has been seen in the past to be an “easy way out” for many teachers. The student works separate from the class group. They have their microcomputer, software and task ready for them, but miss out on the many benefits of classroom life. This, I believe, is a form of segregation. The student becomes isolated and distinctly different from the rest of his/her peers. Their disability and different learning needs are therefore amplified and made even more apparent.

Integration should support inclusive curriculum. It should provide mechanisms for a balanced, individually based curricula to enhance the disabled child’s potential to be more involved and supported. We should encourage all students to be aware of and to be empathetic towards each others needs. A student working in isolation and being supervised at arm’s length does not constitute equitable provision of teacher time or expertise in my opinion.

The case studies included in the article are not representative of usual or normal experience in this area of special needs computing. Autocad would not be available to the majority of teachers, due to its inappropriateness to the curriculum (especially in primary or junior secondary), its price, the computer configuration that is requires nor the steep learning curve that is associated with such a dedicated package. Home exposure and usage is far different from classroom concerns and the curriculum. The boy in question was a mute, autistic child, and this


LETTERS

seems to be a very specific incidence which does not represent a typical situation. The second case study involves computer-aided draughting software, again not used in most junior school settings.

The section on Montessori teaching theory again has some relevance and cannot be wholly refuted. Put into context, though, the seemingly random usage of microcomputer technology in open ended learning situations can be fraught with danger without proper guidelines and appropriate teaching strategies. Children do learn in different ways. They are constantly exposed to technology and assimilate far faster than those of past generations. They

have been born into a world beset by electronic gadgetry. They accept it.

We must not be too easily led into believing that children with disabilities can be enabled by microcomputer software alone. Teachers must direct the learning. Qualified people must develop appropriate learning systems. The pedagogical attributes of the programs must support the learner. Accountability and evaluation are required to substantiate progression and understanding. Computer software ‘tracing’ can shed light on the processes of learning, but are only useful if we know what they reflect or indicate.

Coldwell’s research and study may provide fascinating insights into the

learning processes of a sample group of disabled children, but, when put into a much wider context in the real world, his findings are not conclusive proof that microcomputers offer a panacea or a “sure fire” solution to the political and economic shortcomings of our education systems.

Gerry KennedyCo-ordinator of Technical Aids St Paul’s School for the Blind and Visually Impaired Kew, Victoria

“_r=_r DP Education (Seminars) pty ltdINDEPENDENT SPECIALISTS IN EDP TRAINING SINCE 1972

Independent trainers since 1972, we provide specialised training to professional computing personnel. Many of our courses are workshop style, wit a limited audience of 20, ensuring excellence and value in training and development. All courses satisfy the Government Training Levy, and have Australian Computer Society PCP hours allocated.Basic Systems Analysis Workshop Keith London Data Analysis Workshop Sean BoylanStructured Design Workshop Sean BoylanThe Management of Testing Geoff QuentinAcceptance Testing Workshop Geoff Quentin Program Testing Workshop Geoff QuentinImproving Communication Skills Geoff Quentin Software Testing Tools Geoff QuentinUser Documentation Workshop Keith London

EARLY BIRD fee discounts are available to all our public courses, for those who act quickly. Ring (02) 918 2223 to see how you qualify, and receive further information on these and other courses.

1972-1992, 20 years of service

Sydney Melbourne CanberraOctober 12-16

October 19-20 October 26-27


October 21 October 12 November 2

October 22-23 October 13-14 November 3-4

October 26-27 October 15-16 November 5-6


October 30

October 19-20 October 21-22 October 29-30


OPEN SYSTEMS

ChoosingA simple Renaissance problem for you

Important to ensure that prefered suppliers lists are of manageable size.

a supplierBy Ian Hugo

PARADOXICALLY while freedom of choice is one of the great benefits of open systems, it also poses problems of its own. In a market made up primarily of standard components,

subsystems built from commodity chip sets, etc, how can the complexity of choices offered be simplified and reduced to manageable proportions?

Just as in the feudal societies of the Middle Ages the barons created simple, secure lives for their serfs, relieving them of all important decisions, so proprietary environments have accustomed most users to manoeuvring within a narrow choice- band. Although very restrictive, this simplifies decision-making, sometimes to the point of deciding on the least unacceptable solution. Erich Fromm in his seminal work Fear of Freedom points out that although serfs were free to do very little they were also free from most of fife’s hard decisions.

Open systems, by contrast, represent the Renaissance. They free users from the shackles of proprietary environments, but force them to deal effectively with their greater freedom of choice. So the problem we address here is how to isolate the important factors from the less relevant detail, and thereby simplify the decision process.

Lists of Preferred Suppliers It is customary for large corporate IT depart

ments to operate lists of preferred suppliers, even for proprietary environments. This has the effect of pre-quafifying potential suppliers, and where formal substantiation of purchasing decisions is required, it can reduce or eliminate the need for invitations to tender.

For preferred suppliers lists to be useful, they must contain some optimal number of sources. A hundred suppliers in a list is clearly as useless a only one. For any one category such as processors, large disks, LANs, etc, a list of six potential sources is likely to be an upper limit; just two or three may serve all practical purposes, and three or four may be the usual case.

The precise number will depend on how total IT requirements are broken down, and on the criteria pertaining at any individual company. Bear in mind that the objective is to simplify decisionmaking without making the process arbitrary. Typically, such fists will not include all the suppliers that meet the criteria employed, but rather will limit themselves to those suppliers that meet the criteria best.

With proprietary environments, the main problem may be to find more than one or two suppliers who meet the minimal criteria. With open systems, the problem is more likely to be one of extending and tightening the necessary criteria (relevant) in order to restrict contending suppliers to a manageable number.

Whatever the case, it will be important to ensure that preferred suppliers lists are of a manageable size. Lists that are too extensive defeat the object of

having them, and will entail unnecessary expense in the decision-making process.

The major criteria likely to be relevant in the general case are discussed below, in a sequence running broadly from the more general to the more particular.

Commitment to Open SystemsA major but intangible criterion is the degree of

commitment of any given vendor to the open- systems market. At an open-systems event in particular, it will be difficult to find any supplier who does not claim to be totally committed to open systems; moreover, it will be equally difficult on the spot to prove otherwise.

There are questions which will help to differentiate between suppliers, but this is an area that will need some homework. Most of the major suppliers have been in existence for some time, and are responsible for proprietary environments as well as being involved in open ones; they are necessarily committed to maintaining the former as well as exploiting the latter. The questions to be asked must therefore be helpful in assessing to what extent a supplier is committed to open systems.

One way of approaching this problem is to ask about representation on standards bodies. Suppliers genuinely committed to open systems will be represented, for instance, on alternative bodies as well as on the general spectrum of bodies covering different aspects of IT. Membership of alternative bodies can be regarded cynically as hedging one’s bets; on the other hand, it can be seen as a commitment to open standards generally, no matter which standard eventually achieves general acceptance.

Interconnection to widely used proprietary environments — SNA, for instance — is also a sign of commitment to practical open systems. It is worth finding out what proprietary protocols the supplier can emulate, not just when he is asked but as a part of the standard product portfolio.

Finally, it may be interesting to find out where the current R&D budget is going. Many suppliers will be devoting much of their R&D budget to proprietary systems, both as a matter of necessity and as a result of previous plans. R&D is intrinsically a long-term activity, and budgets for it cannot be switched at a moment’s notice. However, if the supplier is serious about open systems, there should already be a discernible, growing emphasis on open systems at the expense of proprietary ones. Differences over the past two years, and commitments for the future, may reveal as much or more than the current budget division.

Systems IntegrationAs IT systems start to consist more and more of

standard components, so it becomes more uigent to consider who is to integrate the components into complete systems. In the long run, it is likely to be the corporate IT departments themselves who will perform this task. However, since open systems are still a new development, most IT departments will as yet be unused to the process. Small IT departments may find that the task is beyond their resources and automatically seek an outside agency to perform systems integration.


f rnr

?wi

Esggn H [.yiSsi Wnpe|

AViiON — Data General’s Open Systems family

If systems integration is not to be performed internally, either in the short term or as a matter of policy, then preferred suppliers of this service must be chosen. An obvious source is one of the many systems houses that have traditionally provided turnkey systems for proprietary environments. Although systems houses can be expected to have the general skills required, it is important to ascertain whether they have experience with open systems, and more specifically, which kinds of open systems. Most are not large enough to carry expertise in all areas, and may specialise in, for instance, UNIX systems or local-area networking only. Enquiring about actual projects completed successfully, as potential references, is a good way to separate hard experience from claims of expertise.

However, there are other potential sources of systems integration. The time has long gone when the IT industry could be divided easily into suppliers of hardware, software and services. Most of what have traditionally been regarded as hardware suppliers, for instance, now derive a large part of their revenues (sometimes as much as half) from the supply of software and services. Suppliers of open systems in particular have tended to foresee that users will need help in creating working systems, and some are specifically allocating resources to integration services.

An advantage of the traditional hardware vendors is that they typically already have the critical size necessary to carry the range of skills needed for complete systems integration. They are much less likely to be narrowly specialised than systems houses. A disadvantage is that they may be unen-

thusiastic about the prospect, if offered, of integrating components that are entirely sourced elsewhere. The most obvious case for using them as a system integrator arises when they are also supplying some of the system components.

As with systems houses, it will be important to probe their actual experience. In both cases the quality and extent of support on offer will be as important as evidence of integration skills. Support should ideally extend to training, education and documentation as well as to the more obvious areas of maintenance and trouble-shooting (which, incidentally, should include a “hot-line”). Training should cover not just the specifics of particular systems but also education in concepts and in aspects of systems integration; if bringing systems integration in-house is a longer-term goal, your current integrator should be able to bring in-house staff up to speed.

Focus on Business SolutionsIt is important always to bear in mind that the

ultimate purpose of any IT system is to provide a business service, cost-effectively. That needs stating because in the current state of the art there are some situations that open systems cannot yet cope with adequately. For projects in which fairly sophisticated wide-area networking is involved, for instance, an OSI solution may prove unacceptably expensive or not even be available at all.

Obviously, a commitment to open systems cannot be allowed to override normal business considerations of cost-effectiveness. If there appears currently to be no open-systems solution to the


The argument for open systems is not a theoretical one; it is a practical answer for today.

business system you require, or only a very inelegant or costly one, it is better to admit rather than fight the fact, and go for a proprietary solution.

In such cases, there are still two factors to consider. Firstly, make sure you have taken account of full life-cycle costs in reaching your conclusion. In the current state-of-the-art, open systems are sometimes marginally less cost-effective in he shortterm but more cost-effective over time. Secondly, take interoperability between open and proprietary systems into account when making your choice of proprietary system. If your company is committed to moving to open systems, then a new proprietary system will almost certainly have to coexist effectively with open systems at some time, even if not immediately.

The true case for open system is a practical one, not a theoretical one. Although they already offer many advantages, they are still in the early stages of development. The really important imperative is to avoid, wherever possible, building up general investment in proprietary environments. Shortterm proprietary solutions to specific problems, if not desirable, should not be ruled out if they clearly provide th best answer. Avoid open-systems dogma.

Hardware considerationsThe major change in hardware that affects open

systems is the move to use commodity chip sets as a basis for processor design. Motorola, Intel, MIPS and Sun produce the most widely used chip sets. The use of these chip sets has considerable bearing on the compatibility of processors, so it is worth enquiring whether they are used in a supplier’s processors. Conversely, the use of custom-built chips will tend to lock you into the particular suppliers’ machines.

