Upload
donakomeah
View
86
Download
1
Embed Size (px)
DESCRIPTION
Systems Analysis
Citation preview
System Analysis and Design
Dr. Franklin Asamoa-Baah
IntroductionCompanies use information as a weapon in the battle:To increase productivityDeliver quality products and servicesMaintain customer loyalty, and make sound decisions Information technology can mean the difference between success and failure
The Impact of Information TechnologyInformation Technology Combination of hardware and software products and services that companies use to manage, access, communicate, and share informationA vital asset that must be used effectively, updated constantly, and safeguarded carefully
What Is a System?System: array of components that work together to achieve goal or goalsSystemAccepts inputProcesses inputProduces output
What is a system? (continued)System may have multiple goalsSystem may contain subsystemsSubsystems have sub-goals that meet main goalSubsystems transfer output to other subsystems
What is a system? (continued)Closed system: has no connections with other systemsOpen system: interfaces and interacts with other systemsOften a subsystem of a bigger systemInformation system: processes data and produces information
Information System ComponentsA system is a set of related components that produces specific resultsA mission-critical system is one that is vital to a companys operations
The Purpose of Information Systems (continued)Problem solving and decision making require informationKeys to success in business areGathering correct informationStoring informationUsing information
Data, Information, and Information SystemsData, information and system are commonly used termsImportant to understand their similarities and differences
Data vs. InformationData: a given or factCan be number, statement, or pictureInformation: facts or conclusions that have meaning within contextComposed of data that is manipulated
Data ManipulationData is manipulated to make useful informationSurvey is common method of collecting dataRaw data is hard to readInformation is more useful to business than data
Generating InformationA process is manipulation of dataProcess usually produces informationProcess may produce more dataA piece of information in one context may be considered data in another context
Generating Information (continued)Figure 1.1: Input-process-output
Understanding The Business New Kinds of CompaniesCompanies are classified based on their main activities:Product-oriented Service-orientedBrick-and-mortarDot-com (.com) or Internet-dependent
How Business Uses InformationSystemsIn past, IT managers divided systems into categories based on the user group the system servedOffice systemsOperational systemsDecision support systemsExecutive information systems
How Business Uses Information SystemsToday, it makes more sense to identify a system by its functions, rather than by users Enterprise computing systemsTransaction processing systemsBusiness support systemsKnowledge management systemsUser productivity systems
How Business Uses Information SystemsEnterprise computing systemsSupport company-wide operations and data management requirementsEnterprise resource planning (ERP)
How Business Uses Information SystemsTransaction processing systemsEfficient because they process a set of transaction-related commands as a group rather than individually
How Business Uses Information SystemsBusiness support systemsProvide job-related information to users at all levels of a companyManagement information systems (MIS)
How Business Uses Information SystemsKnowledge management systemsCalled expert systemsSimulate human reasoning by combining a knowledge base and inference rules
How Business Uses Information SystemsUser productivity systemsTechnology that improves productivityGroupwareInformation systems integrationMost large companies require systems that combine transaction processing, business support, knowledge management, and user productivity features
Information Systems in Business FunctionsFunctional business area: services within a company that support main businessIncludes accounting, finance, marketing, and human resourcesPart of a larger enterprise system
Accounting
Information systems help record transactionsProduce periodic statementsCreate required reports for lawCreate supplemental reports for managers
Finance
Finance systems facilitate financial planning and business transactionsTasks include organizing budgets, managing cash flow, analyzing investments, and making decisions
Marketing
Pinpoint likely customers and promote productsMarketing information systems analyze demand for products in regions and demographic groupsIdentify trends in demand for products/services Web provides opportunity to collect marketing data
Human Resources
Human resource management systems aid record-keepingMust keep accurate recordsAids recruiting, selection, placement, and reward analysisPerformance evaluation systems provide grading utilities
Web Empowered EnterprisesE-commerce: Buying and selling goods and services through InternetInternet is a vast network of computers connected globallyWeb has a profound impact on information systems
Information System Users and Their NeedsTop managersMiddle Managers and Knowledge Workers Supervisors and Team Leaders Operational Employees
Main Reasons for New Systems
Systems request Improved serviceSupport for new products and servicesBetter performanceMore informationInformation Systems Projects
Information Systems ProjectsMain Reasons for Systems ProjectsStronger controlsEncryption and biometric devicesReduced costFactors that Affect Systems ProjectsInternal and external factors affect every business decision that a company makes, and IT systems projects are no exception
Information Systems ProjectsInternal FactorsStrategic planUser requestsExisting systems
Information Systems ProjectsExternal Factors TechnologySuppliersCustomersCompetitors
Information Systems ProjectsExternal FactorsEconomyGovernment
Choices in Systems Acquisition
ObjectivesExplain the differences among the alternatives to tailored system development: outsourcing, licensing ready-made software, using software as a service, and encouraging users to develop their own applicationsList the business trade-offs in the various methods of acquiring systems
Options and Priorities (continued)
Options and PrioritiesThere are four alternatives to in-house development:OutsourcingLicensingUsing software as a service (SaaS)Having users develop the systemThe deciding factor is usually cost , quality or time of deployment of the new system.
