BA 186 FINALS REVIEWER

System Design Phase: Chapters 8 – 10

Systems Implementation Phase: Chapter 11
System Support and Security: Chapter 12

CHAPTER 8: USER INTERFACE DESIGN

- Everyone wants a system that is easy to learn and use

User Interface (UI)

- Describes how users interact with a computer system
- Consists hardware, software, screens, menus,
functions, output, and features that affect 2-way
communications between the user and computer

*best interface: ones that users don’t even notice. They make
sense cos they do what users expect them to do - User-centered System
o Distinctions blurs between input, output
Evolution of User Interface and interface itself
o Users work with varied mix of input, screen
CLI  GUI  NUI output and data queries on their daily
Command Line Interface (CLI) functions
- Codified  Because all tasks require
- Strict interactions with the computer
- Programming black screen system, UI is a vital element in
Graphical User Interface (GUI) the systems design phase
- Metaphor
- Exploratory Human Computer Interaction (HCI)
- Laptop desktop screen - UI is based on basic principles of HCI
Natural User Interface (NUI) - Relationship between computers and people who use
- Direct them to perform their jobs
- Intuitive - Started in 1980s
- IPad screen o Users typing complex commands in green
*IT group became a supplier of information technology, rather text on a black screen
than a supplier of information - Then came the GUI
o Huge improvement
o Used icons, graphical objects, and pointing
devices

User Rights
1. Perspective
- When developing older systems, all the printed and o User is always right
screen output were designed first then inputs o System is the problem, not the user
necessary to produce the results 2. Installation
- Often, the UI mainly consisted of process-control o Right to install and uninstall software and
screens hardware systems easily wo negative
o Allowed the user to send commands to the consequences
system 3. Compliance
o Worked well with traditional systems that o Right to a system that performs exactly as
simply transformed input data  structured promised
output 4. Instruction
- Main focus TODAY: users within and outside the o Easy to use instructions for understanding
company and utilizing a system to achieve desired
o How they communicate with the IS goals and recover efficiently from problem
o How the system supports the firm’s situations
business operations 5. Control
o Right to be in control of the system
o Be able to get the system to respond to a
request for attention
6. Feedback
o System provides clear, understandable and
accurate info regarding the task it’s
performing and the progress toward
completion
7. Dependencies

1
 o Informed clearly about all the system - How people work, learn, and interact with computers
requirements for successfully using Aesthetics
software or hardware - How an interface can be made attractive and easy to
8. Scope use
o Know the limits if the system’s capabilities Interface technology
9. Assistance - Provides operational structure required to carry out
o Communicate with the technology provider the design objectives
and receive a thoughtful and helpful
response when raising concerns Output Design
o Customer service Before designing output, ask questions:
10. Usability - Purpose of output
o User as the master of software and - Who wants the info? Why? And how it will be used
hardware technology (not vice versa) - What specific info will be included
o Products should be natural and intuitive to - Will the output be printed, on screen or both? Type of
use device the output go to?
- When will the info be provided and how often must it
Principles of User-Centered Design be provided?
1. Understand the business - Do security or confidentiality issues exist
o Interface designer must understand the
functions and how the system supports
individual, departmental and enterprise
goals
o Overall objective: design an interface that
helps users perform their jobs
o Good starting point: analyze a functional
decomposition diagram (FDD)
2. Maximize graphical effectiveness
o People learn better visually
3. Think Like a User
o Systems analyst should understand user
experience, knowledge and skill levels
o Interface should be flexible enough to
accommodate novices as well as
experienced users
4. Use models and prototypes
o Essential to construct models and
prototypes for user approval
o Can present initial screen designs in the Output Technology
form of a storyboard - Internet-based info delivery
5. Focus on usability - Email
o Objective: offer a reasonable number of - Blogs
choices that a user can easily comprehend - Instant messaging
 Too many options: confusing - Wireless devices
 Too few options: increase - Digital audio, images and video
number of submenu levels and - Podcasts
complicate the navigation - Automated facsimile systems
process - Computer output to microfilm or digital media
o Often, present the most common choice as - Specialized forms of outputs
the default, but allow the user to select o ATMs
other options o Electronic detection of data embedded in
6. Invite feedback credit cards, employee cards
7. Document everything
o For later use of programmers Types of Reports
- Detail reports
Designing the UI – 8 Basic Guidelines - Exception reports
1. Design a transparent interface - Summary reports
2. Create an interface that is easy to learn and use
3. Enhance user productivity Input Design
4. Make it easy for users to obtain help or correct errors - Source documents
5. Minimize input data problems o Collects input data, triggers or authorizes an
6. Provide feedback to users input action and provides a record of
7. Create an attractive layout and design original transaction
8. Use familiar terms and images - Data entry screens
o Data capture: automated or manually
*Good UI design = ergonomics + aesthetics + interface technology operated device to identify the source data
Ergonomics and convert it into computer-readable form

2
  Credit card scanners, bar code o Output must be accurate, complete, current
readers and secure
o Data entry: process of manually entering o Protects privacy rights and shields the
the data into the IS organization’s proprietary data from theft
 Keystrokes, mouse clicks, touch or unauthorized access
screens, spoken words o Ex. Reports should include
- Input masks  Title, report number or code,
o Templates or patterns that restrict data printing date and time period
entry and prevent errors covered
- Validation rules  Page # of #
o Improves input quality by testing data and  End of report should be labeled
rejecting any entry that fails to meet clearly
specified conditions  Control totals and record counts
o Sequence check, existence check, data type should be reconciled against
check, range check, reasonableness check, input totals and counts
validity check, combination check, batch  Selected at random for thorough
controls check of correctness and
- Objective: ensure quality, accuracy and timelessness of completeness
input data  All errors or interruptions must
- Garbage in, garbage out (GIGO) like FIFO be logged so they can be
analyzed
Input Technology - Input Security Control
- Batch input o Includes necessary measures to ensure that
o Data entry usually performed on a specified input data is correct, complete and secure
time schedule: daily, weekly, monthly, or o Focus on input control during every phase
longer of input design
- Online input  Starting with source of
o Source data automation = online data entry documents that promote data
+ automated data capture accuracy and quality
o Every piece of info should be traceable back
Traditional Input Devices to the input data that produced it
- Keyboard  provide audit trail
- Mouse  records source of
- Pointing devices each data
- Microphone o When batch input method is used
- OCR: optical character recognition  Produce an input log file that
- MICR: magnetic ink character recognition identifies and documents the
- Graphic input devices data entered
Evolving Input Devices Data security policies and procedures
- Body motion detection - Protect data from loss or damage
- Advanced voice recognition - Records retention policy
- Biological feedback o store source documents in a safe location
- Embedded magnetic data for some specified length of time
- Advanced optical recognition
- Physical adaptation devices CHAPTER 9: DATA DESIGN
Emerging Input Devices
- BCI: brain computer interface Data Design Concepts
- Neural networks - Data structure
- AI: artificial intelligence o Framework for organizing, storing and
- Advanced motion sensors managing data
- 2-way satellite interface o Consist of files or tables that interact in
- virtual environments various ways
- 3D technology  Each file/table contains data
about people, place, things or
Input Volume Reduction events
*To reduce input volume, reduce # of data items required for - File-oriented system
each transaction o Aka file processing system
1. don’t input data that user can retrieve from system o Stores data in one or more separate files
files or calculate from other data o Same data is stored in more than 1 location
2. input necessary data only  Major disadvantage of file-
3. don’t input constant data oriented systems cos it reduces
4. user codes efficiency and data quality
o Can contain various types of files
Security and Control Issues  master files
- Output Security Control

