![Page 1: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/1.jpg)
![Page 2: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/2.jpg)
![Page 3: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/3.jpg)
![Page 4: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/4.jpg)
![Page 5: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/5.jpg)
![Page 6: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/6.jpg)
![Page 7: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/7.jpg)
![Page 8: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/8.jpg)
![Page 9: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/9.jpg)
![Page 10: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/10.jpg)
![Page 11: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/11.jpg)
![Page 12: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/12.jpg)
System sequence diagram
![Page 13: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/13.jpg)
Concept of System Sequence Diagram (SSD)
Part of system design. Communicates to OO programmers.
SSD shows interaction between actors and system (global SSD), and among objects (detailed SSD)
SSD specifies flow of data (messages)
Messages are actions (resemble commands) invoked on destination object
![Page 14: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/14.jpg)
Global SSD
SSD of a customer order system
Figure 6-14
![Page 15: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/15.jpg)
Global SSD – loops
Figure 6-15
True/FalseCondition
Input
Expected output
Loop
Note: extendedPrice = price * quantity
![Page 16: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/16.jpg)
Creating global SSD
1. Start with an activity diagram and/or use case description.
2. Identify the input messages from actor to system. For figuring attributes (input parameters), use class diagram.
3. Identify/apply special conditions (iteration) to input messages, if any.
4. Identify output messages.
![Page 17: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/17.jpg)
Creating global SSD (cont.)
Figure 6-16. Activity diagram of Create New Order use case, Telephone Scenario at RMO
Figure 6-17. Global SSD of the same Figure 5-31 (detail). Class diagram of RMO
AccountaccountNocustomerID
ProductproductIDsizedescription
CatalogcatalogID
CatalogProductprice
OrderorderIDTotalAmt
OrderDetaiquantityextendPrice
![Page 18: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/18.jpg)
Holycross of Davao CollegeSystem Analysis and Design (IT11)By: John Ely P. Masculino
![Page 19: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/19.jpg)
Designing System InterfacesDesigning System Interfaces (UI Vs SI)(UI Vs SI)
System Interface (SI) - I/O with minimal or no human intervention.
User Interface (UI) - I/O requiring human interaction.- User interface is everything end user comes into contact with while using the system- To the user, the interface is the system
![Page 20: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/20.jpg)
Identifying System InterfacesIdentifying System Interfaces
- Inputs from other System (messages, EDI).- Highly automated inputs such as scanners.- Inputs that are from data in external
databases.- Outputs to external databases.- Outputs with minimal HCI.- Outputs to other systems.- Real-time connection (both input and output).
![Page 21: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/21.jpg)
The full range of inputs and The full range of inputs and outputs in an information systemoutputs in an information system
![Page 22: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/22.jpg)
Designing System InputsDesigning System Inputs
- Identify devices and mechanisms• High-level review of most up-to-date methods
to enter data
- Identify all system inputs and develop list of data content of each
• Provide link between design of application software and design of user and system interfaces
- Determine controls and security necessary for each system input
![Page 23: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/23.jpg)
Input Devices and MechanismInput Devices and Mechanism
- Capture data as close to original source as possible- Use electronic devices and automatic entry whenever possible- Avoid human involvement as much as possible- Seek information in electronic form to avoid data reentry- Validate and correct information at entry point
![Page 24: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/24.jpg)
Prevalent Input Devices to Avoid Human Data Entry
- Magnetic card strip readers- Bar code readers- Optical character recognition readers and scanners- Radio-frequency identification tags- Touch screens and devices- Electronic pens and writing surfaces- Digitizers, such as digital cameras and digital audio devices
![Page 25: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/25.jpg)
Defining the Details of System InputsDefining the Details of System Inputs
- Ensure all data inputs are identified and specified correctly
• Identifying user and system inputs with OO approach has same tasks as traditional approach
• OO diagrams are used instead of DFDs and structure charts
• System sequence diagrams identify each incoming message
• Design class diagrams and sequence diagrams identify and describe input parameters and verify characteristics of inputs
![Page 26: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/26.jpg)
Partial System Sequence Diagram for Payroll System Use Cases
![Page 27: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/27.jpg)
System Sequence Diagram for Create New Order
![Page 28: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/28.jpg)
Input Messages and Data Parameters from RMO System Sequence Diagram
![Page 29: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/29.jpg)
Designing System OutputsDesigning System Outputs
- Determine each type of output- Make list of specific system outputs required based on application design- Specify any necessary controls to protect information provided in output- Design and prototype output layout- Ad hoc reports – designed as needed by user
![Page 30: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/30.jpg)
Defining the Details of System Outputs
Outputs indicated by messages in sequence diagrams– Originate from internal system objects– Sent to external actors or another external