Outsourcing Custom-Designed ApplicationsCustom-designed (tailored) software: software developed specifically for the needs of an organizationSeveral advantages:Good fit to needGood fit to cultureDedicated maintenanceSmooth interfaceSpecialized securityPotential for strategic advantage
Outsourcing Custom-Designed Applications (continued)Disadvantages:High costThe organization must fund all development costsStaff may be diverted from other projectsSoftware is less likely to be compatible with other organizations systems
Outsourcing Custom-Designed Applications (continued)Must deal with an inherent conflict when outsourcing software development:Client wants a firm contract and set of requirementsSpecific requirements may mean that no deviation is allowed if changes are needed later as development progressesChanges may involve hefty additional chargesOff shoring: outsourcing to other countries such as India, China, Philippines, etc.
Outsourcing IT ServicesMany businesses turn to IT companies for long-term services, including:Purchasing and maintaining hardwareInstalling communications networksMaintaining and operating Web sitesStaffing help desksRunning IT daily operationsManaging customer and supplier relationsBusiness process outsourcing: outsourcing routine processes, such as order entry or HR
Outsourcing IT Services (continued)
Advantages of Outsourcing IT ServicesSeveral advantages of outsourcing:Improved financial planningClient knows the exact cost of IS functionsReduced license and maintenance feesIS professional firms pay discounted prices for tools and can pass on the savings to their clientsIncreased attention to core businessExecutives can concentrate on their companys core business
Advantages of Outsourcing IT Services (continued)Advantages of outsourcingReduction of personnel and fixed costsIncreased access to highly qualified know-howAvailability of ongoing consulting as part of standard supportSometimes outsourcing does not save the client money
Advantages of Outsourcing IT Services (continued)
Risks of Outsourcing IT ServicesDisadvantages of outsourcing:Loss of control and experienced employeesUsually involves transferring employees to vendorRisks of losing a competitive advantageMay disclose trade secretsHigh priceCan be more expensive than keeping the tasks in-houseImportant to clearly define contract terms
Risks of Outsourcing IT Services (continued)
Risks of Outsourcing IT Services (continued)Service-level agreementThe most important element of an outsourcing agreementLists all services expected of the vendorDefines the metrics to be used to measure vendor performanceThe client must develop the service level and metrics list, not the vendor
Licensing ApplicationsPurchasing software usually means purchasing licenses to use the softwareThere is a large selection of high-quality packaged software availableTwo groups of ready-made software:Relatively inexpensive software that helps in the workplace, such as office suitesLarge applications that support entire organizational functions, such as HR or financial managementTypically cost millions of dollars
Software Licensing BenefitsLicensing benefits include:Immediate system availabilityHigh qualityLow price (license fee)Available supportBeta version: a prerelease version of software to be tested by companies who want to use itOften includes a period of up to one year of free serviceLarge applications require installation specialists
Software Licensing RisksSoftware licensing has risks including:Loose fit between needs and featuresMust determine if the software will comply with company needs and organizational cultureDifficulties in undertaking custom modificationsDissolution of the vendorMay be left without support and maintenanceHigh turnover of vendor personnelTurnover among IS professionals is highMay result in lowered support expertise from vendor
Steps in Licensing Ready-Made SoftwareSelecting software involves a large money investment and a long-term commitmentProject management team responsibilities:Identify problem or opportunityDefine functional requirementsIdentify potential vendorsSolicit vendor informationRequest for information (RFI): request for informal information about a vendors productDefine system requirements
Steps in Licensing Ready-Made Software (continued)Project management team responsibilities (continued):Request vendor proposalsRequest for proposal (RFP): a document that specifies all requirements and solicits a proposalReview proposals and screen vendorsVisit sites where the application is in useSelect a vendorBenchmark the application by comparing actual performance against specific quantifiable criteria
Steps in Licensing Ready-Made Software (continued)Project management team responsibilities (continued):Negotiate a contractShould define performance expectations and penalties for failure to meet expectationsImplement the new systemManage post implementation support
Steps in Licensing Ready-Made Software (continued)
