Chapter 11 Analysis and Design

Learning outcomes Summarize approaches for analyzing requirements for e-business systems Identify key elements of approaches to improve the interface design and security design of e-commerce systems.

Management issues What are the critical success factors for analysis and design of e-business systems? What is the balance between requirements for usable and secure systems and the costs of designing them in this manner? What are the best approaches for incorporating new IS solutions with legacy systems into the architectural design of the e-business?

Analysis for e-business Understanding processes and information flows to improve service delivery Pant and Ravichandran (2001) say: ‘Information is an agent of coordination and control and serves as a glue that holds together organizations, franchises, supply chains and distribution channels. Along with material and other resource flows, information flows must also be handled effectively in any organization.’

Workflow management Workflow is ‘the automation of a business process, in whole or part during which documents, information or tasks are passed from one participant to another for action, according to a set of procedural rules.’ Examples: Booking a holiday Handling a customer complaint Receiving a customer order.

BizFlow

Process modelling Often use a hierarchical method of establishing the processes and their constituent sub-processes the dependencies between processes the inputs (resources) needed by the processes and the outputs.

Task analysis and task decomposition Before a process can be designed and implemented, a more detailed breakdown is required known as ‘task analysis’ Curtis et al. (1992) framework: Level 1 business process are decomposed into: Level 2 activities which are further divided to: Level 3 tasks and finally: Level 4 sub-tasks.

Figure 11.1 An example task decomposition for an estate agency Source: Adapted from Chaffey (1998)

Process dependencies Summarize the order in which activity occur according to the business rules Data flow diagrams and flow charts are widely used as diagramming techniques Flow process charts Network diagrams Event-driven process chain (EPC) model

Figure 11.2 Symbols used for flow process charts

Figure 11.3 Flow process chart showing the main operations performed by users when working using workflow software

Table 11.5 Elements of the event-driven process chain (EPC) model

Figure 11.4 General model for the EPC process definition model

Data modelling Uses well established techniques used for relational database design Stages: Identify entities Identify attributes of entities Identify relationships.

Figure 11.5 Generic B2C ER diagram

Identify entities Entities define the broad groupings of information such as information about different people, transactions or products. Examples include customer, employee, sales orders, purchase orders. When the design is implemented each design will form a database table. Entity A grouping of related data, example customer entity. Implementation as table. Database table Each database comprises several tables.

Identify attributes Entities have different properties known as attributes that describe the characteristics of any single instance of an entity. For example, the customer entity has attributes such as name, phone number and e-mail address. When the design is implemented each attribute will form a field, and the collection of fields for one instance of the entity such as a particular customer will form a record. Attribute A property or characteristic of an entity, implementation as field. Field Attributes of products, example date of birth. Record A collection of fields for one instance of an entity, example Customer Smith.

Identify relationships The relationships between entities requires identification of which fields are used to link the tables. For example, for each order a customer places we need to know which customer has placed the order and which product they have ordered. As is evident from Figure 11.5, the fields customer id and product id are used to relate the order information between the three tables. The fields that are used to relate tables are referred to as key fields. A primary key is used to uniquely identify each instance of an entity and a secondary key is used to link to a primary key in another table. Relationship Describes how different tables are linked. Primary key The field that uniquely identifies each record in a table. Secondary key A field that is used to link tables, by linking to a primary key in another table.

Client/server architecture – separation of functions Data storage. Predominantly on server. Client storage is ideally limited to cookies for identification of users and session tracking. Cookie identifiers for each system user are then related to the data for the user which is stored on a database server. Query processing. Although some validation can be performed on the client. Display. This is largely a client function. Application logic. Traditionally, in early PC applications this has been a client function, but for e-business systems the design aim is to maximize the application logic processing including the business rules on the server.

