System sequence diagram
Concept of System SequenceDiagram (SSD)    Part of system design. Communicates to     OO programmers.    SSD shows inter...
Global SSDFigure 6-14       SSD of a customer order system
Global SSD – loopsFigure 6-15                                             Note: extendedPrice =                           ...
Creating global SSD1. Start with an activity diagram and/or    use case description.2. Identify the input messages from ac...
Creating global SSD                                    (cont.)                                                            ...
Holycross of Davao CollegeSystem Analysis and Design (IT11)By: John Ely P. Masculino
Designing System Interfaces                 (UI Vs SI)System Interface (SI)        User Interface (UI)  - I/O with minimal...
Identifying System Interfaces- Inputs from other System (messages, EDI).- Highly automated inputs such as scanners.- Input...
The full range of inputs andoutputs in an information system
Designing System Inputs - Identify devices and mechanisms    • High-level review of most up-to-date methods      to enter ...
Input Devices and Mechanism- Capture data as close to original source aspossible- Use electronic devices and automatic ent...
Prevalent Input Devices to          Avoid Human Data Entry- Magnetic card strip readers- Bar code readers- Optical charact...
Defining the Details of System Inputs- Ensure all data inputs are identified andspecified correctly   • Identifying user a...
Partial System Sequence Diagram for Payroll             System Use Cases
System Sequence Diagram for Create New Order
Input Messages and Data Parameters from     RMO System Sequence Diagram
Designing System Outputs - Determine each type of output - Make list of specific system outputs required based on applicat...
Defining the Details of System Outputs   Outputs indicated by messages in sequence    diagrams     – Originate from inter...
Table of System Outputs Based on OO              Messages
Types of reports– Printed reports– Electronic displays– Turnaround documents– Graphical and Multimedia presentation
Types of Output Reports   Detailed     – Contains detailed transactions or records   Summary     – Recaps periodic activ...
Designing Integrity Controls   Mechanisms and procedures built into a system    to safeguard it and information contained...
Objectives of Integrity Controls- Ensure that only appropriate and correctbusiness transactions occur- Ensure that transac...
Points of Security and Integrity Controls
Input Integrity Controls– Used with all input mechanisms– Additional level of verification to help  reduce input errors– C...
Database Integrity Controls– Access controls– Data encryption– Transaction controls– Update controls– Backup and recovery ...
Output Integrity Controls– Ensure output arrives at proper destination  and is correct, accurate, complete, and  current– ...
Integrity Controls to Prevent Fraud   Three conditions are present in fraud cases    – Personal pressure, such as desire ...
Fraud Risks and Prevention Techniques
Designing Security Controls   Security controls protect assets of    organization from all threats    – External threats ...
Security for Access to Systems Used to control access to any resource managed  by operating system or network User categ...
Users and Access Roles to   Computer Systems
Managing User Access   Most common technique is user ID / password   Authorization – Is user permitted to access?   Acc...
Data Security   Data and files themselves must be secure   Encryption – primary security method    – Altering data so un...
Symmetric Key Encryption
Asymmetric Key Encryption
Digital Signatures and Certificates   Encryption of messages enables secure exchange    of information between two entiti...
Using a Digital Certificate
Secure Transactions   Standard set of methods and protocols for authentication,    authorization, privacy, integrity   S...
Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)
Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)
Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)
Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)
Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)
Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)
Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)
Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)
Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)
Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)
Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)
Upcoming SlideShare
Loading in …5
×

Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)

5,132 views

Published on

Published in: Education, Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
5,132
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
115
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)

