Objectives Discuss examples of system interfaces found in information systems Define system inputs and outputs based on the requirements models of the system Design printed and on-screen reports appropriate for recipients Object-Oriented Analysis and Design with the Unified Process

Objectives (continued) Explain the importance of integrity controls Identify required integrity controls for inputs, outputs, data, and processing Discuss issues related to security that affect the design and operation of information systems Object-Oriented Analysis and Design with the Unified Process

Overview Many system inputs and outputs do not require much human intervention Electronic transmissions or paper outputs to external agents Integrity and security controls protect the system and its data Integrity controls validate data Security controls protect the system from outside threats Object-Oriented Analysis and Design with the Unified Process

Overview (continued) System interfaces can have technical requirements that pose high risk Design high-risk elements in early elaboration phases Security controls (secure transactions, encryption, digital certificates) Design low risk elements in construction phases Reports, integrity controls Object-Oriented Analysis and Design with the Unified Process

Identifying System Interfaces Identify opportunities to automate system interfaces whenever possible Inputs from other systems Highly automated inputs Inputs that are from data in external databases Outputs that are to external databases Outputs with minimal HCI Outputs to other systems Real-time connections (both input and output) Object-Oriented Analysis and Design with the Unified Process

The full range of inputs and outputs in an information system Figure 12-1 The full range of inputs and outputs in an information system Object-Oriented Analysis and Design with the Unified Process

Identifying System Interfaces (continued) Electronic data exchange (EDI) reduces the need for user input Challenge is to define the format of the transaction XML (eXtensible Markup Language) provides a common system-to-system interface Extension of HTML that embeds self-defining data structures with textual messages Markup codes are defined in a separate DTD file Designed to take advantage of the Internet Object-Oriented Analysis and Design with the Unified Process

A system-to-system interface based on XML Figure 12-2 A system-to-system interface based on XML Object-Oriented Analysis and Design with the Unified Process

System Inputs Identify input devices and mechanisms Electronic forms, scanning devices Identify all system inputs and develop a list with the data content of each Provides link between use case descriptions and interface design Determine what kinds of controls are necessary for each system input Develop a statement of policy and control points Object-Oriented Analysis and Design with the Unified Process

Input Devices and Mechanisms Practices to input error-free data into a system Capture data close to the originating source Use electronic devices and automatic entry whenever possible Avoid human involvement as much as possible Use information from electronic forms whenever possible, rather than reentering information Validate and correct information at the time and location it is entered Object-Oriented Analysis and Design with the Unified Process

Defining the Details of System Inputs System sequence diagrams identify incoming messages Messages that cross the system boundary from external systems Design class diagrams identify and describe input parameters Check parameters and attribute types in sequence diagrams with design class diagrams for consistency Object-Oriented Analysis and Design with the Unified Process

System sequence diagram for Figure 12-4 System sequence diagram for Create new order Object-Oriented Analysis and Design with the Unified Process

Input messages and data parameters from an RMO system sequence diagram Figure 12-5 Input messages and data parameters from an RMO system sequence diagram Object-Oriented Analysis and Design with the Unified Process

Designing System Outputs Determine the type of each system output Make a list of specific system outputs based on application design Specify any necessary controls to protect the information provided in the output Design and prototype the output layout Users may also develop their own ad hoc reports using tools and preformatted templates An ad hoc report is a result of a new user query Object-Oriented Analysis and Design with the Unified Process

Defining the Details of System Outputs Use models to identify and define the detailed specifications of outputs Event tables Sequence diagrams Messages that originate from an internal system object and are sent to an external actor or system Output messages based on an individual record are usually part of the object’s methods Use a class-level method to report on all objects within a class Object-Oriented Analysis and Design with the Unified Process

A table of system outputs based on object-oriented messages Figure 12-6 A table of system outputs based on object-oriented messages Object-Oriented Analysis and Design with the Unified Process

