Designing Certificates of Recognition

Document Sample
Designing Certificates of Recognition Powered By Docstoc
					Designing Inputs, Outputs, and
          Controls




                                 1
                 Final Exam
•   Chapters 1 to 12 and 14 and 15
•   20 multiple choices
•   4 short questions
•   OO diagram
    – Use Case
    – Class
    – Sequence

                                     2
                 Overview
• This chapter focuses on system interfaces,
  system outputs, and system controls that do not
  require much human interaction
• Many system interfaces are electronic
  transmissions or paper outputs to external
  agents
• System developers need to design and
  implement integrity and security controls to
  protect system and its data
• Outside threats from Internet and e-commerce
  are growing concern                          3
  Identifying System Interfaces
• System interfaces are broadly defined as
  inputs or outputs with minimal or no human
  intervention
  – Inputs from other systems (messages, EDI)
  – Highly automated input devices such as
    scanners
  – Inputs that are from data in external databases
  – Outputs to external databases
  – Outputs to other systems
  – Real-time connections (both input and output)
                                                      4
Full Range of Inputs and Outputs




                                   5
  eXtensible Markup Language
             (XML)
• Extension of HTML that embeds self-
  defined data structures in textual messages
• Transaction that contains data fields can be
  sent with XML codes to define meaning of
  data fields
• XML provides common system-to-system
  interface
• XML is simple and readable by people
• Web services is based on XML to send
                                                 6
  business transactions over Internet
    System-to-System Interface
         Based on XML




Before XML This would be something like:
RM010989;william jones;120 Roundabout Road;Los Angeles 7….
       Design of System Inputs
• Identify devices and mechanisms used to
  enter input
  – High-level review of most up-to-date methods
    to enter data
• Identify all system inputs and develop list of
  data content for each
  – Provide link between design of application
    software and design of user and system
    interfaces
• Determine controls and security necessary
  for each system input                            8
  Input Devices and Mechanisms
• Capture data as close to original source as
  possible
• Use electronic devices and automatic entry
  whenever possible
• Avoid human involvement as much as
  possible
• Seek information in electronic form to avoid
  data re-entry
• Validate and correct information at entry
  point                                       9
      Prevalent Input Devices
    to Avoid Human Data Entry
• Magnetic card strip readers
• Bar code readers
• Optical character recognition readers and
  scanners
• Radio-frequency identification tags
• Touch screens and devices
• Electronic pens and writing surfaces
• Digitizers, such as digital cameras and digital
  audio devices
                                                10
  Defining the Details of System
              Inputs
• Ensure all data inputs are identified and
  specified correctly
• Can use traditional structured models
  – Identify automation boundary
     • Use DFD fragments
     • Segment by program boundaries
  – Examine structure charts
     • Analyze each module and data couple
     • List individual data fields
                                              11
Automation Boundary on a
   System-Level DFD




                           12
Create New Order DFD with
 an Automation Boundary




                            13
List of Inputs for Customer Support
               System




                                      14
Structure Chart for Create New Order
            (Figure 14-6)




                                       15
 Data Flows, Data Couples, and
Data Elements Making Up Inputs
          (Figure 14-7)




                             16
  Using Object-Oriented Models
• Identifying user and system inputs with OO
  approach has same tasks as traditional
  approach
• OO diagrams are used instead of DFDs and
  structure charts
• System sequence diagrams identify each
  incoming message
• Design class diagrams and sequence
  diagrams identify and describe input
  parameters and verify characteristics of
                                            17
  inputs
System Sequence Diagram for
     Create New Order




                              18
 Input Messages and Data Parameters
from RMO System Sequence Diagram
            (Figure 14-10)




                                  19
    Designing System Outputs
• Determine each type of output
• Make list of specific system outputs
  required based on application design
• Specify any necessary controls to protect
  information provided in output
• Design and prototype output layout
• Ad hoc reports – designed as needed by      20
  user
         Designing Reports and
              Statements
• Printed versus electronic
• Types of output reports
  –   Detailed
  –   Summary
  –   Exception
  –   Executive
• Internal versus external
• Graphical and multimedia presentation
                                          21
  RMO Summary Report with
Drill Down to the Detailed Report




                                22
Sample Bar Chart and Pie Chart Reports




                                         23
         Formatting Reports
• What is the objective of report?
• Who is the intended audience?
• What is the media for presentation?
• Avoid information overload
• Format considerations include meaningful
  headings, date of information, date report
  produced, page numbers
                                               24
   Designing Integrity Controls
• Mechanisms and procedures built into a
  system to safeguard it and information
  contained within

