14Systems Analysis and Design in a Changing World, Fourth Edition

14

Systems Analysis and Design in a Changing World, 4th Edition 2

Learning Objectives

Discuss examples of system interfaces found in information systems

Define system inputs and outputs based on the requirements of the application program

Design printed and on-screen reports appropriate for recipients

14

Systems Analysis and Design in a Changing World, 4th Edition 3

Learning Objectives (continued)

Explain the importance of integrity controls

Identify required integrity controls for inputs, outputs, data, and processing

Discuss issues related to security that affect the design and operation of information systems

14

Systems Analysis and Design in a Changing World, 4th Edition 4

Overview

This chapter focuses on system interfaces, system outputs, and system controls that do not require much human interaction

Many system interfaces are electronic transmissions or paper outputs to external agents

System developers need to design and implement integrity and security controls to protect system and its data

Outside threats from Internet and e-commerce are growing concern

14

Systems Analysis and Design in a Changing World, 4th Edition 5

Identifying System Interfaces

System interfaces are broadly defined as inputs or outputs with minimal or no human intervention

Inputs from other systems (messages, EDI)

Highly automated input devices such as scanners

Inputs that are from data in external databases

Outputs to external databases

Outputs with minimal HCI

Outputs to other systems

Real-time connections (both input and output)

14

Systems Analysis and Design in a Changing World, 4th Edition 6

Full Range of Inputs and Outputs

14

Systems Analysis and Design in a Changing World, 4th Edition 7

eXtensible Markup Language (XML)

Extension of HTML that embeds self-defined data structures in textual messages

Transaction that contains data fields can be sent with XML codes to define meaning of data fields

XML provides common system-to-system interface

XML is simple and readable by people

Web services is based on XML to send business transactions over Internet

14

Systems Analysis and Design in a Changing World, 4th Edition 8

System-to-System Interface Based on XML

14

Systems Analysis and Design in a Changing World, 4th Edition 9

Design of System Inputs

Identify devices and mechanisms used to enter input

High-level review of most up-to-date methods to enter data

Identify all system inputs and develop list of data content for each

Provide link between design of application software and design of user and system interfaces

Determine controls and security necessary for each system input

14

Systems Analysis and Design in a Changing World, 4th Edition 10

Input Devices and Mechanisms

Capture data as close to original source as possible

Use electronic devices and automatic entry whenever possible

Avoid human involvement as much as possible

Seek information in electronic form to avoid data re-entry

Validate and correct information at entry point

14

Systems Analysis and Design in a Changing World, 4th Edition 11

Prevalent Input Devices to Avoid Human Data Entry

Magnetic card strip readers

Bar code readers

Optical character recognition readers and scanners

Radio-frequency identification tags

Touch screens and devices

Electronic pens and writing surfaces

Digitizers, such as digital cameras and digital audio devices

14

Systems Analysis and Design in a Changing World, 4th Edition 12

Defining the Details of System Inputs

Ensure all data inputs are identified and specified correctly

Can use traditional structured models

Identify automation boundary Use DFD fragments

Segment by program boundaries

Examine structure charts Analyze each module and data couple

List individual data fields

14

Systems Analysis and Design in a Changing World, 4th Edition 13

Automation Boundary on a System-Level DFD

14

Systems Analysis and Design in a Changing World, 4th Edition 14

Create New Order DFD with an Automation Boundary

14

Systems Analysis and Design in a Changing World, 4th Edition 15

List of Inputs for Customer Support System

14

Systems Analysis and Design in a Changing World, 4th Edition 16

Structure Chart for Create New Order(Figure 14-6)

14

Systems Analysis and Design in a Changing World, 4th Edition 17

Data Flows, Data Couples, and Data Elements Making Up Inputs (Figure 14-7)

14

Systems Analysis and Design in a Changing World, 4th Edition 18

Using Object-Oriented Models

Identifying user and system inputs with OO approach has same tasks as traditional approach

