Designing Systems Interfaces, Controls, and Security

1
Chapter 12

• Designing Systems Interfaces, Controls, and
  Security

2
Objectives

• Discuss examples of system interfaces found in
  information systems
• Define system inputs and outputs based on the
  requirements of the application program
• Design printed and on-screen reports appropriate
  for recipients
• Explain the importance of integrity controls

3
Objectives

• Identify required integrity controls for inputs,
  outputs, data, and processing
• Discuss issues related to security that affect
  the design and operation of information systems

4
Full Range of Inputs and OutputsFigure 12-1
5
Design of System Inputs

• Identify devices and mechanisms used to enter
  input
• Identify all system inputs and develop list of
  data content with each
• Determine controls necessary for each system
  input

6
Input Devices and Mechanisms

• Capture data as close to origination as possible
• Use electronic device and automatic entry
  whenever possible
• Avoid human involvement as much as possible
• Avoid data reentry and seek information in
  electronic form
• Validate and correct at entry point

7
Prevalent Input Devices to Avoid Keystroking

• Magnetic card strip readers
• Bar-code readers
• Optical character recognition readers and
  scanners
• Touch screens and devices
• Electronic pens and writing surfaces
• Digitizers, such as digital cameras and digital
  audio devices

8
Defining Details of System Inputs

• Ensure all data inputs are identified and
  specified correctly
• Can use traditional structured models
• Identify automation boundary
• Use DFD fragments
• Segment by program boundaries
• Examine Structure Charts
• Analyze each module and data couple
• List individual data fields

9
Automation Boundary on System-Level DFD Figure
12-3
10
Structure Chart for Create New Order Figure 12-6
11
Elements Making Up an Input Figure 12-7
12
Using OO Models

• May identify inputs using OO diagrams
• Sequence diagrams identify each incoming message
• Design class diagram contain pseudocode to verify
  the characteristics of inputs

13
Sequence Diagram for Create New Order Figure 12-9
14
Input Messages and Data Parameters from RMO
Sequence Diagram Figure 12-10
15
Customer Class with Interfaces for Input Forms
Figure 12-11a
16
Order Class with Interfaces for Input Forms
Figure 12-11b
17
Designing System Outputs

• Determine each type of output
• Make a list of specific outputs required based on
  application design
• Specify any necessary controls to protect the
  information provided in the output
• Design and prototype the output layout

18
Defining the Details of System Outputs

• Type of reports
• Printed
• Electronic
• Turnaround documents
• May use traditional structured models to identify
  outputs
• Data flows crossing automation boundary
• Data couples and report data requirements on
  structure chart

19
Table of System Outputs Based on Traditional
Structured Approach Figure 12-12
20
Using OO Models

• Outputs indicated by messages in sequence
  diagrams
• Originate from internal system objects
• Sent to external actors
• Output messages based on an individual object are
  usually part of the methods of that class object

21
System Outputs Based on OO Messages Figure 12-13
22
Designing Reports, Statements, and Turnaround
Documents

• Printed versus electronic
• Type of output
• Detailed
• Summary
• Exception
• Executive
• Internal versus external
• Drill down and linking
• Graphical and multimedia presentation

23
Summary Report with Drill Down to Details Figure
12-16
24
Formatting Reports

• What is report objective
• Who is the intended audience
• Avoid information overload
• Format considerations

25
Designing Integrity Controls

• Mechanisms and procedures built into a system to
  safeguard it and the information contained within
• Integrity controls
• Built into application system to safeguard
  information
• Security controls
• Built into operating system and network

26
Objectives of Integrity Controls

• Ensure that only appropriate and correct business
  transactions occur
• Ensure that transactions are recorded and
  processed correctly
• Protect and safeguard assets of the organization
• Software
• Hardware
• Information

27
Points of Security and Integrity Controls Figure
12-18
28
Input Integrity Controls

• Used with all input mechanisms
• Additional level of verification to help reduce
  input errors
• Common control techniques
• Field combination controls
• Value limit controls
• Completeness controls
• Data validation controls

29
Database Integrity Controls

• Access control
• Data encryption
• Transaction control
• Update control
• Backup and recovery protection

30
Output Integrity Controls

• Ensures output arrives at proper destination and
  is correct, accurate, complete, and current
• Destination controls - output is channeled to
  correct people
• Completeness, accuracy, and corrrectness controls
• Appropriate information present on output

31
Designing Security Controls

• Security Controls used to protect assets of
  organization from all threats
• Primary focus is on external threats
• Security control objectives
• Maintain stable, functioning operating
  environment for users and application systems
• Protect information and transactions during
  transmission outside the organization

32
Security for Access to Systems

• Used to control access to any resource managed by
  network or operating system
• User categories
• Unauthorized user
• Registered user
• Privileged user
• Organized so all resources can be accessed with
  same unique ID/password combination

33
Users and Access Roles to Computer Systems Figure
12-19
34
Data Security

• Encryption is primary security method
• Symmetric key
• Asymmetric key
• Public key
• Digital signatures and certificates
• Secure transactions
• SSL / TLS
• IPSec
• HTTPS / HTTP-S

35
Symmetric Key Encryption Figure 12-20
36
Asymmetric Key Encryption Figure 12-21
37
Using a Digital Certificate Figure 12-22