SlideShare uma empresa Scribd logo

Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)

John Ely Masculino
John Ely Masculino
EducaçãoTecnologia
1 de 51
Baixar para ler offline
System sequence diagram
Concept of System Sequence Diagram (SSD)  Part of system design. Communicates to OO programmers.  SSD shows interaction between actors and system (global SSD), and among objects (detailed SSD)  SSD specifies flow of data (messages)  Messages are actions (resemble commands) invoked on destination object
Global SSD Figure 6-14 SSD of a customer order system
Global SSD – loops Figure 6-15 Note: extendedPrice = price * quantity Expected output True/False Condition Loop Input
Creating global SSD 1. Start with an activity diagram and/or use case description. 2. Identify the input messages from actor to system. For figuring attributes (input parameters), use class diagram. 3. Identify/apply special conditions (iteration) to input messages, if any. 4. Identify output messages.
Creating global SSD (cont.) Account accountNo customerID OrderDetai quantity extendPrice Order orderID TotalAmt Product productID size description CatalogProduct price Catalog catalogID Figure 6-16. Activity diagram of Figure 6-17. Global SSD of the same Figure 5-31 (detail). Create New Order use case, Class diagram of RMO Telephone Scenario at RMO
Holycross of Davao College System Analysis and Design (IT11) By: John Ely P. Masculino
Designing System Interfaces (UI Vs SI) System Interface (SI) User Interface (UI) - I/O with minimal or no - I/O requiring human human intervention. interaction. - User interface is everything end user comes into contact with while using the system - To the user, the interface is the system
Identifying System Interfaces - Inputs from other System (messages, EDI). - Highly automated inputs such as scanners. - Inputs that are from data in external databases. - Outputs to external databases. - Outputs with minimal HCI. - Outputs to other systems. - Real-time connection (both input and output).
The full range of inputs and outputs in an information system
Designing System Inputs - Identify devices and mechanisms • High-level review of most up-to-date methods to enter data - Identify all system inputs and develop list of data content of each • Provide link between design of application software and design of user and system interfaces - Determine controls and security necessary for each system input
Input Devices and Mechanism - Capture data as close to original source as possible - Use electronic devices and automatic entry whenever possible - Avoid human involvement as much as possible - Seek information in electronic form to avoid data reentry - Validate and correct information at entry point
Prevalent Input Devices to Avoid Human Data Entry - Magnetic card strip readers - Bar code readers - Optical character recognition readers and scanners - Radio-frequency identification tags - Touch screens and devices - Electronic pens and writing surfaces - Digitizers, such as digital cameras and digital audio devices
Defining the Details of System Inputs - Ensure all data inputs are identified and specified correctly • Identifying user and system inputs with OO approach has same tasks as traditional approach • OO diagrams are used instead of DFDs and structure charts • System sequence diagrams identify each incoming message • Design class diagrams and sequence diagrams identify and describe input parameters and verify characteristics of inputs
Partial System Sequence Diagram for Payroll System Use Cases
System Sequence Diagram for Create New Order
Input Messages and Data Parameters from RMO System Sequence Diagram
Designing System Outputs - Determine each type of output - Make list of specific system outputs required based on application design - Specify any necessary controls to protect information provided in output - Design and prototype output layout - Ad hoc reports – designed as needed by user
Defining the Details of System Outputs  Outputs indicated by messages in sequence diagrams – Originate from internal system objects – Sent to external actors or another external system  Output messages based on an individual object are usually part of methods of that class object  To report on all objects within a class, class-level method is used that works on entire class
Table of System Outputs Based on OO Messages
Types of reports – Printed reports – Electronic displays – Turnaround documents – Graphical and Multimedia presentation
Types of Output Reports  Detailed – Contains detailed transactions or records  Summary – Recaps periodic activity  Exception – Only contains information about nonstandard conditions  Executive – Summary report used for strategic decisions
Designing Integrity Controls  Mechanisms and procedures built into a system to safeguard it and information contained within  Integrity controls – Built into application and database system to safeguard information  Security controls
Objectives of Integrity Controls - Ensure that only appropriate and correct business transactions occur - Ensure that transactions are recorded and processed correctly - Protect and safeguard assets of the organization • Software • Hardware • Information
Points of Security and Integrity Controls
Input Integrity Controls – Used with all input mechanisms – Additional level of verification to help reduce input errors – Common control techniques • Field combination controls • Value limit controls • Completeness controls • Data validation controls
Database Integrity Controls – Access controls – Data encryption – Transaction controls – Update controls – Backup and recovery protection
Output Integrity Controls – Ensure output arrives at proper destination and is correct, accurate, complete, and current – Destination controls - output is channeled to correct people – Completeness, accuracy, and correctness controls – Appropriate information present in output
Integrity Controls to Prevent Fraud  Three conditions are present in fraud cases – Personal pressure, such as desire to maintain extravagant lifestyle – Rationalizations, including “I will repay this money” or “I have this coming” – Opportunity, such as unverified cash receipts  Control of fraud requires both manual procedures and computer integrity controls
Fraud Risks and Prevention Techniques
Designing Security Controls  Security controls protect assets of organization from all threats – External threats such as hackers, viruses, worms, and message overload attacks  Security control objectives – Maintain stable, functioning operating environment for users and application systems (24 x 7) – Protect information and transactions during transmission outside organization (public carriers)
Security for Access to Systems  Used to control access to any resource managed by operating system or network  User categories – Unauthorized user – no authorization to access – Registered user – authorized to access system – Privileged user – authorized to administrate system  Organized so that all resources can be accessed with same unique ID/password combination
Users and Access Roles to Computer Systems
Managing User Access  Most common technique is user ID / password  Authorization – Is user permitted to access?  Access control list – users with rights to access  Authentication – Is user who they claim to be?  Smart card – computer-readable plastic card with embedded security information  Biometric devices – keystroke patterns, fingerprinting, retinal scans, voice characteristics
Data Security  Data and files themselves must be secure  Encryption – primary security method – Altering data so unauthorized users cannot view  Decryption – Altering encrypted data back to its original state  Symmetric key – same key encrypts and decrypts  Asymmetric key – different key decrypts  Public key – public encrypts; private decrypts
Symmetric Key Encryption
Asymmetric Key Encryption
Digital Signatures and Certificates  Encryption of messages enables secure exchange of information between two entities with appropriate keys  Digital signature encrypts document with private key to verify document author  Digital certificate is institution’s name and public key that is encrypted and certified by third party  Certifying authority – VeriSign or Equifax
Using a Digital Certificate
Secure Transactions  Standard set of methods and protocols for authentication, authorization, privacy, integrity  Secure Sockets Layer (SSL) renamed as Transport Layer  Security (TLS) – protocol for secure channel to send messages over Internet  IP Security (IPSec) – newer standard for transmitting Internet messages securely  Secure Hypertext Transport Protocol (HTTPS or HTTP-S) – standard for transmitting Web pages securely (encryption, digital signing, certificates)

