imat1906 systems development lecture week 17: system concepts (3) user perspectives
TRANSCRIPT
IMAT1906 Systems Development
Lecture week 17: system concepts (3) user perspectives
Today’s Agenda
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-112
User perspectives and system requirements User guide contents Ethical issues
Data protection act Computer misuse act
Summary
Purpose
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-113
There are many ways to understand and help users
Some ethical issues are important to understand
User perspectives
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-114
There are several kinds of user for most computer systems Clerical users from business area Managers from business area Developers Technical support team
Each type has a different perspective on the system Clerical: tool to do the day-to-day job Manager: tool to see trends and manage the business area Developer: system to be developed and implemented Technical support: system and users to be supported
User perspectives - business users
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-115
Thinking first about the different kinds of business users…
Typical company or business area split into levels dealing with different kinds of decisions in different timescales Senior management Middle management Supervisors, team leaders Operational staff
Look briefly at each in turn….
User perspectives - senior management
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-116
Senior managers Make strategic decisions Set company or department policy Operate in medium to long term ie months or
years Need system to provide trends and summaries
that cover months, quarters, years Need to compare summary results and trends
over months, years, products, regions
User perspectives - middle management
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-117
Middle managers Make decisions and set directions to carry out
company strategy Report progress against company goals Operate in medium term ie weeks or months Need system to provide trends and summaries that
cover weeks, months as well as exceptions or problem areas
Also includes professionals with specific expertise Human resource management - recruitment, employment Accountants - financial performance Trainers - company-specific, job-specific, health and
safety Sometimes need systems to support specialisms
User perspectives - supervisors
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-118
Supervisors and team leaders Tactical planning of tasks and activities Report progress against plans and schedules Operate in short term ie days or weeks Need system to provide summaries that cover
weeks as well as details of exceptions or problem areas
Ensure their staff have the resources and skills they need to carry out their tasks
Need systems to track plans and progress
User perspectives - operators
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-119
Operational staff Carry out tasks and activities to get the job done Report own progress against plans and schedules Operate in short term ie days or sometimes weeks Need system to provide data and other
information to carry out tasks including dealing with exceptions or problem areas
May deal with company’s customers or general public
Business users - levels diagram
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1110
Senior management Strategy - medium to long term
Middle management Direction, progress - medium term
Supervisors, team leaders Tactical plans - short term
Operational staff Tasks - short term
User perspectives - clerical users
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1111
What does the clerical user do in a system? Some examples:
Cashier in bookshop system Recruitment analyst processing job applications Ticket office agent at railway station
Choose one of these clerical users Think about what they need from the system Share your thoughts with person next to
you
User perspectives - management users
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1112
What does the managerial user do in a system? Some examples:
Fleet manager in Eden Bay vehicle department Recruitment manager looking at success of
recruitment Station manager at railway station
Choose one of these managerial users Think about what they need from the system Share your thoughts with person next to
you
User needs and system requirements
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1113
User needs influence the system requirements Functional requirements - functions available
Clerical tasks eg maintaining records, processing transactions or applications
Managerial tasks eg viewing summary reports, exception reports, trends
Non-functional requirements - how functions work Clerical functions: speed of response, accuracy of
data Managerial functions: completeness of reports,
consistency of data presentation
Developer perspective
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1114
Developers create the system What do they do?
