Systems Analysis and Design in a Changing World, Fourth Edition - PowerPoint PPT Presentation

About This Presentation
Title:

Systems Analysis and Design in a Changing World, Fourth Edition

Description:

Use electronic devices and automatic entry whenever possible ... in electronic form to avoid data re-entry. Validate and correct information at entry point. 14 ... – PowerPoint PPT presentation

Number of Views:74
Avg rating:3.0/5.0
Slides: 41
Provided by: johns442
Learn more at: https://www.csus.edu
Category:

less

Transcript and Presenter's Notes

Title: Systems Analysis and Design in a Changing World, Fourth Edition


1
  • Systems Analysis and Design in a Changing World,
    Fourth Edition

2
Learning Objectives
  • Discuss examples of system interfaces found in
    information systems
  • Define system inputs and outputs based on the
    requirements of the application program
  • Design printed and on-screen reports appropriate
    for recipients
  • Explain the importance of integrity controls
  • Identify required integrity controls for inputs,
    outputs, data, and processing
  • Discuss issues related to security that affect
    the design and operation of information systems

3
Overview
  • This chapter focuses on system interfaces, system
    outputs, and system controls that do not require
    much human interaction
  • Many system interfaces are electronic
    transmissions or paper outputs to external agents
  • System developers need to design and implement
    integrity and security controls to protect system
    and its data
  • Outside threats from Internet and e-commerce are
    growing concern

4
Identifying System Interfaces
  • System interfaces are broadly defined as inputs
    or outputs with minimal or no human intervention
  • Inputs from other systems (messages, EDI)
  • Highly automated input devices such as scanners
  • Inputs that are from data in external databases
  • Outputs to external databases
  • Outputs with minimal HCI
  • Outputs to other systems
  • Real-time connections (both input and output)

5
Full Range of Inputs and Outputs
6
eXtensible Markup Language (XML)
  • Extension of HTML that embeds self-defined data
    structures in textual messages
  • Transaction that contains data fields can be sent
    with XML codes to define meaning of data fields
  • XML provides common system-to-system interface
  • XML is simple and readable by people
  • Web services is based on XML to send business
    transactions over Internet

7
System-to-System Interface Based on XML
8
Design of System Inputs
  • Identify devices and mechanisms used to enter
    input
  • High-level review of most up-to-date methods to
    enter data
  • Identify all system inputs and develop list of
    data content for each
  • Provide link between design of application
    software and design of user and system interfaces
  • Determine controls and security necessary for
    each system input

9
Input Devices and Mechanisms
  • Capture data as close to original source as
    possible
  • Use electronic devices and automatic entry
    whenever possible
  • Avoid human involvement as much as possible
  • Seek information in electronic form to avoid data
    re-entry
  • Validate and correct information at entry point

10
Prevalent Input Devices to Avoid Human Data Entry
  • Magnetic card strip readers
  • Bar code readers
  • Optical character recognition readers and
    scanners
  • Radio-frequency identification tags
  • Touch screens and devices
  • Electronic pens and writing surfaces
  • Digitizers, such as digital cameras and digital
    audio devices

11
Defining the Details of System Inputs
  • Ensure all data inputs are identified and
    specified correctly
  • Can use traditional structured models
  • Identify automation boundary
  • Use DFD fragments
  • Segment by program boundaries
  • Examine structure charts
  • Analyze each module and data couple
  • List individual data fields

12
Using Object-Oriented Models
  • Identifying user and system inputs with OO
    approach has same tasks as traditional approach
  • OO diagrams are used instead of DFDs and
    structure charts
  • System sequence diagrams identify each incoming
    message
  • Design class diagrams and sequence diagrams
    identify and describe input parameters and verify
    characteristics of inputs

13
System Sequence Diagram for Create New Order
14
Input Messages and Data Parameters from RMO
System Sequence Diagram (Figure 14-10)
15
Designing System Outputs
  • Determine each type of output
  • Make list of specific system outputs required
    based on application design
  • Specify any necessary controls to protect
    information provided in output
  • Design and prototype output layout
  • Ad hoc reports designed as needed by user

16
Defining the Details of System Outputs
  • Type of reports
  • Printed reports
  • Electronic displays
  • Turnaround documents
  • Can use traditional structured models to identify
    outputs
  • Data flows crossing automation boundary
  • Data couples and report data requirements on
    structure chart

17
Table of System Outputs Based on Traditional
Structured Approach (Figure 14-11)
18
Using Object-Oriented Models
  • Outputs indicated by messages in sequence
    diagrams
  • Originate from internal system objects
  • Sent to external actors or another external
    system
  • Output messages based on an individual object are
    usually part of methods of that class object
  • To report on all objects within a class,
    class-level method is used that works on entire
    class

