400 likes | 682 Vues
Systems Analysis and Design in a Changing World, Fourth Edition. Learning Objectives. Discuss examples of system interfaces found in information systems Define system inputs and outputs based on the requirements of the application program
E N D
Systems Analysis and Design in a Changing World, Fourth Edition
Learning Objectives • Discuss examples of system interfaces found in information systems • Define system inputs and outputs based on the requirements of the application program • Design printed and on-screen reports appropriate for recipients • Explain the importance of integrity controls • Identify required integrity controls for inputs, outputs, data, and processing • Discuss issues related to security that affect the design and operation of information systems Systems Analysis and Design in a Changing World, 4th Edition
Overview • This chapter focuses on system interfaces, system outputs, and system controls that do not require much human interaction • Many system interfaces are electronic transmissions or paper outputs to external agents • System developers need to design and implement integrity and security controls to protect system and its data • Outside threats from Internet and e-commerce are growing concern Systems Analysis and Design in a Changing World, 4th Edition
Identifying System Interfaces • System interfaces are broadly defined as inputs or outputs with minimal or no human intervention • Inputs from other systems (messages, EDI) • Highly automated input devices such as scanners • Inputs that are from data in external databases • Outputs to external databases • Outputs with minimal HCI • Outputs to other systems • Real-time connections (both input and output) Systems Analysis and Design in a Changing World, 4th Edition
Full Range of Inputs and Outputs Systems Analysis and Design in a Changing World, 4th Edition
eXtensible Markup Language (XML) • Extension of HTML that embeds self-defined data structures in textual messages • Transaction that contains data fields can be sent with XML codes to define meaning of data fields • XML provides common system-to-system interface • XML is simple and readable by people • Web services is based on XML to send business transactions over Internet Systems Analysis and Design in a Changing World, 4th Edition
System-to-System Interface Based on XML Systems Analysis and Design in a Changing World, 4th Edition
Design of System Inputs • Identify devices and mechanisms used to enter input • High-level review of most up-to-date methods to enter data • Identify all system inputs and develop list of data content for each • Provide link between design of application software and design of user and system interfaces • Determine controls and security necessary for each system input Systems Analysis and Design in a Changing World, 4th Edition
Input Devices and Mechanisms • Capture data as close to original source as possible • Use electronic devices and automatic entry whenever possible • Avoid human involvement as much as possible • Seek information in electronic form to avoid data re-entry • Validate and correct information at entry point Systems Analysis and Design in a Changing World, 4th Edition
Prevalent Input Devices to Avoid Human Data Entry • Magnetic card strip readers • Bar code readers • Optical character recognition readers and scanners • Radio-frequency identification tags • Touch screens and devices • Electronic pens and writing surfaces • Digitizers, such as digital cameras and digital audio devices Systems Analysis and Design in a Changing World, 4th Edition
Defining the Details of System Inputs • Ensure all data inputs are identified and specified correctly • Can use traditional structured models • Identify automation boundary • Use DFD fragments • Segment by program boundaries • Examine structure charts • Analyze each module and data couple • List individual data fields Systems Analysis and Design in a Changing World, 4th Edition
Using Object-Oriented Models • Identifying user and system inputs with OO approach has same tasks as traditional approach • OO diagrams are used instead of DFDs and structure charts • System sequence diagrams identify each incoming message • Design class diagrams and sequence diagrams identify and describe input parameters and verify characteristics of inputs Systems Analysis and Design in a Changing World, 4th Edition
System Sequence Diagram for Create New Order Systems Analysis and Design in a Changing World, 4th Edition
Input Messages and Data Parameters from RMO System Sequence Diagram (Figure 14-10) Systems Analysis and Design in a Changing World, 4th Edition
Designing System Outputs • Determine each type of output • Make list of specific system outputs required based on application design • Specify any necessary controls to protect information provided in output • Design and prototype output layout • Ad hoc reports – designed as needed by user Systems Analysis and Design in a Changing World, 4th Edition
Defining the Details of System Outputs • Type of reports • Printed reports • Electronic displays • Turnaround documents • Can use traditional structured models to identify outputs • Data flows crossing automation boundary • Data couples and report data requirements on structure chart Systems Analysis and Design in a Changing World, 4th Edition
Table of System Outputs Based on Traditional Structured Approach (Figure 14-11) Systems Analysis and Design in a Changing World, 4th Edition
Using Object-Oriented Models • Outputs indicated by messages in sequence diagrams • Originate from internal system objects • Sent to external actors or another external system • Output messages based on an individual object are usually part of methods of that class object • To report on all objects within a class, class-level method is used that works on entire class Systems Analysis and Design in a Changing World, 4th Edition
Table of System Outputs Based on OO Messages (Figure 14-12) Systems Analysis and Design in a Changing World, 4th Edition