Recomendados

Information security
Information security Information security
Information security razendar79
 
Pressman ch-11-component-level-design
Pressman ch-11-component-level-designPressman ch-11-component-level-design
Pressman ch-11-component-level-designOliver Cheng
 
Security auditing architecture
Security auditing architectureSecurity auditing architecture
Security auditing architectureVishnupriya T H
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security ManagementBhadra Gowdra
 
Analysis modeling
Analysis modelingAnalysis modeling
Analysis modelingInocentshuja Ahmad
 
Remote Procedure Call in Distributed System
Remote Procedure Call in Distributed SystemRemote Procedure Call in Distributed System
Remote Procedure Call in Distributed SystemPoojaBele1
 
Sdlc
SdlcSdlc
SdlcGurudutt Reddy
 
E-government Security Models
E-government Security ModelsE-government Security Models
E-government Security ModelsEditor IJCATR
 

Recomendados

Information security
Information security Information security
Information security razendar79
 
Pressman ch-11-component-level-design
Pressman ch-11-component-level-designPressman ch-11-component-level-design
Pressman ch-11-component-level-designOliver Cheng
 
Security auditing architecture
Security auditing architectureSecurity auditing architecture
Security auditing architectureVishnupriya T H
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security ManagementBhadra Gowdra
 
Analysis modeling
Analysis modelingAnalysis modeling
Analysis modelingInocentshuja Ahmad
 
