Presentation is loading. Please wait.

Presentation is loading. Please wait.

INFORMATION X INFO425: Systems Design Chapter 15 Designing System Interfaces, Security and Controls.

Published byDominick O’Neal’ Modified over 8 years ago

Similar presentations

Presentation on theme: "INFORMATION X INFO425: Systems Design Chapter 15 Designing System Interfaces, Security and Controls."— Presentation transcript:

1 INFORMATION SYSTEMS @ X INFO425: Systems Design Chapter 15 Designing System Interfaces, Security and Controls

2 INFO425: Systems Design INFORMATION SYSTEMS @ X Downslope Ski  What are the business drivers requiring that Downhill provide suppliers with automated inventory access?  What types of information do you think need to be shared?  What kind of analysis does Nathan need to do? What information does he need?

3 INFO425: Systems Design INFORMATION SYSTEMS @ X Learning Objectives  Discuss examples of system interfaces found in information systems  Define system inputs and outputs based on the requirements of the application program  Explain the importance of integrity controls  Identify required integrity controls for inputs, outputs, data, and processing  Discuss issues related to security that affect the design and operation of information systems

4 INFO425: Systems Design INFORMATION SYSTEMS @ X Overview  This chapter focuses on system interfacesand system controls that do not require much human interaction  Many system interfaces are electronic transmissions or paper outputs to external agents  System developers need to design and implement integrity and security controls to protect system and its data  Outside threats from Internet and e-commerce are growing concern

5 INFO425: Systems Design INFORMATION SYSTEMS @ X Identifying System Interfaces  System interfaces are broadly defined as inputs or outputs with minimal or no human intervention  Inputs from other systems (messages, EDI)  Highly automated input devices such as scanners  Inputs that are from data in external databases  Outputs to external databases  Outputs with minimal HCI  Outputs to other systems  Real-time connections (both input and output)

6 INFO425: Systems Design INFORMATION SYSTEMS @ X Full Range of Inputs and Outputs

7 INFO425: Systems Design INFORMATION SYSTEMS @ X Electronic Data Interchange (EDI)   The EDI standard was developed around 1982 and is in use since 1985 as standard to support doing business by means of passing electronic document between business partners.   EDI can be defined as:   “Computer to computer exchange of structured data. Formatted to allow automatic processing without manual intervention.” (E-centre, 2002, Electronic Data Interchange),   or as:   “Electronic exchange of structured and normalized data between computer systems of different partners” (F. Put, 1998).   Format and contents of business documents based on agreed upon industry standards   Purchase orders   Invoices

8 INFO425: Systems Design INFORMATION SYSTEMS @ X eXtensible Markup Language (XML)  Extension of HTML that embeds self-defined data structures in textual messages  Transaction that contains data fields can be sent with XML codes to define meaning of data fields  XML provides common system-to-system interface  XML is simple and readable by people  Web services is based on XML to send business transactions over Internet

9 INFO425: Systems Design INFORMATION SYSTEMS @ X XML or EDI?

10 INFO425: Systems Design INFORMATION SYSTEMS @ X Design of System Inputs  Identify devices and mechanisms used to enter input  High-level review of most up-to-date methods to enter data  Identify all system inputs and develop list of data content for each  Provide link between design of application software and design of user and system interfaces  Determine controls and security necessary for each system input

11 INFO425: Systems Design INFORMATION SYSTEMS @ X Input Devices and Mechanisms  Capture data as close to original source as possible  Use electronic devices and automatic entry whenever possible  Avoid human involvement as much as possible  Seek information in electronic form to avoid data re-entry  Validate and correct information at entry point

12 INFO425: Systems Design INFORMATION SYSTEMS @ X Prevalent Input Devices to Avoid Human Data Entry  Magnetic card strip readers  Bar code readers  Optical character recognition readers and scanners  Radio-frequency identification tags  Touch screens and devices  Electronic pens and writing surfaces  Digitizers, such as digital cameras and digital audio devices

