Presentation is loading. Please wait.

Presentation is loading. Please wait.

Objectives Discuss examples of system interfaces found in information systems Define system inputs and outputs based on the requirements models of the.

Published byEthelbert Woods Modified over 8 years ago

Similar presentations

Presentation on theme: "Objectives Discuss examples of system interfaces found in information systems Define system inputs and outputs based on the requirements models of the."— Presentation transcript:

1

2 Objectives Discuss examples of system interfaces found in information systems Define system inputs and outputs based on the requirements models of the system Design printed and on-screen reports appropriate for recipients Object-Oriented Analysis and Design with the Unified Process

3 Objectives (continued)
Explain the importance of integrity controls Identify required integrity controls for inputs, outputs, data, and processing Discuss issues related to security that affect the design and operation of information systems Object-Oriented Analysis and Design with the Unified Process

4 Overview Many system inputs and outputs do not require much human intervention Electronic transmissions or paper outputs to external agents Integrity and security controls protect the system and its data Integrity controls validate data Security controls protect the system from outside threats Object-Oriented Analysis and Design with the Unified Process

5 Overview (continued) System interfaces can have technical requirements that pose high risk Design high-risk elements in early elaboration phases Security controls (secure transactions, encryption, digital certificates) Design low risk elements in construction phases Reports, integrity controls Object-Oriented Analysis and Design with the Unified Process

6 Identifying System Interfaces
Identify opportunities to automate system interfaces whenever possible Inputs from other systems Highly automated inputs Inputs that are from data in external databases Outputs that are to external databases Outputs with minimal HCI Outputs to other systems Real-time connections (both input and output) Object-Oriented Analysis and Design with the Unified Process

7 The full range of inputs and outputs in an information system
Figure 12-1 The full range of inputs and outputs in an information system Object-Oriented Analysis and Design with the Unified Process

8 Identifying System Interfaces (continued)
Electronic data exchange (EDI) reduces the need for user input Challenge is to define the format of the transaction XML (eXtensible Markup Language) provides a common system-to-system interface Extension of HTML that embeds self-defining data structures with textual messages Markup codes are defined in a separate DTD file Designed to take advantage of the Internet Object-Oriented Analysis and Design with the Unified Process

9 A system-to-system interface based on XML
Figure 12-2 A system-to-system interface based on XML Object-Oriented Analysis and Design with the Unified Process

10 System Inputs Identify input devices and mechanisms
Electronic forms, scanning devices Identify all system inputs and develop a list with the data content of each Provides link between use case descriptions and interface design Determine what kinds of controls are necessary for each system input Develop a statement of policy and control points Object-Oriented Analysis and Design with the Unified Process

11 Input Devices and Mechanisms
Practices to input error-free data into a system Capture data close to the originating source Use electronic devices and automatic entry whenever possible Avoid human involvement as much as possible Use information from electronic forms whenever possible, rather than reentering information Validate and correct information at the time and location it is entered Object-Oriented Analysis and Design with the Unified Process

12 Defining the Details of System Inputs
System sequence diagrams identify incoming messages Messages that cross the system boundary from external systems Design class diagrams identify and describe input parameters Check parameters and attribute types in sequence diagrams with design class diagrams for consistency Object-Oriented Analysis and Design with the Unified Process

13 System sequence diagram for
Figure 12-4 System sequence diagram for Create new order Object-Oriented Analysis and Design with the Unified Process

14 Input messages and data parameters from an RMO system sequence diagram
Figure 12-5 Input messages and data parameters from an RMO system sequence diagram Object-Oriented Analysis and Design with the Unified Process

15 Designing System Outputs
Determine the type of each system output Make a list of specific system outputs based on application design Specify any necessary controls to protect the information provided in the output Design and prototype the output layout Users may also develop their own ad hoc reports using tools and preformatted templates An ad hoc report is a result of a new user query Object-Oriented Analysis and Design with the Unified Process

16 Defining the Details of System Outputs
Use models to identify and define the detailed specifications of outputs Event tables Sequence diagrams Messages that originate from an internal system object and are sent to an external actor or system Output messages based on an individual record are usually part of the object’s methods Use a class-level method to report on all objects within a class Object-Oriented Analysis and Design with the Unified Process

17 A table of system outputs based on object-oriented messages
Figure 12-6 A table of system outputs based on object-oriented messages Object-Oriented Analysis and Design with the Unified Process

18 Types of Output Reports
Detailed Contains detailed transactions or records Summary Recaps periodic activity Exception Only contains information about nonstandard conditions Executive Summary report used for strategic decisions Object-Oriented Analysis and Design with the Unified Process