Remote Procedure Call in Distributed System
Remote Procedure Call in Distributed SystemRemote Procedure Call in Distributed System
Remote Procedure Call in Distributed SystemPoojaBele1
 
Sdlc
SdlcSdlc
SdlcGurudutt Reddy
 
E-government Security Models
E-government Security ModelsE-government Security Models
E-government Security ModelsEditor IJCATR
 
Password sniffing
Password sniffingPassword sniffing
Password sniffingSRIMCA
 
Input and output design
Input and output designInput and output design
Input and output designmadhukarreddy007
 
Communications is distributed systems
Communications is distributed systemsCommunications is distributed systems
Communications is distributed systemsSHATHAN
 
Chapter 1 Law & Ethics
Chapter 1 Law & EthicsChapter 1 Law & Ethics
Chapter 1 Law & EthicsKarthikeyan Dhayalan
 
Concurrency control
Concurrency controlConcurrency control
Concurrency controlSubhasish Pati
 
Chapter 2 - Operating System Structures
Chapter 2 - Operating System StructuresChapter 2 - Operating System Structures
Chapter 2 - Operating System StructuresWayne Jones Jnr
 
Security and ethics
Security and ethicsSecurity and ethics
Security and ethicsArgie242424
 
Software engineering critical systems
Software engineering critical systemsSoftware engineering critical systems
Software engineering critical systemsDr. Loganathan R
 
System Administration
System AdministrationSystem Administration
System AdministrationFree Open Source Software Technology Lab
 
Distributed deadlock
Distributed deadlockDistributed deadlock
Distributed deadlockMd. Mahedi Mahfuj
 
Class Management System Project Proposal
Class Management System Project ProposalClass Management System Project Proposal
Class Management System Project ProposalDhanushka Dissanayaka
 
Unit 3 cs6601 Distributed Systems
Unit 3 cs6601 Distributed SystemsUnit 3 cs6601 Distributed Systems
Unit 3 cs6601 Distributed SystemsNandakumar P
 
Critical System Validation in Software Engineering SE21
Critical System Validation in Software Engineering SE21Critical System Validation in Software Engineering SE21
Critical System Validation in Software Engineering SE21koolkampus
 
CIS 2303 LO1: Introduction to System Analysis and Design
CIS 2303 LO1: Introduction to System Analysis and DesignCIS 2303 LO1: Introduction to System Analysis and Design
CIS 2303 LO1: Introduction to System Analysis and DesignAhmad Ammari
 
01. 03.-introduction-to-infrastructure
01. 03.-introduction-to-infrastructure01. 03.-introduction-to-infrastructure
01. 03.-introduction-to-infrastructureMuhammad Ahad
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 
Ch 11-component-level-design
Ch 11-component-level-designCh 11-component-level-design
Ch 11-component-level-designSHREEHARI WADAWADAGI
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Dependability and security (CS 5032 2012)
Dependability and security (CS 5032 2012)Dependability and security (CS 5032 2012)
Dependability and security (CS 5032 2012)Ian Sommerville
 
Online Attendance System
Online Attendance SystemOnline Attendance System
Online Attendance SystemAkash Kr Sinha
 
20.project inventry management system
20.project inventry management system20.project inventry management system
20.project inventry management systemLapi Mics
 
Barcodegenrationsystem
BarcodegenrationsystemBarcodegenrationsystem
Barcodegenrationsystemshubham shukla
 

Mais conteúdo relacionado

Mais procurados

Password sniffing
Password sniffingPassword sniffing
Password sniffingSRIMCA
 
Communications is distributed systems
Communications is distributed systemsCommunications is distributed systems
Communications is distributed systemsSHATHAN
 
Chapter 2 - Operating System Structures
Chapter 2 - Operating System StructuresChapter 2 - Operating System Structures
Chapter 2 - Operating System StructuresWayne Jones Jnr
 
Security and ethics
Security and ethicsSecurity and ethics
Security and ethicsArgie242424
 
Software engineering critical systems
Software engineering critical systemsSoftware engineering critical systems
Software engineering critical systemsDr. Loganathan R
 
Class Management System Project Proposal
Class Management System Project ProposalClass Management System Project Proposal
Class Management System Project ProposalDhanushka Dissanayaka
 