Another important hardware consideration is the bus architecture. There are two general standards today: one is IBM’s Micro Channel Architecture (MCA); the other is the Extended Industry Standard Architecture (EISA), which is a development of the PC AT bus structure and was promoted initially by Compaq. The VMEbus is also widely used, and the Futurebus+ (a development of the VMEbus) is widely tipped as a future standard.

A final, general consideration with any supplier’s range of machines is to ask about the range of power offered within the one architecture. Most systems of any importance require a range of different CPUs, most obviously a central CPU and PCs, but often with some intermediate CPU’s networked in between. Also, if one has a reasonably wide range of CPU power available within the one architecture, with reasonably small increments in power between machines, there is good flexibility when future upgrade requirements are uncertain (as they usually are).

Software considerationsUNIX is inevitably the focus of software atten

tion. All suppliers will owe allegiance to either UNIX International or the Open Software Foundation; a few are allied to both.

If you already have UNIX systems of one flavor or another, you should enquire as to the availability of any supplier’s software in your flavor. If you don’t, you should enquire about any extensions the supplier has made to the original UNIX to counter its inadequacies. These are most notably to do with security, handling commercial files and allowing multiprocessors (symmetric multiprocessing).

As long-term considerations, you should ask about conformity to X/Open and POSIX standards. A lot has been written about battles over the various flavors of UNIX, but there can be little

doubt that the operating system will effectively be standardised before long. “Effectively” means here that any differences will be largely cosmetic, to save the face of one camp or the other. Route maps to the holy grail of one true standard, and dates of availability for particular milestones along the way, are other matters you can question.

Finally on software, it is useful to ask about binary compatibility. A number of standard application binary interfaces (ABIs) have been created for the most widely used commodity chip sets to allow the provision of “shrink-wrapped” software. This is application software that can be loaded and used directly without the need for prior compilation; it will run under UNIX on any machine that uses the same commodity chip set. It is useful to know which software suppliers are lined up behind each ABI, as an indication of how much shrink- wrapped software is (and will be) available on systems using that ABI.

Network considerationsAs has been suggested earlier, while OSI is in

tended (and likely) to become the eventual answer to inter-system networking, it still has a long way to go for many purposes. The X.25, X.400 and X.500 protocols are widely implemented, and are useful for many purposes, so it is worth enquiring whether suppliers have implementations of them.

If OSI won’t do the job for you now, or only at unacceptable expense, all is not lost. The communications services provided with most UNIX systems conform to the TCP/IP protocols. Although TCP/IP is not a framework for the future, it is a set of standards that is widely implemented now and is non-proprietary. Ask suppliers whether they provide implementations.

The de facto standard for most large area networks is SNA. Proprietary as it is, it is too important to ignore. Any supplier dedicated to open systems should acknowledge its significance by providing products with good interoperability with it.

For local area networks, there are both the network itself and the network-operating systems to be considered. Three major standards share the LAN market: Ethernet, Token Ring and Starlan. It could be useful to have all three available to you. For LAN operating systems, the prime contenders are NetWare and LAN Manager; look for both.Summary

The argument for open systems is not a theoretical one; it is a practical answer for today. However, until standards for all aspects of IT have been defined by ISO an implemented by most suppliers, the practical case will involve practical compromises. Already the work of ISO and other standards organisations has forced owners of proprietary environments to make them more open and capable of inter-operating with truly open systems. Many existing standards created by alliance of suppliers are to that extent only half-open, but halfway to heaven is better than nowhere at all.

The practical case for open systems is practical precisely because it acknowledges that progress must proceed a step at a time, each step providing more openness than the one before. That is the attitude you should be looking for from suppliers, and you should be able to find it in their products and services. Do not accept impracticability as an excuse for an inadequate product range; it is likely to be simply an excuse for persistence with proprietary solutions.Reprinted with permission, from the Data General publication, ‘Practical Open System — a Guide for Managers’ by Ian Hugo.


SECURITY

Evaluating system security — now a requirementThis is part two of the article written by Professor Bill Caeili, FACS, FTICA, Director of the Information Security Research Centre at the Queensland University of Technology, Chairman of Technical Committee 11, (Privacy and Security in Information Processing Systems), International Federation for Information Processing (IFIP), and your Society’s Representative to that world body.

By W. Caeili

ITSEC (Information Technology Security Evaluation Criteria)

IN June 1991 a group of four European countries, France, Germany, the Netherlands and the United Kingdom, who had been independently working on their own set

of security evaluation criteria and processes combined to publish the “Information Technology Security Evaluation Criteria (ITSEC)”. The 1991 document, version 1.2, followed an earlier joint document (versions 1.0 and 1.1) that set out the combined efforts in this area, the ITSEC represented new thinking in the area and departed rather radically from the earlier TCSEC of the US It had a number of distinguishing features, including:

i) clear definition of a so-called “Target- of-Evaluation (TOE)”, that comprised clearly a full system or a product,

ii) clear separation of the specification of security functionality and assurance of that functionality;

iii) incorporation of security functions particularly significant to commercial users, including integrity, availability and so on.

First of all the ITSEC set out some examples of functionality classes, that closely mirrored the functionality aspects set out in the USA’s TCSEC, as follows:ITSEC 1.2 — Example functionality classes (TCSEC analogues)

F-Cl Discretionary access control as for Cl

F-C2 Finely grained discretionary access control as for C2

F-Cl Discretionary access control as for Cl

F-C2 Finely grained discretionary access control as for C2

F-Bl Mandatory access controls as per Bl.

F-B2 Extension of mandatory access controls to all subjects and objects as for B2.

F-B3 Distinct security administration roles and expanded audit as per B3 and Al.

However, here the ITSEC started to depart from the TCSEC in a number of ways and

some new examples of functionality classes were suggested, as follows:

ITSEC 1.2 — Example Functionality Classes (Additions)

F-IN Higher integrity requirements for data and programs (e.g. database systems, etc.)

F-AV High requirements for availability of a complete “target-of-evaluation” or for special function of it (e.g. manufacturing control processes, etc.)

F-DI High requirements for safeguards on data integrity during data exchange.

F-DX Networks with high demands for confidentiality and integrity of exchanged information (e.g. exchange of secure data via insecure or public telecommunications services, etc.)

ITSEC also set out the concept of a “Claims Language” , a means of describing the claimed security functions provided by a product. The language is “semi-formal” in style using natural language. The aims of the language may be summarised as:

a) provision of a semi-formal style for specifications that can be readily read and understood,

b) an indication of any necessary linkages and groupings of security functionality claims,

c) reduction of any scope for ambiguity, andd) expression of the claims in such a way as

to be amenable to evaluation.The next step in the ITSEC was the separate identification of the needs for assessment of the effectiveness of the claimed functions. In addition ITSEC then set out requirements for the assurance of the correctness of the claimed security functions. In this regard seven evaluation levels were defined, labelled as levels EO to E6, as the highest. These levels may be summarised as follows:

ITSEC — Assurance of Correctness EO Inadequate assurance

El Security “target” exists and an informal description of its architectural design also exists. Functional testing determines that a submitted product or system (TOE) meets its security target.

E2 El plus an informal description of the detailed design. Configuration control system and approved distribution procedures exist.

E3 E2 plus evaluation of system software source code and hardware schematics/


Information Systems Methodologies - A Framework For Understanding

9am - Spin Brisbane 12-13 October Sydney 15-16 October Melbourne 19-20 October

The Speakers Objectives Seminar Outline Who Should Attend

Bill OlleSince 1972, Dr T. William Olle has had his own consulting practice based in the UK. He specialises in the application of database technology and the selection and use of information system methods. Prior to returning to England, he worked in the Netherlands, USA and Norway for 15 years.He has for many years been active in database standards work in ISO and has represented the British Standards Institution on numerous ISO working groups. He has represented the British Computer Society of IFIP TC8 (Information Systems) since TC8 was founded.Bill Olle was originally responsible for initiating the CRIS work in IFIP Working Group 8.1 and has been involved in various capacities in all four CRIS working conferences and as chairman of the CRIS Task Group which has been responsible for preparing the framework.Alex Verrijn-StuartAlex has been Professor of Computer Science at the University of Leiden until his retirement in November 1991. Prior to his appointment in 1970, he joined the Royal Dutch Shell Group, Amsterdam as a research physicist and in 1958 moved into the world of operation research, computing and planning, first in Shell's Paris office, followed by periods in The Hague, London and Abadan.Information systems form his special interest, both in terms of their formal aspects and their practical side. Alex is IFIP TC8 National Representative for the Netherlands and has been Chairman of IFIP Working Group 8.4. He is a Fellow of the British Computer Society as well as being a member of ACM and the Dutch and German computer societies.

"Information Systems Methodologies: A Framework for Understanding" is based on work carried out by an international task group of IFIP's Working Group 8.1 (Design and Evaluation of Information Systems). Two of the leading members of the Task Group, Bill Olle and Alex Verrijn Stuart will together be presenting each of the three seminars in Australia as part of a world series.

The framework for understanding presents the concepts in methodologies in a way which is independent of any specific methodology. The various ways of handling an information systems life cycle are presented. There is a strong emphasis on three stages of such a life cycle, namely planning, business analysis and system design. For each of these stages a component analysis has been carried out of the techniques which are used in various methodologies. A thorough understanding of these components is the basis for an in- depth understanding of the similarities and differences among methodologies in practical use around the world. The seminar also covers the interaction between CASE Systems and information system methodologies.

The seminar is aimed at those who wish to acquire a broader view of methodologies. Experience in the application of one methodology would be useful but not a necessary background.

Day 1

1 Key concepts used in Framework

2. Scenarios for use of Information Systems Methodologies

3. Modelling - stages, perspectives and step categories

4. Component analysis for Business Analysis stage

Day 2

5. Component analysis for System Design stage

6. Illustrations of design processes and design products

7. Component analysis for information systems planning stage

8. Evolution of an installed system

9. Representation and documentation

10. Computer aided systems engineering

11. Concluding remarks

Practitioners:

Many practitioners are not yet using any methodology and are experiencing problems with establishing user requirements and making effective use of established techniques such as data modelling, data flow analysis and functional decomposition.

Single method practitioners:

For those with experience of only one method, this seminar presents methodologies in such a way that the participants develop a much broader understanding of how methodologies differ and how they are similar.

Teachers:

For those teaching methods and techniques as part of tertiary education, the seminar gives a basis for understanding which can subsequently be communicated to students.

Researchers:

For those doing research into methods and techniques, the framework is a well established spring board. Several significant projects have been proposed.

BRISBANE 12-13 October 1992 SYDNEY 15-16 October 1992 MELBOURNE 19-20 October 1992Sheraton Brisbane Hotel The Waratah Inn Swanston Hotel249 Turbot Street Brisbane 220 Goulburn Street Darlinghurst Sydney 195 Swanston Street MelbourneTel: (07) 835 3535 Tel: (02) 281 4666 Tel: (03) 663 4711

THE SOCIETY FOR I.T. PROFESSIONALS

SEMINAR REGISTRATION FORMHOW TO REGISTERPlease contact the ACS National Secretarial by; (I) Telephone (2) Facsimile (3) by mailing the registration form to. ACS National, PO Box 319, Darlinghurst, Sydney, NSW 2010 Tel: (02) 211 5855 Fax: (02) 281 1208

Information Systems Methodologies - A Framework For Understanding

(Two day Seminar 9 - 5pm)

Please tick {/) the appropriate box and fill in the coupon.Photocopy this form for multiple registrations.

