Tutorial 6 Answers PDF

Preview

Summary

Chapter 6 – Foundations for Systems DesignSolutions to End-of-Chapter ProblemsReview Questions How does the objective of systems analysis differ from the objective of systems design? The objective of systems analysis is to understand the needs and requirements, while the objective of design is to fi...

Description

Systems Analysis and Design in a Changing World, seventh edition

6-1

Chapter 6 – Foundations for Systems Design Solutions to End-of-Chapter Problems Review Questions 1. How does the objective of systems analysis differ from the objective of systems design? The objective of systems analysis is to understand the needs and requirements, while the objective of design is to figure out the solution to those needs and requirements. Analysis is to understand the problem, design is to solve the problem (and implementation is to build the solution.) 2. What are the inputs to systems design? What are the outputs? Inputs primarily are the requirements models. This includes domain model class diagram, use case diagrams, use case descriptions, activity diagrams, system sequence diagrams, and statemachine diagrams. Outputs are the design models. This includes the design class diagram. Interaction diagrams, design state-machine diagrams, package diagrams, deployment diagrams, and component diagrams. 3. List and briefly describe each design activity. 1. Describe the environment – to research and describe the configuration and existing hardware and software of the current computing environment and of external systems requiring interfaces. 2. Design the application components – this is structural or architectural design to configure the components, such as subsystems, that will be included in the final system. 3. Design the user interface – this consists of designing the user screens and reports for the new system. 4. Design the database – this involves using the class diagram to design the database schema. 5. Design the software classes – this involves determining the classes and the methods within each class to carry out each use case. 4. Why is the environment described while other key design elements such as the user interface and database are designed? Most new systems are developed to be integrated into an already existing computing environment. Hence the task is to understand the existing environment that the new system must fit into. This normally includes such things as DBMS, Operating Systems, Network, programming standard languages, and existing hardware.

Systems Analysis and Design in a Changing World, seventh edition

6-2

5. What models are developed during each design activity? 1. Describe the environment – Network diagrams, Deployment Diagrams, Location diagrams 2. Design the application components – Component diagrams, Deployment diagrams, Package diagrams. 3. Design the user interface – Story boards, screen and report mockups. 4. Design the database – database schema 5. Design the software classes – Interaction diagrams, design class diagrams, state-machine diagrams 6. On a project that uses iterations to develop the system, in which iteration does systems design begin? Explain why. Some of the activities of systems design begin in the very first iteration. For example, describe the environment needs to start at the beginning of the project. Also some configuration of the application components may start in the first iteration – especially if build versus buy decisions must be made. 7. What are the key elements of the environment described during design activities? External Systems and Technology architecture, The external systems may need to be specified with message formats, network addresses, communication protocols, security methods, and error handling. The technology architecture may involve the DBMS, web server software, firewalls, hardware, system software, networks, and so forth. 8. List at least three examples of application components. Various subsystems of a new system, such as billing, accounting, accounts receivable subsystems. Smaller components such as tax calculation subroutine. On a Web based system, a set of pages for example, a payment processing component, may be considered an application component. 9. Why is the singular form of the term user interface usually a misnomer? Because with today’s computing environment of desktop, laptop, tablet, smartphone and multiple manufacturer’s (Apple, Windows) the user interface frequently needs to be built in multiple versions to respond to all the environments. 10. Designing security and controls impacts the design of which other elements?

Systems Analysis and Design in a Changing World, seventh edition

6-3

Security and controls must be considered in the design of every other element, from the application design, user interface design, database design, and software design. 11. Compare and contrast integrity controls and security controls. Why isn’t there a separate activity to design them? Integrity controls have to do with the maintaining the integrity of the data as it is entered into the system, processed and stored within the system and output from the system. Security controls are more associated with the entire environment from primarily external threats that are malicious. Designing integrity and security controls must be part of every other design activity and hence is not considered a stand-alone design activity. 12. Explain four types of integrity controls for input forms. Which have you seen most frequently? Why are they important? 

Value limit controls – check the value of input data to ensure that the data is reasonable.



Completeness controls – this ensures that all the required data on an input form has been entered



Data validation controls – this ensures that values, such as code values are correct as far as format and acceptable values



Field combination controls – where cross field consistence checks can be performed this control ensures that data fields are consistent with each other.

13. What are the two primary objectives of security controls? 

Maintain a stable, functioning operating environment



Protest information during transmission

14. List and briefly describe the three elements of the fraud triangle. Over which element can a system designer exercise the greatest control? 

Opportunity – having an environment that easily allows fraud to happen. Lack to controls



Motivation – a personal need for the money.



Rationalization – an excuse for doing the fraud, or a thought to return it later.

Usually the system designers have most control over structuring the system and the environment so that there is no opportunity, or it is at least not easy, to commit fraud. 15. Briefly define or describe authentication, access control lists, and authorization. Authentication is the process to identify those persons or entities that want access to the system. The basis for authentication is an access control list of everyone who is allowed access. Each

Systems Analysis and Design in a Changing World, seventh edition

6-4

person on the access control list will also have, as an individual or part of a group, levels of authorization or permission levels as to what portions of the data she/he has access to and what actions he/she can perform on the data.