Build screens, specify reports, build database, write code, test programs, input test data, sometimes maintain system
What do they need? Ways to add system components like screens,
reports, code Ways to add database components like tables, data Ways to test user functions and find errors when
tests fail Ways to add new functions in the future
Impact on requirements
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1115
To allow testing Self-documented code ie comments for chunks of code Set of test data or separate test database
To help find errors in code (debug the code) Progress display messages
At key points in a routine or chunk of code, display a short message with a reference eg a program line number
Commented out for normal running Give each screen, report, routine a reference number
and display in user error messages Note these things are not usually included in
requirements specification
Technical support perspective
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1116
Technical support team supports operational system
What do they do? Answer user queries, administer user access, solve
problems, install equipment, sometimes maintain and enhance system
What do they need? Ways to identify and replicate problems with
components like screens, reports, code Ways to set up new users and manage access Ways to check on database components like tables, data Ways to test user functions and find errors when tests
fail
Impact on requirements
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1117
To support users Report of users and user details Access to user database
To support system Database query scripts to report on database statistics Reference numbers on all screens and reports Reference numbers quoted on all user error messages Same version of system and database that users have Test version of database
Note these things are not usually included in requirements specification
Enabling system enhancements
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1118
Some functions may not be ready in time for implementation date Would be added short time later as enhancements Outline of database and/or process logic may be
available System can include things to enable
enhancements Database tables or skeleton tables that aren’t yet used Commented-out program code or process logic Commented-out section describing logic and database
extensions Note these things are not usually included in
requirements specification
Where are we on agenda
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1119
User perspectives and system requirements User guide contents Ethical issues
Data protection act Computer misuse act
Summary
User guide
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1120
Operational staff will need user guide or manual Training support material Reminder of how to use system for day-to-day job
tasks Reminder of how to use system for seldom-used
functions Typically a booklet or manual
Step-by-step guide to each system function Can include frequently asked questions Pages might also be available on department
intranet site
User guide contents
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1121
Divided into sections Table of contents Frequently asked questions eg How do I… Common day-to-day functions Infrequent functions Index if large manual
Sometimes different orderings Section of tasks in alphabetic order Section of system functions in alphabetic order Section of tasks in chronological order Section of system functions in some data-related
order
Function description
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1122
Screenshot or series of screenshots Showing typical data Sometimes annotated with text or arrows Sometimes before-and-after some user action
Step-by-step explanation of function Data fields to be filled in and what with
Format for text input How to select from drop-down lists How to generate system-generated fields
Required fields and optional fields Command buttons to press Menu options to navigate
User guide for online users
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1123
Online users might need user guide To help novice users of website Particularly if website or screen is not very intuitive To remind users who have forgotten how to use site
Can be provided in help pages Step-by-step guide to each system function Can include frequently asked questions Example: MS Office help pages
Where are we on agenda
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1124
User perspectives and system requirements User guide contents Ethical issues
Data protection act Computer misuse act
Summary
Ethical issues
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1125
Some computer databases hold a lot of personal details Personal data needs to be protected Unethical to misuse personal data
Some computer systems hold sensitive information Security arrangements allow authorised access only Unethical to misuse or break into secure systems
Legislation in place to make unethical use of computers also unlawful
Data Protection Act
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1126
Legal protection for personal data
How many organisations hold information about you? Think about a few Share some examples
Data held about us
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1127
These organisations hold information about us: University Loan company Bank Mobile phone provider Library Local council
Typical adult may be listed in 200 computer systems
Holding inaccurate data may result in problems
Data Protection - key definitions (1)
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1128
Personal data: Any data or information about an individual stored in
computers by companies or organisations Living individuals Includes expressions of opinion about the individual
Data subject: Legal term referring to the individual whose data is
held
Data Protection - key definitions (2)
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1129
Data controller: Person with defined responsibility for data protection
within a company Could be a single person or a group of people Ensures that recorded data complies with the Act Holds detailed register of data to be held in the company
Information Commissioner: Official who supervises enforcement of Data Protection
Act Issues guidance Publishes views for example on retention of DNA profiles Takes action in breaches of Data Protection Act
Data Protection - eight principles
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1130
Data protection framed within 8 principles1. Obtained and processed fairly and lawfully2. Processed for specific purposes3. Adequate, relevant and not excessive to processing
purpose4. Accurate and up to date5. Not kept for longer than necessary6. Processed in accordance with data subject rights7. Secure8. Not transferred outside EEA without assurance of
protection Look at each in turn…
Principle 1
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1131
Data must be obtained and processed fairly and lawfully Obtained fairly from data subject Subject must be aware of what data is being