Unit 3 cs6601 Distributed Systems
Unit 3 cs6601 Distributed SystemsUnit 3 cs6601 Distributed Systems
Unit 3 cs6601 Distributed SystemsNandakumar P
 
Critical System Validation in Software Engineering SE21
Critical System Validation in Software Engineering SE21Critical System Validation in Software Engineering SE21
Critical System Validation in Software Engineering SE21koolkampus
 
CIS 2303 LO1: Introduction to System Analysis and Design
CIS 2303 LO1: Introduction to System Analysis and DesignCIS 2303 LO1: Introduction to System Analysis and Design
CIS 2303 LO1: Introduction to System Analysis and DesignAhmad Ammari
 
01. 03.-introduction-to-infrastructure
01. 03.-introduction-to-infrastructure01. 03.-introduction-to-infrastructure
01. 03.-introduction-to-infrastructureMuhammad Ahad
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Dependability and security (CS 5032 2012)
Dependability and security (CS 5032 2012)Dependability and security (CS 5032 2012)
Dependability and security (CS 5032 2012)Ian Sommerville
 
Online Attendance System
Online Attendance SystemOnline Attendance System
Online Attendance SystemAkash Kr Sinha
 

Mais procurados (20)

Password sniffing
Password sniffingPassword sniffing
Password sniffing
 
Input and output design
Input and output designInput and output design
Input and output design
 
Communications is distributed systems
Communications is distributed systemsCommunications is distributed systems
Communications is distributed systems
 
Chapter 1 Law & Ethics
Chapter 1 Law & EthicsChapter 1 Law & Ethics
Chapter 1 Law & Ethics
 
Concurrency control
Concurrency controlConcurrency control
Concurrency control
 
Chapter 2 - Operating System Structures
Chapter 2 - Operating System StructuresChapter 2 - Operating System Structures
Chapter 2 - Operating System Structures
 
Security and ethics
Security and ethicsSecurity and ethics
Security and ethics
 
Software engineering critical systems
Software engineering critical systemsSoftware engineering critical systems
Software engineering critical systems
 
System Administration
System AdministrationSystem Administration
System Administration
 
Distributed deadlock
Distributed deadlockDistributed deadlock
Distributed deadlock
 
Class Management System Project Proposal
Class Management System Project ProposalClass Management System Project Proposal
Class Management System Project Proposal
 
Unit 3 cs6601 Distributed Systems
Unit 3 cs6601 Distributed SystemsUnit 3 cs6601 Distributed Systems
Unit 3 cs6601 Distributed Systems
 
Critical System Validation in Software Engineering SE21
Critical System Validation in Software Engineering SE21Critical System Validation in Software Engineering SE21
Critical System Validation in Software Engineering SE21
 
CIS 2303 LO1: Introduction to System Analysis and Design
CIS 2303 LO1: Introduction to System Analysis and DesignCIS 2303 LO1: Introduction to System Analysis and Design
CIS 2303 LO1: Introduction to System Analysis and Design
 
01. 03.-introduction-to-infrastructure
01. 03.-introduction-to-infrastructure01. 03.-introduction-to-infrastructure
01. 03.-introduction-to-infrastructure
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Ch 11-component-level-design
Ch 11-component-level-designCh 11-component-level-design
Ch 11-component-level-design
 
Cia security model
Cia security modelCia security model
Cia security model
 
Dependability and security (CS 5032 2012)
Dependability and security (CS 5032 2012)Dependability and security (CS 5032 2012)
Dependability and security (CS 5032 2012)
 
Online Attendance System
Online Attendance SystemOnline Attendance System
Online Attendance System
 

Semelhante a Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)

20.project inventry management system
20.project inventry management system20.project inventry management system
20.project inventry management systemLapi Mics
 
Barcodegenrationsystem
BarcodegenrationsystemBarcodegenrationsystem
Barcodegenrationsystemshubham shukla
 
[WSO2Con USA 2018] Patterns for Building Streaming Apps
[WSO2Con USA 2018] Patterns for Building Streaming Apps[WSO2Con USA 2018] Patterns for Building Streaming Apps
[WSO2Con USA 2018] Patterns for Building Streaming AppsWSO2
 
essentialofdatabasedesign-141203001046-conversion-gate01.pdf
essentialofdatabasedesign-141203001046-conversion-gate01.pdfessentialofdatabasedesign-141203001046-conversion-gate01.pdf
essentialofdatabasedesign-141203001046-conversion-gate01.pdfAlfiaAnsari2
 