Q Brisbane 12-13 OctoberQ Sydney 15-16 OctoberQ Melbourne 19-20 October

Fee □ ACS Members Q Non Members$595 $695

Fee includes morning and afternoon teas; lunch and a copy of the book "Information Systems Methodologies"

Transforming The Organisation - Information Technology And Business

Engineering

(Half day Seminar 9 - 1pm)

Please tick {/) the appropriate box and fill in the coupon. Photocopy this form for multiple registrations.

G Melbourne 5 NovemberG Sydney 10 NovemberG Brisbane 12 November

Fee Q ACS Members G Non Members$145 $245

Fee includes morning tea and course notebook

The User Role In

Successful Systems

(One day Seminar 9 - 5pm)Please tick (/) the appropriate box and fill in the coupon.

Photocopy this form for multiple registrations.

G Brisbane 23 NovemberG Sydney 24 NovemberQ Melbourne 1 December

Fee Q ACS Members Q Non Members$200 $250

Fee includes morning and afternoon teas,- lunch and a copy of the book "Understanding Information Technology".

Team Discount

Any Organisation enrolling 3 people, may send an extra person at no charge

Team Discount


Team Discount


M

Position:

ACS Member No:

Name: _________________________ —______________________________________

Position:

ACS Member No;--------------------------------------------------------------------------------------- ACS Member No:-------------------------------------------------------------------------------------

Company;

Address: -

Postcode;

Telephone;................................ ......... Fax;_______________________________ -—

Admin. Contact Name:------------------------------------------------- -----------------------------

Method of Payment-----------------------------------------------------------------------------------

G Cheque enclosed - made payable to Australian Computer Society

G Purchase Order No -------------- Dated --------------------attachedCancellation Policy

Cancellations received in writing two weeks or more prior to the event will be accepted subject to a cancellation service charge of $50.

Registration cancellation requests not received two weeks prior to the conference (or no show) are liable for the entire fee.

G ! do not wish to register but please put me on your mailing list and send me the

details about ACS Membership and Future Events.

Company;

Address: _

.Postcode:

Telephone:_____________________Fax:___________________________________

Admin. Contact Name;------------------------------------------------------------------------—

Method of Payment ________________________________ ________ _________

G Cheque enclosed • made payable to Australian Computer Society


Cancellations received in writing two weeks or more prior to the event will be accepted subject to a cancellation service charge of $50.

Registration cancellation requests not received two weeks prior to the conference (or no show) are liable far the entire fee.

G I do not wish to register but please put me on your mailing list and send me the

details about ACS Membership and Future Evenls.

Company:

Address: -

Postcode:

Telephone:_____________________ Fax: ____________________________________

Admin. Contact Name: -------------------------------------------------------——---------------- -

Method of Payment ....................................................................................———

□ Cheque enclosed ■ made payable to Australian Computer Society


Cancellations received in writing two weeks or more prior to the event will be accepted subject lo a cancellation service charge of $50.Registration cancellation requests not received two weeks prior to the conference (or no show) are liable for the entire fee,

O I do not wish to register but please put me on your mailing list and send me the

details about ACS Membership and Future Events.


Transforming the Organisation: Information Technology and Business Engineering

9am - 1 pm Melbourne 5 November Sydney 10 November Brisbane 12 November

The Speaker Objectives Seminar Outline Who Should Attend

Dr. Margi Olson is a Consulting Manager with DMR Group Australia, and coordinator of the Organisational Engineering Practice in the Melbourne office. Prior to joining

DMR, she was Professor and Director of the Centre for Research on Information Systems at the Stern School of Business, New York University, in the United States. She is a recognised expert on the enabling effects of information technology on organisational design. She has published widely in international journals and computer industry trade publications including Datamation and Leaders Magazine, and has given over 100 presentations worldwide on the organisational impacts of information technology. In Australia, she has made presentations to the Victorian ACS Conference in 1990 (voted "Best Speaker"), and the national Australian Computer Conference, as well as the Australian Institute of Engineers and the Conference on Shaping Organisations, Shaping Technology.

Business Process Reengineering has emerged as an important approach to finding and implementing breakthrough improvements in productivity and quality throughout the organisation. In particular, Business Process Reengineering may be the key to reaping the real benefits from investments in Information Technology. The objective of this half day seminar is to give participants an under-standing of:

■ why Business Process Reengineering is an idea whose time has come

■ the basic principles of Business Process Reengineering that lead to breakthrough improvements in performance

■ some basic techniques for analysing business processes and designing new ones

■ the role of Information Technology in enabling entirely new ways to carry out business processes for effective performance

■ the role of Business Process Reengineering in ensuring the benefits from investments in new information system applications are realised

■ the benefits of reengineering the processes delivered by the IT function itself.

The seminar will answer the following questions:

■ What is business process reengineering?

■ What are the basic principles which drive it?

■ What are the driving forces that make it imperative today?

■ How is it different from Organisation and Methods approaches of the past?

■ How do you identify opportunities for breakthrough improvements?

■ How do you do it?

E How do you measure it?

B How do you ensure the benefits?

B What is the role of information technology?

B How can the IT function benefit from reengineering itself?

The seminar will present a number of examples of successful business process reengineering cases, both in Australia and overseas.

B Line ManacERS whose operations can benefit from breakthrough improvements in quality and productivity

B System Owners of major applications under development or in operation, who want to ensure that the promised benefits are realised

B IT MANAGERS with responsibility for ensuring that the organisation has the strategic capability to be competitive.

B ANYONE with the key role ofimplementing major Business Process Reengineering programs.

MELBOURNE 5 November 1992 SYDNEY 10 November 1992 BRISBANE 12 November 1992The Graduate School of Management The Waratah Inn Sheraton Brisbane HotelGround Floor, Fosters Building 220 Goulburn Street 249 Turbot Street200 Leicester Street Carlton Melbourne Darlinghurst Sydney BrisbaneTel: (03) 349 8403 Tel: (02) 281 4666 Tel: (07) 835 3535


The User Role In Successful Systems

9am - 5pm Brisbane 23 November Sydney 24 November Melbourne 1 December

The Speaker

Kate BehanKate Behan has had extensive teaching and industry experience in the computer industry. She is currently working for the ACS as their Victorian Development Manager and also writes, consults and teaches for other clients.

Kate has co-authored several texts, the latest being the second edition of Understanding Information Technology which will be used as the supporting text for this one-day course.

Objectives

The key role that users play in developing and implementing systems is well recognised. Users need a basic understanding of the systems development process, and an understanding of how to specify data and processes. This course will clearly explain the role that users must play to ensure that information systems meet their business needs.

On completion of the course, attendees will understand:

B The process of building an information system

B Why many systems fail to deliver business value

B Why user involvement throughout the development process is critical to success

B Why building a good data foundation is vital

fl Why there is no such thing as a "simple" system change

B Why they should assert their rights as users throughout the system development cycle

B Why their responsibilities as users must be well understood

B How to make a greater contribution to building quality, flexible and usable systems.

Seminar Outline

Session 1: Why users have been dissatisfied■ User perceptions of current systems■ Why system projects often fail to meet

user expectationsSession 2: An overview of system development■ System development methods and

processes■ Stages of system development■ Tic role of user, analyst and builder■ Defining requirements■ Identifying critical function■ Advantages and disadvantages of

packagesSession 3: Understanding the system framework■ Need fora solid data foundation■ Data analysis and data modelling■ Why there is no such thing as a perfect

specification■ Why there is no such thing as a "simple"

changeSession 4: How to build successful systems■ New ways of defining requirements■ User ownership and empowerment I Maintaining user involvement■ "Kaizen - the need for continuous

improvement"■ Managing change

Who Should Attend

B Staff who are current or future user liaison people

B Department managers who want a better understanding of the role they play in ' systems projects

B Non-I.S. staff who arc assigned to systems projects to define requirements

B End users who develop their ownsystems and want to learn better analysis techniques

B Analyst and programmers who want to better understand the user role in systems projects.

BRISBANE 23 November 1992 SYDNEY 24 November 1992 MELBOURNE 1 December 1992Sheraton Brisbane Hotel Old Sydney Park Royal Flagstaff Seminar Centre249 Turbot Street Brisbane 55 George Street Sydney 357 - 369 King Street West MelbourneTel: (07) 835 3535 Tel: (02) 252 0524 Tel: (03) 329 1411



So where does this place Australia? Where does it place the Southern Hemisphere or South- East Asia?

drawings, etc. that correspond to security mechanisms.

E4 E3 plus an underlying formal model of security policy with security enforcement functions, architectural design and detailed design expressed in semi- formal style.

E5 E4 plus close correspondence between detailed design and source code and/or hardware drawings.

E6 E5 plus security enforcement functions and architectural design expressed in a formal style.

Essentially the ITSEC is set out as a set of criteria for international use and as an expansion of the earlier TCSEC criteria.

The important question is “which is better” or “are TCSEC and ITSEC really completely different”? The TCSEC concept, of essentially “bundled” security functionality and evaluation of that functionality into a simple two character summary (e.g. B2, etc) may be easier for management while the more complex nomenclature that results from an ITSEC evaluation could be clumsy. However, is the TCSEC scheme too easily misinterpreted by management, particularly outside the military or government area? Definitely, the ITSEC incorporation of other security aspects, e.g. integrity, availability, etc., is well in line with commercial needs while the TCSEC appears bound up with the classic secrecy model of the military/classified information user.

ITSEM (Information Technology Security Evaluation Manual)

This document (as at June 1992 in a pre-release, “for comment” version named Version0.2) builds upon the ITSEC Version 1.2 in an attempt to provide the manual of techniques needed for the evaluation of a “Target-of-Eva- luation (TOE)” as set out in the ITSEC. In addition it sets out techniques for the mutual recognition between parties of certificates of 7 compliance to security parameters set out in ITSEC.

In regard to this mutual recognition of results the ITSEM “defines measures to meet the objectives of Reproducibility, Repeatability and Objectivity” in evaluation of the security of information products and systems as well as setting out requirements to “fully conform to the objective of Impartiality” through the description of organisational rules and procedures for the performance of evaluations.

So, the ITSEM is aimed at those who wish to do evaluations of the security of information products and systems (the Evaluators) but, in a more important sense, the ITSEM becomes a document to be considered by all those involved in evaluations. This includes the organisations, such as users and manufacturers of computer systems, concerned with a particular systems, through to those Government or standards bodies responsible for the Accreditation of evaluation laboratories and ultimately “National Scheme certification bodies”.

— Merging system security requirements. The software (firmware) contained in the read-only memory (ROM) of a microprocessor in a patient’s heart pacemaker is as much a computer security concern as the multi-level (MLS), trusted computer system forming the basis of a classified military message switching system. Concerns for software quality, formal and precise evaluation of the software system against clearly defined and understood quality and security criteria, and so on, are a vital part of these overall application systems. In ITSEC terms the microprocessor/operating system in the heart pacemaker is the “product” and the pacemaker itself, is the “system”. In the 1990s, the disciplines of:

i. software engineering,ii. information systems security,iii. software quality,iv. system evaluation and verification/cer

tification,v. formal modelling of computer hardware

and softwareare all allied areas. In addition, information professionals involved in enterprise analysis will need to fully assess security requirements for companies in light of management needs and externally imposed requirements, e.g. legal obligations.

Groups involved in actual assessment of security in information systems need to be involved in ongoing research into new and better methods of security formulation and evaluation, and vice-versa. Security and safety are now firmly interlinked in information systems.

