Chapter 15: Designing System Interfaces, Controls, and Security - PowerPoint PPT Presentation

1 / 50

About This Presentation

Title:

Chapter 15: Designing System Interfaces, Controls, and Security

Description:

Structure Chart for Create New Order. 15 ... Points of Security and Integrity Controls. 15 ... Personal pressure, such as desire to maintain extravagant lifestyle ... – PowerPoint PPT presentation

Number of Views:60

Avg rating:3.0/5.0

Slides: 51

Provided by: jeffh223

Category:

more less

Transcript and Presenter's Notes

Title: Chapter 15: Designing System Interfaces, Controls, and Security

1
Chapter 15 Designing System Interfaces,
Controls, and Security

Systems Analysis and Design in a Changing World,
3rd Edition

2
Learning Objectives

Discuss examples of system interfaces found in
information systems
Define system inputs and outputs based on the
requirements of the application program
Design printed and on-screen reports appropriate
for recipients

3
Learning Objectives (continued)

Explain the importance of integrity controls
Identify required integrity controls for inputs,
outputs, data, and processing
Discuss issues related to security that affect
the design and operation of information systems

4
Overview

This chapter focuses on systems interfaces,
systems output, and systems controls that do not
require much human interaction
Many system interfaces are electronic
transmissions or paper outputs to external agents
System developers need to design and implement
integrity and security controls to protect system
and its data
Outside threats from Internet and e-commerce are
growing concern

5
Identifying System Interfaces

Systems interfaces are broadly defined as inputs
or outputs with minimal or no human intervention
Inputs from other systems (messages, EDI)
Highly automated input devices such as scanners
Inputs that are from data in external databases
Outputs that are to external databases
Outputs with minimal HCI
Outputs to other systems
Real-time connections (both input and output)

6
Full Range of Inputs and Outputs
7
eXtensible Markup Language (XML)

Extension of HTML that embeds self-defined data
structures within textual messages
Transaction that contains data fields can be sent
with XML codes to define meaning of data fields
XML provides common system-to-system interface
XML is simple and readable by people
Web services is based on XML to send business
transactions over Internet

8
System-to-System Interface Based on XML
9
Design of System Inputs

Identify devices and mechanisms used to enter
input
High-level review of most up-to-date methods to
enter data
Identify all system inputs and develop list of
data content with each
Provides link between design of application
software and design of user and system interfaces
Determine controls and security necessary for
each system input

10
Input Devices and Mechanisms

Capture data as close to origination source as
possible
Use electronic devices and automatic entry
whenever possible
Avoid human involvement as much as possible
Seek information in electronic form to avoid data
reentry
Validate and correct information at entry point

11
Prevalent Input Devices to Avoid Human Data Entry

Magnetic card strip readers
Bar-code readers
Optical character recognition readers and
scanners
Touch screens and devices
Electronic pens and writing surfaces
Digitizers, such as digital cameras and digital
audio devices

12
Defining the Details of System Inputs

Ensure all data inputs are identified and
specified correctly
Can use traditional structured models
Identify automation boundary
Use DFD fragments
Segment by program boundaries
Examine Structure Charts
Analyze each module and data couple
List individual data fields

13
Automation Boundary on a System-level DFD
14
Create New Order DFD with an Automation Boundary
15
List of Inputs for Customer Support System
16
Structure Chart for Create New Order
17
Data Flows, Data Couples, and Data Elements
Making up Inputs
18
Using Object-Oriented Models

Identifying user and system inputs with OO
approach has same tasks as traditional approach
OO diagrams are used instead of DFDs and
structure charts
System sequence diagrams identify each incoming
message
Design class diagrams identify and describe input
parameters and contain pseudocode to verify
characteristics of inputs

19
Partial System Sequence Diagram for Payroll
System Use Cases
20
System Sequence Diagram for Create New Order
21
Input Messages and Data Parameters from RMO
System Sequence Diagram
22
Designing System Outputs

Determine each type of output
Make list of specific system outputs required
based on application design
Specify any necessary controls to protect
information provided in output
Design and prototype output layout
Ad hoc reports designed as needed by user

23
Defining the Details of System Outputs

Type of reports
Printed reports
Electronic displays
Turnaround documents
May use traditional structured models to identify
outputs
Data flows crossing automation boundary
Data couples and report data requirements on
structure chart