  1. 1. System sequence diagram
  2. 2. Concept of System SequenceDiagram (SSD)  Part of system design. Communicates to OO programmers.  SSD shows interaction between actors and system (global SSD), and among objects (detailed SSD)  SSD specifies flow of data (messages)  Messages are actions (resemble commands) invoked on destination object
  3. 3. Global SSDFigure 6-14 SSD of a customer order system
  4. 4. Global SSD – loopsFigure 6-15 Note: extendedPrice = price * quantity Expected output True/False Condition Loop Input
  5. 5. Creating global SSD1. Start with an activity diagram and/or use case description.2. Identify the input messages from actor to system. For figuring attributes (input parameters), use class diagram.3. Identify/apply special conditions (iteration) to input messages, if any.4. Identify output messages.
  6. 6. Creating global SSD (cont.) Account accountNo customerID OrderDetai quantity extendPrice Order orderID TotalAmt Product productID size description CatalogProduct price Catalog catalogIDFigure 6-16. Activity diagram of Figure 6-17. Global SSD of the same Figure 5-31 (detail).Create New Order use case, Class diagram of RMOTelephone Scenario at RMO
  7. 7. Holycross of Davao CollegeSystem Analysis and Design (IT11)By: John Ely P. Masculino
  8. 8. Designing System Interfaces (UI Vs SI)System Interface (SI) User Interface (UI) - I/O with minimal or no - I/O requiring human human intervention. interaction. - User interface is everything end user comes into contact with while using the system - To the user, the interface is the system
  9. 9. Identifying System Interfaces- Inputs from other System (messages, EDI).- Highly automated inputs such as scanners.- Inputs that are from data in external databases.- Outputs to external databases.- Outputs with minimal HCI.- Outputs to other systems.- Real-time connection (both input and output).
  10. 10. The full range of inputs andoutputs in an information system
  11. 11. Designing System Inputs - Identify devices and mechanisms • High-level review of most up-to-date methods to enter data - Identify all system inputs and develop list of data content of each • Provide link between design of application software and design of user and system interfaces - Determine controls and security necessary for each system input
  12. 12. Input Devices and Mechanism- Capture data as close to original source aspossible- Use electronic devices and automatic entrywhenever possible- Avoid human involvement as much as possible- Seek information in electronic form to avoiddata reentry- Validate and correct information at entry point
  13. 13. Prevalent Input Devices to Avoid Human Data Entry- Magnetic card strip readers- Bar code readers- Optical character recognition readers andscanners- Radio-frequency identification tags- Touch screens and devices- Electronic pens and writing surfaces- Digitizers, such as digital cameras and digitalaudio devices
  14. 14. Defining the Details of System Inputs- Ensure all data inputs are identified andspecified correctly • Identifying user and system inputs with OO approach has same tasks as traditional approach • OO diagrams are used instead of DFDs and structure charts • System sequence diagrams identify each incoming message • Design class diagrams and sequence diagrams identify and describe input parameters and verify characteristics of inputs
  15. 15. Partial System Sequence Diagram for Payroll System Use Cases
  16. 16. System Sequence Diagram for Create New Order
  17. 17. Input Messages and Data Parameters from RMO System Sequence Diagram
  18. 18. Designing System Outputs - Determine each type of output - Make list of specific system outputs required based on application design - Specify any necessary controls to protect information provided in output - Design and prototype output layout - Ad hoc reports – designed as needed by user
  19. 19. Defining the Details of System Outputs Outputs indicated by messages in sequence diagrams – Originate from internal system objects – Sent to external actors or another external system Output messages based on an individual object are usually part of methods of that class object To report on all objects within a class, class-level method is used that works on entire class
  20. 20. Table of System Outputs Based on OO Messages
  21. 21. Types of reports– Printed reports– Electronic displays– Turnaround documents– Graphical and Multimedia presentation
  22. 22. Types of Output Reports Detailed – Contains detailed transactions or records Summary – Recaps periodic activity Exception – Only contains information about nonstandard conditions Executive – Summary report used for strategic decisions
  23. 23. Designing Integrity Controls Mechanisms and procedures built into a system to safeguard it and information contained within Integrity controls – Built into application and database system to safeguard information Security controls
  24. 24. Objectives of Integrity Controls- Ensure that only appropriate and correctbusiness transactions occur- Ensure that transactions are recorded andprocessed correctly- Protect and safeguard assets of theorganization • Software • Hardware • Information
  25. 25. Points of Security and Integrity Controls
  26. 26. Input Integrity Controls– Used with all input mechanisms– Additional level of verification to help reduce input errors– Common control techniques • Field combination controls • Value limit controls • Completeness controls • Data validation controls
  27. 27. Database Integrity Controls– Access controls– Data encryption– Transaction controls– Update controls– Backup and recovery protection
  28. 28. Output Integrity Controls– Ensure output arrives at proper destination and is correct, accurate, complete, and current– Destination controls - output is channeled to correct people– Completeness, accuracy, and correctness controls– Appropriate information present in output
  29. 29. Integrity Controls to Prevent Fraud Three conditions are present in fraud cases – Personal pressure, such as desire to maintain extravagant lifestyle – Rationalizations, including “I will repay this money” or “I have this coming” – Opportunity, such as unverified cash receipts Control of fraud requires both manual procedures and computer integrity controls
  30. 30. Fraud Risks and Prevention Techniques
  31. 31. Designing Security Controls Security controls protect assets of organization from all threats – External threats such as hackers, viruses, worms, and message overload attacks Security control objectives – Maintain stable, functioning operating environment for users and application systems (24 x 7) – Protect information and transactions during transmission outside organization (public carriers)
  32. 32. Security for Access to Systems Used to control access to any resource managed by operating system or network User categories – Unauthorized user – no authorization to access – Registered user – authorized to access system – Privileged user – authorized to administrate system Organized so that all resources can be accessed with same unique ID/password combination
  33. 33. Users and Access Roles to Computer Systems
  34. 34. Managing User Access Most common technique is user ID / password Authorization – Is user permitted to access? Access control list – users with rights to access Authentication – Is user who they claim to be? Smart card – computer-readable plastic card with embedded security information Biometric devices – keystroke patterns, fingerprinting, retinal scans, voice characteristics
  35. 35. Data Security Data and files themselves must be secure Encryption – primary security method – Altering data so unauthorized users cannot view Decryption – Altering encrypted data back to its original state Symmetric key – same key encrypts and decrypts Asymmetric key – different key decrypts Public key – public encrypts; private decrypts
  36. 36. Symmetric Key Encryption
  37. 37. Asymmetric Key Encryption
  38. 38. Digital Signatures and Certificates Encryption of messages enables secure exchange of information between two entities with appropriate keys Digital signature encrypts document with private key to verify document author Digital certificate is institution’s name and public key that is encrypted and certified by third party Certifying authority – VeriSign or Equifax
  39. 39. Using a Digital Certificate
  40. 40. Secure Transactions Standard set of methods and protocols for authentication, authorization, privacy, integrity Secure Sockets Layer (SSL) renamed as Transport Layer Security (TLS) – protocol for secure channel to send messages over Internet IP Security (IPSec) – newer standard for transmitting Internet messages securely Secure Hypertext Transport Protocol (HTTPS or HTTP-S) – standard for transmitting Web pages securely (encryption, digital signing, certificates)

×