14 Systems Analysis and Design in a Changing World, Fourth Edition

14 Systems Analysis and Design in a Changing World, 4th Edition 2 Learning Objectives u Discuss examples of system interfaces found in information systems u Define system inputs and outputs based on the requirements of the application program u Design printed and on-screen reports appropriate for recipients u Explain the importance of integrity controls u Identify required integrity controls for inputs, outputs, data, and processing u Discuss issues related to security that affect the design and operation of information systems

14 Systems Analysis and Design in a Changing World, 4th Edition 3 Overview u This chapter focuses on system interfaces, system outputs, and system controls that do not require much human interaction u Many system interfaces are electronic transmissions or paper outputs to external agents u System developers need to design and implement integrity and security controls to protect system and its data u Outside threats from Internet and e-commerce are growing concern

14 Systems Analysis and Design in a Changing World, 4th Edition 4 Identifying System Interfaces u System interfaces are broadly defined as inputs or outputs with minimal or no human intervention l Inputs from other systems (messages, EDI) l Highly automated input devices such as scanners l Inputs that are from data in external databases l Outputs to external databases l Outputs with minimal HCI l Outputs to other systems l Real-time connections (both input and output)

14 Systems Analysis and Design in a Changing World, 4th Edition 5 Full Range of Inputs and Outputs

14 Systems Analysis and Design in a Changing World, 4th Edition 6 eXtensible Markup Language (XML) u Extension of HTML that embeds self-defined data structures in textual messages u Transaction that contains data fields can be sent with XML codes to define meaning of data fields u XML provides common system-to-system interface u XML is simple and readable by people u Web services is based on XML to send business transactions over Internet

14 Systems Analysis and Design in a Changing World, 4th Edition 7 System-to-System Interface Based on XML

14 Systems Analysis and Design in a Changing World, 4th Edition 8 Design of System Inputs u Identify devices and mechanisms used to enter input l High-level review of most up-to-date methods to enter data u Identify all system inputs and develop list of data content for each l Provide link between design of application software and design of user and system interfaces u Determine controls and security necessary for each system input

14 Systems Analysis and Design in a Changing World, 4th Edition 9 Input Devices and Mechanisms u Capture data as close to original source as possible u Use electronic devices and automatic entry whenever possible u Avoid human involvement as much as possible u Seek information in electronic form to avoid data re-entry u Validate and correct information at entry point

14 Systems Analysis and Design in a Changing World, 4th Edition 10 Prevalent Input Devices to Avoid Human Data Entry u Magnetic card strip readers u Bar code readers u Optical character recognition readers and scanners u Radio-frequency identification tags u Touch screens and devices u Electronic pens and writing surfaces u Digitizers, such as digital cameras and digital audio devices

14 Systems Analysis and Design in a Changing World, 4th Edition 11 Defining the Details of System Inputs u Ensure all data inputs are identified and specified correctly u Can use traditional structured models l Identify automation boundary u Use DFD fragments u Segment by program boundaries l Examine structure charts u Analyze each module and data couple u List individual data fields

14 Systems Analysis and Design in a Changing World, 4th Edition 12 Using Object-Oriented Models u Identifying user and system inputs with OO approach has same tasks as traditional approach u OO diagrams are used instead of DFDs and structure charts u System sequence diagrams identify each incoming message u Design class diagrams and sequence diagrams identify and describe input parameters and verify characteristics of inputs

14 Systems Analysis and Design in a Changing World, 4th Edition 13 System Sequence Diagram for Create New Order

14 Systems Analysis and Design in a Changing World, 4th Edition 14 Input Messages and Data Parameters from RMO System Sequence Diagram (Figure 14-10)

14 Systems Analysis and Design in a Changing World, 4th Edition 15 Designing System Outputs u Determine each type of output u Make list of specific system outputs required based on application design u Specify any necessary controls to protect information provided in output u Design and prototype output layout u Ad hoc reports – designed as needed by user

14 Systems Analysis and Design in a Changing World, 4th Edition 16 Defining the Details of System Outputs u Type of reports l Printed reports l Electronic displays l Turnaround documents u Can use traditional structured models to identify outputs l Data flows crossing automation boundary l Data couples and report data requirements on structure chart

14 Systems Analysis and Design in a Changing World, 4th Edition 17 Table of System Outputs Based on Traditional Structured Approach (Figure 14-11)

14 Systems Analysis and Design in a Changing World, 4th Edition 18 Using Object-Oriented Models u Outputs indicated by messages in sequence diagrams l Originate from internal system objects l Sent to external actors or another external system u Output messages based on an individual object are usually part of methods of that class object u To report on all objects within a class, class-level method is used that works on entire class

14 Systems Analysis and Design in a Changing World, 4th Edition 19 Table of System Outputs Based on OO Messages (Figure 14-12)

14 Systems Analysis and Design in a Changing World, 4th Edition 20 Designing Reports, Statements, and Turnaround Documents u Printed versus electronic u Types of output reports l Detailed l Summary l Exception l Executive u Internal versus external u Graphical and multimedia presentation

