Systems Design Chapter 6
Outline Design Phase Integrity & Security Controls Describe the Environment Design Application Components Note: other tasks described in other lectures Integrity & Security Controls Integrity Input controls Output controls Fraud Recovery Security
DESIGN What is Design? ANALYSIS IMPLEMENTATION "the Bridge" "Requirements gathering" "Construction" Less user involvement More technical specialists Modeling the solution The blueprint
SDLC Phase: Design Core Process 4: Design system components Environment Application components User interfaces (Ch 8) Database (Ch 9) Software classes (Ch 12-14)
Describe the Environment Describe not define! System designer does not have control of the environment. Many times we have to conform to what is already there. Environment External Systems Communciation protocols, message formats Security methods Organization’s Technology Architecture Desktops, Mobile Devices Servers Operating Systems Networks Database Management Systems Network Diagram
Describe the Environment Location Diagram Deployment Diagram
Design Application Components a well defined unit of software that performs some function(s) Desktop Application P.O.S. System Website Mobile App
Design Application Components Package Diagram Determine major components Subsystems Packages used to group related functionality into one group/namespace Multi-Layer Design
Integrity & Security Controls
Designing Integrity Controls Input Output Recovery Fraud Security Designing Integrity Controls Input Controls - preventing erroneous data What could go wrong? Data entry errors Missing information Inaccurate & unreliable data What can we do? Value limit controls Completeness controls Data validation controls Field combination controls Other Lookup tables Check digits
Designing Integrity Controls Input Output Recovery Fraud Security Designing Integrity Controls Output Controls - ensuring that info arrives at proper destination, is accurate, current, & complete What could go wrong? Missing printed reports with sensitive data Making decisions off of incomplete reports Making decisions off of old data What can we do? Limit physical access to printers Dispose of discarded output properly Label printed output properly page 1 of 10 timestamp
Designing Integrity Controls Input Output Recovery Fraud Security Designing Integrity Controls Backups & Recovery, Redundancies - protecting from data loss What could go wrong? Destruction of data due to: Human error Hardware failure Disaster Malicious intent What can we do? Backup & Recovery Redundancy
Designing Integrity Controls Input Output Recovery Fraud Security Designing Integrity Controls Fraud Prevention – preventing unauthorized transactions by authorized users What could go wrong? What can we do? Separation of duties Records & Audit trails Transaction Logging Monitoring Unusual transactions Asset control Limit physical access Security Opportunity Motive Rationalization Fraud Triangle
Designing Security Controls Input Output Recovery Fraud Security Designing Security Controls Access Controls – preventing unauthorized access by unauthorized users What could go wrong? Networks or systems accessed or attacked Data viewed and/or copied by unauthorized users What can we do? Access Controls Authentication Authorization Data Encryption Symmetric vs Asymmetric Public key encryption Digital Signatures & Certificates Secure Transactions