15

Chapter 15:
Designing System Interfaces,
Controls, and Security

Systems Analysis and Design in a Changing

World, 3rd Edition
 15
Learning Objectives

◆ Discuss examples of system interfaces found in

information systems

◆ Define system inputs and outputs based on the

requirements of the application program

◆ Design printed and on-screen reports appropriate

for recipients

Systems Analysis and Design in a Changing World, 3rd Edition 2

 15
Learning Objectives (continued)

◆ Explain the importance of integrity controls

◆ Identify required integrity controls for inputs,

outputs, data, and processing

◆ Discuss issues related to security that affect the

design and operation of information systems

Systems Analysis and Design in a Changing World, 3rd Edition 3

 15
Overview
◆ This chapter focuses on systems interfaces,
systems output, and systems controls that do not
require much human interaction
◆ Many system interfaces are electronic
transmissions or paper outputs to external agents
◆ System developers need to design and
implement integrity and security controls to
protect system and its data
◆ Outside threats from Internet and e-commerce
are growing concern
Systems Analysis and Design in a Changing World, 3rd Edition 4
 15
Identifying System Interfaces
◆ Systems interfaces are broadly defined as inputs
or outputs with minimal or no human intervention
● Inputs from other systems (messages, EDI)
● Highly automated input devices such as scanners
● Inputs that are from data in external databases
● Outputs that are to external databases
● Outputs with minimal HCI
● Outputs to other systems
● Real-time connections (both input and output)

Systems Analysis and Design in a Changing World, 3rd Edition 5

 15
Full Range of Inputs and Outputs

Systems Analysis and Design in a Changing World, 3rd Edition 6

 15
eXtensible Markup Language (XML)
◆ Extension of HTML that embeds self-defined data
structures within textual messages
◆ Transaction that contains data fields can be sent
with XML codes to define meaning of data fields
◆ XML provides common system-to-system
interface
◆ XML is simple and readable by people
◆ Web services is based on XML to send business
transactions over Internet
Systems Analysis and Design in a Changing World, 3rd Edition 7
 15
System-to-System Interface Based on XML

Systems Analysis and Design in a Changing World, 3rd Edition 8

 15
Design of System Inputs
◆ Identify devices and mechanisms used to enter
input
● High-level review of most up-to-date methods to
enter data
◆ Identify all system inputs and develop list of data
content with each
● Provides link between design of application
software and design of user and system interfaces
◆ Determine controls and security necessary for
each system input

Systems Analysis and Design in a Changing World, 3rd Edition 9

 15
Input Devices and Mechanisms
◆ Capture data as close to origination source as
possible
◆ Use electronic devices and automatic entry
whenever possible
◆ Avoid human involvement as much as possible
◆ Seek information in electronic form to avoid data
reentry
◆ Validate and correct information at entry point

Systems Analysis and Design in a Changing World, 3rd Edition 10

 15
Prevalent Input Devices
to Avoid Human Data Entry

◆ Magnetic card strip readers

◆ Bar-code readers
◆ Optical character recognition readers and
scanners
◆ Touch screens and devices
◆ Electronic pens and writing surfaces
◆ Digitizers, such as digital cameras and digital
audio devices
Systems Analysis and Design in a Changing World, 3rd Edition 11
 15
Defining the Details of System Inputs
◆ Ensure all data inputs are identified and specified
correctly
◆ Can use traditional structured models
● Identify automation boundary
◆ Use DFD fragments
◆ Segment by program boundaries
● Examine Structure Charts
◆ Analyze each module and data couple
◆ List individual data fields
Systems Analysis and Design in a Changing World, 3rd Edition 12
 15
Automation Boundary on a
System-level DFD

Systems Analysis and Design in a Changing World, 3rd Edition 13

 15
Create New Order DFD with
an Automation Boundary

Systems Analysis and Design in a Changing World, 3rd Edition 14

 15
List of Inputs for Customer Support
System

Systems Analysis and Design in a Changing World, 3rd Edition 15

 15
Structure Chart for Create New Order

Systems Analysis and Design in a Changing World, 3rd Edition 16

 15
Data Flows, Data Couples, and Data
Elements Making up Inputs

Systems Analysis and Design in a Changing World, 3rd Edition 17

 15
Using Object-Oriented Models
◆ Identifying user and system inputs with OO
approach has same tasks as traditional approach
◆ OO diagrams are used instead of DFDs and
structure charts
◆ System sequence diagrams identify each
incoming message
◆ Design class diagrams identify and describe input
parameters and contain pseudocode to verify
characteristics of inputs