Types of Output Reports Detailed Contains detailed transactions or records Summary Recaps periodic activity Exception Only contains information about nonstandard conditions Executive Summary report used for strategic decisions Object-Oriented Analysis and Design with the Unified Process

Internal versus External Outputs Internal reports are produced for use inside an organization Control break report Contains detailed and summary information External reports are official business documents for an outside audience Turnaround documents External output that contains a portion to be returned to the system as input Object-Oriented Analysis and Design with the Unified Process

RMO shopping cart order report (an external report) Figure 12-7 RMO shopping cart order report (an external report) Object-Oriented Analysis and Design with the Unified Process

RMO inventory report (an internal control break report) Figure 12-8 RMO inventory report (an internal control break report) Object-Oriented Analysis and Design with the Unified Process

Electronic Reports Provide great flexibility in the organization and presentation of information Dynamic - can change to meet the specific needs of a user in a particular situation Drill down technique allows the user to activate a hotlink to view lower-level reports Can view data from different perspectives Some provide frames, graphics, and animation Object-Oriented Analysis and Design with the Unified Process

An RMO summary report with drill down to the detailed report Figure 12-10 An RMO summary report with drill down to the detailed report Object-Oriented Analysis and Design with the Unified Process

Graphical and Multimedia Presentation Chart and graphs Make reporting more user-friendly Summarize massive amounts of data and present it in graphical form Are useful for examining trends and changes Audio and visual output can be combined to provide audio descriptions and animation Object-Oriented Analysis and Design with the Unified Process

Sample bar chart and pie chart reports Figure 12-11 Sample bar chart and pie chart reports Object-Oriented Analysis and Design with the Unified Process

Formatting Reports Three design principles for formatting reports What is the objective of the report? Decide on the needed level of detail Who is the intended audience? Use appropriate labels, headings, and fonts What is the medium for presentation? Standard stock paper, computer screens, wireless portable devices Object-Oriented Analysis and Design with the Unified Process

Integrity Controls Controls that are integrated into the application and database Ensures that Only appropriate and correct business transactions occur Transactions are processed and recorded correctly Assets of the organization are protected and safeguarded Object-Oriented Analysis and Design with the Unified Process

and integrity controls Figure 12-12 Points of security and integrity controls Object-Oriented Analysis and Design with the Unified Process

Input Integrity Controls Field combination controls Review various combinations of fields to ensure correct data entry Value limit controls Check numeric fields for reasonable amounts Completeness controls Ensure all necessary fields are completed Data validation controls Ensure that numeric fields with codes are correct Object-Oriented Analysis and Design with the Unified Process

Database Integrity Controls Access controls determine who has access to a system and its data A DBMS can apply controls at a much finer level of detail than an operating system Encryption is used for data within the database and for data transmissions Transaction logging audits all updates to a database Discourages fraudulent transactions and provides a recovery mechanism Object-Oriented Analysis and Design with the Unified Process

Database Integrity Controls (continued) Update controls within a DBMS provide record locking against multiple updates that conflict or overwrite each other For complex transactions, delay commitment of an update until all updates have been verified Backup and recovery procedures protect the database from catastrophes Partial or incremental backups capture changes to the database between total backups Object-Oriented Analysis and Design with the Unified Process

Output Integrity Controls Destination controls ensure that output information is channeled to the correct persons Online transactions include routing codes Output data files have special beginning and ending records Completeness, accuracy, and correctness controls are primarily a function of the internal processing system i.e., date and time stamp Object-Oriented Analysis and Design with the Unified Process

Integrity Controls to Prevent Fraud Three conditions are present in almost all fraud cases Personal pressure Rationalization Opportunity Reduce fraud by having adequate manual controls and automated records of money and assets Almost every system requires some type of integrity control Object-Oriented Analysis and Design with the Unified Process