2 1ictsystemsandcomponents-110314111029-phpapp02
2 1ictsystemsandcomponents-110314111029-phpapp022 1ictsystemsandcomponents-110314111029-phpapp02
2 1ictsystemsandcomponents-110314111029-phpapp02thando Shange
 
Implementing and auditing security controls part 2
Implementing and auditing security controls part 2Implementing and auditing security controls part 2
Implementing and auditing security controls part 2Rafel Ivgi
 
Database Design
Database DesignDatabase Design
Database Designlearnt
 
2022 APIsecure_Method for exploiting IDOR on nodejs+mongodb based backend
2022 APIsecure_Method for exploiting IDOR on nodejs+mongodb based backend2022 APIsecure_Method for exploiting IDOR on nodejs+mongodb based backend
2022 APIsecure_Method for exploiting IDOR on nodejs+mongodb based backendAPIsecure_ Official
 
nTireCAMS – Computerized Asset Management
nTireCAMS – Computerized Asset Management nTireCAMS – Computerized Asset Management
nTireCAMS – Computerized Asset Management sunsmart-chennai
 
WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...
WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...
WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...WSO2
 
1Low Cost automated inventory system.docx
1Low Cost automated inventory system.docx1Low Cost automated inventory system.docx
1Low Cost automated inventory system.docxfelicidaddinwoodie
 
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...IRJET Journal
 
All about idoc definition architecture, implementation
All about idoc definition architecture, implementationAll about idoc definition architecture, implementation
All about idoc definition architecture, implementationmadaxx
 
All about idoc definition architecture, implementation
All about idoc definition architecture, implementationAll about idoc definition architecture, implementation
All about idoc definition architecture, implementationmadaxx
 
Access policy consolidation for event processing systems
Access policy consolidation for event processing systemsAccess policy consolidation for event processing systems
Access policy consolidation for event processing systemssumit kumar
 

Semelhante a Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation) (20)

20.project inventry management system
20.project inventry management system20.project inventry management system
20.project inventry management system
 
Barcodegenrationsystem
BarcodegenrationsystemBarcodegenrationsystem
Barcodegenrationsystem
 
Data and process modeling
Data and process modelingData and process modeling
Data and process modeling
 
[WSO2Con USA 2018] Patterns for Building Streaming Apps
[WSO2Con USA 2018] Patterns for Building Streaming Apps[WSO2Con USA 2018] Patterns for Building Streaming Apps
[WSO2Con USA 2018] Patterns for Building Streaming Apps
 
essentialofdatabasedesign-141203001046-conversion-gate01.pdf
essentialofdatabasedesign-141203001046-conversion-gate01.pdfessentialofdatabasedesign-141203001046-conversion-gate01.pdf
essentialofdatabasedesign-141203001046-conversion-gate01.pdf
 
What is SCADA system? SCADA Solutions for IoT
What is SCADA system? SCADA Solutions for IoTWhat is SCADA system? SCADA Solutions for IoT
What is SCADA system? SCADA Solutions for IoT
 
2 1ictsystemsandcomponents-110314111029-phpapp02
2 1ictsystemsandcomponents-110314111029-phpapp022 1ictsystemsandcomponents-110314111029-phpapp02
2 1ictsystemsandcomponents-110314111029-phpapp02
 
Implementing and auditing security controls part 2
Implementing and auditing security controls part 2Implementing and auditing security controls part 2
Implementing and auditing security controls part 2
 
Patterns for Building Streaming Apps
Patterns for Building Streaming AppsPatterns for Building Streaming Apps
Patterns for Building Streaming Apps
 
Database Design
Database DesignDatabase Design
Database Design
 
2022 APIsecure_Method for exploiting IDOR on nodejs+mongodb based backend
2022 APIsecure_Method for exploiting IDOR on nodejs+mongodb based backend2022 APIsecure_Method for exploiting IDOR on nodejs+mongodb based backend
2022 APIsecure_Method for exploiting IDOR on nodejs+mongodb based backend
 
nTireCAMS – Computerized Asset Management
nTireCAMS – Computerized Asset Management nTireCAMS – Computerized Asset Management
nTireCAMS – Computerized Asset Management
 
Validation
ValidationValidation
Validation
 
WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...
WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...
WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...
 