A commercial Australian/south-east asian/southern hemisphere evaluation centre?

So, where does all this place Australia? Where does it place the Southern Hemisphere or South-East Asia? There is no doubt that the early TCSEC evaluation nomenclature have become a fashionable “catch-cry” in the information industry. In particular, Australian importers of computer software systems alone claim TCSEC/NCSC evaluation criteria such as B2, C2 etc. A recent, May 1992, report even went so far as to claim an evaluation for an unreleased system software product to be used on unspecified computers, supposedly Microsoft’s (USA) much heralded “Windows/NT” system software package (WNIC92):“ Windows NT, which is still on target for release this year, will be ... It will run 80386, 80486, RISC and higher processors with 8 Mbytes of memory and provide support for symmetric multiprocessing, a transaction based fault tolerant file system with full recoverability, C2 level security and portability to . . .”The problem is that the TCSEC nomenclature can be used to give a “security feel” that appears simple and easily understood. “B2” security is easy to say and sounds impressive. “F-INT/E4” sounds knowled-


gable and “official’. However, the problem is one of whether or not:

a) the manufacturer, vendor or importer can readily and promptly produce the actual evaluation certificate, or a verified copy of it and clearly explain it significance and relevance;

b) the nature of the computer product evaluated is clearly described and understood, e.g. system software product XXXX version AAAA release BBBB, operating on computer model YYYY with configuration ZZZZ, etc.;

c) information professionals involved, and management, clearly understand the meaning and implication of the evaluated system nomenclature; and

d) management understands that the evaluated system is to be incorporated, possibly along with other computer products, into an overall application/information system that introduces associated security concerns, e.g. personnel and administration, etc.

What are the choices for Australia? Which evaluation processes are most suited to Australian needs? Should Australia have its own set of evaluation criteria particularly relevant to a country without a full computer industry? If so, should Australian criteria be based upon the ITSEC or the TCSEC/MSFR stream, or on some amalgam of the two? Who is or should be responsible for these matters?

At present the situation is actually well defined, particularly in relation to responsibility. The appropriate authority is the Defence Signals Directorate (DSD) of the Australian Department of Defence (RICH85). This organisation has a history dating back to the 1939-40 period (RICH85) and is essentially responsible for defence signals and communications security.

But is this how it should be as we move to increased commercial computer security requirements? In particular security and safety requirements in information systems are fast merging. Should there be a greater separation of Defence related functions, such as Signals Intelligence (SIGINT), governmental needs for classified and unclassified communications/computer security (COMSEC/COMPUSEC) and the needs of commerce, particularly the banking and finance industries, health care, etc.?

Another model, essentially a European model at present, does do this separation. Should Australia adopt such a model along the following lines:a) licensing of private enterprise groups to

perform security evaluations on computer products with an appropriate Government body approving/vetting the final report and issuing the evaluation “certificate” (the United Kingdom “Commercial Licensed Evaluation Facilities” or CLEF scheme), or (Note: Management requires a high degree of confidence in the ability and rep

utation of the organisation issuing evaluation certificates.),

b) should a new body be formed or nominated to take control in this area (e.g. the Defence Science and Technology Organisation (DSTO) as an alternative to or in cooperation with DSD), a new group that also is responsible for compliance analysis with Open Systems Interconnection (OSI), the Government OSI Profile (GOSIP), standards for software/hardware quality and verification in safety critical applications, etc., or

c) should commercial level information systems security (products and systems as well as sub-systems/components) be left where it currently is, i.e. with DSD (the USA model)?

There are convincing arguments that given cost pressures, choice b) above may be the best way to go for Australia.

Anyway, are these matters of any concern to the Australian computer professional? The answer is “yes”. Computer professionals are increasingly taking full professional and possibly legal responsibility for the quality and security of the hardware and software systems that they design, create and maintain. These systems are usually based on imported products over which the Australian computer professional has no control and very little knowledge of the design principles involved, quality assurance techniques used in manufacture, etc.

The United Kingdom Government, in 1989, announced the change in its security evaluation procedures to:“meet the needs of Industry, Commerce & Government Departments, for the security evaluation and certification of IT products (whether hardware or software) and systems; and to provide the basis for international mutual recognition of evaluation results and certificates.” (DTI91)

The small Australian computer hardware and software industry needs to create export markets for Australian developed and manufactured products that incorporate new levels of computer and telecommunications security technology in areas of data integrity, authenticity and secrecy/privacy. What export restrictions, if any, should exist in this commercial information systems security area and, if so, how and by whom should they be enforced? Are changes from the current status needed?

(For example, would — or should — a B3 level trusted software system for a heart pacemaker be subject to onerous export restrictions from Australia? Should a medical records data base software product be able to be exported, without restriction, if it contains a strong encryption scheme or cipher used to protect patient privacy during transmission of patient data as messages on national and international telecommunications networks?)

This debate has again strengthened in the United States. Should Australia have a position? The answer must again be “yes”. In par-

Software quality, safety critical systems/software and multi-level trusted systems


Information professionals must clearly understand the concepts of security classification and evaluation for computer systems in the 1990s.

ticular, Australia has a strong role to play in the areas of:a) sub-system security evaluation, andb) (application/information) systems evalua

tion.Without the need to assess Australian developed and marketed operating systems, computer hardware, etc., (there are not any made here) the need moves to add-in sub- -systems for imported machines and software systems or those manufactured here but designed overseas. (After all, IBM’s OS/2 Version 2 came in a box and with documentation labelled “Made in Australia” !)

Moreover, the level of expertise in these areas in Australia could mean that Australia could take a leading role in providing security assessment services for the South-East Asian area and, indeed, the Southern Hemisphere. In particular, as “down-sizing” becomes a fast moving trend in computer usage in the 1990s, numerous products are emerging as “add-in” sub-systems aimed at increasing the security of small, personal computer systems and workstations and associated LANs and servers, e.g. discretionary and mandatory access control hardware and software for DOS based PCs, encryption sub-systems for OS/2 based computers, etc. These types of systems fall between complete computer “products” and application oriented “systems”. Their evaluation is a complex matter, particularly if they are combined with products that have received appropriate evaluation from overseas groups, e.g. the USA’s NCSC.9. ConclusionsInformation professionals must clearly understand the concepts of security classification and evaluation for computer systems in the 1990s. Management will need to be advised on matters of security in information systems for which they may have legal responsibilities and are thus dependent upon security assertions made by manufacturers of both hardware and software. Vendors of computer systems need to be challenged when glib use is made of the results of security evaluations; particularly if these are out of context and possibly misleading.

The following could be regarded as a partial check list for computer professionals when faced with a statement of “compliance” with security evaluation criteria, either USA or European based.

1. Is an evaluation of security for the vendor’s product or system being claimed? If so:Has a valid copy of the evaluation certificate been offered and inspected?Is a copy of a user version of the evaluation report offered immediately and if not, why not? Has the evaluation report been examined?Are the vendor’s personnel/representatives fully familiar with what is being claimed and with the contents of the report?

2. What precisely is being claimed?

Is the evaluation based upon European (ITSEC) or U.S. (TCSEC/MSFR) or other (e.g. Australian, New Zealand, etc) evaluation criteria and who performed the evaluation (e.g. CLEF group in the United Kingdom, NCSC in the USA, Defence Signals Directorate/DSD in Australia, etc)?Who has issued the evaluation certificate and under what authority? (Particularly important for ITSEC evaluations.)Exactly what hardware and software configuration was evaluated and at what release- /version levels? Is the product a sub-system or “component” evaluated for entry into an “evaluated products list”?

3. Is the evaluation accepted by the appropriate Australian (South-East Asian or other national) authorities?

4. Examine the evaluation report and its date of issue.Are any exception or hardware/software specific statements made, e.g. relating to the particular hardware configuration tested, etc.?

5. Is the evaluation report “meaningful” in an information system being designed and developed or in a systems integration activity?Are multiple evaluated products to be combined into a single information system that requires an appropriate level of security? Is it important for the final application/information system to be itself evaluated (e.g. will the final system carry both classified and unclassified information and for systems in a Governmental case are data bases in the information system subject to specific laws or regulations such as the 1986 Federal Government “Privacy Act”, etc.)?Are full system evaluations planned and if so, by whom and where? (In the Australian case usually for embedded or fixed purpose systems.)

6. Has management been made fully aware of the significance of the security evaluation and stated certification?

Computer professionals will soon be bombarded with new claims as to the security of computer products and systems (if they have not already been so). Their job will be increasingly to be familiar with the concepts and limitations of evaluation and to be able to translate these into the management environment.

ReferencesBAMF83 “The Puzzle Palace”J. Bamford,Penguin Books, 1983.“Harmonised Criteria for the Security Evaluation of IT Systems and Products”A Brouwer, et al.,Proceedings of the 13th National Computer Security Centre Conference, Washington, D.C., U.S.A., October 1990.“Computer Security Requirements: Guidelines for Applying the Department of Defense Trusted Computer Systems Evaluation Criteria in Specific Environments”


Superintendent of Documents, US Government Printing Office,Washington, D.C., USA “Technical Rationale behind CSC-STD-003-85 Computer Security Requirements”Superintendent of Documents, US Government Printing Office, Washington, D.C., USA “UK IT security Evaluation and Certification Scheme”Department of Trade and Industry, UK, 1991. “IT — Security Criteria”Zentralstelle fur Sicherheit in der Informa- tionstechnik (ZSI), Germany, 1989. “Information Technology Security Evaluation Criteria (ITSEC)” Version 1.2, May 1991. “Information Technology Security Evaluation Manual (ITSEM)”Draft version 0.2, April 1992.Commission of the European Communities, Directorate — General XIII Telecommunications, Information Industries and Innovation and Directorate F — RACE Programm and Development of Advanced Telemati Services, Brussels, Belgium.“Minimum Security Funtionality Requirements for Multi-user Operating Systems” Issue 1, January, 1992.Computer Security Division, Computer Systems Laboratory, National Institute of Standards and Technology,Gaithersburg, MD, USA.“The Ties that Bind: Intelligence Cooperation between the UKUSA Countries — the United Kingdom, the United States of America, Canada, Australia and New Zealand”J.T. Richelson and D. Ball,Allen and Unwin, 1985“Department of Defense Trusted ComputerSystem Evaluation Criteria”CSC-STD-001 -83, 15 August 1983.United States Government Printing Office. “Trusted Network Interpretation: of the Trusted Computer System Evaluation Criteria”NCSC-TG-005, Library No S228,526, Version1.

National Computer Security Centre,US Government printing office, 1987. “Trusted Network Interpretation Environments Guideline: Guidance for Applying the trusted Network Interpretation” NCSC-TG-011 Version — 1, 1990 Superintendent of Documents, US Government Printing Office, Washington, D.C., USA. “UK IT Security Evaluation and Certification Scheme”UKSP 01 — Description of Scheme, 1990. CESG/GCHQ and Department of Trade and Industry, UK“What’s New in Computing”, May 1992, Page 22.

Professor Bill Caeili, FACS, FTICA DirectorInformation Security Research Centre Queensland University of Technology andChairman/Representative of the Australian Computer Society Technical Committee 11 (Privacy and Security in Information Processing Systems)International Federation for Information Processing (IFIP).

The Australian Computer SocietyOffice bearers

Subscriptions, orders, editorial, correspondenceProfessional Computing, 45-50 Porter St, Prahran, Victoria, 3181.Telephone (03)520 5555. Telex 30880. Fax (03)510 3489.

