480 likes | 560 Vues
IMAT1906 Systems Development. Lecture week 17: system concepts (3) user perspectives. Today’s Agenda. User perspectives and system requirements User guide contents Ethical issues Data protection act Computer misuse act Summary. Purpose. There are many ways to understand and help users
E N D
IMAT1906 Systems Development Lecture week 17: system concepts (3) user perspectives
Today’s Agenda • User perspectives and system requirements • User guide contents • Ethical issues • Data protection act • Computer misuse act • Summary IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11
Purpose • There are many ways to understand and help users • Some ethical issues are important to understand IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11
User perspectives • There are several kinds of user for most computer systems • Clerical users from business area • Managers from business area • Developers • Technical support team • Each type has a different perspective on the system • Clerical: tool to do the day-to-day job • Manager: tool to see trends and manage the business area • Developer: system to be developed and implemented • Technical support: system and users to be supported IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11
User perspectives - business users 5 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Thinking first about the different kinds of business users… • Typical company or business area split into levels dealing with different kinds of decisions in different timescales • Senior management • Middle management • Supervisors, team leaders • Operational staff • Look briefly at each in turn….
User perspectives - senior management 6 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Senior managers • Make strategic decisions • Set company or department policy • Operate in medium to long term ie months or years • Need system to provide trends and summaries that cover months, quarters, years • Need to compare summary results and trends over months, years, products, regions
User perspectives - middle management 7 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Middle managers • Make decisions and set directions to carry out company strategy • Report progress against company goals • Operate in medium term ie weeks or months • Need system to provide trends and summaries that cover weeks, months as well as exceptions or problem areas • Also includes professionals with specific expertise • Human resource management - recruitment, employment • Accountants - financial performance • Trainers - company-specific, job-specific, health and safety • Sometimes need systems to support specialisms
User perspectives - supervisors 8 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Supervisors and team leaders • Tactical planning of tasks and activities • Report progress against plans and schedules • Operate in short term ie days or weeks • Need system to provide summaries that cover weeks as well as details of exceptions or problem areas • Ensure their staff have the resources and skills they need to carry out their tasks • Need systems to track plans and progress
User perspectives - operators 9 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Operational staff • Carry out tasks and activities to get the job done • Report own progress against plans and schedules • Operate in short term ie days or sometimes weeks • Need system to provide data and other information to carry out tasks including dealing with exceptions or problem areas • May deal with company’s customers or general public
Business users - levels diagram Strategy - medium to long term Senior management Middle management Direction, progress - medium term Tactical plans - short term Supervisors, team leaders Tasks - short term Operational staff 10 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11
User perspectives - clerical users 11 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • What does the clerical user do in a system? • Some examples: • Cashier in bookshop system • Recruitment analyst processing job applications • Ticket office agent at railway station • Choose one of these clerical users • Think about what they need from the system • Share your thoughts with person next to you
User perspectives - management users 12 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • What does the managerial user do in a system? • Some examples: • Fleet manager in Eden Bay vehicle department • Recruitment manager looking at success of recruitment • Station manager at railway station • Choose one of these managerial users • Think about what they need from the system • Share your thoughts with person next to you
User needs and system requirements 13 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • User needs influence the system requirements • Functional requirements - functions available • Clerical tasks eg maintaining records, processing transactions or applications • Managerial tasks eg viewing summary reports, exception reports, trends • Non-functional requirements - how functions work • Clerical functions: speed of response, accuracy of data • Managerial functions: completeness of reports, consistency of data presentation
Developer perspective 14 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Developers create the system • What do they do? • Build screens, specify reports, build database, write code, test programs, input test data, sometimes maintain system • What do they need? • Ways to add system components like screens, reports, code • Ways to add database components like tables, data • Ways to test user functions and find errors when tests fail • Ways to add new functions in the future
Impact on requirements 15 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • To allow testing • Self-documented code ie comments for chunks of code • Set of test data or separate test database • To help find errors in code (debug the code) • Progress display messages • At key points in a routine or chunk of code, display a short message with a reference eg a program line number • Commented out for normal running • Give each screen, report, routine a reference number and display in user error messages • Note these things are not usually included in requirements specification
Technical support perspective 16 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Technical support team supports operational system • What do they do? • Answer user queries, administer user access, solve problems, install equipment, sometimes maintain and enhance system • What do they need? • Ways to identify and replicate problems with components like screens, reports, code • Ways to set up new users and manage access • Ways to check on database components like tables, data • Ways to test user functions and find errors when tests fail