Designing Reports, Statements, and Turnaround Documents • Printed versus electronic • Types of output reports • Detailed • Summary • Exception • Executive • Internal versus external • Graphical and multimedia presentation Systems Analysis and Design in a Changing World, 4th Edition
RMO Summary Report with Drill Down to the Detailed Report Systems Analysis and Design in a Changing World, 4th Edition
Formatting Reports • What is objective of report? • Who is the intended audience? • What is media for presentation? • Avoid information overload • Format considerations include meaningful headings, date of information, date report produced, page numbers Systems Analysis and Design in a Changing World, 4th Edition
Designing Integrity Controls • Mechanisms and procedures built into a system to safeguard it and information contained within • Integrity controls • Built into application and database system to safeguard information • Security controls • Built into operating system and network Systems Analysis and Design in a Changing World, 4th Edition
Objectives of Integrity Controls • Ensure that only appropriate and correct business transactions occur • Ensure that transactions are recorded and processed correctly • Protect and safeguard assets of the organization • Software • Hardware • Information Systems Analysis and Design in a Changing World, 4th Edition
Points of Security and Integrity Controls Systems Analysis and Design in a Changing World, 4th Edition
Input Integrity Controls • Used with all input mechanisms • Additional level of verification to help reduce input errors • Common control techniques • Field combination controls • Value limit controls • Completeness controls • Data validation controls Systems Analysis and Design in a Changing World, 4th Edition
Database Integrity Controls • Access controls • Data encryption • Transaction controls • Update controls • Backup and recovery protection Systems Analysis and Design in a Changing World, 4th Edition
Output Integrity Controls • Ensure output arrives at proper destination and is correct, accurate, complete, and current • Destination controls - output is channeled to correct people • Completeness, accuracy, and correctness controls • Appropriate information present in output Systems Analysis and Design in a Changing World, 4th Edition
Integrity Controls to Prevent Fraud • Three conditions are present in fraud cases • Personal pressure, such as desire to maintain extravagant lifestyle • Rationalizations, including “I will repay this money” or “I have this coming” • Opportunity, such as unverified cash receipts • Control of fraud requires both manual procedures and computer integrity controls Systems Analysis and Design in a Changing World, 4th Edition
Fraud Risks and Prevention Techniques Systems Analysis and Design in a Changing World, 4th Edition
Designing Security Controls • Security controls protect assets of organization from all threats • External threats such as hackers, viruses, worms, and message overload attacks • Security control objectives • Maintain stable, functioning operating environment for users and application systems (24 x 7) • Protect information and transactions during transmission outside organization (public carriers) Systems Analysis and Design in a Changing World, 4th Edition
Security for Access to Systems • Used to control access to any resource managed by operating system or network • User categories • Unauthorized user – no authorization to access • Registered user – authorized to access system • Privileged user – authorized to administrate system • Organized so that all resources can be accessed with same unique ID/password combination Systems Analysis and Design in a Changing World, 4th Edition
Users and Access Roles to Computer Systems Systems Analysis and Design in a Changing World, 4th Edition
Managing User Access • Most common technique is user ID / password • Authorization – Is user permitted to access? • Access control list – users with rights to access • Authentication – Is user who they claim to be? • Smart card – computer-readable plastic card with embedded security information • Biometric devices – keystroke patterns, fingerprinting, retinal scans, voice characteristics Systems Analysis and Design in a Changing World, 4th Edition
Data Security • Data and files themselves must be secure • Encryption – primary security method • Altering data so unauthorized users cannot view • Decryption • Altering encrypted data back to its original state • Symmetric key – same key encrypts and decrypts • Asymmetric key – different key decrypts • Public key – public encrypts; private decrypts Systems Analysis and Design in a Changing World, 4th Edition
Symmetric Key Encryption Systems Analysis and Design in a Changing World, 4th Edition
Asymmetric Key Encryption Systems Analysis and Design in a Changing World, 4th Edition
Digital Signatures and Certificates • Encryption of messages enables secure exchange of information between two entities with appropriate keys • Digital signature encrypts document with private key to verify document author • Digital certificate is institution’s name and public key that is encrypted and certified by third party • Certifying authority • VeriSign or Equifax Systems Analysis and Design in a Changing World, 4th Edition
Using a Digital Certificate Systems Analysis and Design in a Changing World, 4th Edition
Secure Transactions • Standard set of methods and protocols for authentication, authorization, privacy, integrity • Secure Sockets Layer (SSL) renamed as Transport Layer Security (TLS) – protocol for secure channel to send messages over Internet • IP Security (IPSec) – newer standard for transmitting Internet messages securely • Secure Hypertext Transport Protocol (HTTPS or HTTP-S) – standard for transmitting Web pages securely (encryption, digital signing, certificates) Systems Analysis and Design in a Changing World, 4th Edition