Chapter 15 Design System Interfaces, Controls, and Security - PowerPoint PPT Presentation

1 / 49
About This Presentation
Title:

Chapter 15 Design System Interfaces, Controls, and Security

Description:

Title: Chapter 14 Author: John Satzinger Last modified by: CHPL Document presentation format: On-screen Show Other titles: Times New Roman MS Gothic Arial Monotype ... – PowerPoint PPT presentation

Number of Views:660
Avg rating:3.0/5.0
Slides: 50
Provided by: JohnSat1
Category:

less

Transcript and Presenter's Notes

Title: Chapter 15 Design System Interfaces, Controls, and Security


1
Chapter 15 Design System Interfaces, Controls,
and Security
  • Systems Analysis and Design in a Changing World,
    5th Edition

2
Learning Objectives
  • Discuss examples of system interfaces found in
    information systems
  • Define system inputs and outputs based on the
    requirements of the application program
  • Design printed and on-screen reports appropriate
    for recipients
  • Explain the importance of integrity controls
  • Identify required integrity controls for inputs,
    outputs, data, and processing
  • Discuss issues related to security that affect
    the design and operation of information systems

3
Overview
  • This chapter focuses on system interfaces, system
    outputs, and system controls that do not require
    much human interaction
  • Many system interfaces are electronic
    transmissions or paper outputs to external agents
  • System developers need to design and implement
    integrity and security controls to protect system
    and its data
  • Outside threats from Internet and e-commerce are
    growing concern

4
Identifying System Interfaces
  • System interfaces are broadly defined as inputs
    or outputs with minimal or no human intervention
  • Inputs from other systems (messages, EDI)?
  • Highly automated input devices such as scanners
  • Inputs that are from data in external databases
  • Outputs to external databases
  • Outputs with minimal HCI
  • Outputs to other systems
  • Real-time connections (both input and output)?

5
Full Range of Inputs and Outputs
Figure 15-1
6
eXtensible Markup Language (XML)?
  • Extension of HTML that embeds self-defined data
    structures in textual messages
  • Transaction that contains data fields can be sent
    with XML codes to define meaning of data fields
  • XML provides common system-to-system interface
  • XML is simple and readable by people
  • Web services is based on XML to send business
    transactions over Internet

7
System-to-System Interface Based on XML
Figure 15-2
8
Design of System Inputs
  • Identify devices and mechanisms used to enter
    input
  • High-level review of most up-to-date methods to
    enter data
  • Identify all system inputs and develop list of
    data content for each
  • Provide link between design of application
    software and design of user and system interfaces
  • Determine controls and security necessary for
    each system input

9
Input Devices and Mechanisms
  • Capture data as close to original source as
    possible
  • Use electronic devices and automatic entry
    whenever possible
  • Avoid human involvement as much as possible
  • Seek information in electronic form to avoid data
    re-entry
  • Validate and correct information at entry point

10
Prevalent Input Devices to Avoid Human Data Entry
  • Magnetic card strip readers
  • Bar code readers
  • Optical character recognition readers and
    scanners
  • Radio-frequency identification tags
  • Touch screens and devices
  • Electronic pens and writing surfaces
  • Digitizers, such as digital cameras and digital
    audio devices

11
Defining the Details of System Inputs
  • Ensure all data inputs are identified and
    specified correctly
  • Can use traditional structured models
  • Identify automation boundary
  • Use DFD fragments
  • Segment by program boundaries
  • Examine structure charts
  • Analyze each module and data couple
  • List individual data fields

12
Automation Boundary on a System-Level DFD
Figure 15-3
13
Create New Order DFD with an Automation Boundary
Figure 15-4
14
List of Inputs for Customer Support System
Figure 15-5
15
Structure Chart for Create New Order
Figure 15-6
16
Data Flows, Data Couples, and Data Elements
Making Up Inputs
Figure 15-7
17
Using Object-Oriented Models
  • Identifying user and system inputs with OO
    approach has same tasks as traditional approach
  • OO diagrams are used instead of DFDs and
    structure charts
  • System sequence diagrams identify each incoming
    message
  • Design class diagrams and sequence diagrams
    identify and describe input parameters and verify
    characteristics of inputs

18
Partial System Sequence Diagram for Payroll
System Use Cases
Figure 15-8
19
System Sequence Diagram for Create New Order
Figure 15-9
20
Input Messages and Data Parameters from RMO
System Sequence Diagram
Figure 15-10
21
Designing System Outputs
  • Determine each type of output
  • Make list of specific system outputs required
    based on application design
  • Specify any necessary controls to protect
    information provided in output
  • Design and prototype output layout
  • Ad hoc reports designed as needed by user

22
Defining the Details of System Outputs
  • Type of reports
  • Printed reports
  • Electronic displays
  • Turnaround documents
  • Can use traditional structured models to identify
    outputs
  • Data flows crossing automation boundary
  • Data couples and report data requirements on
    structure chart

23
Table of System Outputs Based on Traditional
Structured Approach
Figure 15-11
24
Using Object-Oriented Models
  • Outputs indicated by messages in sequence
    diagrams
  • Originate from internal system objects
  • Sent to external actors or another external
    system
  • Output messages based on an individual object are
    usually part of methods of that class object
  • To report on all objects within a class,
    class-level method is used that works on entire
    class