Systems Analysis and Design in a Changing World, 3rd Edition 18

 15
Partial System Sequence Diagram for
Payroll System Use Cases

Systems Analysis and Design in a Changing World, 3rd Edition 19

 15
System Sequence Diagram for
Create New Order

Systems Analysis and Design in a Changing World, 3rd Edition 20

 15
Input Messages and Data Parameters
from RMO System Sequence Diagram

Systems Analysis and Design in a Changing World, 3rd Edition 21

 15
Designing System Outputs
◆ Determine each type of output

◆ Make list of specific system outputs required

based on application design

◆ Specify any necessary controls to protect

information provided in output

◆ Design and prototype output layout

◆ Ad hoc reports – designed as needed by user

Systems Analysis and Design in a Changing World, 3rd Edition 22
 15
Defining the Details of System Outputs
◆ Type of reports
● Printed reports
● Electronic displays
● Turnaround documents
◆ May use traditional structured models to identify
outputs
● Data flows crossing automation boundary
● Data couples and report data requirements on
structure chart
Systems Analysis and Design in a Changing World, 3rd Edition 23
 15
Table of System Outputs Based on
Traditional Structured Approach

Systems Analysis and Design in a Changing World, 3rd Edition 24

 15
Using Object-Oriented Models
◆ Outputs indicated by messages in sequence
diagrams
● Originate from internal system objects
● Sent to external actors or another external system

◆ Output messages based on an individual object

are usually part of methods of that class object

◆ To report on all objects within a class, class-level

method is used that works on entire class

Systems Analysis and Design in a Changing World, 3rd Edition 25

 15
Table of System Outputs Based
on OO Messages

Systems Analysis and Design in a Changing World, 3rd Edition 26

 15
Designing Reports, Statements, and
Turnaround Documents
◆ Printed versus electronic
◆ Type of output reports
● Detailed
● Summary
● Exception
● Executive
◆ Internal versus external
◆ Graphical and multimedia presentation
Systems Analysis and Design in a Changing World, 3rd Edition 27
 15
RMO Summary Report with
Drill Down to the Detailed Report

Systems Analysis and Design in a Changing World, 3rd Edition 28

 15
Sample Bar Chart and Pie Chart Reports

Systems Analysis and Design in a Changing World, 3rd Edition 29

 15
Formatting Reports
◆ What is objective of report?

◆ Who is the intended audience?

◆ What is media for presentation?

◆ Avoid information overload

◆ Format considerations such as meaningful

headings, date of information, date report
produced, page numbers

Systems Analysis and Design in a Changing World, 3rd Edition 30

 15
Designing Integrity Controls
◆ Mechanisms and procedures built into a system
to safeguard it and information contained within

◆ Integrity controls
● Built into application and database system to
safeguard information

◆ Security controls
● Built into operating system and network

Systems Analysis and Design in a Changing World, 3rd Edition 31

 15
Objectives of Integrity Controls
◆ Ensure that only appropriate and correct
business transactions occur

◆ Ensure that transactions are recorded and

processed correctly

◆ Protect and safeguard assets of the organization

● Software
● Hardware
● Information

Systems Analysis and Design in a Changing World, 3rd Edition 32

 15
Points of Security and Integrity Controls

Systems Analysis and Design in a Changing World, 3rd Edition 33

 15
Input Integrity Controls
◆ Used with all input mechanisms
◆ Additional level of verification to help reduce input
errors
◆ Common control techniques
● Field combination controls
● Value limit controls
● Completeness controls
● Data validation controls

Systems Analysis and Design in a Changing World, 3rd Edition 34

 15
Database Integrity Controls
◆ Access control

◆ Data encryption

◆ Transaction control

◆ Update control

◆ Backup and recovery protection

Systems Analysis and Design in a Changing World, 3rd Edition 35
 15
Output Integrity Controls
◆ Ensures output arrives at proper destination and
is correct, accurate, complete, and current