3
  stores relatively *in a file processing environment, that means retrieving
permanent data information from independent, file-based systems, which is slow
about an entity and inefficient. These problems DO NOT exist in database system
 ex. Product code, - Database management system (DBMS)
name, description o All tables are connected by common fields
 table files o Typical common field: customer number
 contains reference  Used to locate info about
data used by the IS customer in other tables
 relatively static and o Collection of tools, features, and interfaces
are not updated by IS that enables users to add, update, manage,
 ex. Tax tables, access and analyze the contents of a set
postage rate tables data
 transaction files o Main advantage from user’s POV
 stores records of daily  Offers timely, interactive and
business and flexible data access
operational data o Linked tables form a unified structure
 input file that updates  Aka relational database or
master file relational model
 after updating, o Common field that connects 2 tables is said
transaction file has to link, join or relate the tables
served its purpose
 ex. Charges and
payments file that
updates customer
balance file
 work files
 temporary file
created by an IS for a
single task
 ex. Sorted files and
reports that hold
output reports until
printed
 security files
 for backup and
recovery purposes
 ex. Audit trail files 3 Potential Problems in File Processing Environment
and backups of 1. Data redundancy
master, table, o Data common to 2 or more IS is stored in
transaction files several places
 new security files 2. Data integrity
must be created to o Problems can occur if updates are not
replace outdated files applied in every file
 history files 3. Rigid data structure of a typical file processing
 for archiving environment
purposes o Businesses must make decisions based on
 ex. Inactive student company-wide data
file o Managers often require info from multiple
business units and departments

Evolution from File Systems to Database Systems

Database System
- Offers a solution to the problems of file processing
- Provides overall framework
o avoids data redundancy
o supports real-time dynamic environment

File-processing environment: data files designed to fit individual

business systems
Database environment: several systems can be built around a
single database

4
 o Can allow different users to have different
levels of access
- Most DMBSs provide sophisticated security support

Increased programmer productivity

- Programmers don’t have to create underlying file
structure for a database
o Allows concentration on logical design
 New database app can be
developed more quickly than in a
file-oriented system
Data Independence
- Systems that interact with a DBMS are relatively
independent of how the physical data is maintained
- Provides DBA flexibility to alter data structures wo
DBMS ADVANTAGES
modifying IS that use data
Scalability
DBMS CONCEPTS
- system can be expanded, modified, or downsized easily
to meet the rapidly changing needs of a business
enterprise
- ex. If company decides to add data about secondary
suppliers of material it uses,
o new table can be added to the relational
database and linked with a common field

Better support for Client/Server System

- processing is distributed throughout the organization
- require the power and flexibility of database design

Economy of Scale
- inherent efficiency of high-volume processing on larger
computers
- database design allows better utilization of hardware
- if company maintains an enterprise-wide database,
processing is less expensive using a powerful
mainframe server instead of using several smaller
computers

Flexible Data Sharing

- users are empowered because they have access to the
info they need to do their jobs
Enterprise-wide application
- DBMS is managed by a database administrator (DBA)
o Assesses overall requirements and
maintains the database for the benefit of
the entire organization rather than a single
department or user
- Database systems can support enterprise wide
applications more effectively than file processing
systems
Stronger Standards
- Effective database administration helps ensure that
standards for data names, formats, and documentation
are followed uniformly throughout the org
Controlled Redundancy
- Because data is stored in a set of related tables, data
items don’t need to be duplicated in multiple locations
Better Security
- DBA can define authorization procedures
o Ensures only legitimate users can access the
database
Interfaces for Users, Database Administrators and Related
Systems
Users
- Typically work with predefined queries and
switchboard commands
o Also use query languages to access stored
data
 Query language allows user to
specify a task wo specifying how
the task will be accomplished
 Some use natural language
commands that resemble
ordinary English sentences
 Query by example (QBE)
language, Structured Query
Language (SQL)
Database Administrators
- Responsible for DBMS management and support
- concerned with data security and integrity
o preventing unauthorized access
o providing backup and recovery, audit trails
o maintaining the database
o supporting user needs