13 INFO425: Systems Design INFORMATION SYSTEMS @ X Defining the Details of System Inputs  Ensure all data inputs are identified and specified correctly  Can use traditional structured models  Identify automation boundary >Use DFD fragments >Segment by program boundaries  Examine structure charts >Analyze each module and data couple >List individual data fields

14 INFO425: Systems Design INFORMATION SYSTEMS @ X Automation Boundary on a System-Level DFD

15 INFO425: Systems Design INFORMATION SYSTEMS @ X Create New Order DFD with an Automation Boundary

16 INFO425: Systems Design INFORMATION SYSTEMS @ X Structure Chart for Create New Order

17 INFO425: Systems Design INFORMATION SYSTEMS @ X

18 INFO425: Systems Design INFORMATION SYSTEMS @ X Using Object-Oriented Models  Identifying user and system inputs with OO approach has same tasks as traditional approach  OO diagrams are used instead of DFDs and structure charts  System sequence diagrams identify each incoming message  Design class diagrams and sequence diagrams identify and describe input parameters and verify characteristics of inputs

19 INFO425: Systems Design INFORMATION SYSTEMS @ X Partial System Sequence Diagram for Payroll System Use Cases

20 INFO425: Systems Design INFORMATION SYSTEMS @ X System Sequence Diagram for Create New Order

21 INFO425: Systems Design INFORMATION SYSTEMS @ X Input Messages and Data Parameters from RMO System Sequence Diagram

22 INFO425: Systems Design INFORMATION SYSTEMS @ X Designing System Outputs  Determine each type of output  Make list of specific system outputs required based on application design  Specify any necessary controls to protect information provided in output  Design and prototype output layout  Ad hoc reports – designed as needed by user (BI reports)

23 INFO425: Systems Design INFORMATION SYSTEMS @ X Defining the Details of System Outputs  Type of reports  Printed reports  Electronic displays  Turnaround documents  Can use traditional structured models to identify outputs  Data flows crossing automation boundary  Data couples and report data requirements on structure chart

24 INFO425: Systems Design INFORMATION SYSTEMS @ X Table of System Outputs Based on Traditional Structured Approach

25 INFO425: Systems Design INFORMATION SYSTEMS @ X Using Object-Oriented Models  Outputs indicated by messages in sequence diagrams  Originate from internal system objects  Sent to external actors or another external system  Output messages based on an individual object are usually part of methods of that class object  To report on all objects within a class, class-level method is used that works on entire class

26 INFO425: Systems Design INFORMATION SYSTEMS @ X Table of System Outputs Based on OO Messages (Figure 14-12)

27 INFO425: Systems Design INFORMATION SYSTEMS @ X Exercise You work for a grocery chain that always has many customers in the stores. To facilitate and speed checkout, the company wants to develop self-service checkout stands. Customers can check out their own groceries and pay by credit card or cash. How would you design the checkout register and equipment? What kinds of equipment would you use to make it easy and intuitive for the customers, make sure that prices are entered correctly, and ensure that cash or credit card payments are done correctly? In other words, what equipment would you have at the checkout station? What other measures would you take?

28 INFO425: Systems Design INFORMATION SYSTEMS @ X Designing Reports, Statements, and Turnaround Documents  Printed versus electronic  Types of output reports  Detailed  Summary  Exception  Executive  Internal versus external  Graphical and multimedia presentation

29 INFO425: Systems Design INFORMATION SYSTEMS @ X RMO Summary Report with Drill Down to the Detailed Report

30 INFO425: Systems Design INFORMATION SYSTEMS @ X Sample Bar Chart and Pie Chart Reports

31 INFO425: Systems Design INFORMATION SYSTEMS @ X Looking at data in new ways Examples http://visudemos.ilog.com/webdemos/pivot/pivot.htmlhttp://visudemos.ilog.com/webdemos/pivot/pivot.htmlhttp://visudemos.ilog.com/webdemos/pivot/pivot.html http://visudemos.ilog.com/webdemos/sales/sales.htmlhttp://visudemos.ilog.com/webdemos/sales/sales.htmlhttp://visudemos.ilog.com/webdemos/sales/sales.html http://www.youtube.com/watch?v=MRFzoSU-Yu8&feature=relatedhttp://www.youtube.com/watch?v=MRFzoSU-Yu8&feature=relatedhttp://www.youtube.com/watch?v=MRFzoSU-Yu8&feature=related http://www.youtube.com/watch?v=GKrQO4ujkks&feature=relatedhttp://www.youtube.com/watch?v=GKrQO4ujkks&feature=relatedhttp://www.youtube.com/watch?v=GKrQO4ujkks&feature=related