1Low Cost automated inventory system.docx
1Low Cost automated inventory system.docx1Low Cost automated inventory system.docx
1Low Cost automated inventory system.docx
 
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...
 
All about idoc definition architecture, implementation
All about idoc definition architecture, implementationAll about idoc definition architecture, implementation
All about idoc definition architecture, implementation
 
All about idoc definition architecture, implementation
All about idoc definition architecture, implementationAll about idoc definition architecture, implementation
All about idoc definition architecture, implementation
 
ATS SmartHIS
ATS SmartHISATS SmartHIS
ATS SmartHIS
 
Access policy consolidation for event processing systems
Access policy consolidation for event processing systemsAccess policy consolidation for event processing systems
Access policy consolidation for event processing systems
 

Último

FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024Elizabeth Walsh
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and ModificationsMJDuyan
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxCeline George
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfSherif Taha
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxDr. Sarita Anand
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxDr. Ravikiran H M Gowda
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxUmeshTimilsina1
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17Celine George
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Pooja Bhuva
 

Último (20)

FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptx
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 

Chapter12 - Designing System Interfaces, Controls and Security(Demo Presentation)

  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 13. Concept of System Sequence Diagram (SSD)  Part of system design. Communicates to OO programmers.  SSD shows interaction between actors and system (global SSD), and among objects (detailed SSD)  SSD specifies flow of data (messages)  Messages are actions (resemble commands) invoked on destination object
  • 14. Global SSD Figure 6-14 SSD of a customer order system
  • 15. Global SSD – loops Figure 6-15 Note: extendedPrice = price * quantity Expected output True/False Condition Loop Input
  • 16. Creating global SSD 1. Start with an activity diagram and/or use case description. 2. Identify the input messages from actor to system. For figuring attributes (input parameters), use class diagram. 3. Identify/apply special conditions (iteration) to input messages, if any. 4. Identify output messages.
  • 17. Creating global SSD (cont.) Account accountNo customerID OrderDetai quantity extendPrice Order orderID TotalAmt Product productID size description CatalogProduct price Catalog catalogID Figure 6-16. Activity diagram of Figure 6-17. Global SSD of the same Figure 5-31 (detail). Create New Order use case, Class diagram of RMO Telephone Scenario at RMO
  • 18. Holycross of Davao College System Analysis and Design (IT11) By: John Ely P. Masculino
  • 19. Designing System Interfaces (UI Vs SI) System Interface (SI) User Interface (UI) - I/O with minimal or no - I/O requiring human human intervention. interaction. - User interface is everything end user comes into contact with while using the system - To the user, the interface is the system
  • 20. Identifying System Interfaces - Inputs from other System (messages, EDI). - Highly automated inputs such as scanners. - Inputs that are from data in external databases. - Outputs to external databases. - Outputs with minimal HCI. - Outputs to other systems. - Real-time connection (both input and output).
  • 21. The full range of inputs and outputs in an information system
  • 22. Designing System Inputs - Identify devices and mechanisms • High-level review of most up-to-date methods to enter data - Identify all system inputs and develop list of data content of each • Provide link between design of application software and design of user and system interfaces - Determine controls and security necessary for each system input
  • 23. Input Devices and Mechanism - Capture data as close to original source as possible - Use electronic devices and automatic entry whenever possible - Avoid human involvement as much as possible - Seek information in electronic form to avoid data reentry - Validate and correct information at entry point
  • 24. Prevalent Input Devices to Avoid Human Data Entry - Magnetic card strip readers - Bar code readers - Optical character recognition readers and scanners - Radio-frequency identification tags - Touch screens and devices - Electronic pens and writing surfaces - Digitizers, such as digital cameras and digital audio devices
  • 25. Defining the Details of System Inputs - Ensure all data inputs are identified and specified correctly • Identifying user and system inputs with OO approach has same tasks as traditional approach • OO diagrams are used instead of DFDs and structure charts • System sequence diagrams identify each incoming message • Design class diagrams and sequence diagrams identify and describe input parameters and verify characteristics of inputs
  • 26. Partial System Sequence Diagram for Payroll System Use Cases
  • 27. System Sequence Diagram for Create New Order
