12. System sequence diagram

13. Concept of System Sequence
Diagram (SSD)
 Part of system design. Communicates to
OO programmers.
 SSD shows interaction between actors
and system (global SSD), and among
objects (detailed SSD)
 SSD specifies flow of data (messages)
 Messages are actions (resemble
commands) invoked on destination
object

14. Global SSD
Figure 6-14
SSD of a customer order system

15. Global SSD – loops
Figure 6-15
Note: extendedPrice =
price * quantity
Expected output
True/False
Condition
Loop Input

16. Creating global SSD
1. Start with an activity diagram and/or
use case description.
2. Identify the input messages from actor
to system. For figuring attributes
(input parameters), use class diagram.
3. Identify/apply special conditions
(iteration) to input messages, if any.
4. Identify output messages.

17. Creating global SSD (cont.)
Account
accountNo
customerID OrderDetai
quantity
extendPrice
Order
orderID
TotalAmt
Product
productID
size
description
CatalogProduct
price
Catalog
catalogID
Figure 6-16. Activity diagram of Figure 6-17. Global SSD of the same Figure 5-31 (detail).
Create New Order use case, Class diagram of RMO
Telephone Scenario at RMO

18. Holycross of Davao College
System Analysis and Design (IT11)
By: John Ely P. Masculino

19. Designing System Interfaces
(UI Vs SI)
System Interface (SI) User Interface (UI)
- I/O with minimal or no - I/O requiring human
human intervention. interaction.
- User interface is
everything end user comes
into contact with while
using the system
- To the user, the interface
is the system

20. Identifying System Interfaces
- Inputs from other System (messages, EDI).
- Highly automated inputs such as scanners.
- Inputs that are from data in external
databases.
- Outputs to external databases.
- Outputs with minimal HCI.
- Outputs to other systems.
- Real-time connection (both input and output).

21. The full range of inputs and
outputs in an information system

22. Designing System Inputs
- Identify devices and mechanisms
• High-level review of most up-to-date methods
to enter data
- Identify all system inputs and develop list
of data content of each
• Provide link between design of application
software and design of user and system
interfaces
- Determine controls and security
necessary for each system input

23. Input Devices and Mechanism
- Capture data as close to original source as
possible
- Use electronic devices and automatic entry
whenever possible
- Avoid human involvement as much as possible
- Seek information in electronic form to avoid
data reentry
- Validate and correct information at entry point

24. Prevalent Input Devices to
Avoid Human Data Entry
- Magnetic card strip readers
- Bar code readers
- Optical character recognition readers and
scanners
- Radio-frequency identification tags
- Touch screens and devices
- Electronic pens and writing surfaces
- Digitizers, such as digital cameras and digital
audio devices

25. Defining the Details of System Inputs
- Ensure all data inputs are identified and
specified correctly
• Identifying user and system inputs with OO
approach has same tasks as traditional approach
• OO diagrams are used instead of DFDs and
structure charts
• System sequence diagrams identify each
incoming message
• Design class diagrams and sequence diagrams
identify and describe input parameters and verify
characteristics of inputs

26. Partial System Sequence Diagram for Payroll
System Use Cases

27. System Sequence Diagram for Create New Order

28. Input Messages and Data Parameters from
RMO System Sequence Diagram

29. Designing System Outputs
- Determine each type of output
- Make list of specific system outputs required
based on application design
- Specify any necessary controls to protect
information provided in output
- Design and prototype output layout
- Ad hoc reports – designed as needed by
user

30. Defining the Details of System Outputs
 Outputs indicated by messages in sequence
diagrams
– Originate from internal system objects
– Sent to external actors or another external
system
 Output messages based on an individual object are
usually part of methods of that class object
 To report on all objects within a class, class-level
method is used that works on entire class

31. Table of System Outputs Based on OO
Messages

32. Types of reports
– Printed reports
– Electronic displays
– Turnaround documents
– Graphical and Multimedia presentation

33. Types of Output Reports
 Detailed
– Contains detailed transactions or records
 Summary
– Recaps periodic activity
 Exception
– Only contains information about nonstandard
conditions
 Executive
– Summary report used for strategic decisions

34. Designing Integrity Controls
 Mechanisms and procedures built into a system
to safeguard it and information contained within
 Integrity controls
– Built into application and database system to
safeguard information
 Security controls

35. Objectives of Integrity Controls
- Ensure that only appropriate and correct
business transactions occur
- Ensure that transactions are recorded and
processed correctly
- Protect and safeguard assets of the
organization
• Software
• Hardware
• Information

36. Points of Security and Integrity Controls

37. Input Integrity Controls
– Used with all input mechanisms
– Additional level of verification to help
reduce input errors
– Common control techniques
• Field combination controls
• Value limit controls
• Completeness controls
• Data validation controls

38. Database Integrity Controls
– Access controls
– Data encryption
– Transaction controls
– Update controls
– Backup and recovery protection

39. Output Integrity Controls
– Ensure output arrives at proper destination
and is correct, accurate, complete, and
current
– Destination controls - output is channeled
to correct people
– Completeness, accuracy, and correctness
controls
– Appropriate information present in output

40. Integrity Controls to Prevent Fraud
 Three conditions are present in fraud cases
– Personal pressure, such as desire to maintain
extravagant lifestyle
– Rationalizations, including “I will repay this money”
or “I have this coming”
– Opportunity, such as unverified cash receipts
 Control of fraud requires both manual
procedures and computer integrity controls

41. Fraud Risks and Prevention Techniques

42. Designing Security Controls
 Security controls protect assets of
organization from all threats
– External threats such as hackers, viruses, worms,
and message overload attacks
 Security control objectives
– Maintain stable, functioning operating environment
for users and application systems (24 x 7)
– Protect information and transactions during
transmission outside organization (public carriers)

43. Security for Access to Systems
 Used to control access to any resource managed
by operating system or network
 User categories
– Unauthorized user – no authorization to
access
– Registered user – authorized to access
system
– Privileged user – authorized to administrate
system
 Organized so that all resources can be accessed
with same unique ID/password combination

44. Users and Access Roles to
Computer Systems

45. Managing User Access
 Most common technique is user ID / password
 Authorization – Is user permitted to access?
 Access control list – users with rights to access
 Authentication – Is user who they claim to be?
 Smart card – computer-readable plastic card with
embedded security information
 Biometric devices – keystroke patterns, fingerprinting,
retinal scans, voice characteristics

46. Data Security
 Data and files themselves must be secure
 Encryption – primary security method
– Altering data so unauthorized users cannot view
 Decryption
– Altering encrypted data back to its original state
 Symmetric key – same key encrypts and
decrypts
 Asymmetric key – different key decrypts
 Public key – public encrypts; private decrypts

47. Symmetric Key Encryption

48. Asymmetric Key Encryption

49. Digital Signatures and Certificates
 Encryption of messages enables secure exchange
of information between two entities with appropriate
keys
 Digital signature encrypts document with private
key to verify document author
 Digital certificate is institution’s name and public
key that is encrypted and certified by third party
 Certifying authority
– VeriSign or Equifax

50. Using a Digital Certificate

51. Secure Transactions
 Standard set of methods and protocols for authentication,
authorization, privacy, integrity
 Secure Sockets Layer (SSL) renamed as Transport Layer
 Security (TLS) – protocol for secure channel to send
messages over Internet
 IP Security (IPSec) – newer standard for transmitting
Internet messages securely
 Secure Hypertext Transport Protocol (HTTPS or HTTP-S)
– standard for transmitting Web pages securely (encryption,
digital signing, certificates)