19 Internal versus External Outputs
Internal reports are produced for use inside an organization Control break report Contains detailed and summary information External reports are official business documents for an outside audience Turnaround documents External output that contains a portion to be returned to the system as input Object-Oriented Analysis and Design with the Unified Process

20 RMO shopping cart order report (an external report)
Figure 12-7 RMO shopping cart order report (an external report) Object-Oriented Analysis and Design with the Unified Process

21 RMO inventory report (an internal control break report)
Figure 12-8 RMO inventory report (an internal control break report) Object-Oriented Analysis and Design with the Unified Process

22 Electronic Reports Provide great flexibility in the organization and presentation of information Dynamic - can change to meet the specific needs of a user in a particular situation Drill down technique allows the user to activate a hotlink to view lower-level reports Can view data from different perspectives Some provide frames, graphics, and animation Object-Oriented Analysis and Design with the Unified Process

23 An RMO summary report with drill down to the detailed report
Figure 12-10 An RMO summary report with drill down to the detailed report Object-Oriented Analysis and Design with the Unified Process

24 Graphical and Multimedia Presentation
Chart and graphs Make reporting more user-friendly Summarize massive amounts of data and present it in graphical form Are useful for examining trends and changes Audio and visual output can be combined to provide audio descriptions and animation Object-Oriented Analysis and Design with the Unified Process

25 Sample bar chart and pie chart reports
Figure 12-11 Sample bar chart and pie chart reports Object-Oriented Analysis and Design with the Unified Process

26 Formatting Reports Three design principles for formatting reports
What is the objective of the report? Decide on the needed level of detail Who is the intended audience? Use appropriate labels, headings, and fonts What is the medium for presentation? Standard stock paper, computer screens, wireless portable devices Object-Oriented Analysis and Design with the Unified Process

27 Integrity Controls Controls that are integrated into the application and database Ensures that Only appropriate and correct business transactions occur Transactions are processed and recorded correctly Assets of the organization are protected and safeguarded Object-Oriented Analysis and Design with the Unified Process

28 and integrity controls
Figure 12-12 Points of security and integrity controls Object-Oriented Analysis and Design with the Unified Process

29 Input Integrity Controls
Field combination controls Review various combinations of fields to ensure correct data entry Value limit controls Check numeric fields for reasonable amounts Completeness controls Ensure all necessary fields are completed Data validation controls Ensure that numeric fields with codes are correct Object-Oriented Analysis and Design with the Unified Process

30 Database Integrity Controls
Access controls determine who has access to a system and its data A DBMS can apply controls at a much finer level of detail than an operating system Encryption is used for data within the database and for data transmissions Transaction logging audits all updates to a database Discourages fraudulent transactions and provides a recovery mechanism Object-Oriented Analysis and Design with the Unified Process

31 Database Integrity Controls (continued)
Update controls within a DBMS provide record locking against multiple updates that conflict or overwrite each other For complex transactions, delay commitment of an update until all updates have been verified Backup and recovery procedures protect the database from catastrophes Partial or incremental backups capture changes to the database between total backups Object-Oriented Analysis and Design with the Unified Process

32 Output Integrity Controls
Destination controls ensure that output information is channeled to the correct persons Online transactions include routing codes Output data files have special beginning and ending records Completeness, accuracy, and correctness controls are primarily a function of the internal processing system i.e., date and time stamp Object-Oriented Analysis and Design with the Unified Process

33 Integrity Controls to Prevent Fraud
Three conditions are present in almost all fraud cases Personal pressure Rationalization Opportunity Reduce fraud by having adequate manual controls and automated records of money and assets Almost every system requires some type of integrity control Object-Oriented Analysis and Design with the Unified Process

34 Fraud risks and prevention techniques
Figure 12-13 Fraud risks and prevention techniques (from Dr. Marshall Romney at Brigham Young University) Object-Oriented Analysis and Design with the Unified Process

35 Designing Security Controls
Security controls are provided by the operating system or environment to protect the data and processing systems from malicious attacks Objectives Maintain a stable, functioning operating environment for users and application systems Protect information and transactions during transmission outside the organization Object-Oriented Analysis and Design with the Unified Process

36 Security for Access to Systems
System access controls restrict what portions of a computer system a person can use Hardware, application controls, and data files Designers often use the access controls embedded in system software Implements a single access control scheme Designing access controls beyond those provided by the system requires technical expertise Object-Oriented Analysis and Design with the Unified Process

37 Users and their access to computer systems
Figure 12-14 Users and their access to computer systems Object-Oriented Analysis and Design with the Unified Process

38 Types of Users Unauthorized users do not have permission to use a system Authorization determines who has access to the system and its data Registered users are authorized to use the system Access control lists are users or groups that can access a system resource or access type Privileged users have special security access privileges to a system i.e., source code, database structure Object-Oriented Analysis and Design with the Unified Process