collected and how it will be used Example of breach:
Company employs a private detective to find out about a prospective senior employee and puts the information on the recruitment system
Principle 2
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1132
Data must be processed for specific purposes Cannot be used for another purpose unknown to
subject Cannot be collected for provision of a service and
then also used for another purpose without subject’s consent
Example of breach: Someone wishing to start a new club borrows a list of
his company’s customers as prospective members and also looks at other personal details to decide if they would be suitable club members
Principle 3
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1133
Data must be adequate, relevant and not excessive to processing purpose Cannot request more data than is needed for the
task at hand Very tempting to collect data for a future purpose -
but not legal Example of breach:
Marketing department sends questionnaires to customers, asking for age, gender, ethnic background, quantity and brands of foods they buy, hobbies, date and place of birth
Demographics and shopping habits fine for the purpose but hobbies and birth details are excessive
Principle 4
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1134
Data must be accurate and up to date Data controller under obligation to ensure accuracy If subject provides inaccurate data despite controller’s
attempts at accuracy then principle not breached Data controller responsible for verifying accuracy Good way is to periodically request confirmation or update
Example of breach: Customer unemployed when first taking out life insurance Subsequently found job and told the insurance company Insurance company failed to update records Customer later denied mortgage when insurance company
told credit reference agency customer unemployed
Principle 5
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1135
Data must not be kept for longer than necessary Destroy data when it is finished with Can be done automatically by software Can be prompted by computer system
Example of breach: Magazine publisher sends magazines to subscribers When subscription cancelled or not renewed,
company keeps data about previous subscriber and keeps sending magazines
Principle 6
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1136
Data must be processed in accordance with data subject rights Data subjects have access rights that must be
upheld Failure to comply with requests from Information
Commissioner also breach this principle Example of breach:
An employee asks to see the data held on her by the company but she is told that it is confidential and she is not allowed to see it
Principle 7
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1137
Data must be kept secure at all times Data controllers must apply appropriate security
measures Prevent internal and external access by unauthorised
users Hardware: card access to rooms, firewalls, CCTV etc Software: passwords, virus scanners, etc Organisational: internal audit, division of duties, dual
control of cash Example of breach:
When travelling to a meeting in another town, an employee accidentally leaves a file of insurance claims on the train
Principle 8
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1138
Data must not be transferred outside EEA without assurance of adequate protection No restriction of movement within European
Economic Area Restricted data movement to countries without
equivalent data protection Agreed on a country-by-country basis Within UK, European Commission decides what data
can be transferred where Example of breach:
A company sets up a new customer contact centre in a country that has no data protection legislation and sends all its customer files to that country
Applying data protection
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1139
There are steps to take to ensure compliance: Audit the information held in the organisation Apply each of the 8 principles to all collection,
storage and use of personal data Collect, record, store and process current and future
data in accordance with the rights of data subjects
Computer Misuse Act
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1140
Legal protection for secure computer systems Intended to reduce online criminal activity
Hacking into systems Changing information in computer files or databases Trying to access or change material
Three types of offence Unauthorised access Unauthorised access with intent to continue Unauthorised modification
Look at each in turn….
Unauthorised access
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1141
Unauthorised access to computer material Files Webpages Program code Operational schedules Email accounts Databases Financial accounts Personal details Company-confidential material
Unauthorised access with intent
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1142
Unauthorised access to computer material with intent to commit or facilitate further offences Covers intention to make changes to computer
material Covers intention to make changes to settings
To gain easier access next time To enable edits next time
Unauthorised modification
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1143
Unauthorised modification of computer material Files Operational schedules Planning schedules Database entries Passwords Program code And so on
Example prosecutions (Skidmore p 255)
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1144
Person used former employer’s account to defraud a computer-administered telephone system Pleaded guilty when found out R v Pearlstone
Program in system to encrypt and decrypt data, set to turn off after employee left, data then readable Pleaded guilty when found out R v Hardy
European Commission system broken into, expense accounts browsed, files in other systems damaged Found guilty R v Strickland and Woods
Where are we on agenda
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1145
User perspectives and system requirements User guide contents Ethical issues
Data protection act Computer misuse act
Summary
Summary
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1146
There are several different perspectives of systems Business users Business managers Developers Technical support team
Different perspectives drive some requirements User guide is important support document Ethical issues need to be taken into account
Data Protection Act Computer Misuse Act
Further information
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1147
Further information can be found in many textbooks on systems development or systems analysis, for example:
Skidmore & Eva (2004) Chapter 12 Data Protection and Computer Misuse
Acts Shelly & Rosenblatt (2010) pp 15-16, 27, 523 Bocji P, A Greasley and S Hickie (2008) chapter ?
Next week’s lecture
IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-1148
There will be no lecture in week 18 Lecture 18 material (system implementation)
will be given in week 19 lecture session
Use the lecture 18 time to work on assignment 3 – it will be an opportunity to meet up in your groups