Systems Analysis and Design in a Changing World, Fourth Edition

Similar documents
SMart esolutions Information Security

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

Syllabus: The syllabus is broadly structured as follows:

Security & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of

Authentication. Chapter 2

Information Security in Corporation

Security Digital Certificate Manager

Overview. SSL Cryptography Overview CHAPTER 1

Security+ SY0-501 Study Guide Table of Contents

IBM. Security Digital Certificate Manager. IBM i 7.1

IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)

Margret Amatayakul, MBA, RHIA, CHPS, CPHIT, CPEHR, FHIMSS. Margret\A Consulting, LLC

IBM i Version 7.2. Security Digital Certificate Manager IBM

Lesson 13 Securing Web Services (WS-Security, SAML)

Introduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?

Network Security and Cryptography. 2 September Marking Scheme

MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations

How Managed File Transfer Addresses HIPAA Requirements for ephi

IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)

(2½ hours) Total Marks: 75

LBI Public Information. Please consider the impact to the environment before printing this.

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

Answer: D. Answer: B. Answer: B

Define information security Define security as process, not point product.

Network Security and Cryptography. December Sample Exam Marking Scheme

Point ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals

HOST Authentication Overview ECE 525

Introduction and Overview. Why CSCI 454/554?

CPET 499/ITC 250 Web Systems Chapter 16 Security. Topics

IS Today: Managing in a Digital World 9/17/12

Discovering Computers Living in a Digital World

CHAPTER 8 SECURING INFORMATION SYSTEMS

Chapter 4: Networking and the Internet. Network Classifications. Network topologies. Network topologies (continued) Connecting Networks.

Biometrics. Overview of Authentication

PCI PA-DSS Implementation Guide

e-commerce Study Guide Test 2. Security Chapter 10

POLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND. October Table of Contents

CYBER SECURITY MADE SIMPLE

Revised (10/17) Overview Transmission Toolkit

19.1. Security must consider external environment of the system, and protect it from:

PCI PA - DSS. Point Vx Implementation Guide. Version For VeriFone Vx520, Vx680, Vx820 terminals using the Point Vx Payment Core (Point VxPC)

printeract, Xerox Remote Services A step in the right direction

E-Commerce Security Pearson Prentice Hall, Electronic Commerce 2008, Efraim Turban, et al.

SRM ARTS AND SCIENCE COLLEGE SRM NAGAR, KATTANKULATHUR

Types of Peripheral Devices

Security Specification

CSC 474 Network Security. Authentication. Identification

IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

GISF. GIAC Information Security Fundamentals.

Introduction to Information Security Dr. Rick Jerz

Securing Information Systems

elc International School

But where'd that extra "s" come from, and what does it mean?

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Securing Information Systems

Most Common Security Threats (cont.)

Symmetric Key Services Markup Language Use Cases

Indicate whether the statement is true or false.

E-commerce security: SSL/TLS, SET and others. 4.1

SYSTEM AND METHOD FOR FACILITATING SECURE TRANSACTIONS

HIPAA Compliance Checklist

# ROLE DESCRIPTION / BENEFIT ISSUES / RISKS

Simple and Powerful Security for PCI DSS

Introduction to Computer Science. William Hsu Department of Computer Science and Engineering National Taiwan Ocean University

Trusted Computing Group

Telemetry Data Sharing Using S/MIME

HY-457 Information Systems Security

Implementation Guide for Delivery Notification in Direct

Content and Purpose of This Guide... 1 User Management... 2

WHITE PAPER. Authentication and Encryption Design

Information Security & Privacy

Boundary control : Access Controls: An access control mechanism processes users request for resources in three steps: Identification:

itexamdump 최고이자최신인 IT 인증시험덤프 일년무료업데이트서비스제공

Systems Analysis and Design in a Changing World, Fourth Edition

CSWAE Certified Secure Web Application Engineer

HIPAA Regulatory Compliance

IT Auditing, Hall, 3e

Discovering Computers Living in a Digital World

Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.