5
 - most DBMSs provide utility programs to assist the DBA o Can require design modification, additional
o creating and updating data structures software and some added expense
o collecting and reporting patterns of (migrating traditional database to the Web)
database usage
o detecting and reporting database Internet Terms
irregularities - Web browser
Related Information Systems o App that enables user to navigate or browse
- DBMS can support several related IS that provide input the internet and display web pages on the
to and require specific data from the DBMS local computer
- Unlike a UI, no human intervention required for 2-way - Web page
communication between DBMS and related systems o Text document written in HTML (Hypertext
Markup Language)
DBMS Components  HTML: uses formatting codes
- Data Manipulation Language (DML) called tags
o Controls database operations  Tags: specify how the
 Storing text and visual
 Retrieving elements will be
 Updating displayed in a web
 Deleting data browser
o Most commercial DBMS: Oracle and IBM’s o Stored on a Web Server
DB/2 use a DML  Web server: computer that
- Schema receives requests and makes
o Complete definition of a database including web pages available to users
descriptions of all fields, tables and - Web site
relationships o = Web server + web pages
o Subschema
 View of the database by one or Data Design Terms
more systems or users - entity
- Physical Data Repository o person, place, thing, or event for which data
o At this stage, data dictionary is transformed is collected and maintained
into physical data repository - table or file
o Contains schema and subschemas o data is organized into tables or files
o Might be centralized or distributed to - field
several locations o aka attribute
o single characteristic or fact about an entity
Web-based Database Design Characteristics - record
- Global access o aka tuple (rhymes with couple)
o Internet enables worldwide access using o set of related fields that describes one
existing infrastructures and standard instance or occurrence of an entity
telecommunications protocols
- Ease of use Key Fields
- Multiple platforms - Primary key
o Web-based design is not dependent on o Field or combination of fields that uniquely
specific combination of hardware and and minimally identifies a particular
software member of an entity
o Required: browser and internet connection - Candidate key
- Cost effectiveness o Sometimes you have a choice of fields to
o Initial investment is low cos internet serves use as primary key
as communication network o Any field that could serve as primary key
o Require only a browser, and web-based *any field aint a primary or candidate key is a nonkey field
systems do not require powerful - Foreign key
workstations o Recall that a common field exists in more
- Security issues than 1 table and can be used to form a
o Internet connectivity raises special concerns relationship, or link between the tables
o Solution o Field in 1 table that must match a primary
 Good design key value in another table in order to
 Software that can protect the establish the relationship between the 2
system and detect intrusion variables
 Stringent rules for passwords - Secondary key
and user ID o Field or combination of fields that can be
 Vigilant users and managers used to access or retrieve records
- Adaptability issues o Not unique
o Internet advantages: access, connectivity,
flexibility

6
  exactly 1 of the second entity
occurs for each instance of the
first entity
o one to many relationship (1:M)
 1 occurrence of the first entity
can relate to many instances of
the second entity, but each
instance of the second entity can
associate with ONLY 1 instance
of the first entity
o many to many relationship (M:N)
 1 instance of the first entity can
relate to many instance of the
second entity, and 1 instance of
the second entity can relaty to
many instances of the first entity

Referential Integrity
- Type of validity check
- Set of rules that avoids data inconsistency and quality
problems
- In a relational database, referential integrity means
that a foreign key value cannot be entered in 1 table
unless it matches an existing primary key in another
table
- Wo referential integrity, might have an order called an
orphan
o No related customer
- Prevent the deletion of a record if record has a primary
key that matches foreign keys in another table
- Ex. Referential integrity would prevent you from
entering a customer order in an order table unless
customer already exists in the customer table

Entity-Relationship Diagram (ERD)

- model that shows the logical relationships and
interaction among system entities
- provides overall view of the system and a blueprint for
creating the physical data structures
- types of relationships between entities
o one to one relationship (1:1) Cardinality

7
 - describes the numeric relationship between 2 entities - involves applying a set of rules that can help you
and shows how instances of 1 entity relate to instances identify and correct inherent problems and
of another entity complexities in your table designs
- technique used to define relationships in more detail - involves 4 stages
after analyst draws an initial ERD o unnormalized design
o first normal form
o second normal form
o third normal form

Using Codes During Data Design

- code
o set of letters or numbers that represents a
data item
o used to simplify output, input and data
formats
o reviewed during data design process and
develop new ones that will be used to store
and access data efficiently
o often shorter than the data the represent
o save storage space and costs
o reduce data transmission time
o decrease data entry time
o ex. ZIP codes used to classify and sort mail
efficiently

Types of Codes
1. Sequence
o Numbers or letters assigned in a specific
order
o Contain no additional info other than an
indication of order of entry into the system
2. Block sequence
o Blocks of numbers for different
classifications
o Ex. College course numbers (Chem 110 and
Math 125 for freshies)
3. Alphabetic
Normalization o Alphabet letters to distinguish one item
- process of creating table designs by assigning specific from another based on category,
fields or attributes to each table in the database abbreviation or easy to remember value:
o table design mnemonic code
 specifies the fields and identifies 4. Significant digit
the primary key in a particular o Series of subgroups for digits
table or file o Ex. ZIP codes
- working with a set of initial table designs, use 5. Derivation
normalization to develop an overall database design o Combine data from different item
that’s simple, flexible, and free of data redundancy attributes, or characteristics to build the
code
6. Cipher

8
 o use keyword to encode a number  System reads or writes physical
7. Action record at a time
o Indicate what action is to be taken with an  When system reads a physical
associated item record, it loads the data from
storage into a buffer
Tips in Developing a Code  Segment of computer
1. Keep codes concise memory
o Do not create codes longer than necessary - Data coding & storage
2. Allow for expansion o Computers represent data bits or binary
o Coding scheme must allow for reasonable digits
growth in the number of assigned codes o EBCDIC, ASCII, AND BINARY
3. Keep codes stable  Extended Binary Coded Decimal
o Changes in codes can cause consistency Interchange Code
problems and require data updates  Used on mainframe
4. Make codes unique computers and high
o Unique to have meaning capacity servers
5. Use sortable codes  American Standard Code for
6. Avoid confusing codes Information Interchange
o Like 0 and O, 1 and I  Used on most
7. Make codes meaningful personal computers
o Must be easy to remember, useful for users  EBCDIC and ASCII both require 8
convenient to use and easy to encode and bits or 1 byte for each character
interpret o UNICODE
8. Use a code for a single purpose  Uses 2 bytes per character rather
9. Keep condes consistent than 1
o Storing dates
 Depends on how the dates will
be displayed and whether they
will be used in calculations

Database Storage & Access
- Strategic Tools
o Data warehousing
 Integrated collections of data
that can include seemingly
unrelated info, no matter where
it is stored in the company
 Provides enterprise-wide view to
support management analysis
and decision making
o Data mining
 Looks for meaningful data
patterns and relationships
- Logical and Physical Storage
o Logical storage
 Consists of alphabetic and
numeric characters
o Physical storage
 Strictly hardware related
 Involves physical record, or block
 Smallest data unit
that can be handled
by the operating
system
Data Control
- Well designed DBMS must provide built-in control and
security features to maintain data
o Subschemas
o Passwords
o Encryption
o Audit trail files
o Backup and recovery procedures
- Main responsibility: ensure that DBMS features are
used properly
- System security
o Network monitoring
o Access codes
o Data encryption
 Process of converting readable
data into unreadable characters
to prevent unauthorized access
to the data
o Passwords
o Audit trails
- Audit log files
o Record details of all accesses and changes
to the file or database can be used to
recover changes made since the last backup
- Audit fields
o Special fields within data records to provide
additional control or security information
o Include date the record was modified, name
of user who performed the action, number
of times the record has been accessed
CHAPTER 10: SYSTEM ARCHITECTURE
- Translates system’s logical design into a physical
structure that includes hardware, software and
processing methods
System Architecture Checklist

