Title: Chapter 15 Design System Interfaces, Controls, and Security
1Chapter 15 Design System Interfaces, Controls,
and Security
- Systems Analysis and Design in a Changing World,
5th Edition
2Learning Objectives
- Discuss examples of system interfaces found in
information systems - Define system inputs and outputs based on the
requirements of the application program - Design printed and on-screen reports appropriate
for recipients - Explain the importance of integrity controls
- Identify required integrity controls for inputs,
outputs, data, and processing - Discuss issues related to security that affect
the design and operation of information systems
3Overview
- This chapter focuses on system interfaces, system
outputs, and system controls that do not require
much human interaction - Many system interfaces are electronic
transmissions or paper outputs to external agents - System developers need to design and implement
integrity and security controls to protect system
and its data - Outside threats from Internet and e-commerce are
growing concern
4Identifying System Interfaces
- System interfaces are broadly defined as inputs
or outputs with minimal or no human intervention - Inputs from other systems (messages, EDI)?
- Highly automated input devices such as scanners
- Inputs that are from data in external databases
- Outputs to external databases
- Outputs with minimal HCI
- Outputs to other systems
- Real-time connections (both input and output)?
5Full Range of Inputs and Outputs
Figure 15-1
6eXtensible Markup Language (XML)?
- Extension of HTML that embeds self-defined data
structures in textual messages - Transaction that contains data fields can be sent
with XML codes to define meaning of data fields - XML provides common system-to-system interface
- XML is simple and readable by people
- Web services is based on XML to send business
transactions over Internet
7System-to-System Interface Based on XML
Figure 15-2
8Design of System Inputs
- Identify devices and mechanisms used to enter
input - High-level review of most up-to-date methods to
enter data - Identify all system inputs and develop list of
data content for each - Provide link between design of application
software and design of user and system interfaces - Determine controls and security necessary for
each system input
9Input Devices and Mechanisms
- Capture data as close to original source as
possible - Use electronic devices and automatic entry
whenever possible - Avoid human involvement as much as possible
- Seek information in electronic form to avoid data
re-entry - Validate and correct information at entry point
10Prevalent Input Devices to Avoid Human Data Entry
- Magnetic card strip readers
- Bar code readers
- Optical character recognition readers and
scanners - Radio-frequency identification tags
- Touch screens and devices
- Electronic pens and writing surfaces
- Digitizers, such as digital cameras and digital
audio devices
11Defining the Details of System Inputs
- Ensure all data inputs are identified and
specified correctly - Can use traditional structured models
- Identify automation boundary
- Use DFD fragments
- Segment by program boundaries
- Examine structure charts
- Analyze each module and data couple
- List individual data fields
12Automation Boundary on a System-Level DFD
Figure 15-3
13Create New Order DFD with an Automation Boundary
Figure 15-4
14List of Inputs for Customer Support System
Figure 15-5
15Structure Chart for Create New Order
Figure 15-6
16Data Flows, Data Couples, and Data Elements
Making Up Inputs
Figure 15-7
17Using Object-Oriented Models
- Identifying user and system inputs with OO
approach has same tasks as traditional approach - OO diagrams are used instead of DFDs and
structure charts - System sequence diagrams identify each incoming
message - Design class diagrams and sequence diagrams
identify and describe input parameters and verify
characteristics of inputs
18Partial System Sequence Diagram for Payroll
System Use Cases
Figure 15-8
19System Sequence Diagram for Create New Order
Figure 15-9
20Input Messages and Data Parameters from RMO
System Sequence Diagram
Figure 15-10
21Designing System Outputs
- Determine each type of output
- Make list of specific system outputs required
based on application design - Specify any necessary controls to protect
information provided in output - Design and prototype output layout
- Ad hoc reports designed as needed by user
22Defining the Details of System Outputs
- Type of reports
- Printed reports
- Electronic displays
- Turnaround documents
- Can use traditional structured models to identify
outputs - Data flows crossing automation boundary
- Data couples and report data requirements on
structure chart
23Table of System Outputs Based on Traditional
Structured Approach
Figure 15-11
24Using Object-Oriented Models
- Outputs indicated by messages in sequence
diagrams - Originate from internal system objects
- Sent to external actors or another external
system - Output messages based on an individual object are
usually part of methods of that class object - To report on all objects within a class,
class-level method is used that works on entire
class
25Table of System Outputs Based on OO Messages
Figure 15-12
26Designing Reports, Statements, and Turnaround
Documents
- Printed versus electronic
- Types of output reports
- Detailed
- Summary
- Exception
- Executive
- Internal versus external
- Graphical and multimedia presentation
27RMO Summary Report with Drill Down to the
Detailed Report
Figure 15-16
28Sample Bar Chart and Pie Chart Reports
Figure 15-17
29Formatting Reports
- What is objective of report?