President: Geoff Dober. Vice-presidents: Garry Trlnder, Bob Tlsdall.AdvertisingImmediate past president: Alan Underwood. National treasurer: Glen

Heinrich. Chief executive officer: Ashley Goldsworthy. 4M Media Pty LtdPO Box 319, Darlinghurst NSW 2010. Telephone (02) 2115855. PO Box 83 Armadale 3143Fax (02)281 1208. 50 Northcote Rd, Armadale 3143

Ph (03) 822 4675 or 822 1505Fax (03) 822 4251

Peter Tsaacson PublicationsA.C.N. 004 260 020 Professional Computing, an official publication of the Australian

Computer Society Incorporated, is published by ACS/PI Publications, 45-50 Porter Street, Prahran, Victoria, 3181.

Opinions expressed by authors in Professional Computing are notPROFESSIONAL COMPUTING necessarily those of the ACS or Peter Isaacson Publications.

Editor: Tony Blackmore. Editor-in-chief: Peter Isaacson. Advertising While every care will be taken, the publishers cannot acceptcoordinator: Christine Dixon. Subscriptions: Jo Anne Blrtles. Director of responsibility for articles and photographs submitted for publication.the Publications Board: John Hughes. The annual subscription is $50.


ACS IN VIEW

Society honors pioneerT

HE Council of the ACS at its recent meeting in Brisbane honored Dr Trevor Pearcey FACS, a member of the Victorian Branch of the Society,

with Honorary Life Membership.Dr Pearcey becomes only the 16th

such member in a Society of over 14,000 members.

Dr Pearcey was a foundation member of both the Victorian and Canberra Computer Societies, the second President of the Australian Computer Society, an editor of the Australian Computer Journal and a committee member of the Victorian ACS. He was elected a Fellow of the Society in 1966.

Dr Pearcey probably is best known for his work on the design and construction of Australia’s first automatic electronic computer, the CSIRAC project, and for his part as the joint originator of the concept of the CIRRUS computer, Australia’s first multi-access system using read-only storage.

He also had a distinguished academic career with the Caulfield Institute of Technology (where he was the Foundation Dean of Technology).

Dr Pearcey, now retired, is engaged in writing “A History of Australian Computing” for which task he is uniquely qualified.

The ACS only elects to Honorary Life Membership those who have rendered exceptional and distinguished service to the Society.

Industry leaders honoredAT its recent meeting in Brisbane the ACS elected three of its leading members to the grade of Fellow.

Those honored were Professor J.S. Rohl, Professor C.D. Marlin and Mr R.A. Bruce.

Professor Jeffrey Rohl is the Professor of Computer Science, University of WA. He has made outstanding contributions to computer science through his work on the design and implementation of computers, the design of algorithms, programming methodology and program transformation and through his efforts in the promotion of information technology through excellence in computer science education.

Professor Christopher Marlin is the Associate Professor, Department of Computer Science, The University of Adelaide. He has demonstrated high standing in the knowledge of information

Dr Trevor Pearcey

technology, particularly in the area of computer science. He has been extensively involved in the development of programming language both nationally and internationally and this is supported by his published works and research achievements in information technology.

Mr Robert Bruce is a private computer consultant, having recently been the National Manager for NEC Information System’s Australian Software R&D Centre. He has made a significant contribution to the application of information technology in such diverse areas as the enhancement of digital computers in avionics, the use of computers in an overall and integrated manufacturing environment, the implementation of a computer-based electromagnetic underground water quality monitoring system and in the development of a procedure for screening of breast cancer.

Members of the ACS are only elected Fellow if they have made a distinguished contribution to the field of information technology if Australia.

Call for nominations of office bearersTHE Council of the Australian Computer Society will elect two office bearers at its October meeting.

The two-year terms of Vice-President, Garry Trinder and the Treasurer, Glen Heinrich, expire on the 31 December 1992. Both are eligible for re-election and both have indicated they intend to re

nominate. Nominations for the positions should be forwarded to the Chief Executive Officer, PO Box 319, Darlinghurst NSW 2010, by 15 October 1992.

Nominations call for board directorsBOARD Directors are elected to represent the various areas of interest of the Australian Computer Society. There are seven Board Directors in all, of which two, new Directors of the reconstructed Technical Board, were elected at the June 1992 meeting of Council for a term ending 31 December 1994. The terms of the other Board directors expire on 31 December 1992 and nominations for Directors of the following Boards should be forwarded to the Chief Executive Officer, PO Box 319, Darlinghurst NSW 2010, by 15 October 1992 (names of the current Board Directors are in parentheses): Community Affairs (Roger Clarke) Marketing (Kate Behan)Membership (Gerry Maynard) Publications (John Hughes)Technical Board — Computer Systems & Software Engineering (Karl Reed)

Proposed fee increase for 1993National Treasurer Glen Heinrich ex plains where the money goes, and wh] an increase in the Capitation Fee is pro posed for 1993.AT its meeting to be held on October 30 1992, the National Council of the Australian Computer Society will vote on a proposal to increase the Capitation Fee by $14 to $105 for 1993. Council has agreed in principle to the increase following discussion at the previous Council meeting on June 26.

The reason for the increase is the need for the Society to extend its services to members. In particular, it is planned that in 1993 a new Certification Scheme will be introduced, that a completely revised — and useful — “Member’s Handbook” will be produced, and that some additional funding will be directed to technical activities.

What is the Capitation Fee?YOUR membership subscription consists of two components — a Capitation Fee, set by the National Council, which


funds the National activities of the Society, and a Branch Fee, set individually by each Branch, to underwrite activities conducted by the Branch.

In 1992 the “Capitation Fee” is $91, and the Branch fee varies between Branches — from $35 in the case of Tasmania, to $84 in Victoria and New South Wales. Total subscriptions payable therefore vary from $126 to $175. It is expected that most Branches will increase Branch Fees by at least the cpi in 1993, so that with the proposed increase in capitation fee, 1993 subscriptions will probably range from about $142 to $192 depending on your Branch.Where the money comes fromTHE services that the Society can provide for its members relate directly to the funds which the Society has available. In 1991 the National part of the Society had available about $103 per member, $88 of which came from Capitation Fees, $4 from interest, miscellaneous income of $2.30 from sales, including subscriptions to publications, and $8.70 from Examination fees.

In 1992 the Capitation Fee increased by the cpi ($3) to $91. Interest income per member is expected to be about one third the 1991 figure, miscellaneous income a little higher at $3, and income from Examinations a little lower (conservative accounting) at about $6. The end result is that m 1992 Council has available about $102 per member.Where the money goes WITHIN our budget no single item of expenditure is dominant. The largest item is salaries and wages, and this accounts for only about 25% of expenditure.

Originally the 1992 budget envisaged a loss for the year of about $38,000. At the half year mark it now appears that a surplus of about $15,000 is possible, largely due to the better than budgeted membership growth.

On a “per member” basis, the major items of expenditure for 1992 are:Salaries and Wages $25.63Management Committee Meetings$0.63 Council Meetings $3.56Operations Board Meetings $1.90Other Executive Expenses $1.39Constitutional Review $3.56Council Secretariat Expenses $6.87Communications $3.13Professional Services $1.74Depreciation $4.63Technical Board 2.69Community Affairs Board $0.85Australian Computer Journal $8.19Professional Computing $8.88Other Publications $4.85Prizes and Awards $1.06

Membership Board and related services $9.26International Affairs $4.14Promotion of Information Technology $0.99Marketing of Society $2.93Affiliations (eg SEARCC, FASTS etc) $2.44Other $1.53TOTAL EXPENDITURE $100.84 SURPLUS $1.24Salaries expenses include the cost of a Membership Manager, Examination Coordinator, and National Conference Manager. All are key contributors to the services which are provided for members and being developed for the future. Most of the headings provided above should be relatively self explanatory.The prognosis for 1993FROM an income point of view the situation in 1993 will be similar to 1992. Interest rates are expected to remain at or near current levels, there will be a small increase in revenue from Publications as the separate subscription rate to “ACJ” is being increased by 25% to $50. It is expected that with the recent appointment of a National Conference Manager we will show a surplus on Seminar and Conference activities in 1993, but this area is both risky and volatile, so that our best estimate at present is “break even” (Overall Conference activities lost money in 1991, and are expected to break even this year).

There will be increases in a number of areas of expenditure — postage costs on publications will increase substantially as a result of the abolition of Category B registration; salaries will increase by something greater than CPI, because a number of staff in the National Secretariat have been employed recently. Most of these routine increases can be absorbed if membership growth of 5% can be achieved as expected.

Costs in all areas are kept under continual review, and savings will be made where possible. Some initiatives proposed for 1993 will further improve efficiency and lead to savings. In recent years it has been the practice to maintain unfinancial members on the files, and supply publications, up to 30 June. In 1993 it is intended to suspend unfinancial members on April 1, which will result in some savings. Subject to the adoption of the new Constitution, cyclic billing will be introduced, which will spread the workload of processing subscriptions, and simplify accounting. A Direct Debit facility will also assist in this respect.

At the same time some one-off activities will be completed — in particular a major report being prepared under the

auspices of our Membership Board will be completed, the Silver Anniversary “History of ACS” is expected to be published, and the current Review of the Constitution should be completed, although a ballot of members will be required in early 1993 to confirm this. Together, these projects will make available about $75,000 — $6 per member — in 1993.

However, a major concern is our ability to finance an expanded range of services to members. Council examined a number of costed priorities at its June meeting:

EstimatedEstimat-ed

Full Year Cost per Cost Full-fee

Certification Scheme Handbook Technical Board Representations Research Officer

1993 Member $80,000 $6

$160,000 $10$50,000 $4$25,000 $2$50,000 $4

$365,000 $26

The recently announced Certification Scheme must proceed in 1993. The Society will have to make initial investments in establishing courses and examinations, and although external funding is being sought, the Society will need to make significant up-front expenditures. The most likely figure for 1993 is $80,000, or roughly $6 per member. Further investments will be made in the following years as the number of “Specialist Certifications” is increased. There will be some future revenue from Examination fees, but the level of these will depend upon the acceptance of the scheme, and will probably be small in the first two or three years.

Council has also approved the production of a new Members’ Handbook, and set a limit of $10 per copy. This is a significant inrease on the amount of funding previously available for the Member’s Handbook, which largely because of lack of funding has not been updated for some years. Council has also agreed that the basic Handbook will be free to members — one option considered was for the Handbook to be separately charged. The new Handbook is intended to be a truly professional and useful document.

The Technical Board is a key part of the activity of the Society, and the recent reorganisation of the Board, with the appointment of a further two directors, and the incorporation of IFIP Technical Committee roles within the restructured Boards, will bring a tighter focus to tech-


ACS IN VIEW

nical activities, from which all members will benefit. Because more people will be involved, and more activity will occur, costs will be greater.

Representational activity in the context above relates specifically to our wider representation and involvement in the South East Asian region. SRIG’s — Regional Interest Groups formed under the auspices of SEARCC — have strategic importance and will require some funding.

The need for a Research Officer to enable the Society to respond more quickly to issues and situations has long been recognised. However, it is unlikely that funding will be available in 1993.

An increase in capitation fee of $14, coupled with funding released from the completion of one-off initiatives will enable significant initiatives to be progressed in 1992. This will be to the benefit of all members, and I would strongly urge members to express their support of these projects.