9
 - Enterprise Resource Planning (ERP)
o Defines a specific architecture
 Includes: standards for data,
processing, network and UI
design
 Describes a specific hardware
and software environment
(platform) that ensures
connectivity and easy integration
of future systems
- Initial and Total Cost of Ownership (TCO)
o TCO: tangible purchases, fees, contracts
(hard costs)
o Soft costs of management, support, training
and downtime
 More difficult to measure
- Scalability
o Aka extensibility
o Ability to expand, change or downsize easily
to meet changing needs of a business Stand Alone Computing
enterprise - user works in stand-alone mode
- Web Integration o workstation performs all functions of a
o System analyst must know if new app will server
be a part of an e-commerce strategy and  storing, accessing, and
the degree of integration with other web- processing data
based components  providing UI
- Legacy system interface requirements - inefficient and expensive despite user productivity
o Older systems that use outdated o maintaining data on individual workstations
technology, but still functional raised major concerns about data security,
- Processing options integrity and consistency
o Online or batch processing
- Security issues Local & Wide Area Networks
- Local Area Network (LAN)
Planning Architecture o Allows sharing of data and hardware
- 3 main functions of every system resources
o data storage and access methods o Resolved problem of stand-along computing
o application programs - Wide Area Network (WAN)
 handles the processing logic o Spans long distances
o interface o Can connect LANs that are continents apart
 allows users to interact with the - Distributed systems
system o Company wide systems that connect one or
o all 3 are performed on a server, client, or a more LANs or WANs
divided between the server and the client
File Sharing Architecture – Client Based Processing
Servers and Clients - Aka file server design
Server - Individual LAN client has a copy of the app installed
- computer that supplies data, processing services or locally, while data is stored on a central file server
other support to 1+ computers o Client request for copy of data file  server
o computers = clients transmits data file to client
o After performing processing locally, client
Mainframe Architecture return the data file to the central fle server
- server performs all processing where it is stored
- describes a multiuser environment where server is
more powerful than the clients

10
 Client/Server Design Styles
- Many forms depending on type of server and
relationship between server and client

Client/Server Architecture
- Systems that divide processing between 1 or more
networked clients and a central server
- Client
o handles entire UI (data entry, data query,
and screen presentation logic)
- Server
o Stores data and provides data access and
database management functions
o Handles data and app logic

Based on the figure above, processing is divided between the

Client/Server Characteristics Mainframe
server and the clients
Very flexible Basic Architecture Very rigid
- Nature of the communication: depends on type of
Flexible App development Highly structured server
Fast Slow o Database server
Object-oriented Traditional  Processes individual SQL
PC-based User-environment Uses terminals commands
GUI Text interface o Transaction server
Empowers the Constrains the  Handles set of SQL commands
user user o Object server
Improves Limited options  Exchanges object messages with
productivity clients
Decentralized Security and Centralized o Web server
Difficult to control control features Easier to control  Sends and receives Internet-
Can be shared Processing options Cannot be based communications
and configured in modified
any form desired Fat & Thin Clients
Can be Data storage All data is stored - Fat client design
distributed to options centrally o Aka thick client
place data closer o locates all or most of the app processing
to users logic at the client
Very flexible Hardware/Software Very rigid - Thin client design
Multivendor hotel integration Single proprietary o Locates all or most of the processing logic at
vendor the server