OO diagrams are used instead of DFDs and structure charts

System sequence diagrams identify each incoming message

Design class diagrams and sequence diagrams identify and describe input parameters and verify characteristics of inputs

14

Systems Analysis and Design in a Changing World, 4th Edition 19

Partial System Sequence Diagram for Payroll System Use Cases (Figure 14-8)

14

Systems Analysis and Design in a Changing World, 4th Edition 20

System Sequence Diagram for Create New Order

14

Systems Analysis and Design in a Changing World, 4th Edition 21

Input Messages and Data Parameters from RMO System Sequence Diagram (Figure 14-10)

14

Systems Analysis and Design in a Changing World, 4th Edition 22

Designing System Outputs

Determine each type of output

Make list of specific system outputs required based on application design

Specify any necessary controls to protect information provided in output

Design and prototype output layout

Ad hoc reports – designed as needed by user

14

Systems Analysis and Design in a Changing World, 4th Edition 23

Defining the Details of System Outputs

Type of reports

Printed reports

Electronic displays

Turnaround documents

Can use traditional structured models to identify outputs

Data flows crossing automation boundary

Data couples and report data requirements on structure chart

14

Systems Analysis and Design in a Changing World, 4th Edition 24

Table of System Outputs Based on Traditional Structured Approach (Figure 14-11)

14

Systems Analysis and Design in a Changing World, 4th Edition 25

Using Object-Oriented Models

Outputs indicated by messages in sequence diagrams

Originate from internal system objects

Sent to external actors or another external system

Output messages based on an individual object are usually part of methods of that class object

To report on all objects within a class, class-level method is used that works on entire class

14

Systems Analysis and Design in a Changing World, 4th Edition 26

Table of System Outputs Based on OO Messages (Figure 14-12)

14

Systems Analysis and Design in a Changing World, 4th Edition 27

Designing Reports, Statements, and Turnaround Documents

Printed versus electronic

Types of output reports

Detailed

Summary

Exception

Executive

Internal versus external

Graphical and multimedia presentation

14

Systems Analysis and Design in a Changing World, 4th Edition 28

RMO Summary Report with Drill Down to the Detailed Report

14

Systems Analysis and Design in a Changing World, 4th Edition 29

Sample Bar Chart and Pie Chart Reports

14

Systems Analysis and Design in a Changing World, 4th Edition 30

Formatting Reports

What is objective of report?

Who is the intended audience?

What is media for presentation?

Avoid information overload

Format considerations include meaningful headings, date of information, date report produced, page numbers

14

Systems Analysis and Design in a Changing World, 4th Edition 31

Designing Integrity Controls

Mechanisms and procedures built into a system to safeguard it and information contained within

Integrity controls

Built into application and database system to safeguard information

Security controls

Built into operating system and network

14

Systems Analysis and Design in a Changing World, 4th Edition 32

Objectives of Integrity Controls

Ensure that only appropriate and correct business transactions occur

Ensure that transactions are recorded and processed correctly

Protect and safeguard assets of the organization

Software

Hardware

Information

14

Systems Analysis and Design in a Changing World, 4th Edition 33

Points of Security and Integrity Controls

14

Systems Analysis and Design in a Changing World, 4th Edition 34

Input Integrity Controls

Used with all input mechanisms

Additional level of verification to help reduce input errors

Common control techniques

Field combination controls

Value limit controls

Completeness controls

Data validation controls

14

Systems Analysis and Design in a Changing World, 4th Edition 35

Database Integrity Controls

Access controls = management user

Data encryption

Transaction controls = transaction log

Update controls

Backup and recovery protection

14

Systems Analysis and Design in a Changing World, 4th Edition 36

Output Integrity Controls

Ensure output arrives at proper destination and is correct, accurate, complete, and current