AIT 682: Network and Systems Security

Authentication. Identification. AIT 682: Network and Systems Security

Authentication & Authorization

Integration of Agilent UV-Visible ChemStation with OpenLAB ECM

Chapter 4: Networking and the Internet

Electronic Signature Policy

printeract, Xerox Remote Services Overview

Authentication Technologies

Chapter 4: Networking and the Internet. Figure 4.1 Network topologies. Network Classifications. Protocols. (continued)

Chapter 4: Networking and the Internet

Exam : Title : Security Solutions for Systems Engineers(SSSE) Version : Demo

Securing Information Systems

Lecture 9. Authentication & Key Distribution

Chapter Topics Part 1. Network Definitions. Behind the Scenes: Networking and Security

SAMPLE COURSE OUTLINE APPLIED INFORMATION TECHNOLOGY ATAR YEAR 12

Cryptography and Network Security. Sixth Edition by William Stallings

Unit-VI. User Authentication Mechanisms.

Transcription:

Systems Analysis and Design in a Changing World, Fourth Edition

Learning Objectives Discuss examples of system interfaces found in information systems Define system inputs and outputs based on the requirements of the application program Design printed and on-screen reports appropriate for recipients Systems Analysis and Design in a Changing World, 4th Edition 2

Learning Objectives (continued) Explain the importance of integrity controls Identify required integrity controls for inputs, outputs, data, and processing Discuss issues related to security that affect the design and operation of information systems Systems Analysis and Design in a Changing World, 4th Edition 3

Overview This chapter focuses on system interfaces, system outputs, and system controls that do not require much human interaction Many system interfaces are electronic transmissions or paper outputs to external agents System developers need to design and implement integrity and security controls to protect system and its data Outside threats from Internet and e-commerce are growing concern Systems Analysis and Design in a Changing World, 4th Edition 4

Identifying System Interfaces System interfaces are broadly defined as inputs or outputs with minimal or no human intervention Inputs from other systems (messages, EDI) Highly automated input devices such as scanners Inputs that are from data in external databases Outputs to external databases Outputs with minimal HCI Outputs to other systems Real-time connections (both input and output) Systems Analysis and Design in a Changing World, 4th Edition 5

Full Range of Inputs and Outputs Systems Analysis and Design in a Changing World, 4th Edition 6

extensible Markup Language (XML) Extension of HTML that embeds self-defined data structures in textual messages Transaction that contains data fields can be sent with XML codes to define meaning of data fields XML provides common system-to-system interface XML is simple and readable by people Web services is based on XML to send business transactions over Internet Systems Analysis and Design in a Changing World, 4th Edition 7

System-to-System Interface Based on XML Systems Analysis and Design in a Changing World, 4th Edition 8

Design of System Inputs Identify devices and mechanisms used to enter input High-level review of most up-to-date methods to enter data Identify all system inputs and develop list of data content for each Provide link between design of application software and design of user and system interfaces Determine controls and security necessary for each system input Systems Analysis and Design in a Changing World, 4th Edition 9

Input Devices and Mechanisms Capture data as close to original source as possible Use electronic devices and automatic entry whenever possible Avoid human involvement as much as possible Seek information in electronic form to avoid data re-entry Validate and correct information at entry point Systems Analysis and Design in a Changing World, 4th Edition 10

Prevalent Input Devices to Avoid Human Data Entry Magnetic card strip readers Bar code readers Optical character recognition readers and scanners Radio-frequency identification tags Touch screens and devices Electronic pens and writing surfaces Digitizers, such as digital cameras and digital audio devices Systems Analysis and Design in a Changing World, 4th Edition 11

Defining the Details of System Inputs Ensure all data inputs are identified and specified correctly Can use traditional structured models Identify automation boundary Use DFD fragments Segment by program boundaries Examine structure charts Analyze each module and data couple List individual data fields Systems Analysis and Design in a Changing World, 4th Edition 12