11

Client/Server Tier
- aka two-tier design
o UI resides on the client
o All data resides on the server and app logic
- Three-tier design
o Recent version
o Aka n-tier designs
o UI runs on the client
o Data is stored on the server
o Has middle layer
 Between client and server
 Processes client requests and
translates to data access
commands
 Commands can be
understood and
carried out by the
server
 Can run either on
server/client/both
 “middleware”
 software that
connects dissimilar
apps and enables
them to communicate
and pass data
 can be an application server
because it provides the app or
business logic required by the
system
 enables tiers to communicate
and pass data back and forth
 glue that holds clients and
servers together
 provides transparent interface
 enables integration of
dissimilar software
and hardware
 integrate legacy systems and
Web-based applications
 Ex. Middleware can link a
departmental database to a Web
server, which can be accessed by
client via the Internet or a
company intranet
Cost-Benefit Issues
- To support business requirements, IS need to be
scalable, powerful, and flexible
- Client/server computing (Benefits)
o transfer apps from expensive mainframes to
less-expensive client platforms
o reduce network load and improve response
times
- Client/Server Performance Issue
o Separates apps and data
o Networked clients submit data requests to
server, server responds by sending data
back to the clients
 When # of clients and demand
for services increase beyond a
certain level, network capacity
becomes a constraint  system
performance declines
dramatically
o To deliver and maintain acceptable
performance, system developers must
anticipate the # of users, network traffic,
server size, and location and design a
client/server architecture that can support
current and future business needs
o Data storage
 Data can be stored in more than
1 location using distributed
database management system
(DDBMS) like processing
*client/server systems must be designed so client contacts the
server only when necessary and makes as few trips as possible
Internet-based Architecture
- Entire UI is provided by the Web server
o in HTML coded documents
 interpreted and displayed by
client’s browser
- Web is used to build efficient, reliable and cost-
effective solutions
- Use available and emerging technology to meet
company’s business requirements when planning new
systems
- Packaged solutions and e-commerce service providers
- Corporate Portals
o Entrance to a multifunction Website
o After entering, user can navigate to a
destination using various tools and features
provided by the portal designer
o Can provide access for customers,
employees, suppliers, and the public
12
 o Portal design provides important link
between user and system
 Poor design can weaken system
effectiveness and value
- Cloud Computing
o Refers to cloud symbol = Internet
o Envisions a cloud of remote computers that
provide total online software and data
environment hosted by third parties
o Effectively eliminates compatibility issues
 Cos internet itself is the platform
 Provides scaling on demand
 Matches resources to
needs at any given
time
 Ex. During peak loads,
additional cloud
servers might come
on line automatically
to support the
workload
*user’s computer doesn’t perform processing or computing tasks,
the cloud does
- Web 2.0
o Shift to internet-based collaboration
o Not a reference to a more technically
advanced version of the current Web
o 2nd generation of the Web
 enables people to collaborate,
interact and share info more
dynamically
Developing E-Commerce Solutions In-House
- Require financial resources and management attention
- Benefits
o Unique website
 Design consistent with
company’s marketing efforts
o Complete control over the organization of
the site, # of pages, size of the files
o Scalable structure
 Handle increases in sales and
product offerings in the future
o More flexibility
 To modify and manage the site
as the company changes
o Opportunity to integrate
 Web-based business systems +
other IS
 Creates potential for more
savings and better customer
service
Guidelines for In-house E-commerce Site Development
- Analyze company’s business needs and goals
- Obtain input from users, plan for future growth, aim
for ease of use
- Determine if IT staff has necessary skills and
experience to implement project
- Develop project in modular form for testing and
approval
Processing Methods
- Online processing characteristics
o System processes transactions completely
when and where they occur
o Users interact directly with the IS
o Users can access data randomly
o IS must be available whenever necessary to
support business functions
- Batch processing
o Data is collected and processed in groups or
batches
o Can handle other situations more efficiently
as compared to online processing
 Online processing: interactive
business systems require
immediate data input and
output
o Used for large amounts of data that must
be processed on a routine schedule
o Ex. Paychecks, credit card transactions
- Combined online and batch processing
o Online processing can be used with file-
oriented systems
Open Systems Interconnection (OSI) Model
- Describes how data actually moves from an app on 1
computer to an app on another networked computer
- Along the way, data may pass through one or more
network routers that control the path from 1 network
address to another
LAYER NAME DESCRIPTION
NUMBER (layer)
7 Application Provides network services
requested by local workstation
6 Presentation Ensures data is uniformly
structured & formatted for
network transmission
5 Session Defines control structures that
manage the communications
link between computers
4 Transport Provides reliable data flow and
error recovery
3 Network Defines network addresses and
determines how data packets
are routed over the network
2 Data link Defines specific methods of
transmitting data over the
physical layer: defining start and
end of data frame
1 Physical Contains physical components
that carry data: cabling and
connectors
Layers on transmitting computers  layers on receiving computer
Network Protocol
- Network must a protocol in all cases
- Set of standards that govern network data
transmission
13
 - Transmission Control Protocol/Internet Protocol o Each node connects to every node
(TCP/IP) o Reliable yet expensive to install and
o Popular network protocol maintain
o Originally developed by the US Department o Resembles the internet
of Defense to permit interconnection of  Message can travel on more
military computers than 1 path
o Backbone of the Internet o Originally developed for military apps
o Primary advantage: redundancy
Network Topology  Multiple paths provide backup if
- Topology: physical or logical view of the network communication problems arise
o Physical topology: actual network cabling or some nodes become
and connections inoperable
o Logical topology: the way components
interact
o *a specific physical topology might be able
to support more than 1 logical topology
- Hierarchical Network
o Ex. Retail clothing chain
 Central computer stores data
about sales and inventory levels
and local computers handle
store-level operations
o Disadvantage
 Becomes more complex and
expensive to operate and
maintain as business adds
processing levels
o Often used in traditional mainframe based
systems, but are much less common today
- Bus Network
o Single communication path connects central
server, departmental servers workstations
and peripheral devices
o Disadvantage
 If central bus becomes defective,
entire network shuts down
 Overall performance declines as
more users and devices are
added
 Since all message
traffic must flow
along the central bus
- Ring Network
o Resembles a circle
o Data flows in only 1 direction from 1 device
to the next
o Like bus network with ends connected
- Star Network
o Most popular LAN topology today
 Because of its speed and
versatility
o Has central networking device: switch
 Manages the network and acts
as a communications conduit for
all network traffic
o Traffic flows into and out of the switch
o Disadvantage
 Entire network is dependent on
the switch
 Yet backup switches
are available
immediately in case
of hardware failure
(in most large star
networks)
- Mesh Network

14
 Wireless Networks Topologies
- Basic Service Set (BSS)
o Aka infrastructure mode
o Central wireless device: access point or
wireless access point (WAP)
 Used to serve all wireless clients
 Similar to hub in LAN star
topology
 Use single communications
medium, the air,
 Broadcast all traffic to
all clients
 Connected to a wired network so
wireless clients can access the
wired network

- Extended Service Set (ESS)

o Made up of 2 or more BSS networks
o Wireless access can be expanded over a
wide area
Routers o Each access point provides wireless services
- Connects networks: LANs or WANs over a limited range
o Roaming
- Connects network segments
- determines most efficient data path  Process automatically allowing
- guides flow of data clients to associate with the
- differ from switches stronger access point
o routers work at a higher OSI level (layer 3)  Allowing for
 dealing with IP packets undisrupted service
o Switches handle data frames (layer 2)  As client moves from
away from 1 access
Wireless Networks point and closer to
- WLAN (Wireless local area network) another
o Inexpensive to install
o well-suited to workgroups and users who
aren’t anchored to a specific desk or
location
o most notebook computers (laptops) are
equipped with built-in wireless capability
 relatively simple to add this
feature to existing desktop
computers and workstations in
order to set up a wireless
network - Independent Service Set (ISS)
o Aka peer to peer mode
o No access point used
o Wireless clients connect to each other
directly
o Well-suited to situations requiring quick
data transfer among clients