Software as a ServiceApplication service provider (ASP): an organization that offers software through communication lines (such as the Web)Software as a service (SaaS): applications available through the WebNo software is installed on a clients computersFiles may be stored on local storage devicesASPs may rent the software they offer
Software as a Service (continued)Renting software has benefits:No need to learn how to maintain the softwareNo large start-up feeStorage hardware is unnecessarySoftware is usually available soonerA good option for small companiesIs considered a software on demand approach
Software as a Service (continued)Renting software also has risks:Lack of control may be an issue, as the clients data is managed by the vendorVendor is unlikely to make many customized changes to the softwareResponse time is impacted by traffic levelsMay be security risks through a public network Many clients used leased lines instead of the Internet to limit security risks
Software as a Service (continued)
Caveat EmptorASP may be disappointing in some areas:Scope of services providedLevel of reliabilityManager guidelines when selecting an ASP:Check the ASPs history: get referencesCheck the ASPs financial strengthEnsure you understand the price schemeGet a list of the providers infrastructureCraft the service contract carefully
Caveat Emptor (continued)Four categories of typical users of ASP services:Rapidly growing companies that rely on software for deployment of their operationsSmall companies without cash to pay up-front costs for softwareMedium-sized companies that need expensive softwareOrganizational units at remote locationsStorage service provider (SSP): rents storage space for remote storage of client files
User Application DevelopmentUser application development: nonprogrammer users write their own business applicationsUser-developed software is usually:Simple and limited in scopeSmall applications developed for immediate or brief needsMaintained by end users
Advantages and RisksAdvantages of user development of applications:Shortened lead timesGood fit to needsCompliance with cultureEfficient utilization of resourcesAcquisition of skillsFreeing up IS staff time
Advantages and Risks (continued)Disadvantages of user-developed applications:Poorly developed applicationsSecurity problemsPoor or no documentation
SummarySeveral alternatives to having applications developed in-house include outsourcing, licensing ready-made software, using software as a service, and allowing users to develop their own softwareOutsourcing can mean commissioning development or assigning services to vendorOutsourcing custom-designed applications might afford the organization a good fit of software to need
ANALYSIS PHASESystem Development Life Cycle
Chapter ObjectivesList and describe system requirements, including outputs, inputs, processes, performance, and controlsExplain the importance of scalability in system designUse fact-finding techniques, including interviews, documentation review, observation, questionnaires, sampling, and research
Phase DescriptionSystems analysis is the second of five phases in the systems development life cycle (SDLC)Uses requirements modeling and data and process modeling to represent the new system Before proceeding to the next phase, systems design, you will consider system development strategies
Systems Analysis Phase OverviewThe overall objective is to understand the proposed project, ensure that it will support business requirements, and build a solid foundation for system developmentYou use models and other documentation tools to visualize and describe the proposed system
Systems Analysis Phase OverviewSystems Analysis ActivitiesRequirements modelingOutputsInputsProcessesPerformanceSecurity
Systems Analysis Phase OverviewSystems Analysis Activities Development StrategiesSystem requirements document
Systems Analysis Phase OverviewSystems Analysis SkillsAnalytical skillsInterpersonal skillsTeam-Oriented Methods and TechniquesJoint application development (JAD)Rapid application development (RAD)
Joint Application DevelopmentUser InvolvementUsers have a vital stake in an information system, and they should participate fullySuccessful systems must be user-oriented and users need to be involved
Joint Application DevelopmentJAD Participants and RolesJAD participants should be insulated from the distraction of day-to-day operationsObjective is to analyze the existing system, obtain user input and expectations, and document user requirements for the new system
Joint Application DevelopmentJAD Advantages and DisadvantagesAdvantages Allows key users to participate effectively When properly used, JAD can result in a more accurate statement of system requirements, a better understanding of common goals, and a stronger commitment to the success of the new systemDisadvantagesMore expensive and can be cumbersome if the group is too large relative to the size of the project
Rapid Application DevelopmentRapid application development (RAD) is a team-based technique that speeds up information systems development and produces a functioning information systemRAD uses a group approach, but goes much furtherThe end product of RAD is the new information system
Rapid Application DevelopmentRAD Phases and Activities