Automation Boundary on a System-Level DFD Systems Analysis and Design in a Changing World, 4th Edition 13

Create New Order DFD with an Automation Boundary Systems Analysis and Design in a Changing World, 4th Edition

List of Inputs for Customer Support System Systems Analysis and Design in a Changing World, 4th Edition 15

Structure Chart for Create New Order (Figure -6) Systems Analysis and Design in a Changing World, 4th Edition 16

Data Flows, Data Couples, and Data Elements Making Up Inputs (Figure -7) Systems Analysis and Design in a Changing World, 4th Edition 17

Using Object-Oriented Models Identifying user and system inputs with OO approach has same tasks as traditional approach OO diagrams are used instead of DFDs and structure charts System sequence diagrams identify each incoming message Design class diagrams and sequence diagrams identify and describe input parameters and verify characteristics of inputs Systems Analysis and Design in a Changing World, 4th Edition 18

Partial System Sequence Diagram for Payroll System Use Cases (Figure -8) Systems Analysis and Design in a Changing World, 4th Edition 19

System Sequence Diagram for Create New Order Systems Analysis and Design in a Changing World, 4th Edition 20

Input Messages and Data Parameters from RMO System Sequence Diagram (Figure -10) Systems Analysis and Design in a Changing World, 4th Edition 21

Designing System Outputs Determine each type of output Make list of specific system outputs required based on application design Specify any necessary controls to protect information provided in output Design and prototype output layout Ad hoc reports designed as needed by user Systems Analysis and Design in a Changing World, 4th Edition 22

Defining the Details of System Outputs Type of reports Printed reports Electronic displays Turnaround documents Can use traditional structured models to identify outputs Data flows crossing automation boundary Data couples and report data requirements on structure chart Systems Analysis and Design in a Changing World, 4th Edition 23

Table of System Outputs Based on Traditional Structured Approach (Figure -11) Systems Analysis and Design in a Changing World, 4th Edition 24

Using Object-Oriented Models Outputs indicated by messages in sequence diagrams Originate from internal system objects Sent to external actors or another external system Output messages based on an individual object are usually part of methods of that class object To report on all objects within a class, class-level method is used that works on entire class Systems Analysis and Design in a Changing World, 4th Edition 25

Table of System Outputs Based on OO Messages (Figure -12) Systems Analysis and Design in a Changing World, 4th Edition 26

Designing Reports, Statements, and Turnaround Documents Printed versus electronic Types of output reports Detailed Summary Exception Executive Internal versus external Graphical and multimedia presentation Systems Analysis and Design in a Changing World, 4th Edition 27

RMO Summary Report with Drill Down to the Detailed Report Systems Analysis and Design in a Changing World, 4th Edition 28

Sample Bar Chart and Pie Chart Reports Systems Analysis and Design in a Changing World, 4th Edition 29

Formatting Reports What is objective of report? Who is the intended audience? What is media for presentation? Avoid information overload Format considerations include meaningful headings, date of information, date report produced, page numbers Systems Analysis and Design in a Changing World, 4th Edition 30

Designing Integrity Controls Mechanisms and procedures built into a system to safeguard it and information contained within Integrity controls Built into application and database system to safeguard information Security controls Built into operating system and network Systems Analysis and Design in a Changing World, 4th Edition 31

Objectives of Integrity Controls Ensure that only appropriate and correct business transactions occur Ensure that transactions are recorded and processed correctly Protect and safeguard assets of the organization Software Hardware Information Systems Analysis and Design in a Changing World, 4th Edition 32

Points of Security and Integrity Controls Systems Analysis and Design in a Changing World, 4th Edition 33

Input Integrity Controls Used with all input mechanisms Additional level of verification to help reduce input errors Common control techniques Field combination controls Value limit controls Completeness controls Data validation controls Systems Analysis and Design in a Changing World, 4th Edition 34