• Integrity controls
  – Built into application and database system to
    safeguard information

• Security controls
                                                    25
  – Built into operating system and network
 Objectives of Integrity Controls
• Ensure that only appropriate and correct
  business transactions occur
• Ensure that transactions are recorded and
  processed correctly
• Protect and safeguard assets of the
  organization
  – Software
  – Hardware
                                              26
  – Information
        Input Integrity Controls
• Used with all input mechanisms
• Additional level of verification to help
  reduce input errors
• Common control techniques
  –   Field combination controls
  –   Value limit controls
  –   Completeness controls
  –   Data validation controls
                                             27
    Database Integrity Controls
• Access controls

• Data encryption

• Transaction controls

• Update controls

• Backup and recovery protection
                                   28
     Output Integrity Controls
• Ensure output arrives at proper destination
  and is correct, accurate, complete, and
  current

• Destination controls - output is channeled to
  correct people

• Completeness, accuracy, and correctness
  controls
                                                29
• Appropriate information present in output
           Interface Design Guidelines

• Many interface design guidelines have been
  published to help system developers
   – Range from general to very specific rules
• System design standards
   – General principles and rules that must be followed for
     the interface of any system developed by the
     organization
   – Helps to ensure that all user interfaces are usable and
     all systems developed by the organization have a
     similar look and feel

                                                               30
              Visibility and Affordance

• Two key principles to ensure good human-
  computer interaction (Donald Norman)
  – Visibility
     • A key principle of HCI that states all controls should be visible
       (so users know its availability) and provide feedback to
       indicate the control is responding to the user’s actions
     • E.g. a button that can be clicked should be visible, and when it
       is clicked should look like it has been pressed to indicate it is
       responding
  – Affordance
     • A key principle of HCI that states that the appearance of any
       control should suggest its functionality
     • e.g. a button affords clicking, a scroll bar affords scrolling, an
       item in a list affords selecting etc.
     • Applies to objects on the desktop
                                                                            31
           Implications for designers

• If designers make all controls visible and clear
  more likely the interface will be usable
• Most users are now familiar with Windows user
  interface and common Windows controls
• These principles should also be applied carefully
  to design of web pages, where there are new types
  of controls and possible designs of interfaces (not
  standardized)



                                                    32
                  Eight Golden Rules

•    Ben Shneiderman proposes eight underlying
     principles applicable to most interactive systems
     (and key to usability)
    1.   Strive for consistency
    2.   Enable frequent users to use short cuts
    3.   Offer informative feedback
    4.   Design dialogs to yield closure
    5.   Offer simple error handling
    6.   Permit easy reversal of actions
    7.   Support internal locus of control
    8.   Reduce short-term memory load

                                                     33
                1. Strive for Consistency
• Information arranged on forms, the names and
  arrangement of menus, the size and shape of icons etc.
  should be consistent throughout the system
   – This allows for many actions to become automatic
   – If a new application comes along with a different way of
     functioning have to relearn all the basic operations
   – Apple Macintosh was the first to emphasize the benefits of
     consistency
      • Mac applications were consistent and a standards document was
        created for people writing Mac applications (so if you knew one you
        could figure out other applications easily since they were consistent)
   – E.g. consistency in the menu bar for File, Edit and Format
   – However some applications may not fit such guidelines and
     inconsistency may be useful for differentiating applications
                                                              34
     (for running and learning)
 2. Enable Frequent Users to Use Short Cuts

• Users who work with one application all the time are
  willing to invest time to learn short cuts
• They begin to lose patience with long menu sequences
  when they know exactly what they want to do
• Short-cut keys can reduce the number of interactions for a
  given task
• Designers can provide macro facilities for users to create
  their own short cuts
• E.g. mail order entry clerks at RMO wouldn’t want long
  multiple menus to slow them down, but instead short-cuts
  would make them more productive

                                                           35
          3. Offer Informative Feedback

• Every action a user takes should result in some
  type of feedback from the computer
   – Eg. If the user clicks a button it should visually change
     and perhaps make a sound to indicate it has responded
   – Feedback of information to the user is also important
      • E.g. if a mail-order clerk enters a customer ID number in the
        screen, the computer should display the name and address for
        confirmation by the clerk
      • E.g. if the clerk enters a product ID for the order, the system
        should display a description of the product



