Systems Analysis and Design

 

What are the various approaches to developing information systems?

·        Traditional systems life cycle

·        Prototyping

·        Software packages

·        End-user development

·        Outsourcing

What are the ways in safeguarding information systems?

·        Major IS threats

·        IS controls

·        IS security & quality assurance

IS development approaches
 

Approach

What?

When?

Why?

Why not?

SDLC

Building the system by completing 6 stages sequentially:

1.                  Project Definition

2.                  Systems Study

3.                  Design

4.                  Programming

5.                  Installation

6.                  Post-implementation

Medium to large mainframe-based systems

1.Structured

2.Formal

1.Time consuming

2.Costly

3.Inflexible

Prototyping

Building an experimental system quickly and cheaply

Unclear user requirements

1.User involvement

2.Fast

1.Poor system quality

2.Lack of standard

Packages

Purchasing programs that have been written and tested

Common system solution

1.Limited technical skills

2.Cost saving

3.Clear expectations

1.Not meeting all needs

2.Customization

End-user Development

Building the system by end-users with little or no formal technical assistance

Personal & small applications

1.No misunderstanding

2.Fast

1.Limited scope

2.Loss of control

Outsourcing

Using an external vendor to develop or operate an organization's ISs

Mission non-critical applications

1.Reduce costs

2.Predictability

1.Risky

2.Loss of control

 

Threats to ISs (Table 12.1) à Destruction, Error, Crime, Abuse

·        Fire

·        Power failure

·        Hardware malfunction

·        Software errors     

·        User errors            

·        Computer crime, hackers & viruses

·        Computer abuse

IS controls -- the specific technology, policies, and manual procedures for protecting assets, accuracy, and reliability of ISs
 

Type of control

Example

General/Organization-wide

 

Hardware

Restrict access

Preventive maintenance

Software

Activity logs

Restrict access

Data security

Password

Restrict access

Encryption

Operations

Procedure standardization

Backup & recovery

Systems development

Management review & audit

Documentation

Management

Formal written policies & procedure

Division of labor

Supervision

Accountability

Application

 

Input 

Authorization/validation

Control totals, e.g., record counts

Edit checks, e.g, format check, existence check

Error correction

Processing

Edit checks, e.g., check digit 

Control totals, e.g., hash totals

Output

Control totals

User feedback

Authorization

IS security -- protect from disruption, unauthorized use and modification

·        Data security

·        Hardware security

·        Network security

·        Recovery plan

IS quality

·        Development methodology

·        Quality measurements

·        Programming standards

·        Testing

·        Development tools

·        Quality audits