Title: Systems Analysis and Design in a Changing World, Fourth Edition
1- Systems Analysis and Design in a Changing World,
Fourth Edition
2Learning Objectives
- Discuss examples of system interfaces found in
information systems - Define system inputs and outputs based on the
requirements of the application program - Design printed and on-screen reports appropriate
for recipients - Explain the importance of integrity controls
- Identify required integrity controls for inputs,
outputs, data, and processing - Discuss issues related to security that affect
the design and operation of information systems
3Overview
- This chapter focuses on system interfaces, system
outputs, and system controls that do not require
much human interaction - Many system interfaces are electronic
transmissions or paper outputs to external agents - System developers need to design and implement
integrity and security controls to protect system
and its data - Outside threats from Internet and e-commerce are
growing concern
4Identifying System Interfaces
- System interfaces are broadly defined as inputs
or outputs with minimal or no human intervention - Inputs from other systems (messages, EDI)
- Highly automated input devices such as scanners
- Inputs that are from data in external databases
- Outputs to external databases
- Outputs with minimal HCI
- Outputs to other systems
- Real-time connections (both input and output)
5Full Range of Inputs and Outputs
6eXtensible Markup Language (XML)
- Extension of HTML that embeds self-defined data
structures in textual messages - Transaction that contains data fields can be sent
with XML codes to define meaning of data fields - XML provides common system-to-system interface
- XML is simple and readable by people
- Web services is based on XML to send business
transactions over Internet
7System-to-System Interface Based on XML
8Design of System Inputs
- Identify devices and mechanisms used to enter
input - High-level review of most up-to-date methods to
enter data - Identify all system inputs and develop list of
data content for each - Provide link between design of application
software and design of user and system interfaces - Determine controls and security necessary for
each system input
9Input Devices and Mechanisms
- Capture data as close to original source as
possible - Use electronic devices and automatic entry
whenever possible - Avoid human involvement as much as possible
- Seek information in electronic form to avoid data
re-entry - Validate and correct information at entry point
10Prevalent Input Devices to Avoid Human Data Entry
- Magnetic card strip readers
- Bar code readers
- Optical character recognition readers and
scanners - Radio-frequency identification tags
- Touch screens and devices
- Electronic pens and writing surfaces
- Digitizers, such as digital cameras and digital
audio devices
11Defining the Details of System Inputs
- Ensure all data inputs are identified and
specified correctly - Can use traditional structured models
- Identify automation boundary
- Use DFD fragments
- Segment by program boundaries
- Examine structure charts
- Analyze each module and data couple
- List individual data fields
12Using Object-Oriented Models
- Identifying user and system inputs with OO
approach has same tasks as traditional approach - OO diagrams are used instead of DFDs and
structure charts - System sequence diagrams identify each incoming
message - Design class diagrams and sequence diagrams
identify and describe input parameters and verify
characteristics of inputs
13System Sequence Diagram for Create New Order
14Input Messages and Data Parameters from RMO
System Sequence Diagram (Figure 14-10)
15Designing System Outputs
- Determine each type of output
- Make list of specific system outputs required
based on application design - Specify any necessary controls to protect
information provided in output - Design and prototype output layout
- Ad hoc reports designed as needed by user
16Defining the Details of System Outputs
- Type of reports
- Printed reports
- Electronic displays
- Turnaround documents
- Can use traditional structured models to identify
outputs - Data flows crossing automation boundary
- Data couples and report data requirements on
structure chart
17Table of System Outputs Based on Traditional
Structured Approach (Figure 14-11)
18Using Object-Oriented Models
- Outputs indicated by messages in sequence
diagrams - Originate from internal system objects
- Sent to external actors or another external
system - Output messages based on an individual object are
usually part of methods of that class object - To report on all objects within a class,
class-level method is used that works on entire
class
19Table of System Outputs Based on OO Messages
(Figure 14-12)
20Designing Reports, Statements, and Turnaround
Documents
- Printed versus electronic
- Types of output reports
- Detailed
- Summary
- Exception
- Executive
- Internal versus external
- Graphical and multimedia presentation
21RMO Summary Report with Drill Down to the
Detailed Report
22Formatting Reports
- What is objective of report?
- Who is the intended audience?
- What is media for presentation?
- Avoid information overload
- Format considerations include meaningful
headings, date of information, date report
produced, page numbers
23Designing Integrity Controls
- Mechanisms and procedures built into a system to
safeguard it and information contained within - Integrity controls
- Built into application and database system to
safeguard information - Security controls
- Built into operating system and network
24Objectives of Integrity Controls
- Ensure that only appropriate and correct business
transactions occur - Ensure that transactions are recorded and
processed correctly - Protect and safeguard assets of the organization
- Software
- Hardware
- Information
25Points of Security and Integrity Controls
26Input Integrity Controls
- Used with all input mechanisms
- Additional level of verification to help reduce
input errors - Common control techniques
- Field combination controls
- Value limit controls
- Completeness controls
- Data validation controls
27Database Integrity Controls
- Access controls
- Data encryption
- Transaction controls
- Update controls
- Backup and recovery protection
28Output Integrity Controls
- Ensure output arrives at proper destination and
is correct, accurate, complete, and current - Destination controls - output is channeled to
correct people - Completeness, accuracy, and correctness controls
- Appropriate information present in output
29Integrity Controls to Prevent Fraud
- Three conditions are present in fraud cases
- Personal pressure, such as desire to maintain
extravagant lifestyle - Rationalizations, including I will repay this
money or I have this coming - Opportunity, such as unverified cash receipts
- Control of fraud requires both manual procedures
and computer integrity controls
30Fraud Risks and Prevention Techniques
31Designing Security Controls
- Security controls protect assets of organization
from all threats - External threats such as hackers, viruses, worms,
and message overload attacks - Security control objectives
- Maintain stable, functioning operating
environment for users and application systems (24
x 7) - Protect information and transactions during
transmission outside organization (public
carriers)
32Security for Access to Systems
- Used to control access to any resource managed by
operating system or network - User categories
- Unauthorized user no authorization to access
- Registered user authorized to access system
- Privileged user authorized to administrate
system - Organized so that all resources can be accessed
with same unique ID/password combination
33Users and Access Roles to Computer Systems
34Managing User Access
- Most common technique is user ID / password
- Authorization Is user permitted to access?
- Access control list users with rights to access
- Authentication Is user who they claim to be?
- Smart card computer-readable plastic card with
embedded security information - Biometric devices keystroke patterns,
fingerprinting, retinal scans, voice
characteristics
35Data Security
- Data and files themselves must be secure
- Encryption primary security method
- Altering data so unauthorized users cannot view
- Decryption
- Altering encrypted data back to its original
state - Symmetric key same key encrypts and decrypts
- Asymmetric key different key decrypts
- Public key public encrypts private decrypts
36Symmetric Key Encryption
37Asymmetric Key Encryption
38Digital Signatures and Certificates
- Encryption of messages enables secure exchange of
information between two entities with appropriate
keys - Digital signature encrypts document with private
key to verify document author - Digital certificate is institutions name and
public key that is encrypted and certified by
third party - Certifying authority
- VeriSign or Equifax
39Using a Digital Certificate
40Secure Transactions
- Standard set of methods and protocols for
authentication, authorization, privacy, integrity - Secure Sockets Layer (SSL) renamed as Transport
Layer Security (TLS) protocol for secure
channel to send messages over Internet - IP Security (IPSec) newer standard for
transmitting Internet messages securely - Secure Hypertext Transport Protocol (HTTPS or
HTTP-S) standard for transmitting Web pages
securely (encryption, digital signing,
certificates)