Скачать презентацию Chapter 12 Designing System Interfaces Controls and Security Скачать презентацию Chapter 12 Designing System Interfaces Controls and Security

2187f62e9011d724ac47e5809612587e.ppt

  • Количество слайдов: 47

Chapter 12 Designing System Interfaces, Controls, and Security Chapter 15 Systems Analysis and Design Chapter 12 Designing System Interfaces, Controls, and Security Chapter 15 Systems Analysis and Design in a Changing World, 3 rd Edition

Identifying System Interfaces § Systems interfaces are broadly defined as inputs or outputs with Identifying System Interfaces § Systems interfaces are broadly defined as inputs or outputs with minimal or no human intervention § Inputs from other systems (messages, EDI) § Highly automated input devices such as scanners § Inputs that are from data in external databases § Outputs that are to external databases § Outputs with minimal HCI § Outputs to other systems § Real-time connections (both input and output) 2

Full Range of Inputs and Outputs 3 Full Range of Inputs and Outputs 3

e. Xtensible Markup Language (XML) § Extension of HTML that embeds selfdefined data structures e. Xtensible Markup Language (XML) § Extension of HTML that embeds selfdefined data structures within textual messages § Transaction that contains data fields can be sent with XML codes to define meaning of data fields § XML provides common system-to-system interface § XML is simple and readable by people § Web services is based on XML to send business transactions over Internet 4

System-to-System Interface Based on XML 5 System-to-System Interface Based on XML 5

Design of System Inputs § Identify devices and mechanisms used to enter input § Design of System Inputs § Identify devices and mechanisms used to enter input § High-level review of most up-to-date methods to enter data § Identify all system inputs and develop list of data content with each § Provides link between design of application software and design of user and system interfaces § Determine controls and security necessary for each system input 6

Input Devices and Mechanisms § Capture data as close to origination source as possible Input Devices and Mechanisms § Capture data as close to origination source as possible § Use electronic devices and automatic entry whenever possible § Avoid human involvement as much as possible § Seek information in electronic form to avoid data reentry § Validate and correct information at entry point 7

Prevalent Input Devices to Avoid Human Data Entry § § § Magnetic card strip Prevalent Input Devices to Avoid Human Data Entry § § § Magnetic card strip readers Bar-code readers Optical character recognition readers and scanners Touch screens and devices Electronic pens and writing surfaces Digitizers, such as digital cameras and digital audio devices 8

Defining the Details of System Inputs § Ensure all data inputs are identified and Defining the Details of System Inputs § Ensure all data inputs are identified and specified correctly § Can use traditional structured models § Identify automation boundary § Use DFD fragments § Segment by program boundaries § Examine Structure Charts § Analyze each module and data couple § List individual data fields 9

Automation Boundary on a System-level DFD 10 Automation Boundary on a System-level DFD 10

Create New Order DFD with an Automation Boundary 11 Create New Order DFD with an Automation Boundary 11

List of Inputs for Customer Support System 12 List of Inputs for Customer Support System 12

Structure Chart for Create New Order 13 Structure Chart for Create New Order 13

Data Flows, Data Couples, and Data Elements Making up Inputs 14 Data Flows, Data Couples, and Data Elements Making up Inputs 14

Using Object-Oriented Models § Identifying user and system inputs with OO approach has same Using Object-Oriented Models § Identifying user and system inputs with OO approach has same tasks as traditional approach § OO diagrams are used instead of DFDs and structure charts § System sequence diagrams identify each incoming message § Design class diagrams identify and describe input parameters and contain pseudocode to verify characteristics of inputs 15

Partial System Sequence Diagram for Payroll System Use Cases 16 Partial System Sequence Diagram for Payroll System Use Cases 16

System Sequence Diagram for Create New Order 17 System Sequence Diagram for Create New Order 17

Input Messages and Data Parameters from RMO System Sequence Diagram 18 Input Messages and Data Parameters from RMO System Sequence Diagram 18

Designing System Outputs § Determine each type of output § Make list of specific Designing System Outputs § Determine each type of output § Make list of specific system outputs required based on application design § Specify any necessary controls to protect information provided in output § Design and prototype output layout § Ad hoc reports – designed as needed by user 19 19

Defining the Details of System Outputs § Type of reports § Printed reports § Defining the Details of System Outputs § Type of reports § Printed reports § Electronic displays § Turnaround documents § May use traditional structured models to identify outputs § Data flows crossing automation boundary § Data couples and report data requirements on structure chart 20

Table of System Outputs Based on Traditional Structured Approach 21 Table of System Outputs Based on Traditional Structured Approach 21

Using Object-Oriented Models § Outputs indicated by messages in sequence diagrams § Originate from Using Object-Oriented Models § Outputs indicated by messages in sequence diagrams § Originate from internal system objects § Sent to external actors or another external system § Output messages based on an individual object are usually part of methods of that class object § To report on all objects within a class, class-level method is used that works on entire class 22

Table of System Outputs Based on OO Messages 23 Table of System Outputs Based on OO Messages 23

Designing Reports, Statements, and Turnaround Documents § Printed versus electronic § Type of output Designing Reports, Statements, and Turnaround Documents § Printed versus electronic § Type of output reports § Detailed § Summary § Exception § Executive § Internal versus external § Graphical and multimedia presentation 24

RMO Summary Report with Drill Down to the Detailed Report 25 RMO Summary Report with Drill Down to the Detailed Report 25