Figure 11.6 Three-tier client server in an e-business environment

The three-tier client server Require different servers to combine applications logic and database storage Purpose of each server: Web server. Manages http requests Merchant server. Main location of app. Logic Personalization server. Provides tailored content Payment commerce server. Manages payment Catalogue server. A document management server

Figure 11.7 E-business architecture for The B2C Company

User-centred design Unless a web site meets the needs of the intended users it will not meet the needs of the organization providing the web site. Web site development should be user-centred, evaluating the evolving design against user requirements. (Bevan, 1999a)

Analysis considerations (Bevan) Who are the important users? What is their purpose for accessing the site? How frequently will they visit the site? What experience and expertize do they have? What nationality are they? Can they read English? What type of information are they looking for? How will they want to use the information: read it on the screen, print it or download it? What type of browsers will they use? How fast will their communication links be? How large a screen/window will they use, with how many colours?

Usability An approach to web-site design intended to enable the completion of user tasks Involves two key project activities: Expert reviews Usability testing

Four stages of Rosenfeld and Morville (2000) Identify different audiences. Rank importance of each to business. List the three most important information needs of audience. Ask representatives of each audience type to develop their own wishlists.

Use-case analysis The use-case method of process analysis and modelling was developed in the early 1990s as part of the development of object-oriented techniques. It is part of a methodology known as Unified Modelling Language (UML) that attempts to unify the approaches that preceded it such as the Booch, OMT and Objectory notations. Use-case modelling A user-centred approach to modelling system requirements. Unified Modelling Language (UML) A language used to specify, visualize and document the artefacts of an object- oriented system.

Benefits of personas Fostering customer centricity Identifies detailed information needs and steps Test existing web-site design To compare and test the strength and clarity of communication Can be linked to marketing

Developing a persona Build personal attributes into personas Remember that personas are only models of characteristics and environment Different scenarios can be developed for each persona Info-seeking scenario Purchase scenario

Schneider and Winters (1998) stages in Use Case Identify actors. Actors are typically application users such as customers and employers also other systems Identify use-cases. The sequence of transactions between an actor and a system that support the activities of the actor Relate actors to use-cases See figure 11.8 Develop use-case scenarios See figure 11.9 for a detailed scenario.

Figure 11.8 Relationship between actors and use-cases for The B2C Company, sell-side e-commerce site

Figure 11.9 Primary use-case scenario for an entire e-commerce purchase cycle

Primary scenario for the Register use-case Pre-condition: A user is active on the web site Scenario: Register Basic path: Use-case starts when customer presses ‘register’ Customer enters name, postal address and email The post/zip code will be checked for validity The customer will select ‘submit’ The system will check all fields are present A redirect page will be displayed to thank the customer.

Figure 11.10 Primary scenario for the Register use-cases for The B2C Company

Figure 11.11 Clear user scenario options at the RS Components site (www.rswww.com)

Designing the information architecture Card sorting The process of arranging a way of organizing objects on the web site Blueprints Shows the relationship between pages and other content components Wireframes A way of illustrating the layout of an individual page

Figure 11.12 Site structure diagram (blueprint) showing layout and relationship between pages

Figure 11.13 Example wireframe for a children’s toy site

Site design issues Covered by the ten principles that follow Style and personality + design Support the brand Site organization Fits audiences information needs Site navigation Clear, simple, consistent Page design Content Engaging and relevant. Covered by the ten principles that follow

Jakob Nielsen - www.useit.com Principle 1: Standards ‘Users spend most of their time on other sites. This means that users prefer your site to work the same way as all the other sites they already know… Think Yahoo and Amazon. Think "shopping cart" and the silly little icon. Think blue text links’. Jakob Nielsen - www.useit.com

Principle 2: Support marketing objectives Support customer lifecycle Acquisition – of new or existing customers Retention – gain repeat visitors Extension – cross and up-selling Support communications objectives Three key tactics Communicate the online value proposition Establish credibility Convert customer to action.

Principle 4 Customer orientation Content + services support a range of audiences and… Different segments Four familiarities With Internet With company With products With web site.

Customer orientation Nielsen www.useit.com Web users are notoriously fickle They take one look at a home page and leave after a few seconds if they can't figure it out The abundance of choice and the ease of going elsewhere puts a huge premium on making it extremely easy to enter a site. Nielsen www.useit.com

Dell.com

Figure 11.14 Different types of audience for the web site of The B2B Company

Principle 6: Lowest Common Denominator Access speed Screen resolution and color depth Web browser type Browser configuration Text size Plug-ins. www.usability.serco.com

Principle 7 Aesthetics fit the brand Aesthetics = Graphics + Colour + Style + Layout + Typography Site personality How would you describe the site if it were a person? E.g. Formal, Fun, Engaging, Entertaining, Professional Site style Information vs graphics intensive Cluttered vs Clean Are personality and style consistent with brand and customer orientation?

Principle 8 Get the structure right (a) (b) (d) (c) Back DTI Cisco

Principle 9 Make navigation easy According to Nielsen, need to establish: Where am I? Where have I been? Where do I want to go? Context. Consistency. Simplicity. Use accepted standards for navigation

Figure 11.15 (a) Narrow and deep and (b) broad and shallow organization schemes

Navigation (Continued) ‘Go with the flow’ Visitor in control An enjoyable experience ‘Think like a client’ Enter by: user need product/service audience type search To: alternate home pages

Principle 10 Support user psychology Hofacker’s five stages of information processing Exposure – can it be seen? Attention – does it grab? Comprehension and perception – is message understood? Yielding and acceptance : It is credible and believable? Retention – is the message and experience remembered?

Web accessibility Number of visually impaired people Number of users of less popular browsers or variation in screen display resolution More visitors from natural listings of search engines Legal requirements http://www.w3.org/TR/WCAG10/

Priority levels Priority 1 (Level A) Priority 2 (Level AA) Web developer must satisfy this checkpoints Priority 2 (Level AA) Web developer should satisfy this checkpoints Priority 3 (Level AAA) Web developer may address this checkpoints

Accessibility compliance for web design

Figure 11.16 HSBC Global home page (www.hsbc.com)

Security requirements for e-commerce Authentication – are parties to the transaction who they claim to be? Privacy and confidentiality – is transaction data protected? The consumer may want to make an anonymous purchase. Are all non-essential traces of a transaction removed from the public network and all intermediary records eliminated? Integrity – checks that the message sent is complete i.e. that it is not corrupted. Non-repudiability – ensures sender cannot deny sending message. Availability – how can threats to the continuity and performance of the system be eliminated?

Figure 11.17 UK information security breaches Source: DTI (2006) Department of Trade and Industry Information Security Breaches Survey. Executive Summary 2006

Managing computer viruses Boot-sector virus Worms Macro-viruses E-mail attachment virus Trojan viruses Hoax e-mail viruses

Figure 11.18 The geographic spread of the ‘Slammer’ worm 30 minutes after release Source: Code Red (CRv2) Spread Animation. Copyright © 2001 The Regents of the University of California www-cse.ucsd.edu/~savage/ papers/IEEESP03.pdf

Monitoring of electronic communications Employee communications monitoring Acceptable-use policy Scanning software Filtering software

Figure 11.19 Staff misuse of web and e-mail Source: DTI (2006) Department of Trade and Industry Information Security Breaches Survey

Figure 11.20 Example rules triggered by e-mail in MailMarshal SMTP from Marshal Source: Marshal Ltd. www.marshal.com

Figure 11.21 Employee controls (a) governance and (b) technical solutions Source: DTI (2006) Department of Trade and Industry Information Security Breaches Survey

E-mail management To minimize the volume Spam Internal business email External business e-mail Personal e-mail

Figure 11.22 Proportion of global e-mail traffic which is spam Source: MessageLabs (2006)

Minimizing spam Avoid harvesting of addresses Educate staff not to reply to spam Use filters Use ‘peer-to-peer’ blocking services Use blacklist services Use whitelist services Ensure anti-virus software and blocking is effective

Figure 11.23 Progression of attempts to combat spam

Minimizing internal business e-mail Only send e-mail to employees Banning certain type of email Avoid ‘flaming’ Write clear subject lines Structure emails Make follow-up actions clear Perform e-mail reading and checking in batches

Security Attacks Hacking Phishing Denial-of-service attacks

Figure 11.24 Public-key or asymmetric encryption