15

System Design Completion
1. System design specification
o Management Summary
 Brief overview of the project for
company managers and
executives
 Outlines development efforts to
date, provides current status
report, project costs summary,
reviews the benefits of the new
systems, present systems
implementation schedule, and
highlights any issues that
management will need to
address
o System components
 Contains complete design for
new system
 UI
 Outputs
 Inputs
 Files
 Databases
 Network
specifications
 Should include source
documents, report and screen
layouts, DFDs, and all other
relevant documentation
 should include requirements for
all support processing
 backup and recovery
 start-up processing
 file retention
 if purchase of a software
package is part of the strategy,
one must include any interface
information required between
the package and system you are
developing
 if you use case design tool,
 you can print
diagrams and most
other documentation
directly from the tool
o System Environment
 Describes the constraints, or
conditions affecting the system
 Requirements that
involve operations,
hardware, systems
software, or security
 Transaction volumes
that must be
supported, data
storage
requirements,
processing schedules,
reporting deadlines,
and online response
times (ops
constraints)
o Implementation requirements
 start-up processing
 initial data entry or acquisition
 user training requirements
 software test plans
o Time and Cost Estimates
 Detailed schedules
 Cost estimates
 Staffing requirements
 All for systems development
phase and revised projections
for the remainder of the SDLC
 Total costs-to-date for the
project
 Compare costs with
prior estimates
o Additional Material
 Documents from earlier phases
that would be helpful to readers
2. User approval
3. Presentation
o Opportunity to explain the system, answer
questions, consider comments and secure
final approval
CHAPTER 11: MANAGING SYSTEMS IMPLEMENTATION
- Involves app development, testing, documentation,
training, data conversion, system changeover, and post
implementation evaluation of the results
- System design specification as blueprint for
construction the new system
Software Quality Assurance
- Main objective: to avoid problems or to identify them
ASAP
- Poor Quality Causes
o Inaccurate requirements
o Design problems
o Coding errors
o Faulty documentation
o Ineffective testing
Software Engineering
- Software development process
- Stresses solid design, accurate documentation and
careful testing
- Manage and improve quality of finished system
o Given the fact that quality is important
- Software Engineering Institute (SEI)
o Leader in software engineering
o Provides quality standards and suggested
procedures for software developers and
systems analysts
o Designed standards called, Capability
Maturity Model (CMM)
o Recently established a new model,
Capability, Maturity Model Integration
(CMMI)
16
  Integrates software and systems
development  larger
framework (process
improvement)
International Organization for Standardization (ISO)
- Worldwide body that establishes quality standards for
products and services
- Seeks to offer a global consensus
o What constitutes good management
practices
 Practices that can help firms
deliver consistently high-quality
products and services
ISO 90003:2004
- Updated ISO standard
- Company can specify ISO standards when it purchases
software from a supplier/use ISO guidelines for in-
house software development
o To ensure that final result measures up to
ISO standards
- ISO requires specific development plan
o Outlines a step by step process for
transforming user requirements  finished
products
o ISO standards can be quite detailed
Application Development
- Process of constructing the programs and code
modules
o Building blocks of the IS
- 3 popular development options
o structured analysis
o object oriented (O-O) analysis
o agile methods
- regardless of method, objective is to translate design
 program and code modules that will function
properly
Recall
Chapter 4 – Requirements modeling
- how to use FDDs to break complex business operations
down  smaller units or functions
Chapter 5 – Structured data and process modeling
- created DFDs
- developed process descriptions for functional primitive
processes that documented business logic and
processing requirements
Chapter 6 – Object-oriented model
- use case diagrams, class diagrams, sequence diagrams,
state transition diagrams, activity diagrams
Chapter 7 – Development strategy
Chapter 8 – UI design
Chapter 9 – Data design issues, relationships between system
entities
- entity-relationship diagram (ERDs)
Chapter 10 – Overall system architecture
Application Development Taks
Traditional Methods
Agile Methods
- plan project, lay the groundwork, assemble the team
and prepare to interact with the customers
- intense collaboration and communication between IT
team and users
System Development Tools
- entity relationship diagram
- flow chart
o represents logical rules and interaction
graphically using symbols and arrows
- pseudocode
o technique for representing program logic
o similar to structured English
o analyst or programmer can describe the
program actions that can be implemented
in any programming language
- decision tables and decision trees
- all project management tools
Structure Application Development
- usually involves a top-down approach
o proceeds from a general design to a
detailed structure
- Partitioning
o Process where systems analyst breaks the
system down into subsystems and modules
 After analyst documents
system’s requirements
o Approach also called modular design
 Similar to constructing a leveled
set of DFDs
*All modules must work together properly so analyst must
carefully proceed with constant input from programmers and IT
management to achieve a sound, well integrated structure.
Analyst must ensure that integration capability is built into each
design and thoroughly tested
Structure Charts
Shows program modules and relationships among them
Higher level module (control module) directs lower level modules
(subordinate modules)
Symbols represent the ff:
- Module
- Data couple
o Shows data that 1 module passes to
another
- Control couple
o Shows a message, aka status flag
- Condition
17
 o Indicates that a control module determines
which subordinate modules will be invoked,
depending on a specific condition
- Loop
o Indicates that 1 or more modules are
repeated

*implementing a structured design, a structure chart is sued to

describe the interaction between program modules

Cohesion and Coupling

- Cohesion
o Measures module’s scope and processing
characteristics
o High degree cohesion
 Module performs single
function/task
Object-Oriented Application Development
 desirable
- when implementing an object-oriented design,
o before it focuses on a single task, a cohesive
relationships between objects already exist
module is much easier to code and reuse
- Since the object interaction is defined during the O-O
- Coupling
analysis process, the app structure is represented by
o Degree of interdependence among modules
the object model itself
o Loosely coupled
 Independent modules
Object-Oriented Cohesion & Coupling
 Desirable
- Principles of cohesion and coupling also applied
 Easier to maintain and modify
o Classes should be loosely coupled as
 Cos logic in 1 module
possible
doesn’t affect other
 Independent of other classes
modules
- Object methods should be loosely coupled and highly
 If update is needed, programmer
cohesive
can accomplish the task in a
- By following the principles, classes and objects are
single location
easier to understand and edit
o Tightly coupled
o O-O programmers who ignore cohesion and
 One module is linked to internal
coupling concepts may end up creating a
logic constrained in another
web of code that is difficult to maintain
module
o When code is scattered in various places,
editing becomes complicated and expensive

Agile Application Development

- Development team is in constant communication with
the users
- Based on quick and nimble development process that
easily adapts to change
- Focuses on small teams, intense communication and
rapid development iterations
o Makes use of user stories
o Iteration cycle
-  Planning, designing, coding and
testing based on user stories
- Disadvantage
o Lacks discipline and produces systems
questionable in quality
 Cos focuses on quick iterations
and fast releases too much
o Not work for large companies that much