32 INFO425: Systems Design INFORMATION SYSTEMS @ X Creating Reports  What is objective of report?  What is the context of the report – what will it be used for?  Who is the intended audience?  What is media for presentation?  How frequently generated and how generated?

33 INFO425: Systems Design INFORMATION SYSTEMS @ X Integrating reporting into processes/workflows Information/Metrics: What information is needed to support the individuals engaged in this activity? Further, what are the required characteristics of this information in terms of accuracy, currency and other measures? Format: How should information be presented to individuals to best support the activity? Through paper reports? On-line screens? Embedded in an operational system? How should information be formatted – simple lists? cross-tab reports? charts/graphs? Functionality: In addition to viewing information, do individuals require the need to explore the information (slice, drill, etc)? Do they need to build algorithms or calculations based on the information provided? What else do they need their BI environment to do for them?

34 INFO425: Systems Design INFORMATION SYSTEMS @ X Designing Integrity Controls  Mechanisms and procedures built into a system to safeguard it and information contained within  Integrity controls  Built into application and database system to safeguard information  Security controls  Built into operating system and network  Protect system

35 INFO425: Systems Design INFORMATION SYSTEMS @ X Scenario  You are a security analyst for a company that plans to build a new order processing system to be used internally and available directly to customers via the web.  You’ve been assigned the task of identifying all points of ‘vulnerability’  List all points of vulnerability and identify what you see as the top 3 risks, from a security perspective.

36 INFO425: Systems Design INFORMATION SYSTEMS @ X Objectives of Integrity Controls  Ensure that only appropriate and correct business transactions occur  Ensure that transactions are recorded and processed correctly  Protect and safeguard assets of the organization  Software  Hardware  Information

37 INFO425: Systems Design INFORMATION SYSTEMS @ X Points of Security and Integrity Controls Also, physical security – meaning?

38 INFO425: Systems Design INFORMATION SYSTEMS @ X Physical security/integrity considerations  Access to server rooms  Power backup (UPS)  Backup sites

39 INFO425: Systems Design INFORMATION SYSTEMS @ X Input Integrity Controls  Used with all input mechanisms  Additional level of verification to help reduce input errors  Common control techniques  Field combination controls  Value limit controls  Completeness controls  Data validation controls

40 INFO425: Systems Design INFORMATION SYSTEMS @ X Database Integrity Controls  Access controls  User views, user profiles, etc.  Data encryption  Transaction controls  Fraud  Error recovery  Update controls  Transaction management  Backup and recovery protection

41 INFO425: Systems Design INFORMATION SYSTEMS @ X Output Integrity Controls  Ensure output arrives at proper destination and is correct, accurate, complete, and current  Destination controls - output is channeled to correct people  Cover sheets, etc.  Electronic routing…email  Completeness, accuracy, and correctness controls  Appropriate information present in output

42 INFO425: Systems Design INFORMATION SYSTEMS @ X Integrity Controls to Prevent Fraud  Three conditions are present in fraud cases  Personal pressure, such as desire to maintain extravagant lifestyle  Rationalizations, including “I will repay this money” or “I have this coming”  Opportunity, such as unverified cash receipts  Control of fraud requires both manual procedures and computer integrity controls

43 INFO425: Systems Design INFORMATION SYSTEMS @ X Fraud Risks and Prevention Techniques

44 INFO425: Systems Design INFORMATION SYSTEMS @ X Designing Security Controls  Security controls protect assets of organization from all threats  External threats such as hackers, viruses, worms, and message overload attacks  Security control objectives (in addition to integrity controls)  Maintain stable, functioning operating environment for users and application systems (24 x 7)  Protect information and transactions during transmission outside organization (public carriers)