Student membersA major part of the growth of the Society in the past few years has been in student membership. Students now represent 13% of the total financial membership, up from 7% only three years ago. With a 1992 student fee of $35, of which $23 represents the Capitation Fee component, student members are heavily subsidised by ordinary members. Students receive similar benefits to ordinary members, as well as special publications, such as the “Student Sourcebook”, and special additional concessions for some activities. Students are the future of the Society, and many of them will translate to full membership at the completion of their studies. It is proposed that student fees will increase proportionately with ordinary members, with the Capitation Fee component probably increasing to $27.

Are ACS subscription rates too high?ACS is a medium sized National Professional Society, providing a wide range of activities and services to members. Compared with other professional societies, our subscriptions — as explained above, likely in 1993 to range from about $142 to $ 192 depending on your Branch — are quite modest. If you doubt this, ask your colleagues who are members of, for instance, accounting or engineering professional societies what their annual subscription levels are, and ask too, about the level of services, in terms of publications, professional development, seminars, conferences, meetings and membership standards. I believe that you will find that ACS provides excellent service at modest (and tax deductible) cost.

North Queensland Chapter turns 21 on October 22nd

In early 1971, a group of enthusiastic members of the Queensland Branch of the ACS canvassed other computing professionals who lived in Townsville with the idea of establishing a Chapter to serve the needs of Members in North Queensland. There was some enthusiasm and the Queensland Branch was duly petitioned to form its first Chapter. On 21 October 1971, Alan Coulter, Chairman of the Queensland Branch, accompanied by John Marshall, Vice Chairman, attended the first General Meeting of the Townsville Chapter, as it was then known, where the first Committee for the Chapter was elected. On the following day, Alan Coulter officiated at the first Committee Meeting where the first Chairman, Ian Hunter, was elected. The other Committee Members at that time were Bob Smith from JCU, the initial Secretary, Peter Arnold from the Townsville Regional Electricity Board (TREB), Casper Lambrechsten from McIntyre and Associates and Doug Ryan from the •CSIRO.

It is interesting to look at the state of computing in North Queensland at that time. The University had not long taken delivery of its PDP-10, while the Townsville City Council, TREB and Mount Isa Mines (in Mt Isa) were all operating ICL 1901-As. The Railways had a small IBM 1401 used for commercial processing and some of the sugar mills were also operating even smaller IBMs. CSIRO had a PDP-8 and, while there may have been some other computers in North Queensland at that time, they do not come readily to mind.

Even in those early years, it was apparent that the North Queensland Chapter was to be “different” from the Branch and the qualities for which the Chapter has become renowned were coming to the fore. One of these has always been informality and this can be seen in an early photograph of a Committee Meeting, held at the then Chairman’s, Bill Kennedy’s house. The photograph was taken for inclusion in some moderately respectable publications and after judicious cropping reveals a group of people, gentlemen wearing ties, seated round Bill’s kitchen table, apparently engaged in earnest discussion of the weighty matters which occupied the Committee at that time. However, the original photograph reveals under the table that the men are wearing shorts and thongs and on the floor the stubbies which were re

moved from the table for the sake of respectability in the photograph.

Another quality which makes the NQ Chapter unique is the rare brand of hospitality extended to visiting speakers who care to stay here and enjoy the beautiful weather and glorious surroundings. One such speaker, delivering her address on a Sunday, was seen to be more than a little sunburnt (after a day on the Chairman’s boat with BBQ lunch on Magnetic Island) and perhaps even a little “tired” after a typical North Queensland dinner party stretching into the small hours.

One should not conclude that all Chapter activities are frivolous. We do have a serious side and this came to the fore during the early Eighties when for two years running the Chapter put on a display in a local shopping mall in conjunction with Information Technology Week. The event ran for the whole week, including Thursday night and Saturday morning, and was staffed continuously by members. There were two terminals on line via Telecom lines and modems (acoustically coupled at 300 baud) to the JCU computer where passers by could access the latest in computer games, and a terminal supplied by Telecom giving access through an ISD line, to the UK equivalent of teletext. Although primitive by modem standards, for the time it was “state of the art” and gave Townsvil- lians a first hand look at what was available in the world of computing.

Until quite recently when the market changed its format, the Chapter participated in our local Careers Market. This was an event to which the local schools sent their senior pupils and at which Government departments, the local TAFE Colleges and Universities, businesses and companies gave information on careers which students might follow after leaving school. Staffing the ACS stand, while not in the same category as having one’s fingernails pulled out one by one, was done on a roster basis by a stalwart group of members and our stand always proved to be popular.

The Chapter has always had strong support not only from its members in North Queensland but also from the organisations in the area with interests in computing. We manage to mount about 10 meetings each year, some of which are site visits to local — and not so local — venues to look at computer rooms and hear about particular applications. We frequently have in excess of thirty members attend our meetings which not so long ago would have beaten attendance at Branch meetings in Brisbane. All this from a membership of less than 100 scattered throughout the area from Mackay to Weipa and west to Mount Isa.


Support is so strong that in the mid eighties a move was made to form a separate North Queensland Branch. The move foundered, not from a lack of support but more because of political issues from the various Executive Committees which would have had to approve the formation of another branch.

Social activities have always played an important part in NQ Chapter activities. We always seem to manage to provide some social get together either in conjunction with another activity, where it may be some drinks and nibbles at the conclusion of a meeting, to more ambitious events, such as a dinner with a speaker or just a party on its own. These events are characterised by a group of people who share common interests in the various aspects of computing sharing their skills in a comfortable and convivial atmosphere while, dare I say it, having fun!

North Queensland Chapter also celebrates with its first fellowAt its most recent meeting, the Fellowship Committee of the ACS elected Ian Hunter, Director of the Computer Centre at the James Cook University of North Queensland to the grade of Fellow.

Ian graduated from Glasgow University in 1959 with a degree in engineering, and in early 1963, came to Australia to join the fledgling James Cook University as a Lecturer in the Department of Engineering. When the University purchased its first computer in 1965, an IBM 1620, Ian became the Acting Officer in Charge of the computer and later Lecturer in Computing and OIC of the Computer Centre. Although the title has changed, Ian has remained in charge.

The trials and tribulations of computing in those early days are chronicled in his book, 20 Years of Computing at James Cook, written in 1983. It contains not only amusing anecdotes about the early years of computing but also detailed notes on how computing generally evolved over this period and how Ian was concerned with this evolution. The election to Fellow is in part recognition of his contribution to this area of computing in Australia.

During this period, Ian developed a number of engineering programs, particularly in the area of pipe networks, which were still in use until relatively recently by local councils and consultants. He also developed in the late 1960s an extensive suite of non-parametic statistical analysis programs for use by sociological researchers. This was extremely significant at the time because programs to do such analyses were simply not available. Much research was done and many publications resulted which would otherwise not have been possible.

While on sabbatical leave in 1969/70

at the Edinburgh Regional Computing Centre, Ian was coordinator of a small team solving technical problems relating to the production of a machine readable text of the New Testament in its original Greek form. In 1990, Ian was again overseas on a Special Studies Program, this time at Trent University in Canada. Reflecting the change in his responsibilities to a more managerial role, he undertook two major tasks: a Review of their Computing Services Department for the responsible Vice-President; and the development of a Disaster Plan for the Department itself.

In 1971, he was among the group that formed the NQ Chapter and became its inaugural Chairman. He has been on the Chapter Executive Committee on a number of occasions since, most recently in 1990, and has always retained a strong interest in ACS matters.

Also in 1971, Ian was invited to participate in establishing the Digitial Equipment Computer Users Society (DECUS) in Australia. Ian has been instrumental in helping DECUS grow from that small band of enthusiasts to a Society with more than 5,000 members, which is recognised as being the largest and most successful single supplier user group in Australia.

Thus Ian has played a significant role in helping DECUS to develop both in Australia and, perhaps more particularly, in the many “third world” countries where DECUS now thrives under the aegis of the GIA-DC. He has been instrumental in arranging for DECUS to develop from a low key “amateur” organisation to one which operates at a sustained high level and in a very professional manner.

He is a member of the Institution of Engineers Australia, a Member of the Institution of Electrical Engineers (U.K.).

Ian is the first Fellow to be elected from the members of the North Queensland Chapter. One would be hard pressed

to find anyone within or outside the Chapter who is a more worthy recipient of this Award and Fellowship of the ACS is something which Ian not only will cherish but also richly deserves.

ReferenceHunter, Ian M. (Ian McGregor), 1937-. 20 Years of Computing at James Cook. James Cook University of North Queensland. 62 pp.

ACS (NSW) ReportTHE ACS Radio Program is broadcast from educational FM Station 2SER FM twice a month and continues to rate highly in “the charts”.

The topics are varied ranging from the technical to the conceptual. Recent programs have included discussions on the deadly Virus, Graphical User Interfaces and Document Image Processing.

As the recession’s iron grip continue to clutch the purse strings, it remains difficult to organise financially viable Professional Development seminars. One exception has been the Basic Systems Analysis and Design seminar, which is surprising considering that it costs $2000 per head and lasts for nine days. During the first week of a recent B.S.A.D. course, six people rang the ACS to book into the next one scheduled for November. Sometimes a well received course will generate more word-of-mouth bookings than expensive advertising.

The 1992 Branch Executive Committee is nearing the end of its time and is already looking ahead. A new committee man has been co-opted to plan ACS directions during 1993. He is Hugh Loewenthal, a long-time technical and managerial veteran of the I.T. profession who recently gained an M.B.A. from the London Business School. Hugh is currently an I.T. Industry adviser in a joint Federal and State consulting service.

Technical Boards(See the President’s Message)

Computer Science

Computer Systems &Software Engineering Information Systems

(GUPTA) (REED) (SIMSION)Artificial Intelligence Electronic Materials & Devices Programming

Formal Language Theory Digital Circuitry Data Analysis

Computational Theory Signal Analysis Knowledge Based Systems

Compiler Construction Control & Communications Theory Decision Support Systems

Operating Systems Software Engineering Project Management

Computer Architecture Robotics Individual & Organisational Behavior

Algorithms Concurrency Information Management

Data Structures Numerical Computing IT Management

Data Base Management

TC2,6,7,12,14 TC5.10 TC8,11,13

SRIG-TEL SRIG-PS


Studying the Barrier

Human factors in professional computingBy Gitte Lindgaard

Dr Lindgaard (foreground) trialling improved Distributed Customer Records Information System.

PEOPLE are often blinded by technology when using modem information systems.

The problem is illustrated by a United States survey which indicates that 80% of

VCR owners cannot program their machines: President George Bush hopes this figure will approach zero by the end of the decade. It points to two important issues: people are unnecessarily intimidated by technology; and procedures, instructions and hardware are badly designed.

Our Human Factors team of research psychologists at Telecom Research Laboratories is relating usability in computing to quality assurance. Quality assurance is being taken seriously by the computer industry in Australia; courses are being offered as part of the ACS PCP program and have already emerged at universities and colleges.

The term “usability” is being used rather casually in the industry with most computer companies claiming their products to be ‘easy to use’, require ‘no prior experience’ and so on. These claims tend to be based on little more than systems developers’ own ideas of what is easy and what is not. To make valid claims about ‘quality’ in terms of ‘ease of use’ of computers, usability testing must be integrated into the systems development process.

What is usability testing? Usability tests are designed to identify usability defects in computer programs. They are aspects of a program that cause problems for users, especially new or occasional users; the points at which users are puzzled what to do next, forget what they were trying to do, where in the system they are, where they came from, how they got there, how to get out of it, what commands or options are valid. They reflect system weaknesses. Help usually does little to enlighten a user who is truly stuck; documentation is normally the last resort, and if no

.-'U /'

ktt* -■ k

expert is at hand, users tend to give up in disgust. The result is systems that are underused or totally abandoned.