18

*try to review and read this part of the book
Coding
- Process of turning logic  specific instructions that
computer system can execute
- Use of programming language to transform program
logic  code statements
- Individual programmer: create small program
- Larger programs: typically divided into modules that
several individuals or groups can work on
simultaneously
Programming Environment
- Integrated Development Environment (IDE)
o Simplifies integration of system
components and reduce code development
time
o Software products: built-in tools, advanced
features, etc.
Testing
- Important!!
- After coding, programmer must test each program to
make sure it functions correctly
- The process detects syntax errors
o Language grammar errors
o Programmer corrects errors until program
executes properly
- Desk Checking
o Reviewing the program code to spot logic
errors which produce incorrect results
o Can be performed by the person who wrote
the program or by other programmers
o Many orgs require a more formal type of
desk checking: structured walkthrough or
code review
 Group of 3-5 IT staff members
participate
- Design Walkthrough
o Session with users
o To review the interface with a cross-section
of people who will work with the new
system and ensure that all necessary
features have been included
- Unit testing
o Testing of individual program or module
o Objective: to identify and eliminate
execution errors that could cause the
program to terminate abnormally and logic
errors that could have been missed during
desk checking
- Integration testing or link testing
o Testing 2 or more programs dependent on
each other
o Ex. Consider an information system with a
program that checks and validates customer
credit status, and a separate program that
updates data in the customer master file.
The output from the validation program
becomes input to the master file update
program.
o Testing programs independently doesn’t
guarantee that data passed between them
is correct
 Only by link testing can you
make sure programs work
together properly
- System testing
o After link testing
o MUST
o Involves entire IS
Review Additional Reading – Refer to Ch.11 Slide 27
Systems Testing Objectives
- Perform final test of all programs
- Verify that system will handle all input data properly,
both valid and invalid
- Ensure that IT staff has documentation and
instructions needed to operate the system properly
and backup and restart capabilities of system are
adequate
- Demonstrate users can interact with the system
successfully
- Verify all system components are integrated properly
and actual processing situations will be handled
correctly
- Confirm that IS can handle predicted volumes of data
in a timely and efficient manner
Documentation
- Describes an IS
19
 - Helps users, mangers, and IT staff who must interact o contains live data and is accessible only by
with it authorized users
- Accurate documentation reduces system downtime, - Test Environment
cut costs, and speed up maintenance tasks o Used to develop and maintain programs
- 4 Types o Separate test environment is necessary to
o program documentation maintain system security and integrity and
 describes inputs, outputs and protect the operational environment
processing logic for all program
modules Training
 starts in the system analysis - Successful IS requires training for users, managers, and
phase IT staff members
 use defect tracking software - Entire systems development effort can depend on
(bug tracking software) whether or not people understand the system and
 to track program know how to use it effectively
defects, code changes
and replacement
code, called patches
o System documentation
 Describes system’s functions and
how they are implemented
 Data dictionary entries, DFDs,
object models, screen layouts,
source documents and systems
requests
 Starts w systems analysis and
design phases
o Operations documentation
 All info needed for processing
and distributing online and
printed output
 Ex. Program, system analyst
identification, scheduling info,
input files etc.
 Clear, concise and available
online if possible
Data Conversion
o User documentation
- Part of system installation process
 Instructions and information to
- Existing data is loaded into new system
users
- Depending on the system, data conversion can be
 User manuals, help screens,
done before, during or after the operational
tutorials
environment is complete
- When new system is replacing the existing system, you
Management Approval
should automate the data conversion process if
- Describe test results
possible
- update status of all required documentation
- Should develop data conversion plan ASAP and
- summarize input from users who participated in
conversion process should be tested when the test
system testing
environment is developed
- provide detailed … for making system fully operational
- Data is verified, corrected and updated during
o time schedules
conversion process
o cost estimates
o staffing requirements
Systems Changeover
- Process of putting the new IS online and retiring the
System Installation & Evaluation
old system
Remaining steps in systems implementation
- Can be rapid or slow depending on the method
- prepare a separate operational and test environment
- 4 Changeover methods
- provide training for users, managers, and IT staff
o direct cutover
- perform data conversion and system changeover
 similar to throwing a switch that
- carry out a post-implementation evaluation of the
instantly changes over from old
system
to new system
- present a final report to management
 least expensive, most risky
o parallel operation
Operational and Test Environments
 requires both systems run
- Operational/Production Environment
simultaneously for a specified
o for actual system ops
period
o access must be limited and controlled to
 slowest method
users
 most expensive, least risky

20
 o pilot operation
 between direct cutover and
parallel operation
 implementing the complete new
system at a selected location of
the company
 pilot site
 group that uses new
system first while
others use the old
system
 less risky than direct, less costly
than parallel
o phased operation
 between direct cutover and
parallel operation
 implement system in the whole
organization
 allows you to implement the
new system in stages or modules
 less risky than direct, less costly
than parallel
Post Implementation Evaluation
- assesses overall quality of IS
- verifies the new system
o meets specified requirements
o complies with user objectives
o produces the anticipated benefits
- should examine all aspects of the development effort
and the end product : the developed IS
- Typical evaluation
Report to management
CHAPTER 12: MANAGING SYSTEMS SUPPORT & SECURITY
- System security support and tasks that continue
throughout the useful life of the system
- User support, maintenance, security, backup and
disaster recovery, performance measurement, system
obsolescence
Managing Systems Support and Security Overview
- 3 main concerns
o user expectations
o systems performance
o security requirements
- Start
o When system becomes operational and
continues until system reaches the end of
its useful life
- During
o Support and maintenance tasks
User Support
- User training (refer to Ch. 11)
o User training package
 Online support via email
 Special website
 Revision to user guide
 Training manual supplement
 Formal training sessions
- Help Desks
o Usually called information center (IC)
o Can boost productivity by using remote
control software
o Centralized resource staffed by IT
professionals who provide users with the
support they need to do their jobs
o 3 main objectives
 show people how to use system
resources more effectively
 provide answers to technical or
operational questions
 make users more productive by
teaching them how to meet their
own info needs
o Typical Help Desk Tasks
 Show a user how to create a
data query/report that displays
specific business info
 Resolve network access or
password problems
 Demonstrate an advanced
feature of a system/commercial
package
 Help user recover damaged data
 Offer tips for better operation
 Explain an undocumented
software feature
 Show a user how to use Web
conferencing
 Explain how to access company’s
intranet or the internet
 Etc.
- Outsourcing issues
Maintenance Tasks
- Maintenance expenses
o Vary significantly during the system’s
operational life
o Include spending to support maintenance
activities
- Maintenance activities
21
 o Changing programs, procedures or
documentation
 To ensure correct system
performance
o Adapting the system to changing
requirements
o Making the system operate more efficiently
o Needs are met by corrective, adaptive,
perfective and preventive maintenance
- Corrective Maintenance
o Diagnoses and corrects errors in an
operational system
o To avoid new problems, all maintenance
work requires careful analysis before
making changes
- Adaptive Maintenance
o Adds enhancements to an operational
system
o Makes the system easier to use
- Perfective Maintenance
o Changing an operational system to make it
more efficient, reliable or maintainable
- Requests for corrective and adaptive maintenance
normally come from users, while IT department usually
initiates perfective maintenance
- Adaptive and perfective are called enhancements
- Preventive Maintenance
o To prevent problems
o Requires analysis of areas where trouble is
Key Terminologies
likely to occur
- Configuration management (CM)
o Aka change control (CC)
o Process for controlling changes in system
requirements during software development
o Important tool for managing system
changes and costs after system becomes
operational
- Maintenance release methodology
o All noncritical changes are held until they
can be implement at the same time
o Each change is documented and installed as
a new version of the system called
maintenance release
- Service packs
o Maintenance releases
o Provided by commercial software suppliers
- Version control
o Process of tracking system releases or
versions
o When new version of a system is installed,
prior release is archived or stored
 If new version causes a system to
fail, company can reinstall the
prior version to restore
operations
- Baseline
o Formal reference point
o Measures system characteristics at a
specific time
o Used as yardsticks to document features
and performance during the system
Maintenance Management
development process
o 3 types
 functional
 configuration of the
system documented