39 Passwords, Smart Cards, Biometric Devices
Authentication Process of identifying users to verify that he or she has access to the system Common approach: username and password Smart card Computer-readable plastic card with security information embedded within it Biometric devices The individual become the gateway to the system through fingerprints, retinas, facial patterns, etc Object-Oriented Analysis and Design with the Unified Process

40 Data Security Primary way to maintain data security for internal and transmitted data is through encryption Encryption alters data so that it cannot be viewed by unauthorized users An encryption algorithm is a complex mathematical formula that encrypts and decrypts data An encryption key is a binary key to the algorithm Data can be decrypted only with the key or a compatible key Object-Oriented Analysis and Design with the Unified Process

41 Data Security (continued)
Symmetric encryption The same key encrypts and decrypts the data Not as secure as asymmetric encryption Asymmetric encryption Uses one key to encrypt and another key to decrypt the data Public key encryption is an asymmetric method is which one key is publicized and the other key is kept private Object-Oriented Analysis and Design with the Unified Process

42 Symmetric key encryption
Figure 12-16 Symmetric key encryption Object-Oriented Analysis and Design with the Unified Process

43 Asymmetric key encryption
Figure 12-17 Asymmetric key encryption Object-Oriented Analysis and Design with the Unified Process

44 Digital Signatures and Certificates
Technique in which a document is encrypted using a private key to verify who wrote the document Digital certificate Text message encrypted by a verifying authority and used to broadcast an organization’s name and public key Certifying authority A well-known third party that sells digital certificates to organizations Object-Oriented Analysis and Design with the Unified Process

45 Using a digital certificate
Figure 12-18 Using a digital certificate Object-Oriented Analysis and Design with the Unified Process

46 Secure Transactions Secure Sockets Layer (SSL)
Standard protocol to connect and transmit encrypted data Transport Layer Security (TLS) Updated version of SSL IPSec Newer Internet standard for secure message transmission Secure Hypertext Transport Protocol (HTTPS) Internet standard for transmitting Web pages securely Object-Oriented Analysis and Design with the Unified Process

47 Summary System interfaces include all inputs and outputs not part of the user interface Input design requires three steps Identify input devices and mechanisms Identify all system input and list the data content of each Determine integrity controls for each system input Develop the list of inputs from sequence and design class diagrams Object-Oriented Analysis and Design with the Unified Process

48 Summary (continued) Designing system outputs follow the same process as system inputs Sequence diagrams identify messages that exit system Output can be presented with charts, graphs, and multimedia Consider the intended audience and purpose of the output before choosing an output medium Object-Oriented Analysis and Design with the Unified Process

49 Summary (continued) Integrity controls are used to ensure
Occurrence of only appropriate and correct business transactions Correct processing and recording of transactions That systems are safeguarded Security controls are critical for systems that have access to public networks Primarily based on public key systems and encryption techniques Object-Oriented Analysis and Design with the Unified Process

Download ppt "Objectives Discuss examples of system interfaces found in information systems Define system inputs and outputs based on the requirements models of the."

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Systems Analysis and Design in a Changing World, Fourth Edition

Systems Analysis and Design in a Changing World, Fourth Edition
Chapter 12 Designing System Interfaces, Controls, and Security

Chapter 12 Designing System Interfaces, Controls, and Security
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Systems Analysis and Design in a Changing World, 6th Edition

Systems Analysis and Design in a Changing World, 6th Edition
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Your Interactive Guide to the Digital World Discovering Computers 2012 Chapter 10 Managing a Database.

Your Interactive Guide to the Digital World Discovering Computers 2012 Chapter 10 Managing a Database.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
14 Systems Analysis and Design in a Changing World, Fourth Edition.

14 Systems Analysis and Design in a Changing World, Fourth Edition.
Living in a Digital World Discovering Computers 2010.

Living in a Digital World Discovering Computers 2010.
Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System interfaces Updated: November 2014.

Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System interfaces Updated: November 2014.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.

Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.
PHASE 3: SYSTEMS DESIGN Chapter 7 Data Design.

PHASE 3: SYSTEMS DESIGN Chapter 7 Data Design.
Systems Analysis and Design in a Changing World, 6th Edition

Systems Analysis and Design in a Changing World, 6th Edition
Systems Analysis and Design in a Changing World, 6th Edition

Systems Analysis and Design in a Changing World, 6th Edition
Systems Analysis and Design in a Changing World, 6th Edition

Systems Analysis and Design in a Changing World, 6th Edition
Systems Analysis and Design in a Changing World, 6th Edition

Systems Analysis and Design in a Changing World, 6th Edition
- Physical design of output reports and input forms

- Physical design of output reports and input forms

Similar presentations

Ads by Google