◆ Destination controls - output is channeled to

correct people

◆ Completeness, accuracy, and correctness

controls

◆ Appropriate information present on output

Systems Analysis and Design in a Changing World, 3rd Edition 36

 15
Integrity Controls to Prevent Fraud
◆ Three conditions are present in fraud cases

● Personal pressure, such as desire to maintain

extravagant lifestyle

● Rationalization, such as person’s thoughts that “I

will repay this money”

● Opportunity, such as unverified cash receipts

◆ Control of fraud requires both manual procedures

and computer integrity controls
Systems Analysis and Design in a Changing World, 3rd Edition 37
 15
Fraud Risks and Prevention Techniques

Systems Analysis and Design in a Changing World, 3rd Edition 38

 15
Designing Security Controls
◆ Security controls protect assets of organization
from all threats
● External threats such as hackers, viruses, worms,
and message overload attacks
◆ Security control objectives
● Maintain stable, functioning operating environment
for users and application systems (24 x 7)
● Protect information and transactions during
transmission outside organization (public carriers)

Systems Analysis and Design in a Changing World, 3rd Edition 39

 15
Security for Access to Systems
◆ Used to control access to any resource managed
by operating system or network
◆ User categories
● Unauthorized user – no authorization to access
● Registered user – authorized to access system
● Privileged user – authorized to administrate
system
◆ Organized so that all resources can be accessed
with same unique ID/password combination
Systems Analysis and Design in a Changing World, 3rd Edition 40
 15
Users and Access Roles to
Computer Systems

Systems Analysis and Design in a Changing World, 3rd Edition 41

 15
Managing User Access

◆ Most common technique is user ID / password

◆ Authorization – Is user permitted to access?
◆ Access control list – users with rights to access
◆ Authentication – Is user who they claim to be?
◆ Smart card – computer readable plastic card with
embedded security information
◆ Biometric devices – keystroke patterns,
fingerprint, retinal scans, voice characteristics
Systems Analysis and Design in a Changing World, 3rd Edition 42
 15
Data Security
◆ Data and files themselves must be secure
◆ Encryption – primary security method
● Altering data so unauthorized users cannot view
◆ Decryption
● Altering encrypted data back to original state
◆ Symmetric key – same key encrypts and decrypts
◆ Asymmetric key – different key decrypts
◆ Public key – public encrypts, private decrypts
Systems Analysis and Design in a Changing World, 3rd Edition 43
 15
Symmetric Key Encryption

Systems Analysis and Design in a Changing World, 3rd Edition 44

 15
Asymmetric Key Encryption

Systems Analysis and Design in a Changing World, 3rd Edition 45

 15
Digital signatures and certificates
◆ Encryption of messages enables secure
exchange of information between two entities with
appropriate keys
◆ Digital signature encrypts document with private
key to verify document author
◆ Digital certificate is institution’s name and public
key that is encrypted and certified by third party
◆ Certifying authority
● Verisign or Equifax

Systems Analysis and Design in a Changing World, 3rd Edition 46

 15
Using a Digital Certificate

Systems Analysis and Design in a Changing World, 3rd Edition 47

 15
Secure Transactions
◆ Standard set of methods and protocols for
authentication, authorization, privacy, integrity
◆ Secure Sockets Layer (SSL) renamed as
Transport Layer Security (TLS) – protocol for
secure channel to send messages over Internet
◆ IP Security (IPSec) – newer standard for secure
Internet message transmission
◆ Secure Hypertext Transport Protocol (HTTPS or
HTTP-S) – standard for transmitting Web pages
securely (encryption, digital signing, certificates)

Systems Analysis and Design in a Changing World, 3rd Edition 48

 15
Summary
◆ System interfaces all inputs/outputs except (GUI)
◆ Designing inputs to system is three-step process
● Identify devices/mechanisms used to enter input
● Identify system inputs, develop list of data content
● Determine controls and security necessary for
each system input
◆ Traditional approach to design inputs and outputs
● DFDs, data flow definitions, structure charts
Systems Analysis and Design in a Changing World, 3rd Edition 49
 15
Summary (continued)
◆ OO approach to design inputs and outputs
● Sequence diagrams, class diagrams, DFDs
◆ Integrity controls and security designed into
system
● Only appropriate and correct business
transactions occur
● Transactions are recorded and processed
correctly
● Protect and safeguard assets of the organization
● Control access to resources
Systems Analysis and Design in a Changing World, 3rd Edition 50