How should we test for usability? Usability testing and evaluation techniques are adapted from cognitive and experimental psychology; they provide rigorous methods for testing, drawing valid conclusions and feeding results back into the design process during systems development. Tests are carried out in a repeated cycle identifying troublesome spots, making modifications and re-testing to make sure the problems identified have been overcome.

Is it useful and when should usability be tested? Many people in the computer industry believe that formal tests are useless because they yield little that can be incorporated into the further development of the system, they are time- consuming and expensive to carry out, and results are not fed back into the development process in time for the changes suggested by the testing team to be integrated into the developing system. This is not true.

Ignorance appears to get in the way of trying usability testing, and often specialists with the necessary skills are not available.

Usability testing can and should be conducted throughout the design and development process, and even before this process begins. In the first instance, the future usefulness of a given system depends on how well the needs of the intended user population have been identified.

People are now about to buy their second VCR, for example, and they know well that they never bothered to learn to use all the fancy capabilities it offered, so consumers are becoming more discerning, more sophisticated. They know by now that ‘more’ is not necessarily the same as ‘better’. Identifying the right functions for the right audience is one area in which psychologists work. Testing the ease of use of a system should then continue until specifications are drafted for the next version of the software.

Who are the specialists? CHISIG is the professional organisation of people with interests in HCI (Human Computer Interaction) issues which include usability testing and system evaluation. This community is still small in Australia, but worldwide, it is growing very quickly. CHISIG is a network of researchers, developers and practitioners who work towards understanding how people interact with computers.

Members come from a background of computer science, engineering, psychology, linguistics, sociology, technical writing and even philosophy. HCI is truly inter-disciplinary with specialists coming from all walks of life. They work in research, universities or government labs or practice in industry — eg, BHP IBM, Westpac, Unisys, etc. Many of these organisations have their own usability labs, devoted exclusively to testing system usability.

CHISIG is currently developing a register of HCI specialists with experience in the design and conduct of usability testing programs.


Much HCI activity involves the design of user interfaces from a user perspective, ie, concentrating on the tasks users have to complete rather than on system logic/elegance which at times is incompatible with what users want to do and achieve. Users’ needs are identified to ensure that future systems meet those needs and cut away unwanted, unnecessary functions which experience has shown people do not use anyway, or which are irrelevant to the tasks they want to perform on the computer.

Usability Tests and Evaluation Plans are designed to include cost/benefit analyses (ie what can be hope to get out of this test — what does it cost to set up and run and what benefits are likely to be derived for it), usability defect-fixing priorities, and more. These plans guide the development of the user interface.

Existing systems are evaluated to give some idea of what must be changed in a future version to make a system easy to use. Systems, in this sense, include user documentation, help systems and tutorials. Guidelines for system designers point to issues which make systems more usable; public awareness of HCI issues is raised through seminar workshops, articles and books.

So, why bother about usability? The justifiable stamp of quality as consumers see it lies in the degree to which a system meets consumer needs (ie, does what they want) and is easy to learn and use; quality assurance without usability is like a flash car without a motor; glossy looks and smart functions alone do not guarantee user acceptance of a system or product.

The issues of computer or information systems usability and usefulness have repercussions across the whole spectrum of human activities.

Householders will increasingly rely on home electronic information systems which will include home banking, electronic white pages, electronic shopping and booking and paying for entertainment and holidays. Houses will become “smart” allowing the garden to be watered and lights, radio and television to be turned on automatically. These will also serve as deterrents to intruders when occupants are not home. Ovens will be switched on remotely by telephone allowing a hot meal to be waiting on arrival. These systems must be designed for efficiency and ease of operation for everyone.

Information is often poorly presented by computers to operators of machinery with disastrous results. During the Three Mile Island nuclear power plant failure so much information was presented so quickly that operators were unable to diagnose the series of problems correctly. They reacted exactly opposite to the way they should have done and a total melt down very nearly resulted.

The information critical to the shooting down of a civil Iranian aircraft by an American cruiser during the Iran/Iraq War was confusing leading the missile operator to believe the plane was on a threatening descending path when, in fact it was climbing. Badly designed navigation programming procedures contributed significantly to the Korean Airlines flight 007 disaster (leading to a fatal shooting down in the eastern Soviet Union).

The Air New Zealand Mt Erebus accident in Antarctica was mainly due to incorrect expectations of the crew as to their position; and to perceptual whiteout.

Ninety per cent of aviation accidents are the result of human error. Clearly the design of the interface between pilot and indicators of aircraft systems status and performance is critical to the optimisation of safety in air travel.

In parallel with the information industry’s understanding of the complexity of HCI, so-called usability laboratories are rapidly becoming established around the world. These are usually very expensive, elaborate facilities equipped with oneway mirrors, several video cameras, video editing suites and a plentiful supply of computer hardware and software.

Although they certainly enable researchers to generate much more data from individual sessions than was possible before, the clear cut outcomes of more traditional techniques of observation and statistical analysis often are far more efficient, cost-effective and accessible tools for small research teams such as our Human Communications group at Telecom Research Laboratories.

Our immediate area of interest at Telecom is helping to develop computer systems that make sense. Most of Telecom’s 80,000 employees use computers. User friendliness is as critical for efficiency as is system support for the designed tasks.

We see HCI problems as a carry-over from the first generation of computers which were designed and built by the people who wanted to use them — mathematicians, engineers, scientists.

In a recent study we set out to identify cognitive stumbling blocks in the user interface of a large computer system used by telephone operators across the country.

Observations were made of operator’s actions intermittently in the workplace, over a period of eight months before, during the after system implementation. Numerous weaknesses were identified in the user interface, but the most interesting aspect of the study turned out to be the analysis of the overall job operators were required to do. This was a by-product of the study. This insight into operators’ job demands led, among others, to changes in job selection criteria and training which were found to match actual job demands quite poorly.

The usability assessment of the user-system interface led to a comprehensive job analysis and a complete rethink of the whole operation.

The customer service system investigated (call it CSS), contained details about the services and Telecom equipment associated with each telephone number connected to the national telecommunications network. These details included customer name, address, the type of equipment provided (wall or desktop telephone), the number of lines and sockets installed on the premises, lists of extra facilities such as external amplifiers, silent number indication and the like.

CSS provides information to other internal systems such as the billing system, the telephone directory database and systems containing infor-

Our immediate area of interest at Telecom is helping to develop computer systems that make sense.


COMPUTING SERVICESPROFESSIONAL

COMPUTINGTHE MAGAZINE OF THE AUSTRALIAN COMPUTER SOCIETY

ADVERTISINGENQUIRIES

4M MediaPhone (03) 822 4675

MEMORY EXPANSION

SIMM1MBx9 70ns 1MBx8 80ns 1MBx8 100ns 4MBx9 70ns 4MBx8 80ns 256x9 80ns {FOR SIP ADD $1) TOSHIBA T1000SE 2MB $155T2000SX 4MB $260T1600 2MB $140

T31000SX 4MB $235T3200SX 2MB $135T3200 3MB $230T5200 2MB $150T2000SX 8MB $525T44/6400 4MB $350DRAM-DIP411000 70 $5.00256 X 4 70 $5.0041256 80 $2.001MB x 4-80Z $23.001MB x 4-80S $23.00

ORIVES3W PANAS 1.44 $78S'GATE IDE 42/26 $260 S'GATE IDE 106/15 $395 C'NER IDE 80/19 $355 S'GATE IDE 130/16 $438 C'NER SCSI 200/12$750 CO-PROCESSORS 387/33/40 $165/195387/20/25 $150/155SX 20/25 $120/125287/10/20 $90/95

PRICES AT SEPT 8TH, 1992

$46

$164$162$14

Sales Tax 20%. Overnight Delivery. Credit cards welcome.PELHAM Tel (02) 980 6988 Fax (02) 980 6991

WARRANTY & INDEMNITYAdvertisers and/or advertising agencies upon and by lodging material with the publisher for publication or authorising or approving of the publication of any material INDEMNIFY the publisher, its servants and agents, against all liability claims or proceedings whatsoever arising from the publication and without limiting the generality of the foregoing to indemnify each of them in relation to defamation, slander of title, breach of copyright, infringement of trademarks or names of publication titles, unfair competition or trade practices, royalties or violation of rights or privacy AND WARRANT that the material complies with all relevant laws and regulations and that its publication will not give rise to any rights against or liabilities in the publisher, its servants or agents and in particular that nothing therein is capable of being misleading or deceptive or otherwise in breach of Part V of the Trade Practices Act 1974.

ADVERTISING CONDITIONSAdvertising accepted for publication in Professional Computing is subject to the conditions set out in the rate cards, and the rules applicable to advertising laid down from time to time by the Media Council of Australia. Every advertisement is subject to the publisher's approval. No responsibility is taken for any loss due to the failure of an advertisement to appear according to instructions.

The positioning or placing of an advertisement within the accepted classification is at the discretion of Professional Computing except where specifically instructed and agreed to by the publisher.

Rates are based on the understanding that the monetary level ordered is used within the period of the order. Maximum period of any order is one (1) year. Should an advertiser fail to use the total monetary level ordered the rate will be amended to coincide with the amount of space used. The word ‘advertisement’ will be used on copy which, in the opinion of the publisher, resembles editorial matter.

The above information is subject to change, without notificaction, at the discretion of the Publisher.

The Australian National University

THE AUSTRALIAN NATIONAL UNIVERSITY FACULTY OF ECONOMICS & COMMERCE

DEPARTMENT OF COMMERCE

READER or SENIOR LECTURER(Academic Level D or C)

The University is seeking applications from candidates with a strong record in research and teaching to fill a vacancy as a Reader (continuing position) or Senior Lecturer (continuing on probation position) in the Department of Commerce.

The Department provides courses leading to bachelors, honors and masters degrees in Commerce, together with PhD degrees, within the Faculty of Economics and Commerce and the Graduate School. Areas of interest to current staff include financial accounting, management accounting, accounting theory, public sector accounting, auditing, taxation, financial economics, accounting information systems, business information systems, corporate finance, investments, behavioural, organizational and social aspects of accounting, and the history of ideas in accounting. The Department would prefer applications from candidates with strengths in at least two of the above areas. Preference will be given to candidates with an interest in business information systems.

The appointee is expected to make a significant contribution to the teaching effort of the Department and to carry out activities to maintain and develop scholarly research and/or professional activities relevant to the discipline or profession. In determining experience relative to qualifications, regard will be had to teaching experience, experience in research, experience outside tertiary education, creative achievement, professional contributions and/or to technical achievement.

In addition, a Senior Lecturer is expected to play a major role in scholarship, research and/or professional activities and will normally have a record of demonstrable scholarly and professional achievement. Appointment at the level of Reader requires academic excellence evidenced by an outstanding contribution to teaching and/or research and/or the profession.

Limited consulting work may be undertaken with the approval of the University.

Enquiries should be addressed to the Head, Roger Burritt on (06) 249 3670, or Fax (06) 249 5005. Further particulars relating to the position are available from the Secretary on (06) 249 4566 or fax (06) 249 5011.

Closing Date: 30 September 1992 Ref. FE 15.7.1

Salary Ranges: Reader (Level D) $60,475 - $66,625 p.a.Senior Lecturer (Level C) $50,225 - $57,913 p.a.

