14 si(systems analysis and design )
DESCRIPTION
Kumpulan Materi Kuliah TITRANSCRIPT
14Systems Analysis and Design in a Changing World, Fourth Edition
14
Systems Analysis and Design in a Changing World, 4th Edition 2
Learning Objectives
Discuss examples of system interfaces found in information systems
Define system inputs and outputs based on the requirements of the application program
Design printed and on-screen reports appropriate for recipients
14
Systems Analysis and Design in a Changing World, 4th Edition 3
Learning Objectives (continued)
Explain the importance of integrity controls
Identify required integrity controls for inputs, outputs, data, and processing
Discuss issues related to security that affect the design and operation of information systems
14
Systems Analysis and Design in a Changing World, 4th Edition 4
Overview
This chapter focuses on system interfaces, system outputs, and system controls that do not require much human interaction
Many system interfaces are electronic transmissions or paper outputs to external agents
System developers need to design and implement integrity and security controls to protect system and its data
Outside threats from Internet and e-commerce are growing concern
14
Systems Analysis and Design in a Changing World, 4th Edition 5
Identifying System Interfaces
System interfaces are broadly defined as inputs or outputs with minimal or no human intervention
Inputs from other systems (messages, EDI)
Highly automated input devices such as scanners
Inputs that are from data in external databases
Outputs to external databases
Outputs with minimal HCI
Outputs to other systems
Real-time connections (both input and output)
14
Systems Analysis and Design in a Changing World, 4th Edition 6
Full Range of Inputs and Outputs
14
Systems Analysis and Design in a Changing World, 4th Edition 7
eXtensible Markup Language (XML)
Extension of HTML that embeds self-defined data structures in textual messages
Transaction that contains data fields can be sent with XML codes to define meaning of data fields
XML provides common system-to-system interface
XML is simple and readable by people
Web services is based on XML to send business transactions over Internet
14
Systems Analysis and Design in a Changing World, 4th Edition 8
System-to-System Interface Based on XML
14
Systems Analysis and Design in a Changing World, 4th Edition 9
Design of System Inputs
Identify devices and mechanisms used to enter input
High-level review of most up-to-date methods to enter data
Identify all system inputs and develop list of data content for each
Provide link between design of application software and design of user and system interfaces
Determine controls and security necessary for each system input
14
Systems Analysis and Design in a Changing World, 4th Edition 10
Input Devices and Mechanisms
Capture data as close to original source as possible
Use electronic devices and automatic entry whenever possible
Avoid human involvement as much as possible
Seek information in electronic form to avoid data re-entry
Validate and correct information at entry point
14
Systems Analysis and Design in a Changing World, 4th Edition 11
Prevalent Input Devices to Avoid Human Data Entry
Magnetic card strip readers
Bar code readers
Optical character recognition readers and scanners
Radio-frequency identification tags
Touch screens and devices
Electronic pens and writing surfaces
Digitizers, such as digital cameras and digital audio devices
14
Systems Analysis and Design in a Changing World, 4th Edition 12
Defining the Details of System Inputs
Ensure all data inputs are identified and specified correctly
Can use traditional structured models
Identify automation boundary Use DFD fragments
Segment by program boundaries
Examine structure charts Analyze each module and data couple
List individual data fields
14
Systems Analysis and Design in a Changing World, 4th Edition 13
Automation Boundary on a System-Level DFD
14
Systems Analysis and Design in a Changing World, 4th Edition 14
Create New Order DFD with an Automation Boundary
14
Systems Analysis and Design in a Changing World, 4th Edition 15
List of Inputs for Customer Support System
14
Systems Analysis and Design in a Changing World, 4th Edition 16
Structure Chart for Create New Order(Figure 14-6)
14
Systems Analysis and Design in a Changing World, 4th Edition 17
Data Flows, Data Couples, and Data Elements Making Up Inputs (Figure 14-7)
14
Systems Analysis and Design in a Changing World, 4th Edition 18
Using Object-Oriented Models
