Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)

  • 2,662 views
Uploaded on

 

More in: Education , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
2,662
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
51
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. System sequence diagram
  • 2. Concept of System SequenceDiagram (SSD)  Part of system design. Communicates to OO programmers.  SSD shows interaction between actors and system (global SSD), and among objects (detailed SSD)  SSD specifies flow of data (messages)  Messages are actions (resemble commands) invoked on destination object
  • 3. Global SSDFigure 6-14 SSD of a customer order system
  • 4. Global SSD – loopsFigure 6-15 Note: extendedPrice = price * quantity Expected output True/False Condition Loop Input
  • 5. Creating global SSD1. Start with an activity diagram and/or use case description.2. Identify the input messages from actor to system. For figuring attributes (input parameters), use class diagram.3. Identify/apply special conditions (iteration) to input messages, if any.4. Identify output messages.
  • 6. Creating global SSD (cont.) Account accountNo customerID OrderDetai quantity extendPrice Order orderID TotalAmt Product productID size description CatalogProduct price Catalog catalogIDFigure 6-16. Activity diagram of Figure 6-17. Global SSD of the same Figure 5-31 (detail).Create New Order use case, Class diagram of RMOTelephone Scenario at RMO
  • 7. Holycross of Davao CollegeSystem Analysis and Design (IT11)By: John Ely P. Masculino
  • 8. Designing System Interfaces (UI Vs SI)System Interface (SI) User Interface (UI) - I/O with minimal or no - I/O requiring human human intervention. interaction. - User interface is everything end user comes into contact with while using the system - To the user, the interface is the system
  • 9. Identifying System Interfaces- Inputs from other System (messages, EDI).- Highly automated inputs such as scanners.- Inputs that are from data in external databases.- Outputs to external databases.- Outputs with minimal HCI.- Outputs to other systems.- Real-time connection (both input and output).
  • 10. The full range of inputs andoutputs in an information system
  • 11. Designing System Inputs - Identify devices and mechanisms • High-level review of most up-to-date methods to enter data - Identify all system inputs and develop list of data content of each • Provide link between design of application software and design of user and system interfaces - Determine controls and security necessary for each system input
  • 12. Input Devices and Mechanism- Capture data as close to original source aspossible- Use electronic devices and automatic entrywhenever possible- Avoid human involvement as much as possible- Seek information in electronic form to avoiddata reentry- Validate and correct information at entry point
  • 13. Prevalent Input Devices to Avoid Human Data Entry- Magnetic card strip readers- Bar code readers- Optical character recognition readers andscanners- Radio-frequency identification tags- Touch screens and devices- Electronic pens and writing surfaces- Digitizers, such as digital cameras and digitalaudio devices
  • 14. Defining the Details of System Inputs- Ensure all data inputs are identified andspecified correctly • Identifying user and system inputs with OO approach has same tasks as traditional approach • OO diagrams are used instead of DFDs and structure charts • System sequence diagrams identify each incoming message • Design class diagrams and sequence diagrams identify and describe input parameters and verify characteristics of inputs
  • 15. Partial System Sequence Diagram for Payroll System Use Cases
  • 16. System Sequence Diagram for Create New Order
  • 17. Input Messages and Data Parameters from RMO System Sequence Diagram
  • 18. Designing System Outputs - Determine each type of output - Make list of specific system outputs required based on application design - Specify any necessary controls to protect information provided in output - Design and prototype output layout - Ad hoc reports – designed as needed by user
  • 19. Defining the Details of System Outputs Outputs indicated by messages in sequence diagrams – Originate from internal system objects – Sent to external actors or another external system Output messages based on an individual object are usually part of methods of that class object To report on all objects within a class, class-level method is used that works on entire class
  • 20. Table of System Outputs Based on OO Messages
  • 21. Types of reports– Printed reports– Electronic displays– Turnaround documents– Graphical and Multimedia presentation
  • 22. Types of Output Reports Detailed – Contains detailed transactions or records Summary – Recaps periodic activity Exception – Only contains information about nonstandard conditions Executive – Summary report used for strategic decisions
  • 23. Designing Integrity Controls Mechanisms and procedures built into a system to safeguard it and information contained within Integrity controls – Built into application and database system to safeguard information Security controls
  • 24. Objectives of Integrity Controls- Ensure that only appropriate and correctbusiness transactions occur- Ensure that transactions are recorded andprocessed correctly- Protect and safeguard assets of theorganization • Software • Hardware • Information
  • 25. Points of Security and Integrity Controls
  • 26. Input Integrity Controls– Used with all input mechanisms– Additional level of verification to help reduce input errors– Common control techniques • Field combination controls • Value limit controls • Completeness controls • Data validation controls
  • 27. Database Integrity Controls– Access controls– Data encryption– Transaction controls– Update controls– Backup and recovery protection
  • 28. Output Integrity Controls– Ensure output arrives at proper destination and is correct, accurate, complete, and current– Destination controls - output is channeled to correct people– Completeness, accuracy, and correctness controls– Appropriate information present in output
  • 29. Integrity Controls to Prevent Fraud Three conditions are present in fraud cases – Personal pressure, such as desire to maintain extravagant lifestyle – Rationalizations, including “I will repay this money” or “I have this coming” – Opportunity, such as unverified cash receipts Control of fraud requires both manual procedures and computer integrity controls
  • 30. Fraud Risks and Prevention Techniques
  • 31. Designing Security Controls Security controls protect assets of organization from all threats – External threats such as hackers, viruses, worms, and message overload attacks Security control objectives – Maintain stable, functioning operating environment for users and application systems (24 x 7) – Protect information and transactions during transmission outside organization (public carriers)
  • 32. Security for Access to Systems Used to control access to any resource managed by operating system or network User categories – Unauthorized user – no authorization to access – Registered user – authorized to access system – Privileged user – authorized to administrate system Organized so that all resources can be accessed with same unique ID/password combination
  • 33. Users and Access Roles to Computer Systems
  • 34. Managing User Access Most common technique is user ID / password Authorization – Is user permitted to access? Access control list – users with rights to access Authentication – Is user who they claim to be? Smart card – computer-readable plastic card with embedded security information Biometric devices – keystroke patterns, fingerprinting, retinal scans, voice characteristics
  • 35. Data Security Data and files themselves must be secure Encryption – primary security method – Altering data so unauthorized users cannot view Decryption – Altering encrypted data back to its original state Symmetric key – same key encrypts and decrypts Asymmetric key – different key decrypts Public key – public encrypts; private decrypts
  • 36. Symmetric Key Encryption
  • 37. Asymmetric Key Encryption
  • 38. Digital Signatures and Certificates Encryption of messages enables secure exchange of information between two entities with appropriate keys Digital signature encrypts document with private key to verify document author Digital certificate is institution’s name and public key that is encrypted and certified by third party Certifying authority – VeriSign or Equifax
  • 39. Using a Digital Certificate
  • 40. Secure Transactions Standard set of methods and protocols for authentication, authorization, privacy, integrity Secure Sockets Layer (SSL) renamed as Transport Layer Security (TLS) – protocol for secure channel to send messages over Internet IP Security (IPSec) – newer standard for transmitting Internet messages securely Secure Hypertext Transport Protocol (HTTPS or HTTP-S) – standard for transmitting Web pages securely (encryption, digital signing, certificates)