Rapid Application DevelopmentRAD ObjectivesTo cut development time and expense by involving the users in every phase of systems developmentSuccessful RAD team must have IT resources, skills, and management supportHelps a development team design a system that requires a highly interactive or complex user interface
Rapid Application DevelopmentRAD Advantages and DisadvantagesAdvantagesSystems can be developed more quickly with significant cost savingsDisadvantagesRAD stresses the mechanics of the system itself and does not emphasize the companys strategic business needsMight allow less time to develop quality, consistency, and design standards
Modeling Tools and TechniquesCASE ToolsOffer powerful modeling featuresSystems analysts use modeling and fact-finding interactivelyFunctional Decomposition DiagramsFunctional decomposition diagram (FDD)
System Requirements ChecklistSystem requirementFive general categoriesOutputsInputsProcessesPerformanceControls
System Requirements ChecklistOutputsThe inventory system must produce a daily report showing the part number, description, quantity on hand, quantity allocated, quantity available, and unit cost of all parts sorted by part number
System Requirements ChecklistInputsManufacturing employees must swipe the product cards into online data collection terminals that record all information about the product.
System Requirements ChecklistProcessesAs the final step in processing, the system must update all the information about the products such as inventory levels, restocking period, etc
System Requirements ChecklistPerformanceThe system must support 25 users online simultaneouslyResponse time must not exceed four seconds
System Requirements ChecklistControlsThe system must provide log-on security at the operating system level and at the application levelAn employee record must be added, changed, or deleted only by a member of the human resources department
Future Growth, Costs, and BenefitsScalabilityA scalable system offers a better return on the initial investmentTo evaluate, you need information about projected future volume for all outputs, inputs, and processes
Fact-FindingFact-Finding OverviewThe first step is to identify the information you need
Who, What, Where, When, How, and Why?Difference between asking what is being done and what could or should be done
InterviewsSystems analysts spend a great deal of time talking with peopleMuch of that time is spent conducting interviews
InterviewStep 1: Determine the People to InterviewInformal structureStep 2: Establish Objectives for the InterviewDetermine the general areas to be discussedList the facts you want to gather
InterviewsStep 3: Develop Interview QuestionsCreating a standard list of interview questions helps to keep you on track and avoid unnecessary tangentsAvoid leading questionsOpen-ended questionsClosed-ended questions
InterviewsStep 4: Prepare for the InterviewCareful preparation is essential because an interview is an important meeting and not just a casual chatLimit the interview to no more than one hourSend a list of topicsAsk the interviewee to have samples available
InterviewsStep 5: Conduct the InterviewDevelop a specific plan for the meetingBegin by introducing yourself, describing the project, and explaining interview objectivesUse engaged listeningAllow the person enough time to think about the questionSummarize main pointsAfter interview, summarize the session and seek a confirmation
InterviewsStep 6: Document the InterviewDuring the interview, note taking should be kept to a minimumAfter the interview, record the information quicklyAfter the interview, send memo expressing appreciation, including the main points discussed so the interviewee has a written summary and can offer additions or corrections
InterviewsStep 7: Evaluate the InterviewIn addition to recording the facts obtained in an interview, try to identify any possible biasesUnsuccessful InterviewsNo matter how well you prepare for interviews, some are not successful
Other Fact-Finding TechniquesDocument ReviewObservationSeeing the system in action gives you additional perspective and a better understanding of the system proceduresPlan your observations in advance
Other Fact-Finding TechniquesQuestionnaires and SurveysWhen designing a questionnaire, the most important rule of all is to make sure that your questions collect the right data in a form that you can use to further your fact-finding
DocumentationThe Need for Recording the FactsRecord information as soon as you obtain itUse the simplest recording methodRecord your findings in such a way that they can be understood by someone elseOrganize your documentation
DocumentationSoftware ToolsCASE ToolsProductivity SoftwareWord processing, spreadsheets, database management, presentation graphics, histogram
DocumentationSoftware ToolsGraphics modeling softwarePersonal information managersPersonal information manager (PIM)Handheld computersPersonal digital assistants (PDAs)Wireless communication devices