Identifying user and system inputs with OO approach has same tasks as traditional approach
OO diagrams are used instead of DFDs and structure charts
System sequence diagrams identify each incoming message
Design class diagrams and sequence diagrams identify and describe input parameters and verify characteristics of inputs
14
Systems Analysis and Design in a Changing World, 4th Edition 19
Partial System Sequence Diagram for Payroll System Use Cases (Figure 14-8)
14
Systems Analysis and Design in a Changing World, 4th Edition 20
System Sequence Diagram for Create New Order
14
Systems Analysis and Design in a Changing World, 4th Edition 21
Input Messages and Data Parameters from RMO System Sequence Diagram (Figure 14-10)
14
Systems Analysis and Design in a Changing World, 4th Edition 22
Designing System Outputs
Determine each type of output
Make list of specific system outputs required based on application design
Specify any necessary controls to protect information provided in output
Design and prototype output layout
Ad hoc reports – designed as needed by user
14
Systems Analysis and Design in a Changing World, 4th Edition 23
Defining the Details of System Outputs
Type of reports
Printed reports
Electronic displays
Turnaround documents
Can use traditional structured models to identify outputs
Data flows crossing automation boundary
Data couples and report data requirements on structure chart
14
Systems Analysis and Design in a Changing World, 4th Edition 24
Table of System Outputs Based on Traditional Structured Approach (Figure 14-11)
14
Systems Analysis and Design in a Changing World, 4th Edition 25
Using Object-Oriented Models
Outputs indicated by messages in sequence diagrams
Originate from internal system objects
Sent to external actors or another external system
Output messages based on an individual object are usually part of methods of that class object
To report on all objects within a class, class-level method is used that works on entire class
14
Systems Analysis and Design in a Changing World, 4th Edition 26
Table of System Outputs Based on OO Messages (Figure 14-12)
14
Systems Analysis and Design in a Changing World, 4th Edition 27
Designing Reports, Statements, and Turnaround Documents
Printed versus electronic
Types of output reports
Detailed
Summary
Exception
Executive
Internal versus external
Graphical and multimedia presentation
14
Systems Analysis and Design in a Changing World, 4th Edition 28
RMO Summary Report with Drill Down to the Detailed Report
14
Systems Analysis and Design in a Changing World, 4th Edition 29
Sample Bar Chart and Pie Chart Reports
14
Systems Analysis and Design in a Changing World, 4th Edition 30
Formatting Reports
What is objective of report?
Who is the intended audience?
What is media for presentation?
Avoid information overload
Format considerations include meaningful headings, date of information, date report produced, page numbers
14
Systems Analysis and Design in a Changing World, 4th Edition 31
Designing Integrity Controls
Mechanisms and procedures built into a system to safeguard it and information contained within
Integrity controls
Built into application and database system to safeguard information
Security controls
Built into operating system and network
14
Systems Analysis and Design in a Changing World, 4th Edition 32
Objectives of Integrity Controls
Ensure that only appropriate and correct business transactions occur
Ensure that transactions are recorded and processed correctly
Protect and safeguard assets of the organization
Software
Hardware
Information
14
Systems Analysis and Design in a Changing World, 4th Edition 33
Points of Security and Integrity Controls
14
Systems Analysis and Design in a Changing World, 4th Edition 34
Input Integrity Controls
Used with all input mechanisms
Additional level of verification to help reduce input errors
Common control techniques
Field combination controls
Value limit controls
Completeness controls
Data validation controls
14
Systems Analysis and Design in a Changing World, 4th Edition 35
Database Integrity Controls
Access controls = management user
Data encryption
Transaction controls = transaction log
Update controls
Backup and recovery protection
14
Systems Analysis and Design in a Changing World, 4th Edition 36
Output Integrity Controls
Ensure output arrives at proper destination and is correct, accurate, complete, and current
Destination controls - output is channeled to correct people
Completeness, accuracy, and correctness controls
Appropriate information present in output
14
Systems Analysis and Design in a Changing World, 4th Edition 37
Integrity Controls to Prevent Fraud
Three conditions are present in fraud cases
Personal pressure, such as desire to maintain extravagant lifestyle
Rationalizations, including “I will repay this money” or “I have this coming”
Opportunity, such as unverified cash receipts
Control of fraud requires both manual procedures and computer integrity controls
14
Systems Analysis and Design in a Changing World, 4th Edition 38
Fraud Risks and Prevention Techniques
14
Systems Analysis and Design in a Changing World, 4th Edition 39
Designing Security Controls
Security controls protect assets of organization from all threats
External threats such as hackers, viruses, worms, and message overload attacks
Security control objectives
Maintain stable, functioning operating environment for users and application systems (24 x 7)
Protect information and transactions during transmission outside organization (public carriers)
14
Systems Analysis and Design in a Changing World, 4th Edition 40
Security for Access to Systems
Used to control access to any resource managed by operating system or network
User categories
Unauthorized user – no authorization to access
Registered user – authorized to access system
Privileged user – authorized to administrate system
Organized so that all resources can be accessed with same unique ID/password combination
14
Systems Analysis and Design in a Changing World, 4th Edition 41
Users and Access Roles to Computer Systems
14
Systems Analysis and Design in a Changing World, 4th Edition 42
Managing User Access
Most common technique is user ID / password
Authorization – Is user permitted to access?
Access control list – users with rights to access
Authentication – Is user who they claim to be?
Smart card – computer-readable plastic card with embedded security information
Biometric devices – keystroke patterns, fingerprinting, retinal scans, voice characteristics
14
Systems Analysis and Design in a Changing World, 4th Edition 43
Data Security
Data and files themselves must be secure
Encryption – primary security method
Altering data so unauthorized users cannot view
Decryption
Altering encrypted data back to its original state
Symmetric key – same key encrypts and decrypts
Asymmetric key – different key decrypts
Public key – public encrypts; private decrypts
14
Systems Analysis and Design in a Changing World, 4th Edition 44
Symmetric Key Encryption
14
Systems Analysis and Design in a Changing World, 4th Edition 45
Asymmetric Key Encryption
14
Systems Analysis and Design in a Changing World, 4th Edition 46
Digital Signatures and Certificates
Encryption of messages enables secure exchange of information between two entities with appropriate keys
Digital signature encrypts document with private key to verify document author
Digital certificate is institution’s name and public key that is encrypted and certified by third party
Certifying authority
VeriSign or Equifax
14
Systems Analysis and Design in a Changing World, 4th Edition 47
Using a Digital Certificate
14
Systems Analysis and Design in a Changing World, 4th Edition 48
Secure Transactions
Standard set of methods and protocols for authentication, authorization, privacy, integrity
Secure Sockets Layer (SSL) renamed as Transport Layer Security (TLS) – protocol for secure channel to send messages over Internet
IP Security (IPSec) – newer standard for transmitting Internet messages securely
Secure Hypertext Transport Protocol (HTTPS or HTTP-S) – standard for transmitting Web pages securely (encryption, digital signing, certificates)
14
Systems Analysis and Design in a Changing World, 4th Edition 49
Summary
System interfaces include all inputs and outputs except those that are part of GUI
Designing inputs to system is three-step process
Identify devices/mechanisms used to enter input
Identify system inputs; develop list of data content
Determine controls and security necessary for each system input
Traditional approach to design inputs and outputs
DFDs, data flow definitions, structure charts
14
Systems Analysis and Design in a Changing World, 4th Edition 50
Summary (continued)
OO approach to design inputs and outputs
Sequence diagrams, class diagrams
Integrity controls and security designed into system
Ensure only appropriate and correct business transactions occur
Ensure transactions are recorded and processed correctly
Protect and safeguard assets of the organization
Control access to resources