changing world, fourth edition - simon fraser … · systems analysis and design in a changing...
Post on 25-Aug-2018
227 Views
Preview:
TRANSCRIPT
14Systems Analysis and Design in a Changing World, Fourth Edition
14
Systems Analysis and Design in a Changing World, 4th Edition 2
Learning Objectives
� Discuss examples of system interfaces found in information systems
� Define system inputs and outputs based on the requirements of the application program
� Design printed and on-screen reports appropriate for recipients
14
Systems Analysis and Design in a Changing World, 4th Edition 3
Learning Objectives (continued)
� Explain the importance of integrity controls
� Identify required integrity controls for inputs, outputs, data, and processing
� Discuss issues related to security that affect the design and operation of information systems
14
Systems Analysis and Design in a Changing World, 4th Edition 4
Overview
� This chapter focuses on system interfaces, system outputs, and system controls that do not require much human interaction
� Many system interfaces are electronic transmissions or paper outputs to external agents
� System developers need to design and implement integrity and security controls to protect system and its data
� Outside threats from Internet and e-commerce are growing concern
14
Systems Analysis and Design in a Changing World, 4th Edition 5
Identifying System Interfaces
� System interfaces are broadly defined as inputs or outputs with minimal or no human intervention
� Inputs from other systems (messages, EDI)
� Highly automated input devices such as scanners
� Inputs that are from data in external databases
� Outputs to external databases
� Outputs with minimal HCI
� Outputs to other systems
� Real-time connections (both input and output)
14
Systems Analysis and Design in a Changing World, 4th Edition 6
Full Range of Inputs and Outputs
14
Systems Analysis and Design in a Changing World, 4th Edition 7
eXtensible Markup Language (XML)
� Extension of HTML that embeds self-defined data structures in textual messages
� Transaction that contains data fields can be sent with XML codes to define meaning of data fields
� XML provides common system-to-system interface
� XML is simple and readable by people
� Web services is based on XML to send business transactions over Internet
14
Systems Analysis and Design in a Changing World, 4th Edition 8
System-to-System Interface Based on XML
14
Systems Analysis and Design in a Changing World, 4th Edition 9
Design of System Inputs
� Identify devices and mechanisms used to enter input
� High-level review of most up-to-date methods to enter data
� Identify all system inputs and develop list of data content for each
� Provide link between design of application software and design of user and system interfaces
� Determine controls and security necessary for each system input
14
Systems Analysis and Design in a Changing World, 4th Edition 10
Input Devices and Mechanisms
� Capture data as close to original source as possible
� Use electronic devices and automatic entry whenever possible
� Avoid human involvement as much as possible
� Seek information in electronic form to avoid data re-entry
� Validate and correct information at entry point
14
Systems Analysis and Design in a Changing World, 4th Edition 11
Prevalent Input Devices to Avoid Human Data Entry
� Magnetic card strip readers
� Bar code readers
� Optical character recognition readers and scanners
� Radio-frequency identification tags
� Touch screens and devices
� Electronic pens and writing surfaces
� Digitizers, such as digital cameras and digital audio devices
14
Systems Analysis and Design in a Changing World, 4th Edition 12
Defining the Details of System Inputs
� Ensure all data inputs are identified and specified correctly
� Can use traditional structured models
� Identify automation boundary
�Use DFD fragments
�Segment by program boundaries
� Examine structure charts
�Analyze each module and data couple
�List individual data fields
14
Systems Analysis and Design in a Changing World, 4th Edition 13
Automation Boundary on a System-Level DFD
14
Systems Analysis and Design in a Changing World, 4th Edition 14
Create New Order DFD with an Automation Boundary
14
Systems Analysis and Design in a Changing World, 4th Edition 15
List of Inputs for Customer Support System
14
Systems Analysis and Design in a Changing World, 4th Edition 16
Structure Chart for Create New Order(Figure 14-6)
14
Systems Analysis and Design in a Changing World, 4th Edition 17
Data Flows, Data Couples, and Data Elements Making Up Inputs (Figure 14-7)
14
Systems Analysis and Design in a Changing World, 4th Edition 18
Using Object-Oriented Models
� Identifying user and system inputs with OO approach has same tasks as traditional approach
� OO diagrams are used instead of DFDs and structure charts
� System sequence diagrams identify each incoming message
� Design class diagrams and sequence diagrams identify and describe input parameters and verify characteristics of inputs
14
Systems Analysis and Design in a Changing World, 4th Edition 19
Partial System Sequence Diagram for Payroll System Use Cases (Figure 14-8)
14
Systems Analysis and Design in a Changing World, 4th Edition 20
System Sequence Diagram for Create New Order
14
Systems Analysis and Design in a Changing World, 4th Edition 21
Input Messages and Data Parameters from RMO System Sequence Diagram (Figure 14-10)
14
Systems Analysis and Design in a Changing World, 4th Edition 22
Designing System Outputs
� Determine each type of output
� Make list of specific system outputs required based on application design
� Specify any necessary controls to protect information provided in output
� Design and prototype output layout
� Ad hoc reports – designed as needed by user
14
Systems Analysis and Design in a Changing World, 4th Edition 23
Defining the Details of System Outputs
� Type of reports
� Printed reports
� Electronic displays
� Turnaround documents
� Can use traditional structured models to identify outputs
� Data flows crossing automation boundary
� Data couples and report data requirements on structure chart
14
Systems Analysis and Design in a Changing World, 4th Edition 24
Table of System Outputs Based on Traditional Structured Approach (Figure 14-11)
14
Systems Analysis and Design in a Changing World, 4th Edition 25
Using Object-Oriented Models
� Outputs indicated by messages in sequence diagrams
� Originate from internal system objects
� Sent to external actors or another external system
� Output messages based on an individual object are usually part of methods of that class object
� To report on all objects within a class, class-level method is used that works on entire class
14
Systems Analysis and Design in a Changing World, 4th Edition 26
Table of System Outputs Based on OO Messages (Figure 14-12)
14
Systems Analysis and Design in a Changing World, 4th Edition 27
Designing Reports, Statements, and Turnaround Documents
� Printed versus electronic
� Types of output reports
� Detailed
� Summary
� Exception
� Executive
� Internal versus external
� Graphical and multimedia presentation
14
Systems Analysis and Design in a Changing World, 4th Edition 28
RMO Summary Report with Drill Down to the Detailed Report
14
Systems Analysis and Design in a Changing World, 4th Edition 29
Sample Bar Chart and Pie Chart Reports
14
Systems Analysis and Design in a Changing World, 4th Edition 30
Formatting Reports
� What is objective of report?
� Who is the intended audience?
� What is media for presentation?
� Avoid information overload
� Format considerations include meaningful headings, date of information, date report produced, page numbers
14
Systems Analysis and Design in a Changing World, 4th Edition 31
Designing Integrity Controls
� Mechanisms and procedures built into a system to safeguard it and information contained within
� Integrity controls
� Built into application and database system to safeguard information
� Security controls
� Built into operating system and network
14
Systems Analysis and Design in a Changing World, 4th Edition 32
Objectives of Integrity Controls
� Ensure that only appropriate and correct business transactions occur
� Ensure that transactions are recorded and processed correctly
� Protect and safeguard assets of the organization
� Software
� Hardware
� Information
14
Systems Analysis and Design in a Changing World, 4th Edition 33
Points of Security and Integrity Controls
14
Systems Analysis and Design in a Changing World, 4th Edition 34
Input Integrity Controls
� Used with all input mechanisms
� Additional level of verification to help reduce input errors
� Common control techniques
� Field combination controls
� Value limit controls
� Completeness controls
� Data validation controls
14
Systems Analysis and Design in a Changing World, 4th Edition 35
Database Integrity Controls
� Access controls
� Data encryption
� Transaction controls
� Update controls
� Backup and recovery protection
14
Systems Analysis and Design in a Changing World, 4th Edition 36
Output Integrity Controls
� Ensure output arrives at proper destination and is correct, accurate, complete, and current
� Destination controls - output is channeled to correct people
� Completeness, accuracy, and correctnesscontrols