Impact on requirements 17 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • To support users • Report of users and user details • Access to user database • To support system • Database query scripts to report on database statistics • Reference numbers on all screens and reports • Reference numbers quoted on all user error messages • Same version of system and database that users have • Test version of database • Note these things are not usually included in requirements specification
Enabling system enhancements 18 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Some functions may not be ready in time for implementation date • Would be added short time later as enhancements • Outline of database and/or process logic may be available • System can include things to enable enhancements • Database tables or skeleton tables that aren’t yet used • Commented-out program code or process logic • Commented-out section describing logic and database extensions • Note these things are not usually included in requirements specification
Where are we on agenda • User perspectives and system requirements • User guide contents • Ethical issues • Data protection act • Computer misuse act • Summary IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11
User guide 20 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Operational staff will need user guide or manual • Training support material • Reminder of how to use system for day-to-day job tasks • Reminder of how to use system for seldom-used functions • Typically a booklet or manual • Step-by-step guide to each system function • Can include frequently asked questions • Pages might also be available on department intranet site
User guide contents 21 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Divided into sections • Table of contents • Frequently asked questions eg How do I… • Common day-to-day functions • Infrequent functions • Index if large manual • Sometimes different orderings • Section of tasks in alphabetic order • Section of system functions in alphabetic order • Section of tasks in chronological order • Section of system functions in some data-related order
Function description 22 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Screenshot or series of screenshots • Showing typical data • Sometimes annotated with text or arrows • Sometimes before-and-after some user action • Step-by-step explanation of function • Data fields to be filled in and what with • Format for text input • How to select from drop-down lists • How to generate system-generated fields • Required fields and optional fields • Command buttons to press • Menu options to navigate
User guide for online users 23 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Online users might need user guide • To help novice users of website • Particularly if website or screen is not very intuitive • To remind users who have forgotten how to use site • Can be provided in help pages • Step-by-step guide to each system function • Can include frequently asked questions • Example: MS Office help pages
Where are we on agenda • User perspectives and system requirements • User guide contents • Ethical issues • Data protection act • Computer misuse act • Summary IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11
Ethical issues 25 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Some computer databases hold a lot of personal details • Personal data needs to be protected • Unethical to misuse personal data • Some computer systems hold sensitive information • Security arrangements allow authorised access only • Unethical to misuse or break into secure systems • Legislation in place to make unethical use of computers also unlawful
Data Protection Act 26 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Legal protection for personal data • How many organisations hold information about you? • Think about a few • Share some examples
Data held about us 27 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • These organisations hold information about us: • University • Loan company • Bank • Mobile phone provider • Library • Local council • Typical adult may be listed in 200 computer systems • Holding inaccurate data may result in problems
Data Protection - key definitions (1) 28 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Personal data: • Any data or information about an individual stored in computers by companies or organisations • Living individuals • Includes expressions of opinion about the individual • Data subject: • Legal term referring to the individual whose data is held
Data Protection - key definitions (2) 29 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Data controller: • Person with defined responsibility for data protection within a company • Could be a single person or a group of people • Ensures that recorded data complies with the Act • Holds detailed register of data to be held in the company • Information Commissioner: • Official who supervises enforcement of Data Protection Act • Issues guidance • Publishes views for example on retention of DNA profiles • Takes action in breaches of Data Protection Act
Data Protection - eight principles 30 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Data protection framed within 8 principles • Obtained and processed fairly and lawfully • Processed for specific purposes • Adequate, relevant and not excessive to processing purpose • Accurate and up to date • Not kept for longer than necessary • Processed in accordance with data subject rights • Secure • Not transferred outside EEA without assurance of protection • Look at each in turn…
Principle 1 31 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Data must be obtained and processed fairly and lawfully • Obtained fairly from data subject • Subject must be aware of what data is being collected and how it will be used • Example of breach: • Company employs a private detective to find out about a prospective senior employee and puts the information on the recruitment system
Principle 2 32 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Data must be processed for specific purposes • Cannot be used for another purpose unknown to subject • Cannot be collected for provision of a service and then also used for another purpose without subject’s consent • Example of breach: • Someone wishing to start a new club borrows a list of his company’s customers as prospective members and also looks at other personal details to decide if they would be suitable club members
