Systems Analysis and Design in a Changing World

Systems Analysis and Design in a Changing World, Fourth Edition Systems Analysis and Design in a Changing World, 4 th Edition 14

14 Learning Objectives u Discuss examples of system interfaces found in information systems u Define system inputs and outputs based on the requirements of the application program u Design printed and on-screen reports appropriate for recipients u Explain the importance of integrity controls u Identify required integrity controls for inputs, outputs, data, and processing u Discuss issues related to security that affect the design and operation of information systems Systems Analysis and Design in a Changing World, 4 th Edition 2

14 Overview u This chapter focuses on system interfaces, system outputs, and system controls that do not require much human interaction u Many system interfaces are electronic transmissions or paper outputs to external agents u System developers need to design and implement integrity and security controls to protect system and its data u Outside threats from Internet and e-commerce are growing concern Systems Analysis and Design in a Changing World, 4 th Edition 3

14 Identifying System Interfaces u System interfaces are broadly defined as inputs or outputs with minimal or no human intervention l Inputs from other systems (messages, EDI) l Highly automated input devices such as scanners l Inputs that are from data in external databases l Outputs to external databases l Outputs with minimal HCI l Outputs to other systems l Real-time connections (both input and output) Systems Analysis and Design in a Changing World, 4 th Edition 4

Full Range of Inputs and Outputs Systems Analysis and Design in a Changing World, 4 th Edition 14 5

14 e. Xtensible Markup Language (XML) u Extension of HTML that embeds self-defined data structures in textual messages u Transaction that contains data fields can be sent with XML codes to define meaning of data fields u XML provides common system-to-system interface u XML is simple and readable by people u Web services is based on XML to send business transactions over Internet Systems Analysis and Design in a Changing World, 4 th Edition 6

System-to-System Interface Based on XML Systems Analysis and Design in a Changing World, 4 th Edition 14 7

14 Design of System Inputs u Identify input l devices and mechanisms used to enter High-level review of most up-to-date methods to enter data u Identify all system inputs and develop list of data content for each l Provide link between design of application software and design of user and system interfaces u Determine controls and security necessary for each system input Systems Analysis and Design in a Changing World, 4 th Edition 8

14 Input Devices and Mechanisms u Capture data as close to original source as possible u Use electronic devices and automatic entry whenever possible u Avoid human involvement as much as possible u Seek information in electronic form to avoid data re-entry u Validate and correct information at entry point Systems Analysis and Design in a Changing World, 4 th Edition 9

Prevalent Input Devices to Avoid Human Data Entry u Magnetic u Bar 14 card strip readers code readers u Optical character recognition readers and scanners u Radio-frequency u Touch identification tags screens and devices u Electronic pens and writing surfaces u Digitizers, such as digital cameras and digital audio devices Systems Analysis and Design in a Changing World, 4 th Edition 10

14 Defining the Details of System Inputs u Ensure all data inputs are identified and specified correctly u Can l use traditional structured models Identify automation boundary u Use DFD fragments u Segment l by program boundaries Examine structure charts u Analyze u List each module and data couple individual data fields Systems Analysis and Design in a Changing World, 4 th Edition 11

14 Using Object-Oriented Models u Identifying user and system inputs with OO approach has same tasks as traditional approach u OO diagrams are used instead of DFDs and structure charts u System sequence diagrams identify each incoming message u Design class diagrams and sequence diagrams identify and describe input parameters and verify characteristics of inputs Systems Analysis and Design in a Changing World, 4 th Edition 12

System Sequence Diagram for Create New Order Systems Analysis and Design in a Changing World, 4 th Edition 14 13

Input Messages and Data Parameters from RMO System Sequence Diagram (Figure 14 -10) Systems Analysis and Design in a Changing World, 4 th Edition 14 14

14 Designing System Outputs u Determine each type of output u Make list of specific system outputs required based on application design u Specify any necessary controls to protect information provided in output u Design u Ad and prototype output layout hoc reports – designed as needed by user Systems Analysis and Design in a Changing World, 4 th Edition 15

14 Defining the Details of System Outputs u Type of reports l Printed reports l Electronic displays l Turnaround documents u Can use traditional structured models to identify outputs l Data flows crossing automation boundary l Data couples and report data requirements on structure chart Systems Analysis and Design in a Changing World, 4 th Edition 16

Table of System Outputs Based on Traditional Structured Approach (Figure 14 -11) Systems Analysis and Design in a Changing World, 4 th Edition 14 17

14 Using Object-Oriented Models u Outputs indicated by messages in sequence diagrams l Originate from internal system objects l Sent to external actors or another external system u Output messages based on an individual object are usually part of methods of that class object u To report on all objects within a class, class-level method is used that works on entire class Systems Analysis and Design in a Changing World, 4 th Edition 18

Table of System Outputs Based on OO Messages (Figure 14 -12) Systems Analysis and Design in a Changing World, 4 th Edition 14 19