system
Output messages based on an individual object are usually part of methods of that class object
To report on all objects within a class, class-level method is used that works on entire class
![Page 31: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/31.jpg)
Table of System Outputs Based on OO Messages
![Page 32: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/32.jpg)
Types of reportsTypes of reports
– Printed reports– Electronic displays– Turnaround documents– Graphical and Multimedia presentation
![Page 33: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/33.jpg)
Types of Output ReportsTypes of Output Reports
Detailed– Contains detailed transactions or records
Summary– Recaps periodic activity
Exception– Only contains information about nonstandard
conditions
Executive– Summary report used for strategic decisions
![Page 34: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/34.jpg)
Designing Integrity Controls
Mechanisms and procedures built into a system to safeguard it and information contained within
Integrity controls– Built into application and database system to
safeguard information
Security controls
![Page 35: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/35.jpg)
Objectives of Integrity Controls
- Ensure that only appropriate and correct business transactions occur- Ensure that transactions are recorded and processed correctly- Protect and safeguard assets of the organization
• Software• Hardware• Information
![Page 36: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/36.jpg)
Points of Security and Integrity Controls
![Page 37: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/37.jpg)
Input Integrity Controls
– Used with all input mechanisms– Additional level of verification to help
reduce input errors– Common control techniques
• Field combination controls• Value limit controls• Completeness controls• Data validation controls
![Page 38: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/38.jpg)
Database Integrity Controls
– Access controls– Data encryption– Transaction controls– Update controls– Backup and recovery protection
![Page 39: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/39.jpg)
Output Integrity Controls
– Ensure output arrives at proper destination and is correct, accurate, complete, and current
– Destination controls - output is channeled to correct people
– Completeness, accuracy, and correctness controls
– Appropriate information present in output
![Page 40: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/40.jpg)
Integrity Controls to Prevent Fraud
Three conditions are present in fraud cases– Personal pressure, such as desire to maintain
extravagant lifestyle– Rationalizations, including “I will repay this money”
or “I have this coming”– Opportunity, such as unverified cash receipts
Control of fraud requires both manual procedures and computer integrity controls
![Page 41: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/41.jpg)
Fraud Risks and Prevention Techniques
![Page 42: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/42.jpg)
Designing Security Controls
Security controls protect assets of organization from all threats– External threats such as hackers, viruses, worms,
and message overload attacks
Security control objectives– Maintain stable, functioning operating environment
for users and application systems (24 x 7)– Protect information and transactions during
transmission outside organization (public carriers)
![Page 43: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/43.jpg)
Security for Access to Systems
Used to control access to any resource managed by operating system or network
User categories– Unauthorized user – no authorization to
access– Registered user – authorized to access
system– Privileged user – authorized to administrate
system
Organized so that all resources can be accessed with same unique ID/password combination
![Page 44: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/44.jpg)
Users and Access Roles to Computer Systems
![Page 45: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/45.jpg)
Managing User Access
Most common technique is user ID / password
Authorization – Is user permitted to access?
Access control list – users with rights to access
Authentication – Is user who they claim to be?
Smart card – computer-readable plastic card with embedded security information
Biometric devices – keystroke patterns, fingerprinting, retinal scans, voice characteristics
![Page 46: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/46.jpg)
Data Security
Data and files themselves must be secure
Encryption – primary security method– Altering data so unauthorized users cannot view
Decryption– Altering encrypted data back to its original state
Symmetric key – same key encrypts and decrypts
Asymmetric key – different key decrypts
Public key – public encrypts; private decrypts
![Page 47: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/47.jpg)
Symmetric Key Encryption
![Page 48: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/48.jpg)
Asymmetric Key Encryption
![Page 49: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/49.jpg)
Digital Signatures and Certificates
Encryption of messages enables secure exchange of information between two entities with appropriate keys
Digital signature encrypts document with private key to verify document author
Digital certificate is institution’s name and public key that is encrypted and certified by third party
Certifying authority– VeriSign or Equifax
![Page 50: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/50.jpg)
Using a Digital Certificate
![Page 51: Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)](https://reader033.vdocuments.site/reader033/viewer/2022051514/5481bf56b47959d30c8b45d4/html5/thumbnails/51.jpg)
Secure Transactions
Standard set of methods and protocols for authentication, authorization, privacy, integrity
Secure Sockets Layer (SSL) renamed as Transport Layer
Security (TLS) – protocol for secure channel to send messages over Internet
IP Security (IPSec) – newer standard for transmitting Internet messages securely
Secure Hypertext Transport Protocol (HTTPS or HTTP-S) – standard for transmitting Web pages securely (encryption, digital signing, certificates)