14 Systems Analysis and Design in a Changing World, 4th Edition 21 RMO Summary Report with Drill Down to the Detailed Report

14 Systems Analysis and Design in a Changing World, 4th Edition 22 Formatting Reports u What is objective of report? u Who is the intended audience? u What is media for presentation? u Avoid information overload u Format considerations include meaningful headings, date of information, date report produced, page numbers

14 Systems Analysis and Design in a Changing World, 4th Edition 23 Designing Integrity Controls u Mechanisms and procedures built into a system to safeguard it and information contained within u Integrity controls l Built into application and database system to safeguard information u Security controls l Built into operating system and network

14 Systems Analysis and Design in a Changing World, 4th Edition 24 Objectives of Integrity Controls u Ensure that only appropriate and correct business transactions occur u Ensure that transactions are recorded and processed correctly u Protect and safeguard assets of the organization l Software l Hardware l Information

14 Systems Analysis and Design in a Changing World, 4th Edition 25 Points of Security and Integrity Controls

14 Systems Analysis and Design in a Changing World, 4th Edition 26 Input Integrity Controls u Used with all input mechanisms u Additional level of verification to help reduce input errors u Common control techniques l Field combination controls l Value limit controls l Completeness controls l Data validation controls

14 Systems Analysis and Design in a Changing World, 4th Edition 27 Database Integrity Controls u Access controls u Data encryption u Transaction controls u Update controls u Backup and recovery protection

14 Systems Analysis and Design in a Changing World, 4th Edition 28 Output Integrity Controls u Ensure output arrives at proper destination and is correct, accurate, complete, and current u Destination controls - output is channeled to correct people u Completeness, accuracy, and correctness controls u Appropriate information present in output

14 Systems Analysis and Design in a Changing World, 4th Edition 29 Integrity Controls to Prevent Fraud u Three conditions are present in fraud cases l Personal pressure, such as desire to maintain extravagant lifestyle l Rationalizations, including “I will repay this money” or “I have this coming” l Opportunity, such as unverified cash receipts u Control of fraud requires both manual procedures and computer integrity controls

14 Systems Analysis and Design in a Changing World, 4th Edition 30 Fraud Risks and Prevention Techniques

14 Systems Analysis and Design in a Changing World, 4th Edition 31 Designing Security Controls u Security controls protect assets of organization from all threats l External threats such as hackers, viruses, worms, and message overload attacks u Security control objectives l Maintain stable, functioning operating environment for users and application systems (24 x 7) l Protect information and transactions during transmission outside organization (public carriers)

14 Systems Analysis and Design in a Changing World, 4th Edition 32 Security for Access to Systems u Used to control access to any resource managed by operating system or network u User categories l Unauthorized user – no authorization to access l Registered user – authorized to access system l Privileged user – authorized to administrate system u Organized so that all resources can be accessed with same unique ID/password combination

14 Systems Analysis and Design in a Changing World, 4th Edition 33 Users and Access Roles to Computer Systems

14 Systems Analysis and Design in a Changing World, 4th Edition 34 Managing User Access u Most common technique is user ID / password u Authorization – Is user permitted to access? u Access control list – users with rights to access u Authentication – Is user who they claim to be? u Smart card – computer-readable plastic card with embedded security information u Biometric devices – keystroke patterns, fingerprinting, retinal scans, voice characteristics

14 Systems Analysis and Design in a Changing World, 4th Edition 35 Data Security u Data and files themselves must be secure u Encryption – primary security method l Altering data so unauthorized users cannot view u Decryption l Altering encrypted data back to its original state u Symmetric key – same key encrypts and decrypts u Asymmetric key – different key decrypts u Public key – public encrypts; private decrypts

14 Systems Analysis and Design in a Changing World, 4th Edition 36 Symmetric Key Encryption

14 Systems Analysis and Design in a Changing World, 4th Edition 37 Asymmetric Key Encryption

14 Systems Analysis and Design in a Changing World, 4th Edition 38 Digital Signatures and Certificates u Encryption of messages enables secure exchange of information between two entities with appropriate keys u Digital signature encrypts document with private key to verify document author u Digital certificate is institution’s name and public key that is encrypted and certified by third party u Certifying authority l VeriSign or Equifax

14 Systems Analysis and Design in a Changing World, 4th Edition 39 Using a Digital Certificate

14 Systems Analysis and Design in a Changing World, 4th Edition 40 Secure Transactions u Standard set of methods and protocols for authentication, authorization, privacy, integrity u Secure Sockets Layer (SSL) renamed as Transport Layer Security (TLS) – protocol for secure channel to send messages over Internet u IP Security (IPSec) – newer standard for transmitting Internet messages securely u Secure Hypertext Transport Protocol (HTTPS or HTTP-S) – standard for transmitting Web pages securely (encryption, digital signing, certificates)