Fraud risks and prevention techniques Figure 12-13 Fraud risks and prevention techniques (from Dr. Marshall Romney at Brigham Young University) Object-Oriented Analysis and Design with the Unified Process

Designing Security Controls Security controls are provided by the operating system or environment to protect the data and processing systems from malicious attacks Objectives Maintain a stable, functioning operating environment for users and application systems Protect information and transactions during transmission outside the organization Object-Oriented Analysis and Design with the Unified Process

Security for Access to Systems System access controls restrict what portions of a computer system a person can use Hardware, application controls, and data files Designers often use the access controls embedded in system software Implements a single access control scheme Designing access controls beyond those provided by the system requires technical expertise Object-Oriented Analysis and Design with the Unified Process

Users and their access to computer systems Figure 12-14 Users and their access to computer systems Object-Oriented Analysis and Design with the Unified Process

Types of Users Unauthorized users do not have permission to use a system Authorization determines who has access to the system and its data Registered users are authorized to use the system Access control lists are users or groups that can access a system resource or access type Privileged users have special security access privileges to a system i.e., source code, database structure Object-Oriented Analysis and Design with the Unified Process

Passwords, Smart Cards, Biometric Devices Authentication Process of identifying users to verify that he or she has access to the system Common approach: username and password Smart card Computer-readable plastic card with security information embedded within it Biometric devices The individual become the gateway to the system through fingerprints, retinas, facial patterns, etc Object-Oriented Analysis and Design with the Unified Process

Data Security Primary way to maintain data security for internal and transmitted data is through encryption Encryption alters data so that it cannot be viewed by unauthorized users An encryption algorithm is a complex mathematical formula that encrypts and decrypts data An encryption key is a binary key to the algorithm Data can be decrypted only with the key or a compatible key Object-Oriented Analysis and Design with the Unified Process

Data Security (continued) Symmetric encryption The same key encrypts and decrypts the data Not as secure as asymmetric encryption Asymmetric encryption Uses one key to encrypt and another key to decrypt the data Public key encryption is an asymmetric method is which one key is publicized and the other key is kept private Object-Oriented Analysis and Design with the Unified Process

Symmetric key encryption Figure 12-16 Symmetric key encryption Object-Oriented Analysis and Design with the Unified Process

Asymmetric key encryption Figure 12-17 Asymmetric key encryption Object-Oriented Analysis and Design with the Unified Process

Digital Signatures and Certificates Technique in which a document is encrypted using a private key to verify who wrote the document Digital certificate Text message encrypted by a verifying authority and used to broadcast an organization’s name and public key Certifying authority A well-known third party that sells digital certificates to organizations Object-Oriented Analysis and Design with the Unified Process

Using a digital certificate Figure 12-18 Using a digital certificate Object-Oriented Analysis and Design with the Unified Process

Secure Transactions Secure Sockets Layer (SSL) Standard protocol to connect and transmit encrypted data Transport Layer Security (TLS) Updated version of SSL IPSec Newer Internet standard for secure message transmission Secure Hypertext Transport Protocol (HTTPS) Internet standard for transmitting Web pages securely Object-Oriented Analysis and Design with the Unified Process

Summary System interfaces include all inputs and outputs not part of the user interface Input design requires three steps Identify input devices and mechanisms Identify all system input and list the data content of each Determine integrity controls for each system input Develop the list of inputs from sequence and design class diagrams Object-Oriented Analysis and Design with the Unified Process

Summary (continued) Designing system outputs follow the same process as system inputs Sequence diagrams identify messages that exit system Output can be presented with charts, graphs, and multimedia Consider the intended audience and purpose of the output before choosing an output medium Object-Oriented Analysis and Design with the Unified Process

Summary (continued) Integrity controls are used to ensure Occurrence of only appropriate and correct business transactions Correct processing and recording of transactions That systems are safeguarded Security controls are critical for systems that have access to public networks Primarily based on public key systems and encryption techniques Object-Oriented Analysis and Design with the Unified Process