                                                                          36
      4. Design Dialogs to Yield Closure

• Each dialog with the system should be organized
  with a clear sequence (with a beginning and an
  end)
   – Reading one’s email
• If the system requirements are defined as events to
  which the system responds, each event leads to
  processing of one specific, well-defined activity
• Traditional approach
   – Each activity is defined by data flow diagrams and
     structured English
• Object-oriented approach
   – Each activity (a use case) might be further defined as
     multiple scenarios, each with a flow of events           37
          5. Offer Simple Error Handling
• Errors can be costly so designers must try to
  prevent users from making errors
   – Chief way is by limiting available options and allowing
     user to choose from valid options at any point in the
     dialog
   – Adequate feedback also reduces errors
• When errors occur need ways to handle it
   – Error messages should state specifically what is wrong
     and explain how to create it
   – Avoid message that scare or blame the user:
      e.g. “FATAL ERROR 2001”
   – Also provide information that makes it easy to correct
     the error:
      e.g. “The date of birth entered is not valid. Check to be sure only
        numeric characters in appropriate ranges are entered in the date
        of birth fields…”                                                 38
      6. Permit Easy Reversal of Actions

• Users need to feel that they can explore options
  and take actions that can be canceled or reversed
  easily
• Allows users to learn about the system by
  exploring
• If they make a mistake, they can cancel the action
• Should include cancel buttons on all dialog boxes
• Also if user is going to delete something
  substantial (e.g. a file) the system should ask the
  user to confirm the action

                                                    39
     7. Support Internal Locus of Control

• Experienced users want to feel they are in charge
  of the system and the system responds to them
• They should not be forced to do anything or made
  to feel the system is controlling them
• Much of this “comfort” and control is provided by
  the wording of prompts and messages
• Writing out a dialog can help to lead to such a
  design

                                                  40
     8. Reduce Short-Term Memory Load

• People have short-term memory limitations
   – People remember only about seven chunks of
     information at a time
   – Interface designer cannot assume the user will
     remember anything from form to form, or dialog box to
     dialog box
   – If user has to stop and ask “Now what was the
     filename? The customer ID?” then the design is placing
     a burden on the user’s memory


                                                          41
    Integrity Controls to Prevent
               Fraud
• Three conditions are present in fraud cases

  – Personal pressure, such as desire to maintain
    extravagant lifestyle

  – Rationalizations, including “I will repay this
    money” or “I have this coming”

  – Opportunity, such as unverified cash receipts

• Control of fraud requires both manual
  procedures and computer integrity controls         42
Fraud Risks and Prevention
       Techniques




                             43
   Designing Security Controls
• Security controls protect assets of
  organization from all threats
  – External threats such as hackers, viruses,
    worms, and message overload attacks

• Security control objectives
  – Maintain stable, functioning operating
    environment for users and application systems
    (24 x 7)
  – Protect information and transactions during
    transmission outside organization (public       44
    carriers)
 Security for Access to Systems
• Used to control access to any resource
  managed by operating system or network
• User categories
  – Unauthorized user – no authorization to access
  – Registered user – authorized to access system
  – Privileged user – authorized to administrate
    system
• Organized so that all resources can be
  accessed with same unique ID/password
  combination
                                                     45
Users and Access Roles to
   Computer Systems




                            46
         Managing User Access
• Most common technique is user ID / password
• Authorization – Is user permitted to access?
• Access control list – users with rights to access
• Authentication – Is the user who they claim to
  be?
• Smart card – computer-readable plastic card
  with embedded security information
• Biometric devices – keystroke patterns,
  fingerprinting, retinal scans, voice
  characteristics                                 47
               Data Security
• Data and files themselves must be secure
• Encryption – primary security method
  – Altering data so unauthorized users cannot view
• Decryption
  – Altering encrypted data back to its original state
• Symmetric key – same key encrypts and
  decrypts
• Asymmetric key – different key decrypts
• Public key – public encrypts; private
  decrypts                                          48
Symmetric Key Encryption




                           49
     Asymmetric Key Encryption




Systems Analysis and   50
Design in a Changing
        Digital Signatures and
             Certificates
• Encryption of messages enables secure
  exchange of information between two
  entities with appropriate keys
• Digital signature encrypts document with
  private key to verify document author
• Digital certificate is institution’s name and
  public key that is encrypted and certified by
  third party
• Certifying authority
                                              51
  – VeriSign or Equifax
Using a Digital Certificate




                              52

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:86
posted:11/23/2010
language:English
pages:52
Description: Designing Certificates of Recognition document sample