Chapter SummaryThe main objective is to understand the proposed project and build a solid foundation for the systems design phaseYou identify the business-related requirements for the new information system, including outputs, inputs, processes, performance, and controlsThe fact-finding process includes interviewing, document review, observation, questionnaires, sampling, and research
Chapter SummarySystems analysts should carefully record and document factual information as it is collected, and various software tools can help an analyst visualize and describe an information system
DESIGN PHASE OF THE SDLC
Chapter ObjectivesDescribe the contents of the system requirements documentExplain the transition from systems analysis to systems design, and the difference between logical and physical designExplain the transition to systems design and the importance of prototypingDiscuss guidelines for systems design
Development Strategies OverviewSelecting the best development path is an important decision that requires companies to consider three key topicsThe impact of the InternetSoftware outsourcing optionsIn-house software development alternatives
The Impact of the InternetThe Internet has triggered enormous changes in business methods and operations, and software acquisition is no exceptionThe internet has set a trend that views software as a service, the changing market-place for software, and how Web-based development compares to traditional methods
The Impact of the InternetThe Changing Software MarketplaceIn the traditional model, software vendors develop and sell application packages to customersIn addition to traditional vendors, the marketplace now includes many forms of outsourcing, including application service providers and firms that offer Internet business services
The Impact of the InternetThe Impact of the Internet on Systems DevelopmentDevelopers will focus on Web-based application development, where the Web becomes an integral part of the application rather than just a communication channelIBMs WebSphereMicrosofts .NET
The Impact of the InternetThe Impact of the Internet on Systems DevelopmentTraditional developmentSystems design is influenced by compatibility issuesSystems are designed to run on local and wide-area company networksWeb-based features are treated as enhancements rather than core elements of the design
The Impact of the InternetThe Impact of the Internet on Systems DevelopmentWeb-based developmentSystems are developed and delivered in an Internet-based framework such as .NET or WebSphereInternet-based development treats the Web as the platform, rather than just a communication channelWeb-based software usually requires additional layers, called middleware
OutsourcingCan refer to relatively minor programming tasks, the rental of software from a service provider, the outsourcing of a basic business process (often called business process outsourcing, or BPO), The handling of a companys entire IT function
OutsourcingThe Growth of OutsourcingTraditionally, firms outsourced IT tasks as a way of controlling costs and dealing with rapid technological changeOutsourcing has become part of an overall IT strategy for many organizations
OutsourcingThe Growth of OutsourcingA firm that offers outsourcing solutions is called a service providerApplication service providers (ASP)Internet business services (IBS)Also called managed hosting
OutsourcingOutsourcing FeesA fixed fee model uses a set fee based on a specified level of service and user supportA subscription model has a variable fee based on the number of users or workstations that have access to the applicationA usage model or transaction model charges a variable fee based on the volume of transactions or operations performed by the application
OutsourcingOutsourcing Issues and ConcernsMission-critical IT systems should be out-sourced only if the result is a cost-attractive, reliable, business solution that fits the companys long-term business strategyOutsourcing also can affect day-to-day company operations and can raise some concernsOutsourcing can be especially attractive to a company whose volume fluctuates widely, such as a defense contractor
OutsourcingOffshore OutsourcingOffshore outsourcing global outsourcingMany firms are sending IT work overseas at an increasing rate
In-House Software Development OptionsA company can choose to develop its own systems, or purchase, possibly customize, and implement a software packageThe most important consideration is total cost of ownership (TCO)Companies also develop user applications designed around commercial software packages
In-House Software Development OptionsMake or Buy DecisionThe choice between developing versus purchasing software often is called a make or buy, or build or buy decisionCompanies that develop software for sale are called software vendors
In-House Software Development OptionsDeveloping Software In-HouseSatisfy unique business requirementsMinimize changes in business procedures and policiesMeet constraints of existing systemsMeet constraints of existing technologyDevelop internal resources and capabilities