Designing Reports, Statements, and Turnaround Documents u Printed u Types 14 versus electronic of output reports l Detailed l Summary l Exception l Executive u Internal versus external u Graphical and multimedia presentation Systems Analysis and Design in a Changing World, 4 th Edition 20

RMO Summary Report with Drill Down to the Detailed Report Systems Analysis and Design in a Changing World, 4 th Edition 14 21

14 Formatting Reports u What u Who is objective of report? is the intended audience? u What is media for presentation? u Avoid information overload u Format considerations include meaningful headings, date of information, date report produced, page numbers Systems Analysis and Design in a Changing World, 4 th Edition 22

14 Designing Integrity Controls u Mechanisms and procedures built into a system to safeguard it and information contained within u Integrity l Built into application and database system to safeguard information u Security l controls Built into operating system and network Systems Analysis and Design in a Changing World, 4 th Edition 23

14 Objectives of Integrity Controls u Ensure that only appropriate and correct business transactions occur u Ensure that transactions are recorded and processed correctly u Protect and safeguard assets of the organization l Software l Hardware l Information Systems Analysis and Design in a Changing World, 4 th Edition 24

14 Points of Security and Integrity Controls Systems Analysis and Design in a Changing World, 4 th Edition 25

14 Input Integrity Controls u Used with all input mechanisms u Additional level of verification to help reduce input errors u Common control techniques l Field combination controls l Value limit controls l Completeness controls l Data validation controls Systems Analysis and Design in a Changing World, 4 th Edition 26

14 Database Integrity Controls u Access u Data controls encryption u Transaction controls u Update controls u Backup and recovery protection Systems Analysis and Design in a Changing World, 4 th Edition 27

14 Output Integrity Controls u Ensure output arrives at proper destination and is correct, accurate, complete, and current u Destination controls - output is channeled to correct people u Completeness, controls u Appropriate accuracy, and correctness information present in output Systems Analysis and Design in a Changing World, 4 th Edition 28

14 Integrity Controls to Prevent Fraud u Three conditions are present in fraud cases l Personal pressure, such as desire to maintain extravagant lifestyle l Rationalizations, including “I will repay this money” or “I have this coming” l Opportunity, such as unverified cash receipts u Control of fraud requires both manual procedures and computer integrity controls Systems Analysis and Design in a Changing World, 4 th Edition 29

14 Fraud Risks and Prevention Techniques Systems Analysis and Design in a Changing World, 4 th Edition 30

14 Designing Security Controls u Security controls protect assets of organization from all threats l External threats such as hackers, viruses, worms, and message overload attacks u Security control objectives l Maintain stable, functioning operating environment for users and application systems (24 x 7) l Protect information and transactions during transmission outside organization (public carriers) Systems Analysis and Design in a Changing World, 4 th Edition 31

14 Security for Access to Systems u Used to control access to any resource managed by operating system or network u User categories l Unauthorized user – no authorization to access l Registered user – authorized to access system l Privileged user – authorized to administrate system u Organized so that all resources can be accessed with same unique ID/password combination Systems Analysis and Design in a Changing World, 4 th Edition 32

Users and Access Roles to Computer Systems Analysis and Design in a Changing World, 4 th Edition 14 33

14 Managing User Access u Most common technique is user ID / password u Authorization u Access – Is user permitted to access? control list – users with rights to access u Authentication – Is user who they claim to be? u Smart card – computer-readable plastic card with embedded security information u Biometric devices – keystroke patterns, fingerprinting, retinal scans, voice characteristics Systems Analysis and Design in a Changing World, 4 th Edition 34

14 Data Security u Data and files themselves must be secure u Encryption l – primary security method Altering data so unauthorized users cannot view u Decryption l Altering encrypted data back to its original state u Symmetric key – same key encrypts and decrypts u Asymmetric u Public key – different key decrypts key – public encrypts; private decrypts Systems Analysis and Design in a Changing World, 4 th Edition 35

Symmetric Key Encryption Systems Analysis and Design in a Changing World, 4 th Edition 14 36

Asymmetric Key Encryption Systems Analysis and Design in a Changing World, 4 th Edition 14 37

14 Digital Signatures and Certificates u Encryption of messages enables secure exchange of information between two entities with appropriate keys u Digital signature encrypts document with private key to verify document author u Digital certificate is institution’s name and public key that is encrypted and certified by third party u Certifying l authority Veri. Sign or Equifax Systems Analysis and Design in a Changing World, 4 th Edition 38

14 Using a Digital Certificate Systems Analysis and Design in a Changing World, 4 th Edition 39

14 Secure Transactions u Standard set of methods and protocols for authentication, authorization, privacy, integrity u Secure Sockets Layer (SSL) renamed as Transport Layer Security (TLS) – protocol for secure channel to send messages over Internet u IP Security (IPSec) – newer standard for transmitting Internet messages securely u Secure Hypertext Transport Protocol (HTTPS or HTTP-S) – standard for transmitting Web pages securely (encryption, digital signing, certificates) Systems Analysis and Design in a Changing World, 4 th Edition 40