25
Table of System Outputs Based on OO Messages
Figure 15-12
26
Designing Reports, Statements, and Turnaround
Documents
  • Printed versus electronic
  • Types of output reports
  • Detailed
  • Summary
  • Exception
  • Executive
  • Internal versus external
  • Graphical and multimedia presentation

27
RMO Summary Report with Drill Down to the
Detailed Report
Figure 15-16
28
Sample Bar Chart and Pie Chart Reports
Figure 15-17
29
Formatting Reports
  • What is objective of report?
  • Who is the intended audience?
  • What is media for presentation?
  • Avoid information overload
  • Format considerations include meaningful
    headings, date of information, date report
    produced, page numbers

30
Designing Integrity Controls
  • Mechanisms and procedures built into a system to
    safeguard it and information contained within
  • Integrity controls
  • Built into application and database system to
    safeguard information
  • Security controls
  • Built into operating system and network

31
Objectives of Integrity Controls
  • Ensure that only appropriate and correct business
    transactions occur
  • Ensure that transactions are recorded and
    processed correctly
  • Protect and safeguard assets of the organization
  • Software
  • Hardware
  • Information

32
Points of Security and Integrity Controls
Figure 15-18
33
Input Integrity Controls
  • Used with all input mechanisms
  • Additional level of verification to help reduce
    input errors
  • Common control techniques
  • Field combination controls
  • Value limit controls
  • Completeness controls
  • Data validation controls

34
Database Integrity Controls
  • Access controls
  • Data encryption
  • Transaction controls
  • Update controls
  • Backup and recovery protection

35
Output Integrity Controls
  • Ensure output arrives at proper destination and
    is correct, accurate, complete, and current
  • Destination controls - output is channeled to
    correct people
  • Completeness, accuracy, and correctness controls
  • Appropriate information present in output

36
Integrity Controls to Prevent Fraud
  • Three conditions are present in fraud cases
  • Personal pressure, such as desire to maintain
    extravagant lifestyle
  • Rationalizations, including I will repay this
    money or I have this coming
  • Opportunity, such as unverified cash receipts
  • Control of fraud requires both manual procedures
    and computer integrity controls

37
Fraud Risks and Prevention Techniques
Figure 15-19
38
Designing Security Controls
  • Security controls protect assets of organization
    from all threats
  • External threats such as hackers, viruses, worms,
    and message overload attacks
  • Security control objectives
  • Maintain stable, functioning operating
    environment for users and application systems (24
    x 7)?
  • Protect information and transactions during
    transmission outside organization (public
    carriers)?

39
Security for Access to Systems
  • Used to control access to any resource managed by
    operating system or network
  • User categories
  • Unauthorized user no authorization to access
  • Registered user authorized to access system
  • Privileged user authorized to administrate
    system
  • Organized so that all resources can be accessed
    with same unique ID/password combination

40
Users and Access Roles to Computer Systems
Figure 15-20
41
Managing User Access
  • Most common technique is user ID / password
  • Authorization Is user permitted to access?
  • Access control list users with rights to access
  • Authentication Is user who they claim to be?
  • Smart card computer-readable plastic card with
    embedded security information
  • Biometric devices keystroke patterns,
    fingerprinting, retinal scans, voice
    characteristics

42
Data Security
  • Data and files themselves must be secure
  • Encryption primary security method
  • Altering data so unauthorized users cannot view
  • Decryption
  • Altering encrypted data back to its original
    state
  • Symmetric key same key encrypts and decrypts
  • Asymmetric key different key decrypts
  • Public key public encrypts private decrypts

43
Symmetric Key Encryption
Figure 15-22
44
Asymmetric Key Encryption
Figure 15-23
45
Digital Signatures and Certificates
  • Encryption of messages enables secure exchange of
    information between two entities with appropriate
    keys
  • Digital signature encrypts document with private
    key to verify document author
  • Digital certificate is institutions name and
    public key that is encrypted and certified by
    third party
  • Certifying authority
  • VeriSign or Equifax

46
Using a Digital Certificate
Figure 15-24
47
Secure Transactions
  • Standard set of methods and protocols for
    authentication, authorization, privacy, integrity
  • Secure Sockets Layer (SSL) renamed as Transport
    Layer Security (TLS) protocol for secure
    channel to send messages over Internet
  • IP Security (IPSec) newer standard for
    transmitting Internet messages securely
  • Secure Hypertext Transport Protocol (HTTPS or
    HTTP-S) standard for transmitting Web pages
    securely (encryption, digital signing,
    certificates)?

48
Summary
  • System interfaces include all inputs and outputs
    except those that are part of GUI
  • Designing inputs to system is three-step process
  • Identify devices/mechanisms used to enter input
  • Identify system inputs develop list of data
    content
  • Determine controls and security necessary for
    each system input
  • Traditional approach to design inputs and outputs
  • DFDs, data flow definitions, structure charts

49
Summary (contd)?
  • OO approach to design inputs and outputs
  • Sequence diagrams, class diagrams
  • Integrity controls and security designed into
    system
  • Ensure only appropriate and correct business
    transactions occur
  • Ensure transactions are recorded and processed
    correctly
  • Protect and safeguard assets of the organization
  • Control access to resources
Write a Comment
User Comments (0)
About PowerShow.com