45 INFO425: Systems Design INFORMATION SYSTEMS @ X Security for Access to Systems  Used to control access to any resource managed by operating system or network  User categories  Unauthorized user – no authorization to access  Registered user – authorized to access system  Privileged user – authorized to administrate system  Organized so that all resources can be accessed with same unique ID/password combination

46 INFO425: Systems Design INFORMATION SYSTEMS @ X Users and Access Roles to Computer Systems

47 INFO425: Systems Design INFORMATION SYSTEMS @ X Managing User Access  Most common technique is user ID / password  Authorization – Is user permitted to access?  Access control list – users with rights to access  Authentication – Is user who they claim to be?  Other techniques:  Smart card – computer-readable plastic card with embedded security information  Biometric devices – keystroke patterns, fingerprinting, retinal scans, voice characteristics

48 INFO425: Systems Design INFORMATION SYSTEMS @ X Data Security  Data and files themselves must be secure  Encryption – primary security method  Altering data so unauthorized users cannot view  Decryption  Altering encrypted data back to its original state  Symmetric key – same key encrypts and decrypts  Asymmetric key – different key decrypts  Public key – public encrypts; private decrypts

Download ppt "INFORMATION X INFO425: Systems Design Chapter 15 Designing System Interfaces, Security and Controls."

Similar presentations

Module 3: Business Information Systems

Module 3: Business Information Systems
Chapter 10: The Traditional Approach to Design

Chapter 10: The Traditional Approach to Design
Systems Analysis and Design in a Changing World, Fifth Edition

Systems Analysis and Design in a Changing World, Fifth Edition
Systems Analysis and Design in a Changing World, Fourth Edition

Systems Analysis and Design in a Changing World, Fourth Edition
Using Dataflow Diagrams

Using Dataflow Diagrams
Chapter 12 Designing System Interfaces, Controls, and Security

Chapter 12 Designing System Interfaces, Controls, and Security
Traditional Approach to Design

Traditional Approach to Design
Chapter 10 The Traditional Approach to Design

Chapter 10 The Traditional Approach to Design
Chapter 9: The Traditional Approach to Design Chapter 10 Systems Analysis and Design in a Changing World, 3 rd Edition.

Chapter 9: The Traditional Approach to Design Chapter 10 Systems Analysis and Design in a Changing World, 3 rd Edition.
Input to the Computer * Input * Keyboard * Pointing Devices

Input to the Computer * Input * Keyboard * Pointing Devices
Systems Analysis and Design in a Changing World, 6th Edition

Systems Analysis and Design in a Changing World, 6th Edition
Your Interactive Guide to the Digital World Discovering Computers 2012 Chapter 10 Managing a Database.

Your Interactive Guide to the Digital World Discovering Computers 2012 Chapter 10 Managing a Database.
Using Dataflow Diagrams

Using Dataflow Diagrams
Chapter 7 Using Data Flow Diagrams

Chapter 7 Using Data Flow Diagrams
14 Systems Analysis and Design in a Changing World, Fourth Edition.

14 Systems Analysis and Design in a Changing World, Fourth Edition.
Living in a Digital World Discovering Computers 2010.

Living in a Digital World Discovering Computers 2010.
PowerPoint Presentation for Dennis, Wixom & Tegarden Systems Analysis and Design Copyright 2001 © John Wiley & Sons, Inc. All rights reserved. Slide 1.

PowerPoint Presentation for Dennis, Wixom & Tegarden Systems Analysis and Design Copyright 2001 © John Wiley & Sons, Inc. All rights reserved. Slide 1.
Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System interfaces Updated: November 2014.

Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System interfaces Updated: November 2014.
Chapter 7 Using Data Flow Diagrams

Chapter 7 Using Data Flow Diagrams
Chapter Lead Black Slide © 2001 Business & Information Systems 2/e.

Chapter Lead Black Slide © 2001 Business & Information Systems 2/e.

Similar presentations

Ads by Google