  • 28. Input Messages and Data Parameters from RMO System Sequence Diagram
  • 29. Designing System Outputs - Determine each type of output - Make list of specific system outputs required based on application design - Specify any necessary controls to protect information provided in output - Design and prototype output layout - Ad hoc reports – designed as needed by user
  • 30. Defining the Details of System Outputs  Outputs indicated by messages in sequence diagrams – Originate from internal system objects – Sent to external actors or another external system  Output messages based on an individual object are usually part of methods of that class object  To report on all objects within a class, class-level method is used that works on entire class
  • 31. Table of System Outputs Based on OO Messages
  • 32. Types of reports – Printed reports – Electronic displays – Turnaround documents – Graphical and Multimedia presentation
  • 33. Types of Output Reports  Detailed – Contains detailed transactions or records  Summary – Recaps periodic activity  Exception – Only contains information about nonstandard conditions  Executive – Summary report used for strategic decisions
  • 34. Designing Integrity Controls  Mechanisms and procedures built into a system to safeguard it and information contained within  Integrity controls – Built into application and database system to safeguard information  Security controls
  • 35. Objectives of Integrity Controls - Ensure that only appropriate and correct business transactions occur - Ensure that transactions are recorded and processed correctly - Protect and safeguard assets of the organization • Software • Hardware • Information
  • 36. Points of Security and Integrity Controls
  • 37. Input Integrity Controls – Used with all input mechanisms – Additional level of verification to help reduce input errors – Common control techniques • Field combination controls • Value limit controls • Completeness controls • Data validation controls
  • 38. Database Integrity Controls – Access controls – Data encryption – Transaction controls – Update controls – Backup and recovery protection
  • 39. Output Integrity Controls – Ensure output arrives at proper destination and is correct, accurate, complete, and current – Destination controls - output is channeled to correct people – Completeness, accuracy, and correctness controls – Appropriate information present in output
  • 40. Integrity Controls to Prevent Fraud  Three conditions are present in fraud cases – Personal pressure, such as desire to maintain extravagant lifestyle – Rationalizations, including “I will repay this money” or “I have this coming” – Opportunity, such as unverified cash receipts  Control of fraud requires both manual procedures and computer integrity controls
  • 41. Fraud Risks and Prevention Techniques
  • 42. Designing Security Controls  Security controls protect assets of organization from all threats – External threats such as hackers, viruses, worms, and message overload attacks  Security control objectives – Maintain stable, functioning operating environment for users and application systems (24 x 7) – Protect information and transactions during transmission outside organization (public carriers)
  • 43. Security for Access to Systems  Used to control access to any resource managed by operating system or network  User categories – Unauthorized user – no authorization to access – Registered user – authorized to access system – Privileged user – authorized to administrate system  Organized so that all resources can be accessed with same unique ID/password combination
  • 44. Users and Access Roles to Computer Systems
  • 45. Managing User Access  Most common technique is user ID / password  Authorization – Is user permitted to access?  Access control list – users with rights to access  Authentication – Is user who they claim to be?  Smart card – computer-readable plastic card with embedded security information  Biometric devices – keystroke patterns, fingerprinting, retinal scans, voice characteristics
  • 46. Data Security  Data and files themselves must be secure  Encryption – primary security method – Altering data so unauthorized users cannot view  Decryption – Altering encrypted data back to its original state  Symmetric key – same key encrypts and decrypts  Asymmetric key – different key decrypts  Public key – public encrypts; private decrypts
  • 49. Digital Signatures and Certificates  Encryption of messages enables secure exchange of information between two entities with appropriate keys  Digital signature encrypts document with private key to verify document author  Digital certificate is institution’s name and public key that is encrypted and certified by third party  Certifying authority – VeriSign or Equifax
  • 50. Using a Digital Certificate
  • 51. Secure Transactions  Standard set of methods and protocols for authentication, authorization, privacy, integrity  Secure Sockets Layer (SSL) renamed as Transport Layer  Security (TLS) – protocol for secure channel to send messages over Internet  IP Security (IPSec) – newer standard for transmitting Internet messages securely  Secure Hypertext Transport Protocol (HTTPS or HTTP-S) – standard for transmitting Web pages securely (encryption, digital signing, certificates)