Destination controls - output is channeled to correct people

Completeness, accuracy, and correctness controls

Appropriate information present in output

14

Systems Analysis and Design in a Changing World, 4th Edition 37

Integrity Controls to Prevent Fraud

Three conditions are present in fraud cases

Personal pressure, such as desire to maintain extravagant lifestyle

Rationalizations, including “I will repay this money” or “I have this coming”

Opportunity, such as unverified cash receipts

Control of fraud requires both manual procedures and computer integrity controls

14

Systems Analysis and Design in a Changing World, 4th Edition 38

Fraud Risks and Prevention Techniques

14

Systems Analysis and Design in a Changing World, 4th Edition 39

Designing Security Controls

Security controls protect assets of organization from all threats

External threats such as hackers, viruses, worms, and message overload attacks

Security control objectives

Maintain stable, functioning operating environment for users and application systems (24 x 7)

Protect information and transactions during transmission outside organization (public carriers)

14

Systems Analysis and Design in a Changing World, 4th Edition 40

Security for Access to Systems

Used to control access to any resource managed by operating system or network

User categories

Unauthorized user – no authorization to access

Registered user – authorized to access system

Privileged user – authorized to administrate system

Organized so that all resources can be accessed with same unique ID/password combination

14

Systems Analysis and Design in a Changing World, 4th Edition 41

Users and Access Roles to Computer Systems

14

Systems Analysis and Design in a Changing World, 4th Edition 42

Managing User Access

Most common technique is user ID / password

Authorization – Is user permitted to access?

Access control list – users with rights to access

Authentication – Is user who they claim to be?

Smart card – computer-readable plastic card with embedded security information

Biometric devices – keystroke patterns, fingerprinting, retinal scans, voice characteristics

14

Systems Analysis and Design in a Changing World, 4th Edition 43

Data Security

Data and files themselves must be secure

Encryption – primary security method

Altering data so unauthorized users cannot view

Decryption

Altering encrypted data back to its original state

Symmetric key – same key encrypts and decrypts

Asymmetric key – different key decrypts

Public key – public encrypts; private decrypts

14

Systems Analysis and Design in a Changing World, 4th Edition 44

Symmetric Key Encryption

14

Systems Analysis and Design in a Changing World, 4th Edition 45

Asymmetric Key Encryption

14

Systems Analysis and Design in a Changing World, 4th Edition 46

Digital Signatures and Certificates

Encryption of messages enables secure exchange of information between two entities with appropriate keys

Digital signature encrypts document with private key to verify document author

Digital certificate is institution’s name and public key that is encrypted and certified by third party

Certifying authority

VeriSign or Equifax

14

Systems Analysis and Design in a Changing World, 4th Edition 47

Using a Digital Certificate

14

Systems Analysis and Design in a Changing World, 4th Edition 48

Secure Transactions

Standard set of methods and protocols for authentication, authorization, privacy, integrity

Secure Sockets Layer (SSL) renamed as Transport Layer Security (TLS) – protocol for secure channel to send messages over Internet

IP Security (IPSec) – newer standard for transmitting Internet messages securely

Secure Hypertext Transport Protocol (HTTPS or HTTP-S) – standard for transmitting Web pages securely (encryption, digital signing, certificates)

14

Systems Analysis and Design in a Changing World, 4th Edition 49

Summary

System interfaces include all inputs and outputs except those that are part of GUI

Designing inputs to system is three-step process

Identify devices/mechanisms used to enter input

Identify system inputs; develop list of data content

Determine controls and security necessary for each system input

Traditional approach to design inputs and outputs

DFDs, data flow definitions, structure charts

14

Systems Analysis and Design in a Changing World, 4th Edition 50

Summary (continued)

OO approach to design inputs and outputs

Sequence diagrams, class diagrams

Integrity controls and security designed into system

Ensure only appropriate and correct business transactions occur

Ensure transactions are recorded and processed correctly

Protect and safeguard assets of the organization

Control access to resources