Systems Analysis and Design in a
Changing World, Fourth Edition
14
14
Learning Objectives
 Discuss
examples of system interfaces found in
information systems
 Define system inputs and outputs based on the
requirements of the application program
 Design printed and on-screen reports appropriate
for recipients
 Explain the importance of integrity controls
 Identify required integrity controls for inputs,
outputs, data, and processing
 Discuss issues related to security that affect the
design and operation of information systems
Systems Analysis and Design in a Changing World, 4th Edition
2
14
Overview
 This
chapter focuses on system interfaces,
system outputs, and system controls that do not
require much human interaction
 Many
system interfaces are electronic
transmissions or paper outputs to external agents
 System
developers need to design and
implement integrity and security controls to
protect system and its data
 Outside
threats from Internet and e-commerce
are growing concern
Systems Analysis and Design in a Changing World, 4th Edition
3
14
Identifying System Interfaces
 System
interfaces are broadly defined as inputs
or outputs with minimal or no human intervention

Inputs from other systems (messages, EDI)

Highly automated input devices such as scanners

Inputs that are from data in external databases

Outputs to external databases

Outputs with minimal HCI

Outputs to other systems

Real-time connections (both input and output)
Systems Analysis and Design in a Changing World, 4th Edition
4
Full Range of Inputs and Outputs
Systems Analysis and Design in a Changing World, 4th Edition
14
5
14
eXtensible Markup Language (XML)
 Extension
of HTML that embeds self-defined data
structures in textual messages
 Transaction
that contains data fields can be sent
with XML codes to define meaning of data fields
 XML
provides common system-to-system
interface
 XML
is simple and readable by people
 Web
services is based on XML to send business
transactions over Internet
Systems Analysis and Design in a Changing World, 4th Edition
6
System-to-System Interface Based on
XML
Systems Analysis and Design in a Changing World, 4th Edition
14
7
14
Design of System Inputs
 Identify
devices and mechanisms used to enter
input

High-level review of most up-to-date methods to
enter data
 Identify
all system inputs and develop list of data
content for each

Provide link between design of application
software and design of user and system interfaces
 Determine
controls and security necessary for
each system input
Systems Analysis and Design in a Changing World, 4th Edition
8
14
Input Devices and Mechanisms
 Capture
data as close to original source as
possible
 Use
electronic devices and automatic entry
whenever possible
 Avoid
human involvement as much as possible
 Seek
information in electronic form to avoid data
re-entry
 Validate
and correct information at entry point
Systems Analysis and Design in a Changing World, 4th Edition
9
Prevalent Input Devices
to Avoid Human Data Entry
 Magnetic
 Bar
14
card strip readers
code readers
 Optical
character recognition readers and
scanners
 Radio-frequency
 Touch
identification tags
screens and devices
 Electronic
pens and writing surfaces
 Digitizers,
such as digital cameras and digital
audio devices
Systems Analysis and Design in a Changing World, 4th Edition
10
14
Defining the Details of System Inputs
 Ensure
all data inputs are identified and specified
correctly
 Can

use traditional structured models
Identify automation boundary
 Use
DFD fragments
 Segment

by program boundaries
Examine structure charts
 Analyze
 List
each module and data couple
individual data fields
Systems Analysis and Design in a Changing World, 4th Edition
11
14
Using Object-Oriented Models
 Identifying
user and system inputs with OO
approach has same tasks as traditional approach
 OO
diagrams are used instead of DFDs and
structure charts
 System
sequence diagrams identify each
incoming message
 Design
class diagrams and sequence diagrams
identify and describe input parameters and verify
characteristics of inputs
Systems Analysis and Design in a Changing World, 4th Edition
12
System Sequence Diagram for
Create New Order
Systems Analysis and Design in a Changing World, 4th Edition
14
13
Input Messages and Data Parameters
from RMO System Sequence Diagram (Figure 14-10)
Systems Analysis and Design in a Changing World, 4th Edition
14
14
14
Designing System Outputs
 Determine
each type of output
 Make
list of specific system outputs required
based on application design
 Specify
any necessary controls to protect
information provided in output
 Design
 Ad
and prototype output layout
hoc reports – designed as needed by user
Systems Analysis and Design in a Changing World, 4th Edition
15
14
Defining the Details of System Outputs
 Type
of reports

Printed reports

Electronic displays

Turnaround documents
 Can
use traditional structured models to identify
outputs

Data flows crossing automation boundary

Data couples and report data requirements on
structure chart
Systems Analysis and Design in a Changing World, 4th Edition
16
Table of System Outputs Based on Traditional
Structured Approach (Figure 14-11)
Systems Analysis and Design in a Changing World, 4th Edition
14
17
14
Using Object-Oriented Models
 Outputs
indicated by messages in sequence
diagrams

Originate from internal system objects

Sent to external actors or another external system
 Output
messages based on an individual object
are usually part of methods of that class object
 To
report on all objects within a class, class-level
method is used that works on entire class
Systems Analysis and Design in a Changing World, 4th Edition
18
Table of System Outputs Based
on OO Messages (Figure 14-12)
Systems Analysis and Design in a Changing World, 4th Edition
14
19
Designing Reports, Statements, and
Turnaround Documents
 Printed
 Types
14
versus electronic
of output reports