- Who is the intended audience?
- What is media for presentation?
- Avoid information overload
- Format considerations include meaningful
headings, date of information, date report
produced, page numbers
30Designing Integrity Controls
- Mechanisms and procedures built into a system to
safeguard it and information contained within - Integrity controls
- Built into application and database system to
safeguard information - Security controls
- Built into operating system and network
31Objectives of Integrity Controls
- Ensure that only appropriate and correct business
transactions occur - Ensure that transactions are recorded and
processed correctly - Protect and safeguard assets of the organization
- Software
- Hardware
- Information
32Points of Security and Integrity Controls
Figure 15-18
33Input Integrity Controls
- Used with all input mechanisms
- Additional level of verification to help reduce
input errors - Common control techniques
- Field combination controls
- Value limit controls
- Completeness controls
- Data validation controls
34Database Integrity Controls
- Access controls
- Data encryption
- Transaction controls
- Update controls
- Backup and recovery protection
35Output Integrity Controls
- Ensure output arrives at proper destination and
is correct, accurate, complete, and current - Destination controls - output is channeled to
correct people - Completeness, accuracy, and correctness controls
- Appropriate information present in output
36Integrity Controls to Prevent Fraud
- Three conditions are present in fraud cases
- Personal pressure, such as desire to maintain
extravagant lifestyle - Rationalizations, including I will repay this
money or I have this coming - Opportunity, such as unverified cash receipts
- Control of fraud requires both manual procedures
and computer integrity controls
37Fraud Risks and Prevention Techniques
Figure 15-19
38Designing Security Controls
- Security controls protect assets of organization
from all threats - External threats such as hackers, viruses, worms,
and message overload attacks - Security control objectives
- Maintain stable, functioning operating
environment for users and application systems (24
x 7)? - Protect information and transactions during
transmission outside organization (public
carriers)?
39Security for Access to Systems
- Used to control access to any resource managed by
operating system or network - User categories
- Unauthorized user no authorization to access
- Registered user authorized to access system
- Privileged user authorized to administrate
system - Organized so that all resources can be accessed
with same unique ID/password combination
40Users and Access Roles to Computer Systems
Figure 15-20
41Managing User Access
- Most common technique is user ID / password
- Authorization Is user permitted to access?
- Access control list users with rights to access
- Authentication Is user who they claim to be?
- Smart card computer-readable plastic card with
embedded security information - Biometric devices keystroke patterns,
fingerprinting, retinal scans, voice
characteristics
42Data Security
- Data and files themselves must be secure
- Encryption primary security method
- Altering data so unauthorized users cannot view
- Decryption
- Altering encrypted data back to its original
state - Symmetric key same key encrypts and decrypts
- Asymmetric key different key decrypts
- Public key public encrypts private decrypts
43Symmetric Key Encryption
Figure 15-22
44Asymmetric Key Encryption
Figure 15-23
45Digital Signatures and Certificates
- Encryption of messages enables secure exchange of
information between two entities with appropriate
keys - Digital signature encrypts document with private
key to verify document author - Digital certificate is institutions name and
public key that is encrypted and certified by
third party - Certifying authority
- VeriSign or Equifax
46Using a Digital Certificate
Figure 15-24
47Secure Transactions
- Standard set of methods and protocols for
authentication, authorization, privacy, integrity - Secure Sockets Layer (SSL) renamed as Transport
Layer Security (TLS) protocol for secure
channel to send messages over Internet - IP Security (IPSec) newer standard for
transmitting Internet messages securely - Secure Hypertext Transport Protocol (HTTPS or
HTTP-S) standard for transmitting Web pages
securely (encryption, digital signing,
certificates)?
48Summary
- System interfaces include all inputs and outputs
except those that are part of GUI - Designing inputs to system is three-step process
- Identify devices/mechanisms used to enter input
- Identify system inputs develop list of data
content - Determine controls and security necessary for
each system input - Traditional approach to design inputs and outputs
- DFDs, data flow definitions, structure charts
49Summary (contd)?
- OO approach to design inputs and outputs
- Sequence diagrams, class diagrams
- Integrity controls and security designed into
system - Ensure only appropriate and correct business
transactions occur - Ensure transactions are recorded and processed
correctly - Protect and safeguard assets of the organization
- Control access to resources