Database Integrity Controls Access controls Data encryption Transaction controls Update controls Backup and recovery protection Systems Analysis and Design in a Changing World, 4th Edition 35

Output Integrity Controls Ensure output arrives at proper destination and is correct, accurate, complete, and current Destination controls - output is channeled to correct people Completeness, accuracy, and correctness controls Appropriate information present in output Systems Analysis and Design in a Changing World, 4th Edition 36

Integrity Controls to Prevent Fraud Three conditions are present in fraud cases Personal pressure, such as desire to maintain extravagant lifestyle Rationalizations, including I will repay this money or I have this coming Opportunity, such as unverified cash receipts Control of fraud requires both manual procedures and computer integrity controls Systems Analysis and Design in a Changing World, 4th Edition 37

Fraud Risks and Prevention Techniques Systems Analysis and Design in a Changing World, 4th Edition 38

Designing Security Controls Security controls protect assets of organization from all threats External threats such as hackers, viruses, worms, and message overload attacks Security control objectives Maintain stable, functioning operating environment for users and application systems (24 x 7) Protect information and transactions during transmission outside organization (public carriers) Systems Analysis and Design in a Changing World, 4th Edition 39

Security for Access to Systems Used to control access to any resource managed by operating system or network User categories Unauthorized user no authorization to access Registered user authorized to access system Privileged user authorized to administrate system Organized so that all resources can be accessed with same unique ID/password combination Systems Analysis and Design in a Changing World, 4th Edition 40

Users and Access Roles to Computer Systems Systems Analysis and Design in a Changing World, 4th Edition 41

Managing User Access Most common technique is user ID / password Authorization Is user permitted to access? Access control list users with rights to access Authentication Is user who they claim to be? Smart card computer-readable plastic card with embedded security information Biometric devices keystroke patterns, fingerprinting, retinal scans, voice characteristics Systems Analysis and Design in a Changing World, 4th Edition 42

Data Security Data and files themselves must be secure Encryption primary security method Altering data so unauthorized users cannot view Decryption Altering encrypted data back to its original state Symmetric key same key encrypts and decrypts Asymmetric key different key decrypts Public key public encrypts; private decrypts Systems Analysis and Design in a Changing World, 4th Edition 43

Symmetric Key Encryption Systems Analysis and Design in a Changing World, 4th Edition 44

Asymmetric Key Encryption Systems Analysis and Design in a Changing World, 4th Edition 45

Digital Signatures and Certificates Encryption of messages enables secure exchange of information between two entities with appropriate keys Digital signature encrypts document with private key to verify document author Digital certificate is institution s name and public key that is encrypted and certified by third party Certifying authority VeriSign or Equifax Systems Analysis and Design in a Changing World, 4th Edition 46

Using a Digital Certificate Systems Analysis and Design in a Changing World, 4th Edition 47

Secure Transactions Standard set of methods and protocols for authentication, authorization, privacy, integrity Secure Sockets Layer (SSL) renamed as Transport Layer Security (TLS) protocol for secure channel to send messages over Internet IP Security (IPSec) newer standard for transmitting Internet messages securely Secure Hypertext Transport Protocol (HTTPS or HTTP-S) standard for transmitting Web pages securely (encryption, digital signing, certificates) Systems Analysis and Design in a Changing World, 4th Edition 48

Summary System interfaces include all inputs and outputs except those that are part of GUI Designing inputs to system is three-step process Identify devices/mechanisms used to enter input Identify system inputs; develop list of data content Determine controls and security necessary for each system input Traditional approach to design inputs and outputs DFDs, data flow definitions, structure charts Systems Analysis and Design in a Changing World, 4th Edition 49

Summary (continued) OO approach to design inputs and outputs Sequence diagrams, class diagrams Integrity controls and security designed into system Ensure only appropriate and correct business transactions occur Ensure transactions are recorded and processed correctly Protect and safeguard assets of the organization Control access to resources Systems Analysis and Design in a Changing World, 4th Edition 50

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback