What is System Design? In System design, we use the requirements we developed in system analysis to create a blueprint of the future system Successful design builds on what we have learned in analysis and transforms that knowledge into a working system. Design is still planning as the system need not be developed during this phase.

Design Strategies Custom development (build from scratch) Purchase and customize Outsource development

Custom Development PROS – Allows flexibility and creativity – Builds technical skills and functional knowledge in- house – Best ‘fit’ CONS – Requires significant time and effort – May exacerbate existing backlogs – May require missing skills – Often costs more – Often takes more time – Risk of project failure

Packaged Software Include small single-function tools All-encompassing enterprise resource planning (ERP) systems Rarely a perfect fit with business needs May allow for customization – Manipulation of system parameters – Changing way features work – Synchronizing with other application interfaces

Outsourcing Hiring an external vendor, developer, or service provider May reduce costs or add value Risks include possibly – Losing confidential information – Losing control over future development – Losing control over future cost structure – Losing learning opportunities

Outsourcing Contracts There are Three types: Time and Arrangement: – Pay for what is needed to get job done. Flexible but risk of large bill at the end. Fixed-price – Certainty regarding payment but very little flexibility in delivering IS support. ‘You get what you ask for.’ Value-added – Outsourcer shares in benefits gained from the system.

Selecting a Design Strategy Consider each of the following: – Business need – In-house experience – Project skills – Project management – Time frame

Key Definitions The architecture design consists of plans for the hardware, software, communications, security, and global support for the new application The designers must decide if processing will occur in the server (server-based), at the personal computer (client-based), or in some combination of these (client-server based).

Key Definitions The network model shows major components of the system, where they are located and how they will be connected to one another. The hardware and software specifications describe these components in detail and aid those responsible for purchase and acquisition of these products.

Architectures Server based Client based Client-server based – thick versus thin client – cloud computing

Server-Based Computing (and, essentially, Thin-Client Computing)

Client-Based Computing

Client-Server-Based Computing

Client-Server Attributes Typical Pros – Compatible with web- based system design – Scaleable – Work with multiple vendors/products – No central point of failure Typical Cons/Limits – Complexity – New programming languages and techniques (stress for personnel) – More complex to update

Identifying Threats to the System A threat is any potential adverse occurrence that can do harm to the application or its data Threats come from internal as well as external sources Categories of threats – Disruptions, destruction and disaster Viruses fall into this category – Unauthorized access

Most Common Threats

Creating Controls A control is something that mitigates or stops a threat Controls include – redundancy – fault tolerant servers – disaster recovery plans – anti-virus software

Additional Controls Include A security policy ‘Social Engineering’ Passwords and encryption – What you have – What you know – What you are Firewalls – wired, wireless controls

Current Threats Malware Delivery – Software Updates – Banner Ads (‘malvertising’) – Downloadable documents – Man-in-the-middle – Keyloggers

The threat of open WiFi ‘Sidejacking’ – packet sniffers intercept traffic between two html parties and steal the session cookie – Firesheep is an application that supports this as an extension of the Firefox browser requires Firefox browser use cannot read https sessions