In addition, an appropriate loading may be determined for a fixed period, renewable subject to further determination.

Appointment: Reader (to retirement age at 65); Senior Lecturer (continuing on probation).

Applications addressing the selection criteria should be submitted in duplicate to the Secretary, The Australian National University, GPO Box 4, Canberra, ACT, 2601, quoting the reference number and including curriculum vitae, list of publications and names of at least three referees. The University has a “no smoking’ policy effective in all university buildings and vehicles.

THE UNIVERSITY IS AN EQUAL OPPORTUNITY EMPLOYER

Bookings - Tel: (03) 520 5555, Fax: (03) 521 3647


mation about the relative location of cables and exchanges. When changes are required by customers — for example new connection or disconnection of a service, changes in name or billing addresses, the addition or removal of extra lines or other facilities — instructions to carry these out are entered into CSS by the operators observed in this study.

These instructions are then transported downstream to the areas in which the physical changes are scheduled and completed. Details of date and time of completion are then fed back into the billing and other related systems, and customer appointments are entered. The entire service operation is thus dependent upon the very large and complex CSS system, and several thousand jobs are affected by it.

Within a given transaction, screens are presented in a fixed sequence and CSS allows the next screen to be displayed only when all data are recognised and accepted for the present screen.

An early problem identified in the study was the necessity to begin the entire transaction again where a correction was required for a previous screens. Back-tracking was not possible.

Screen layout was found to be suboptimal. The flow of operator/customer conversation was disjointed because items of information “belonging” to each other and required from the customer were not placed in succession.

Some user interface problems were identified by observing data entry disruptions in the form of reference to hard copy manuals or requesting a colleague’s help, causing delays.

Errors were also good indicators of trouble spots. Hesitations as well as errors were reflected in the relative time users spent in different data fields on the various screens. Modifications to CSS were based in large part on these findings.

These quantitative measures proved that operators’ jobs changed in certain predictable ways with the introduction of a large computer system. The numerous trouble spots identified have led to interface redesign.

However the data alone did not reveal many of the pressures on operators or how in many ways, operator training fails to meet job demands. Data were also gathered by recording telephone enquiries, the majority of which related to wide-ranging issues such as Telecom policies, product information and so on — and did not require interaction with CSS at all. The knowledge required of operators was found to be much broader than anticipated in the training program.

This study demonstrated that time-and-mo- tion studies can yield valuable information. The intention was to identify potential cognitive stumbling blocks in CSS and redesign the user interface accordingly.

Although the issues could have been pursued in the laboratory, some of the extraneous, yet very important, issues uncovered would not have emerged. Adopting an ‘ecological’ approach to the usability evaluation proved fruitful in many unforeseen ways.

By observing the CSS operators at their job, and quantifying observations, a much wider job specification emerged. As well as redesigning the user interface, the study led to reconsideration of

operator selection criteria, modification of training, reworking duty statements, the reviewing of processes served by CSS, the inclusion of extra information in the system, and the development of quality customer service procedures and performance measurement techniques.

As well as my TRL work, I have been heavily involved with CHISIG, the Computer Human Interaction Special Interest Group since its inception in 1985, an activity which has been a mixture of perseverance and fun.

At the annual conference of the Ergonomics Society of Australia and New Zealand in 1985, a number of people claimed interest in the CHI area. There was no systematic local research into user-computer interaction in universities or government research laboratories and user interfaces supplied for the software developed in Australia were primarily slap-on jobs that did not necessarily complement the underlying technical features.

It wasn’t clear either what issues should be researched or how they could be tackled from within any of the more traditional academic disciplines.

There was no logical place in which CHISIG could reside and prosper and no reason for its existence except that the token president of the Ergonomics Society, after attending a CHI conference in the United States, earlier that year, predicted that the area would open up. He has proved to be prophetic, even though this process in taking some time in Australia.

Since then, CHISIG has gradually formed into a network of researchers, developers, vendors, consultants and other interested parties who share a common concern about the user side of interactive computing.

Until the end of 1987 the group was run by an academic, Prof. Tom Triggs, and a couple of CHI researchers in the Telecom Research Laboratories Human Factors lab.

From the outset, HCI projects and topics were addressed in regular free seminars with the aim of generating interest user-computer interaction from the users perspective.

Attendance of these and membership of CHISIG has grown steadily. Some of the highlights have included the development of an in-house videotex facility in one of Melbourne’s largest colleges for distance education, a demonstration of a graphic product enabling speech therapists to generate communication tables for speech handicapped people (these are now widely used by speech pathologists in Australia), and the first end-of-year one-day seminar/workshop on interface design issues held at Monash University in 1987.

Researchers from psychology, engineering and computing fields who were working in user areas featured prominently among the attendees of this event.

Similar seminars have been held since this first encouraging event and interest has steadily grown.

Another annual ‘fixed feature’ is a combined CHISIG/HASIG (Human Aspects SIG of the Australian Computer Society) meeting held for both groups. Last year’s topic, “Gender bias in computing” explored why computing has

Adopting an ‘ecological’ approach to the usability evaluation proved fruitful in many unforeseen ways.


HCI has now rightfully taken its place as a separate discipline essential for optimal design.

evolved as an increasingly ‘male’ subject both in secondary and tertiary education.

Topics such as this generally attract a reasonably large audience and the quality of the speakers has been excellent.

To further attract interest and membership, CHISIG has continued to vary its program, offering virtually anything from inspection of interesting computer installations to philosophical debates on major research projects.

The forming of a management commitment in 1989 led to more defined objectives for the group and a greater capacity to run more sophisticated annual seminars. The fundamental aim is still to encourage research in the HCI area in Australia directly through conferences and indirectly by teaching undergraduates.

Through lectures and open seminars, the components of HCI are finding their way into various courses. The group has taught psychology, computer science, ergonomics and an MBA course at two universities. The recruitment of graduates in this field will be the ultimate spinoff. It is still difficult to find people with Human Factors, research background, let alone with HCI experience.

A register of local HCI experts will be estab

lished noting their expertise, background and major projects. This will enable fellow researchers, developers, industry and government departments to locate specific expertise when required.

Thanks to a generous Telecom subsidy, membership of CHISIG is $25 for individuals and $50 for corporate members. Members are kept up to date on research projects, conferences, seminars, HCI-type job opportunities and any other items of interest through a regular newsletter.

Computer systems involve virtually everyone in society. Whether they are electronic bank teller machines, electronic point-of-sale systems, booking services, VIATEL, electronic mail, word processors, computer games or advanced systems in commerce, scientific research or industry, HCI input into the design of these systems through groups like CHISIG has been neglected in the past. It has now rightfully taken its place as a separate discipline which is essential for optimal design, development, usability and ultimately productivity and efficiency of these systems.

Author: Dr Gitte Lindgaard is leader of the Human Factors group of research psychologists at Telecom Research Laboratories.

"pound the trouble with data gyetem.... „A GCREW UOOS£ IN THE COMPUTER PROGRAMMER/'


Register now for ITI

23' S^DatT"09®™— -^tab^management system,

* I u/^j^rjT ~T 1— ■—-’1»4 ADABAS

fe2SFrenChFores:H6 Mtftarv Ro,ri wnd* ,nfemaf,’°n^ 02 953 Sf4 Neu,ral ^ Nsw '

11 ^MWtar^R^wL êrna5ona/02 953 9&!d'Neu,ra,BayNSw'

DOS 3.1,

k3KS[^<W(USA)>0»ff frlAiiwuiû ^ tInS)i * '«t>»ele,> fe,

•"•"AjfBifBI j*fl» ,r|Aii<w>JlSQL-6nioj

Jj»j“Vr«Wvfry.

j^NATU&L®’’"’*'1 i'"iu‘rfl*U wo—;.. «...

gr ^ Ltd refaide SA 5fl 1 aa,w^

1 jBSK®***

F119® DATAPLEX

1198 cWnjverse-Ms tew,

tegSofhvoi

Cwpora bo„Uoo: lAufclr'1 ■'“Hnlu iavKxjsk- ..... .._.

isysssiASSiarssr——.saarr

‘ superior by dt’estgn.far*il2L!*i*l,ea*< 4JU In,. _

- ssfflsSgFgS&£££“»■■»........... “"""’

DP04*

1198 JOMS/RteisiMieo fmi, _

,0,jl—■ W«Vf»Mm

Cullineti SUfoSw?1 *•«**« i«kOoMte; C«S|L?^2*r",«"

"*» '* Mom* 4,u

Aiiocmw, I„lt

gw^sssafe^Bfem'ZUfrfi** *£ Ekih*“* *"i> *hlc* uSf “K‘mine! iho^fojfjj? *">

IsT. t, . ** ““ ** »•«*

“ irst ■“'•■"Su, “SrSSMferys"- *»

•'ifiiST^sarSS?

4*u

®S25§5S?s8Sfes^*ster-Ja«r, -JsSeSt?®’"

S «Si^sS_5? ■•âastS'

Register for your listing in the COMPREHENSIVE ITI by completing the coupon.

For more information or to find out how to maximise your exposure contact Christine Dixon:

Melb 520 5670 other states

Free Call 008 335 196

From the publisher of Pacific Computer Weekly comes the most comprehensive index of software, hardware, communications and services — companies and products — yet produced for Australian users.The new IT Index plans to include every company operating in the Australian industry.How the new ITI will work:—You automatically receive one listing in the vertical market section of your choice (eg. accounting, mining, health, case tools, local area networking, wide area networking etc).This listing can then be augmented with further information and/or other listings in other vertical markets. You pay for these. Ensure your listing today. Reach the most powerful IT buyers in their preferred buyer’s guide.Fax the coupon below to ITI co-ordinator Christine Dixon, Pacific Computer Weekly.

Yes, I want to be in ITI ’93 I

Company Name................................................................. JContact Name.................................................................... I

First name Surname |

Job Title.............................................................................. I

Address........................................... :.................................... JPhone..................................Fax......................................... |

Vertical Market(s) you operate in.................... I

Attach a separate list if more space required P

A.C.N. 004 260 020Return coupon by Fax on (03) 510 3489 or enclose in an envelope and address:

Reply Paid 1, ITI, Peter Isaacson Publications Pty Ltd, PO Box 172, Prahran, Vic. 3181

IF YOU'RE READING THIS

WE'VE REACHED OUR TARGETIET US HEAP

YOU REACH YOURSThere’s too much at stake these days to take

chances with lists. Sophisticated marketers look for more than large data bases and scrubbed lists. They know that weeding out the old contacts is easy. The hard part is keeping up with the new contacts. That’s where PIPMAIL shines.

PIPMAIL is the direct marketing division of Peter Isaacson Publications. Its lists are derived largely from the vast publishing network of Peter Isaacson industry publications and yearbooks. These publications are sought by people in a

wide range of enterprises and professions.This is what makes PIPMAIL, updated daily,

the source of the most accurate and up-to-date lists available. With PIPMAIL you can have your list any way you want it — by profession, by industry, by postcode. Or you can have highly specialised targeting — PIPMAIL identifies literally hundreds of individual business activities.

Phone for details of segments from our database of 300,000 companies in the 10 main industry groups.

PIPMAIL accuracy through experienceTIlH DIRECT MARKETING DIVISION OE PETER ISAACSON iTBEICATIONS I’TY. LTD.

Call Linda Kavan or Jacqui Ratnavira on free call (Aust only) 008 335 196, Melbourne +61 3 520 5648/520 5620 or fax (03) 521 3647