Problems and Exercises 1. Discuss the technology architecture and deployment environment for information systems at your work or school with a knowledgeable person. What are the key elements of the environment? If you were to implement a new system for the organization, which of the environmental elements could you change? Which could you choose to use or not use? Answers will vary by student. Answers may include items about External systems and what interfaces are required. The technology architecture might address the items such as what DBMS’s are used (SQL Server, Oracle, MySQL, etc.). What server systems are used (Apache or IIS)? What is the network environment like? What other purchased software is already installed and that requires interface (such as ERP systems), or even used (such as Crystal Reports)? What programming languages are used inhouse?

2. Pick a major online retailer (e.g., Amazon, Walmart, or Sears). Examine the default browserbased shopping interface from the following devices: a desktop computer with a large monitor, a tablet computer, and a smartphone. How and why do content and layout vary across the devices? Are there any device specific technologies employed in any of the interfaces, such as voice recognition, multitouch gestures, and gaze (eye) detection? Is a shopping app available for any of the devices? If so, how does the app’s user interface differ from browser-based shopping on the same device? Answers will vary by student. Students should particularly look at navigation issues across the different platforms. How does the user know what information is available on the page? How does the user find new information or navigate to new pages?

3. This chapter described various situations that emphasize the need for controls. In the first scenario presented, a furniture store sells merchandise on credit. Based on the descriptions of controls given in this chapter, identify the various controls that should be implemented in the furniture store system to ensure that corrections to customer balances are made only by someone with the correct authorization. Answers will vary by student. Some issues that might be included:

Systems Analysis and Design in a Changing World, seventh edition

  

6-5

Split responsibilities as much as possible. For example, one person takes the information for the application for credit, and another person does that background and credit and history verification. Be sure to have an audit trail of who, what, when on all payment transactions and any corrections or adjustments. Design into the system so that access to credit authorization is given only to approved personnel.

In the second scenario illustrating the need for controls, an accounts payable clerk uses the system to write checks to suppliers. Based on the information in this chapter, what kinds of controls would you implement to ensure that checks are written only to valid suppliers, that checks are written for the correct amount, and that all payouts have the required authorization? How would you design the controls if different payment amounts required different levels of authorization? Answers will vary by student:  Split responsibilities. One department will approve suppliers and set up supplier accounts. Another department will write payments to the supplier. All checks must be written only to approved suppliers.  Different people will have authorization to write checks for different levels of payout. Higher levels will require double approval. The screens that accept payment, will have built in checks to required input codes known only to those who have the correct level of payment. (It doesn’t have to be done all on the same screen or at the same time. One person can enter the data, and the system can then send all those payouts requiring additional approval will automatically be sent.)  Paper trails and audit trails must be associated with each payout. Scanned invoices and documents can be attached to payments. 4. Examine the privacy policy (or privacy section of the user agreement) for a major online service provider such as Gmail, eBay, or Facebook. What are the implications of the privacy guarantees for controls and security? Briefly describe cost benefit trade-off of the guarantees. Answers will vary by student Most online service provides indicate that they will maintain privacy information only for their own use and for the use of their business partners. Here is a sample from Google: Information security We work hard to protect Google and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. In particular: 

We encrypt many of our services using SSL.

Systems Analysis and Design in a Changing World, seventh edition

 

6-6

We offer you two step verification when you access your Google Account, and a Safe Browsing feature in Google Chrome. We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.



We restrict access to personal information to Google employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

When this Privacy Policy applies Our Privacy Policy applies to all of the services offered by Google Inc. and its affiliates, including YouTube, and services offered on other sites (such as our advertising services), but excludes services that have separate privacy policies that do not incorporate this Privacy Policy. Our Privacy Policy does not apply to services offered by other companies or individuals, including products or sites that may be displayed to you in search results, sites that may include Google services, or other sites linked from our services. Our Privacy Policy does not cover the information practices of other companies and organizations who advertise our services, and who may use cookies, pixel tags and other technologies to serve and offer relevant ads.

Item four above leaves a lot of open issues with “employees, contractors, and agents who need to know.” Personal privacy is shared with many other entities.

5. Look on the Web site you use to access your bank account(s). What kinds of security and controls are integrated into the system? Answers will vary by student. Most bank sites will require a user id and a password. In addition, behind the scenes, the bank website remembers the machine address (MAC code) of the user’s computer. If the user accesses the account on a different computer, he/she will need to answer a set of personal and private predefined questions.

6. Examine the information system of a local business, such as a fast-food restaurant, doctor’s office, video store, grocery store, etc. Evaluate the screens (and reports, if possible). What kinds of integrity controls are in place? What kinds of improvements would you make? Answers will vary by student and by business....