24
Table of System Outputs Based on Traditional
Structured Approach
25
Using Object-Oriented Models

Outputs indicated by messages in sequence
diagrams
Originate from internal system objects
Sent to external actors or another external
system
Output messages based on an individual object are
usually part of methods of that class object
To report on all objects within a class,
class-level method is used that works on entire
class

26
Table of System Outputs Based on OO Messages
27
Designing Reports, Statements, and Turnaround
Documents

Printed versus electronic
Type of output reports
Detailed
Summary
Exception
Executive
Internal versus external
Graphical and multimedia presentation

28
RMO Summary Report with Drill Down to the
Detailed Report
29
Sample Bar Chart and Pie Chart Reports
30
Formatting Reports

What is objective of report?
Who is the intended audience?
What is media for presentation?
Avoid information overload
Format considerations such as meaningful
headings, date of information, date report
produced, page numbers

31
Designing Integrity Controls

Mechanisms and procedures built into a system to
safeguard it and information contained within
Integrity controls
Built into application and database system to
safeguard information
Security controls
Built into operating system and network

32
Objectives of Integrity Controls

Ensure that only appropriate and correct business
transactions occur
Ensure that transactions are recorded and
processed correctly
Protect and safeguard assets of the organization
Software
Hardware
Information

33
Points of Security and Integrity Controls
34
Input Integrity Controls

Used with all input mechanisms
Additional level of verification to help reduce
input errors
Common control techniques
Field combination controls
Value limit controls
Completeness controls
Data validation controls

35
Database Integrity Controls

Access control
Data encryption
Transaction control
Update control
Backup and recovery protection

36
Output Integrity Controls

Ensures output arrives at proper destination and
is correct, accurate, complete, and current
Destination controls - output is channeled to
correct people
Completeness, accuracy, and correctness controls
Appropriate information present on output

37
Integrity Controls to Prevent Fraud

Three conditions are present in fraud cases
Personal pressure, such as desire to maintain
extravagant lifestyle
Rationalization, such as persons thoughts that
I will repay this money
Opportunity, such as unverified cash receipts
Control of fraud requires both manual procedures
and computer integrity controls

38
Fraud Risks and Prevention Techniques
39
Designing Security Controls

Security controls protect assets of organization
from all threats
External threats such as hackers, viruses, worms,
and message overload attacks
Security control objectives
Maintain stable, functioning operating
environment for users and application systems (24
x 7)
Protect information and transactions during
transmission outside organization (public
carriers)

40
Security for Access to Systems

Used to control access to any resource managed by
operating system or network
User categories
Unauthorized user no authorization to access
Registered user authorized to access system
Privileged user authorized to administrate
system
Organized so that all resources can be accessed
with same unique ID/password combination

41
Users and Access Roles to Computer Systems
42
Managing User Access

Most common technique is user ID / password
Authorization Is user permitted to access?
Access control list users with rights to access
Authentication Is user who they claim to be?
Smart card computer readable plastic card with
embedded security information
Biometric devices keystroke patterns,
fingerprint, retinal scans, voice characteristics

43
Data Security

Data and files themselves must be secure
Encryption primary security method
Altering data so unauthorized users cannot view
Decryption
Altering encrypted data back to original state
Symmetric key same key encrypts and decrypts
Asymmetric key different key decrypts
Public key public encrypts, private decrypts

44
Symmetric Key Encryption
45
Asymmetric Key Encryption
46
Digital signatures and certificates

Encryption of messages enables secure exchange of
information between two entities with appropriate
keys
Digital signature encrypts document with private
key to verify document author
Digital certificate is institutions name and
public key that is encrypted and certified by
third party
Certifying authority
Verisign or Equifax

47
Using a Digital Certificate
48
Secure Transactions

Standard set of methods and protocols for
authentication, authorization, privacy, integrity
Secure Sockets Layer (SSL) renamed as Transport
Layer Security (TLS) protocol for secure
channel to send messages over Internet
IP Security (IPSec) newer standard for secure
Internet message transmission
Secure Hypertext Transport Protocol (HTTPS or
HTTP-S) standard for transmitting Web pages
securely (encryption, digital signing,
certificates)

49
Summary