Principle 3 33 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Data must be adequate, relevant and not excessive to processing purpose • Cannot request more data than is needed for the task at hand • Very tempting to collect data for a future purpose - but not legal • Example of breach: • Marketing department sends questionnaires to customers, asking for age, gender, ethnic background, quantity and brands of foods they buy, hobbies, date and place of birth • Demographics and shopping habits fine for the purpose but hobbies and birth details are excessive
Principle 4 34 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Data must be accurate and up to date • Data controller under obligation to ensure accuracy • If subject provides inaccurate data despite controller’s attempts at accuracy then principle not breached • Data controller responsible for verifying accuracy • Good way is to periodically request confirmation or update • Example of breach: • Customer unemployed when first taking out life insurance • Subsequently found job and told the insurance company • Insurance company failed to update records • Customer later denied mortgage when insurance company told credit reference agency customer unemployed
Principle 5 35 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Data must not be kept for longer than necessary • Destroy data when it is finished with • Can be done automatically by software • Can be prompted by computer system • Example of breach: • Magazine publisher sends magazines to subscribers • When subscription cancelled or not renewed, company keeps data about previous subscriber and keeps sending magazines
Principle 6 36 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Data must be processed in accordance with data subject rights • Data subjects have access rights that must be upheld • Failure to comply with requests from Information Commissioner also breach this principle • Example of breach: • An employee asks to see the data held on her by the company but she is told that it is confidential and she is not allowed to see it
Principle 7 37 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Data must be kept secure at all times • Data controllers must apply appropriate security measures • Prevent internal and external access by unauthorised users • Hardware: card access to rooms, firewalls, CCTV etc • Software: passwords, virus scanners, etc • Organisational: internal audit, division of duties, dual control of cash • Example of breach: • When travelling to a meeting in another town, an employee accidentally leaves a file of insurance claims on the train
Principle 8 38 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Data must not be transferred outside EEA without assurance of adequate protection • No restriction of movement within European Economic Area • Restricted data movement to countries without equivalent data protection • Agreed on a country-by-country basis • Within UK, European Commission decides what data can be transferred where • Example of breach: • A company sets up a new customer contact centre in a country that has no data protection legislation and sends all its customer files to that country
Applying data protection 39 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • There are steps to take to ensure compliance: • Audit the information held in the organisation • Apply each of the 8 principles to all collection, storage and use of personal data • Collect, record, store and process current and future data in accordance with the rights of data subjects
Computer Misuse Act 40 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Legal protection for secure computer systems • Intended to reduce online criminal activity • Hacking into systems • Changing information in computer files or databases • Trying to access or change material • Three types of offence • Unauthorised access • Unauthorised access with intent to continue • Unauthorised modification • Look at each in turn….
Unauthorised access 41 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Unauthorised access to computer material • Files • Webpages • Program code • Operational schedules • Email accounts • Databases • Financial accounts • Personal details • Company-confidential material
Unauthorised access with intent 42 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Unauthorised access to computer material with intent to commit or facilitate further offences • Covers intention to make changes to computer material • Covers intention to make changes to settings • To gain easier access next time • To enable edits next time
Unauthorised modification 43 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Unauthorised modification of computer material • Files • Operational schedules • Planning schedules • Database entries • Passwords • Program code • And so on
Example prosecutions (Skidmore p 255) 44 IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11 • Person used former employer’s account to defraud a computer-administered telephone system • Pleaded guilty when found out • R v Pearlstone • Program in system to encrypt and decrypt data, set to turn off after employee left, data then readable • Pleaded guilty when found out • R v Hardy • European Commission system broken into, expense accounts browsed, files in other systems damaged • Found guilty • R v Strickland and Woods
Where are we on agenda • User perspectives and system requirements • User guide contents • Ethical issues • Data protection act • Computer misuse act • Summary IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11
Summary • There are several different perspectives of systems • Business users • Business managers • Developers • Technical support team • Different perspectives drive some requirements • User guide is important support document • Ethical issues need to be taken into account • Data Protection Act • Computer Misuse Act IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11
Further information • Further information can be found in many textbooks on systems development or systems analysis, for example: • Skidmore & Eva (2004) • Chapter 12 Data Protection and Computer Misuse Acts • Shelly & Rosenblatt (2010) pp 15-16, 27, 523 • Bocji P, A Greasley and S Hickie (2008) chapter ? IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11
Next week’s lecture • There will be no lecture in week 18 • Lecture 18 material (system implementation) will be given in week 19 lecture session • Use the lecture 18 time to work on assignment 3 – it will be an opportunity to meet up in your groups IMAT 1906 Lecture Week 17 (c) De Montfort University 2010-11