22
 at the beginning of Trespass and Employee enters unlocked server
the proj. espionage room and views payroll data on a
 contains necessary forbidden system
system requirements Vandalism Attacker defaces Website logo,
and design destroys CEO’s hard drive
constraints
 allocated Attacker Characteristics
 documents the ATTACKER DESCRIPTION Skill
system at the end of Set
the design phase Cyberterrorist Attacks to advance political, social High
 identifies any changes or ideological goals
since functional Employee Uses unauthorized info or privileges Varies
baseline to break into computer systems,
 includes testing and steal info or cause damage
verification of all Hacker Uses advanced skills to attack High
system requirements computer systems with malicious
and features intent (black hat) or to expose flaws
 product and improve security (white hat)
 describes system at Hacktivist Attacks to further a social or Varies
the beginning of the political cause, often involves
system operation shutting down or defacing Web
 incorporates any sites
changes made since Script kiddie Inexperienced or juvenile hacker Low
the allocated baseline who uses readily available malicious
 includes results of software to disrupt or damage
performance and computer systems and gain
acceptance tests for recognition
the operational Spy Non-employee who breaks into High
system computer systems to steal info and
sell it
System Performance Management
- Fault management Kinds of Attacks
o Monitoring the system for signs of trouble ATTACK EXAMPLE
o Logging all system failures Back door Attacker finds vulnerability in software
o Diagnosing the problem package and exploits it
o Applying corrective action
Denial of 1/+ computers send a stream of
* A system administrator must detect and resolve service/distributed connection requests to disable a Web
operational problems as quickly as possible denial of service server
- Performance and workload management
DNS poisoning False Domain Name Server info steers
o Benchmark testing
the user to attacker’s website
o Metrics
Dumpster diving Scours the trash for valuable info that
can be used to compromise the system
Mail bombing Enormous volumes of e-mail are sent to
a target address
System Security Overview
Check Ch. 12 slide 17 notes for video Malicious code Attacker send infected e-mail to the
target system. Use of viruses, worms,
THREAT CATEGORY
Trojan horses, keystroke loggers, etc. to
Extortion Hacker steals trade secrets and
destroy data, bog down systems, spy on
threatens to release them if not paid
users or assume control of infected
Hardware & Software Router stops functioning or software
systems
Failures causes the app server to crash
Man in the middle Attacker intercepts traffic and poses as
Human error/failure Accidentally delete files
the recipient, sending the data to the
Natural disasters Flood destroys company bldg. and
legitimate recipient but only after
networked systems reading the traffic or modifying it
Service failure Electricity is disrupted and brings the
Password cracking To gain access into aa secured system
entire system down for hours Dictionary/brute force attack
Software attack A group plants destructive software,
Privilege Employee tricks a computer into raising
virus or worm into a company escalation his or her account to the admin level
network
Sniffing Network traffic is intercepted and
Technical Outdated software is slow, difficult scanned for valuable info
obsolescence to use and vulnerable to attacks
Social engineering Attacker calls help desk posing as a
Theft of Physical server is stolen, intellectual legitimate user and requests that his or
physical/intellectual property is stolen or used wo her password be changed
property permission (may be
Spam Unwanted, useless e-mail is sent
physical/electronic)
continuously to business e-mail

23
 accounts, wasting time and decreasing
productivity
Spoofing IP address is forged to match a trusted
host, and similar content may be
displayed to simulate the real site for
unlawful purposes

Security Levels
- Physical level
o Operation center security
o Servers and desktop computers
o Notebook computers
- Network level
o Encrypting network traffic
o Wireless network
o Private network
o Virtual private network
o Ports & services
o Network intrusion detection
- Application level
o Services
o Hardening
o Application permissions
o Input validation System Obsolescence
o Patches and updates - no longer supports user needs
o Software logs - platform becomes outdated
o Analyze app’s functions, identify possible - most common reason for discontinuing system: system
security concerns and study all available reached the end of its economically useful life as
documentation to protect all server based indicated by the ff signs
apps o system’s maintenance history indicates that
- File level adaptive and corrective maintenance are
o Encryption increasing steadily
o Permission o operational costs or execution times are
o User group increasing rapidly
- User level  routine perfective maintenance
o Identify management doesn’t reverse or slow the
o Password protection trend
o Social engineering o software package is available that provides
o User resistance the same or additional services faster,
o New technologies better and less expensive than current
- Procedural level system
o Procedural security aka operational security o new technology offers a way to perform
o Concerned with managerial policies and same or additional functions more
controls that ensure secure operations efficiently
o IT professionals believe that security o maintenance changes or additions are
depends more on managerial issues vs difficult and expensive to perform
technology o users request significant new features to
 Management must work to support business requirements
establish a corporate culture
that stresses importance of *A lot of videos to watch for Chapter 12 
security to the firm and its
people
o Defines how particular tasks are to be
performed
 From large scale data backups to
everyday tasks (storing emails or
forms)
o other procedures
 how to update firewall software
 how security personnel should
treat suspected attackers
Backup and Recovery

24