19
Table of System Outputs Based on OO Messages
(Figure 14-12)
20
Designing Reports, Statements, and Turnaround
Documents
  • Printed versus electronic
  • Types of output reports
  • Detailed
  • Summary
  • Exception
  • Executive
  • Internal versus external
  • Graphical and multimedia presentation

21
RMO Summary Report with Drill Down to the
Detailed Report
22
Formatting Reports
  • What is objective of report?
  • Who is the intended audience?
  • What is media for presentation?
  • Avoid information overload
  • Format considerations include meaningful
    headings, date of information, date report
    produced, page numbers

23
Designing Integrity Controls
  • Mechanisms and procedures built into a system to
    safeguard it and information contained within
  • Integrity controls
  • Built into application and database system to
    safeguard information
  • Security controls
  • Built into operating system and network

24
Objectives of Integrity Controls
  • Ensure that only appropriate and correct business
    transactions occur
  • Ensure that transactions are recorded and
    processed correctly
  • Protect and safeguard assets of the organization
  • Software
  • Hardware
  • Information

25
Points of Security and Integrity Controls
26
Input Integrity Controls
  • Used with all input mechanisms
  • Additional level of verification to help reduce
    input errors
  • Common control techniques
  • Field combination controls
  • Value limit controls
  • Completeness controls
  • Data validation controls

27
Database Integrity Controls
  • Access controls
  • Data encryption
  • Transaction controls
  • Update controls
  • Backup and recovery protection

28
Output Integrity Controls
  • Ensure output arrives at proper destination and
    is correct, accurate, complete, and current
  • Destination controls - output is channeled to
    correct people
  • Completeness, accuracy, and correctness controls
  • Appropriate information present in output

29
Integrity Controls to Prevent Fraud
  • Three conditions are present in fraud cases
  • Personal pressure, such as desire to maintain
    extravagant lifestyle
  • Rationalizations, including I will repay this
    money or I have this coming
  • Opportunity, such as unverified cash receipts
  • Control of fraud requires both manual procedures
    and computer integrity controls

30
Fraud Risks and Prevention Techniques
31
Designing Security Controls
  • Security controls protect assets of organization
    from all threats
  • External threats such as hackers, viruses, worms,
    and message overload attacks
  • Security control objectives
  • Maintain stable, functioning operating
    environment for users and application systems (24
    x 7)
  • Protect information and transactions during
    transmission outside organization (public
    carriers)

32
Security for Access to Systems
  • Used to control access to any resource managed by
    operating system or network
  • User categories
  • Unauthorized user no authorization to access
  • Registered user authorized to access system
  • Privileged user authorized to administrate
    system
  • Organized so that all resources can be accessed
    with same unique ID/password combination

33
Users and Access Roles to Computer Systems
34
Managing User Access
  • Most common technique is user ID / password
  • Authorization Is user permitted to access?
  • Access control list users with rights to access
  • Authentication Is user who they claim to be?
  • Smart card computer-readable plastic card with
    embedded security information
  • Biometric devices keystroke patterns,
    fingerprinting, retinal scans, voice
    characteristics

35
Data Security
  • Data and files themselves must be secure
  • Encryption primary security method
  • Altering data so unauthorized users cannot view
  • Decryption
  • Altering encrypted data back to its original
    state
  • Symmetric key same key encrypts and decrypts
  • Asymmetric key different key decrypts
  • Public key public encrypts private decrypts

36
Symmetric Key Encryption
37
Asymmetric Key Encryption
38
Digital Signatures and Certificates
  • Encryption of messages enables secure exchange of
    information between two entities with appropriate
    keys
  • Digital signature encrypts document with private
    key to verify document author
  • Digital certificate is institutions name and
    public key that is encrypted and certified by
    third party
  • Certifying authority
  • VeriSign or Equifax

39
Using a Digital Certificate
40
Secure Transactions
  • Standard set of methods and protocols for
    authentication, authorization, privacy, integrity
  • Secure Sockets Layer (SSL) renamed as Transport
    Layer Security (TLS) protocol for secure
    channel to send messages over Internet
  • IP Security (IPSec) newer standard for
    transmitting Internet messages securely
  • Secure Hypertext Transport Protocol (HTTPS or
    HTTP-S) standard for transmitting Web pages
    securely (encryption, digital signing,
    certificates)
Write a Comment
User Comments (0)
About PowerShow.com