� Appropriate information present in output
14
Systems Analysis and Design in a Changing World, 4th Edition 37
Integrity Controls to Prevent Fraud
� Three conditions are present in fraud cases
� Personal pressure, such as desire to maintain extravagant lifestyle
� Rationalizations, including “I will repay this money” or “I have this coming”
� Opportunity, such as unverified cash receipts
� Control of fraud requires both manual procedures and computer integrity controls
14
Systems Analysis and Design in a Changing World, 4th Edition 38
Fraud Risks and Prevention Techniques
14
Systems Analysis and Design in a Changing World, 4th Edition 39
Designing Security Controls
� Security controls protect assets of organization from all threats
� External threats such as hackers, viruses, worms, and message overload attacks
� Security control objectives
� Maintain stable, functioning operating environment for users and application systems (24 x 7)
� Protect information and transactions during transmission outside organization (public carriers)
14
Systems Analysis and Design in a Changing World, 4th Edition 40
Security for Access to Systems
� Used to control access to any resource managed by operating system or network
� User categories
� Unauthorized user – no authorization to access
� Registered user – authorized to access system
� Privileged user – authorized to administrate system
� Organized so that all resources can be accessed with same unique ID/password combination
14
Systems Analysis and Design in a Changing World, 4th Edition 41
Users and Access Roles to Computer Systems
14
Systems Analysis and Design in a Changing World, 4th Edition 42
Managing User Access
� Most common technique is user ID / password
� Authorization – Is user permitted to access?
� Access control list – users with rights to access
� Authentication – Is user who they claim to be?
� Smart card – computer-readable plastic card with embedded security information
� Biometric devices – keystroke patterns, fingerprinting, retinal scans, voice characteristics
14
Systems Analysis and Design in a Changing World, 4th Edition 43
Data Security
� Data and files themselves must be secure
� Encryption – primary security method
� Altering data so unauthorized users cannot view
� Decryption
� Altering encrypted data back to its original state
� Symmetric key – same key encrypts and decrypts
� Asymmetric key – different key decrypts
� Public key – public encrypts; private decrypts
14
Systems Analysis and Design in a Changing World, 4th Edition 44
Symmetric Key Encryption
14
Systems Analysis and Design in a Changing World, 4th Edition 45
Asymmetric Key Encryption
14
Systems Analysis and Design in a Changing World, 4th Edition 46
Digital Signatures and Certificates
� Encryption of messages enables secure exchange of information between two entities with appropriate keys
� Digital signature encrypts document with private key to verify document author
� Digital certificate is institution’s name and public key that is encrypted and certified by third party
� Certifying authority
� VeriSign or Equifax
14
Systems Analysis and Design in a Changing World, 4th Edition 47
Using a Digital Certificate
14
Systems Analysis and Design in a Changing World, 4th Edition 48
Secure Transactions
� Standard set of methods and protocols for authentication, authorization, privacy, integrity
� Secure Sockets Layer (SSL) renamed as Transport Layer Security (TLS) – protocol for secure channel to send messages over Internet
� IP Security (IPSec) – newer standard for transmitting Internet messages securely
� Secure Hypertext Transport Protocol (HTTPS or HTTP-S) – standard for transmitting Web pages securely (encryption, digital signing, certificates)
14
Systems Analysis and Design in a Changing World, 4th Edition 49
Summary
� System interfaces include all inputs and outputs except those that are part of GUI
� Designing inputs to system is three-step process
� Identify devices/mechanisms used to enter input
� Identify system inputs; develop list of data content
� Determine controls and security necessary for each system input
� Traditional approach to design inputs and outputs
� DFDs, data flow definitions, structure charts
14
Systems Analysis and Design in a Changing World, 4th Edition 50
Summary (continued)
� OO approach to design inputs and outputs
� Sequence diagrams, class diagrams
� Integrity controls and security designed into system
� Ensure only appropriate and correct business transactions occur
� Ensure transactions are recorded and processed correctly
� Protect and safeguard assets of the organization
� Control access to resources
top related