Lecture 10
Lecture 10
Controls
1
Final Exam
• Chapters 1 to 12 and 14 and 15(5 th Edition)
• 20 multiple choices (40 Marks)
• 2 short questions (20 Marks)
• Modelling (40 Marks)
– DFD
– Use Case
– Class
– Use Case Realization
2
Overview
• This chapter focuses on system interfaces, system
outputs, and system controls that do not require
much human interaction
• Many system interfaces are electronic
transmissions or paper outputs to external agents
• System developers need to design and implement
integrity and security controls to protect system
and its data
• Outside threats from Internet and e-commerce are
growing concern
3
Identifying System Interfaces
• System interfaces are broadly defined as
inputs or outputs with minimal or no human
intervention
– Inputs from other systems (messages, EDI)
– Highly automated input devices such as
scanners
– Inputs that are from data in external databases
– Outputs to external databases
– Outputs to other systems
4
Disney’s New ‘MyMagic’ Wristbands to Turn Big
Data Into Big Profits
http://skift.com/2013/10/06/disneys-new-mymagic-
wristbands-to-turn-big-data-into-big-profits/#3
5
Full Range of Inputs and Outputs
6
eXtensible Markup Language
(XML)
• Extension of HTML that embeds self-
defined data structures in textual messages
• Transaction that contains data fields can be
sent with XML codes to define meaning of
data fields
• XML provides common system-to-system
interface
• XML is simple and readable by people
7
System-to-System Interface
Based on XML
9
Input Devices and Mechanisms
• Capture data as close to original source as
possible
• Use electronic devices and automatic entry
whenever possible
• Avoid human involvement as much as possible
• Seek information in electronic form to avoid data
re-entry
• Validate and correct information at entry point
10
Prevalent Input Devices
to Avoid Human Data Entry
• Magnetic card strip readers
• Bar code readers
• Optical character recognition readers and
scanners
• Radio-frequency identification tags
• Touch screens and devices
• Electronic pens and writing surfaces
• Digitizers, such as digital cameras and digital
audio devices
• Sensors !! 11
Identifying System Interfaces
– Real-time connections (both input and output)
– Sensors !!
• 30 billion RFID tags and 4.6 billion camera phones are used
around the world in 2013. In addition, 200 million smart
meters to be operated in 2014. Moreover, there were 2
billion people on web in 2011
»
» BIG DATA
Amount of new data
stored varies across
geography. New data
stored (in Petabytes – 1M
Gbytes - (PB)) by
geography in 2010. New
data stored is defined as
the amount of available
storage used in a given
year [9].
12
Defining the Details of System
Inputs
• Ensure all data inputs are identified and
specified correctly
• Can use traditional structured models
– Identify automation boundary
• Use DFD fragments
• Segment by program boundaries
– Examine structure charts
• Analyze each module and data couple
• List individual data fields
13
Automation Boundary on a
System-Level DFD
14
15
List of Inputs for Customer Support
System
16
Using Object-Oriented Models
• Identifying user and system inputs with OO
approach has same tasks as traditional approach
• OO diagrams are used instead of DFDs and
structure charts
• System sequence diagrams identify each incoming
message
• Design class diagrams and sequence diagrams
identify and describe input parameters and verify
characteristics of inputs
17
System Sequence Diagram for
Create New Order
18
Input Messages and Data Parameters
from RMO System Sequence Diagram
(Figure 14-10)
19
Designing System Outputs
• Determine each type of output
• Make list of specific system outputs required
based on application design
• Specify any necessary controls to protect
information provided in output
• Design and prototype output layout
• Ad hoc reports – designed as needed by user
20
Designing Reports and
Statements
• Printed versus electronic
• Types of output reports
– Detailed
– Summary
– Exception
– Executive
• Internal versus external
• Graphical and multimedia presentation
21
RMO Summary Report with
Drill Down to the Detailed Report
22
Formatting Reports
• What is the objective of report?
• Who is the intended audience?
• What is the media for presentation?
• Avoid information overload
• Format considerations include meaningful
headings, date of information, date report
produced, page numbers
23
Designing Integrity Controls
• Mechanisms and procedures built into a system
to safeguard it and information contained within
• Integrity controls
– Built into application and database system to
safeguard information
• Security controls
– Built into operating system and network
24
Objectives of Integrity Controls
• Ensure that only appropriate and correct
business transactions occur
• Ensure that transactions are recorded and
processed correctly
• Protect and safeguard assets of the organization
– Software
– Hardware
– Information
25
Input Integrity Controls
• Used with all input mechanisms
• Additional level of verification to help
reduce input errors
• Common control techniques
– Field combination controls
– Value limit controls
– Completeness controls
26
Database Integrity Controls
• Access controls
• Data encryption
• Transaction controls
• Update controls
28
Interface Design Guidelines
29
Visibility and Affordance
31
Eight Golden Rules
32
1. Strive for Consistency
• Information arranged on forms, the names and
arrangement of menus, the size and shape of icons etc.
should be consistent throughout the system
– This allows for many actions to become automatic
– If a new application comes along with a different way of
functioning have to relearn all the basic operations
– Apple Macintosh was the first to emphasize the benefits of
consistency
• Mac applications were consistent and a standards document was
created for people writing Mac applications (so if you knew one you
could figure out other applications easily since they were consistent)
– E.g. consistency in the menu bar for File, Edit and Format
– However some applications may not fit such guidelines and
inconsistency may be useful for differentiating applications
33
(for running and learning)
2. Enable Frequent Users to Use Short Cuts
• Users who work with one application all the time are
willing to invest time to learn short cuts
• They begin to lose patience with long menu sequences
when they know exactly what they want to do
• Short-cut keys can reduce the number of interactions for a
given task
• Designers can provide macro facilities for users to create
their own short cuts
• E.g. mail order entry clerks at RMO wouldn’t want long
multiple menus to slow them down, but instead short-cuts
would make them more productive
34
3. Offer Informative Feedback
35
4. Design Dialogs to Yield Closure
38
7. Support Internal Locus of Control
39
8. Reduce Short-Term Memory Load
40
Integrity Controls to Prevent
Fraud
• Three conditions are present in fraud cases
41
Fraud Risks and Prevention
Techniques
42
Designing Security Controls
• Security controls protect assets of organization from all
threats
– External threats such as hackers, viruses, worms, and
message overload attacks
43
Security for Access to Systems
• Used to control access to any resource
managed by operating system or network
• User categories
– Unauthorized user – no authorization to access
– Registered user – authorized to access system
– Privileged user – authorized to administrate system
• Organized so that all resources can be accessed
with same unique ID/password combination
44
Users and Access Roles to
Computer Systems
45
Managing User Access
• Most common technique is user ID / password
• Authorization – Is the user permitted to access?
• Access control list – users with rights to access
• Authentication – Is the user who they claim to be?
• Smart card – computer-readable plastic card with
embedded security information
• Biometric devices – keystroke patterns,
fingerprinting, retinal scans, voice characteristics
46
Data Security
• Data and files themselves must be secure
• Encryption – primary security method
– Altering data so unauthorized users cannot view
• Decryption
– Altering encrypted data back to its original state
• Symmetric key – same key encrypts and decrypts
• Asymmetric key – different key decrypts
• Public key – public encrypts; private decrypts
47
Symmetric Key Encryption
48
Asymmetric Key Encryption
50
Using a Digital Certificate
51
Final Exam
• Duration: 2 hours
• Chapters 1 to 12 and 14 and 15(5th Edition)
• 20 multiple choices
• 3 short questions
• OO diagram
– Use Case
– Class
– Sequence
52