Sample Bar Chart and Pie Chart Reports 26 Sample Bar Chart and Pie Chart Reports 26

Formatting Reports § What is objective of report? § Who is the intended audience? Formatting Reports § What is objective of report? § Who is the intended audience? § What is media for presentation? § Avoid information overload § Format considerations such as meaningful headings, date of information, date report produced, page numbers 27

Designing Integrity Controls § Mechanisms and procedures built into a system to safeguard it Designing Integrity Controls § Mechanisms and procedures built into a system to safeguard it and information contained within § Integrity controls § Built into application and database system to safeguard information § Security controls § Built into operating system and network 28

Objectives of Integrity Controls § Ensure that only appropriate and correct business transactions occur Objectives of Integrity Controls § Ensure that only appropriate and correct business transactions occur § Ensure that transactions are recorded and processed correctly § Protect and safeguard assets of the organization § Software § Hardware § Information 29

Points of Security and Integrity Controls 30 Points of Security and Integrity Controls 30

Input Integrity Controls § Used with all input mechanisms § Additional level of verification Input Integrity Controls § Used with all input mechanisms § Additional level of verification to help reduce input errors § Common control techniques § Field combination controls § Value limit controls § Completeness controls § Data validation controls 31

Database Integrity Controls § Access control § Data encryption § Transaction control § Update Database Integrity Controls § Access control § Data encryption § Transaction control § Update control § Backup and recovery protection 32

Output Integrity Controls § Ensures output arrives at proper destination and is correct, accurate, Output Integrity Controls § Ensures output arrives at proper destination and is correct, accurate, complete, and current § Destination controls - output is channeled to correct people § Completeness, accuracy, and correctness controls § Appropriate information present on output 33

Integrity Controls to Prevent Fraud § Three conditions are present in fraud cases § Integrity Controls to Prevent Fraud § Three conditions are present in fraud cases § Personal pressure, such as desire to maintain extravagant lifestyle § Rationalization, such as person’s thoughts that “I will repay this money” § Opportunity, such as unverified cash receipts § Control of fraud requires both manual procedures and computer integrity controls 34

Fraud Risks and Prevention Techniques 35 Fraud Risks and Prevention Techniques 35

Designing Security Controls § Security controls protect assets of organization from all threats § Designing Security Controls § Security controls protect assets of organization from all threats § External threats such as hackers, viruses, worms, and message overload attacks § Security control objectives § Maintain stable, functioning operating environment for users and application systems (24 x 7) § Protect information and transactions during transmission outside organization (public 36 carriers)

Security for Access to Systems § Used to control access to any resource managed Security for Access to Systems § Used to control access to any resource managed by operating system or network § User categories § Unauthorized user – no authorization to access § Registered user – authorized to access system § Privileged user – authorized to administrate system § Organized so that all resources can be accessed with same unique ID/password 37 combination

Users and Access Roles to Computer Systems 38 Users and Access Roles to Computer Systems 38

Managing User Access § Most common technique is user ID / password § Authorization Managing User Access § Most common technique is user ID / password § Authorization – Is user permitted to access? § Access control list – users with rights to access § Authentication – Is user who they claim to be? § Smart card – computer readable plastic card with embedded security information § Biometric devices – keystroke patterns, fingerprint, retinal scans, voice characteristics 39

Data Security § Data and files themselves must be secure § Encryption – primary Data Security § Data and files themselves must be secure § Encryption – primary security method § Altering data so unauthorized users cannot view § Decryption § Altering encrypted data back to original state § Symmetric key – same key encrypts and decrypts § Asymmetric key – different key decrypts § Public key – public encrypts, private 40 decrypts

Symmetric Key Encryption 41 Symmetric Key Encryption 41

Asymmetric Key Encryption 42 Asymmetric Key Encryption 42

Digital signatures and certificates § Encryption of messages enables secure exchange of information between Digital signatures and certificates § Encryption of messages enables secure exchange of information between two entities with appropriate keys § Digital signature encrypts document with private key to verify document author § Digital certificate is institution’s name and public key that is encrypted and certified by third party § Certifying authority § Verisign or Equifax 43

Using a Digital Certificate 44 Using a Digital Certificate 44

Secure Transactions § Standard set of methods and protocols for authentication, authorization, privacy, integrity Secure Transactions § Standard set of methods and protocols for authentication, authorization, privacy, integrity § Secure Sockets Layer (SSL) renamed as Transport Layer Security (TLS) – protocol for secure channel to send messages over Internet § IP Security (IPSec) – newer standard for secure Internet message transmission § Secure Hypertext Transport Protocol (HTTPS or HTTP-S) – standard for transmitting Web pages securely (encryption, digital signing, 45 certificates)

Summary § System interfaces all inputs/outputs except (GUI) § Designing inputs to system is Summary § System interfaces all inputs/outputs except (GUI) § Designing inputs to system is three-step process § Identify devices/mechanisms used to enter input § Identify system inputs, develop list of data content § Determine controls and security necessary for each system input § Traditional approach to design inputs and outputs § DFDs, data flow definitions, structure charts 46

Summary (continued) § OO approach to design inputs and outputs § Sequence diagrams, class Summary (continued) § OO approach to design inputs and outputs § Sequence diagrams, class diagrams, DFDs § Integrity controls and security designed into system § Only appropriate and correct business transactions occur § Transactions are recorded and processed correctly § Protect and safeguard assets of the organization § Control access to resources 47