Detailed

Summary

Exception

Executive
 Internal
versus external
 Graphical
and multimedia presentation
Systems Analysis and Design in a Changing World, 4th Edition
20
RMO Summary Report with
Drill Down to the Detailed Report
Systems Analysis and Design in a Changing World, 4th Edition
14
21
14
Formatting Reports
 What
 Who
is objective of report?
is the intended audience?
 What
is media for presentation?
 Avoid
information overload
 Format
considerations include meaningful
headings, date of information, date report
produced, page numbers
Systems Analysis and Design in a Changing World, 4th Edition
22
14
Designing Integrity Controls
 Mechanisms
and procedures built into a system
to safeguard it and information contained within
 Integrity

Built into application and database system to
safeguard information
 Security

controls
controls
Built into operating system and network
Systems Analysis and Design in a Changing World, 4th Edition
23
14
Objectives of Integrity Controls
 Ensure
that only appropriate and correct
business transactions occur
 Ensure
that transactions are recorded and
processed correctly
 Protect
and safeguard assets of the organization

Software

Hardware

Information
Systems Analysis and Design in a Changing World, 4th Edition
24
14
Points of Security and Integrity Controls
Systems Analysis and Design in a Changing World, 4th Edition
25
14
Input Integrity Controls
 Used
with all input mechanisms
 Additional
level of verification to help reduce input
errors
 Common
control techniques

Field combination controls

Value limit controls

Completeness controls

Data validation controls
Systems Analysis and Design in a Changing World, 4th Edition
26
14
Database Integrity Controls
 Access
 Data
controls
encryption
 Transaction
controls
 Update
controls
 Backup
and recovery protection
Systems Analysis and Design in a Changing World, 4th Edition
27
14
Output Integrity Controls
 Ensure
output arrives at proper destination and is
correct, accurate, complete, and current
 Destination
controls - output is channeled to
correct people
 Completeness,
accuracy, and correctness
controls
 Appropriate
information present in output
Systems Analysis and Design in a Changing World, 4th Edition
28
14
Integrity Controls to Prevent Fraud
 Three
conditions are present in fraud cases

Personal pressure, such as desire to maintain
extravagant lifestyle

Rationalizations, including “I will repay this money”
or “I have this coming”

Opportunity, such as unverified cash receipts
 Control
of fraud requires both manual procedures
and computer integrity controls
Systems Analysis and Design in a Changing World, 4th Edition
29
14
Fraud Risks and Prevention Techniques
Systems Analysis and Design in a Changing World, 4th Edition
30
14
Designing Security Controls
 Security
controls protect assets of organization
from all threats

External threats such as hackers, viruses, worms,
and message overload attacks
 Security
control objectives

Maintain stable, functioning operating environment
for users and application systems (24 x 7)

Protect information and transactions during
transmission outside organization (public carriers)
Systems Analysis and Design in a Changing World, 4th Edition
31
14
Security for Access to Systems
 Used
to control access to any resource managed
by operating system or network
 User
categories

Unauthorized user – no authorization to access

Registered user – authorized to access system

Privileged user – authorized to administrate
system
 Organized
so that all resources can be accessed
with same unique ID/password combination
Systems Analysis and Design in a Changing World, 4th Edition
32
Users and Access Roles to
Computer Systems
Systems Analysis and Design in a Changing World, 4th Edition
14
33
14
Managing User Access
 Most
common technique is user ID / password
 Authorization
 Access
– Is user permitted to access?
control list – users with rights to access
 Authentication
– Is user who they claim to be?
card – computer-readable plastic card with
embedded security information
 Smart
devices – keystroke patterns,
fingerprinting, retinal scans, voice characteristics
 Biometric
Systems Analysis and Design in a Changing World, 4th Edition
34
14
Data Security
 Data
and files themselves must be secure
 Encryption

– primary security method
Altering data so unauthorized users cannot view
 Decryption

Altering encrypted data back to its original state
 Symmetric
key – same key encrypts and decrypts
 Asymmetric
 Public
key – different key decrypts
key – public encrypts; private decrypts
Systems Analysis and Design in a Changing World, 4th Edition
35
Symmetric Key Encryption
Systems Analysis and Design in a Changing World, 4th Edition
14
36
Asymmetric Key Encryption
Systems Analysis and Design in a Changing World, 4th Edition
14
37
14
Digital Signatures and Certificates
 Encryption
of messages enables secure
exchange of information between two entities
with appropriate keys
 Digital
signature encrypts document with private
key to verify document author
certificate is institution’s name and public
key that is encrypted and certified by third party
 Digital
 Certifying

authority
VeriSign or Equifax
Systems Analysis and Design in a Changing World, 4th Edition
38
14
Using a Digital Certificate
Systems Analysis and Design in a Changing World, 4th Edition
39
14
Secure Transactions
 Standard
set of methods and protocols for
authentication, authorization, privacy, integrity
 Secure
Sockets Layer (SSL) renamed as
Transport Layer Security (TLS) – protocol for
secure channel to send messages over Internet
Security (IPSec) – newer standard for
transmitting Internet messages securely
 IP
 Secure
Hypertext Transport Protocol (HTTPS or
HTTP-S) – standard for transmitting Web pages
securely (encryption, digital signing, certificates)
Systems Analysis and Design in a Changing World, 4th Edition
40