In-House Software Development OptionsPurchasing a Software PackageLower costsRequires less time to implementProven reliability and performance benchmarksRequires less technical development staffFuture upgrades provided by the vendorInput from other companies
In-House Software Development OptionsCustomizing a Software PackageYou can purchase a basic package that vendors will customize to suit your needsYou can negotiate directly with the software vendor to make enhancements to meet your needs by paying for the changesYou can purchase the package and make your own modifications, if this is permissible under the terms of the software license
In-House Software Development OptionsCreating User ApplicationsA user application utilizes standard business softwareUser interfaceScreen generatorsReport generatorsRead-only properties
Role of the Systems AnalystWhen selecting hardware and software, systems analysts often work as an evaluation and selection teamThe primary objective of the evaluation and selection team is to eliminate system alternatives that will not work, rank the system alternatives that will work, and present the viable alternatives to management for a final decision
Analyzing Cost and BenefitsFinancial Analysis ToolsPayback AnalysisReturn on investment (ROI)Net present value (NPV)
Analyzing Cost and BenefitsCost-Benefit Analysis ChecklistList each development strategy being consideredIdentify all costs and benefits for each alternative. Be sure to indicate when costs will be incurred and benefits realizedConsider future growth and the need for scalabilityInclude support costs for hardware and softwareApply the financial analysis tools to each alternativeStudy the results and prepare a report to management
The Software Acquisition ProcessStep 1: Evaluate the Information System RequirementsPrepare a request for proposal or quotationRequest for proposal (RFP)Evaluation modelRequest for quotation (RFQ)
The Software Acquisition ProcessStep 2: Identify Potential Vendors or Outsourcing OptionsThe Internet is a primary marketplaceAnother approach is to work with a consulting firmAnother resource is the Internet bulletin board system that contains thousands of forums, called newsgroups
The Software Acquisition ProcessStep 3: Evaluate the AlternativesExisting usersApplication testingBenchmarking - benchmarkMatch each package against the RFP features and rank the choices
The Software Acquisition ProcessStep 4: Perform Cost-Benefit AnalysisIdentify and calculate TCO for each option you are consideringWhen you purchase software, what you are buying is a software licenseIf you purchase a software package, consider a supplemental maintenance agreement
The Software Acquisition ProcessStep 5: Prepare a RecommendationYou should prepare a recommendation that evaluates and describes the alternatives, together with the costs, benefits, advantages, and disadvantages of each optionAt this point, you may be required to submit a formal system requirements document and deliver a presentation
The Software Acquisition ProcessStep 6: Implement the SolutionImplementation tasks will depend on the solution selectedBefore the new software becomes operational, you must complete all implementation steps, including loading, configuring, and testing the software; training users; and converting data files to the new systems format
Completion of Systems Analysis TasksSystem Requirements DocumentThe system requirements document, or software requirements specification, contains the requirements for the new system, describes the alternatives that were considered, and makes a specific recommendation to managementLike a contractFormat and organize it so it is easy to read and use
Completion of Systems Analysis TasksPresentation to ManagementBegin your presentation with a brief overview of the purpose and primary objectives of the system project, the objectives of this presentation, and what decisions need to madeSummarize the primary viable alternatives. For each alternative, describe the costs, advantages, and disadvantages
Completion of Systems Analysis TasksPresentation to ManagementExplain why the evaluation and selection team chose the recommended alternativeAllow time for discussion and for questions and answersObtain a final decision from management or agree on a timetable for the next step in the process
Completion of Systems Analysis TasksPresentation to ManagementBased on their decision, your next task will be one of the followingImplement an outsourcing alternativeDevelop an in-house systemPurchase or customize a software packagePerform additional systems analysis workStop all further work
The Transition to Systems DesignIf management decides to develop the system in-house, then the transition to the systems design phase beginsPreparing for Systems Design TasksIt is essential to have an accurate and understandable system requirements document
The Transition to Systems DesignThe Relationship between Logical and Physical DesignThe logical design defines the functions and features of the system and the relationships among its componentsThe physical design of an information system is a plan for the actual implementation of the system
Systems Design GuidelinesThe systems analyst must understand the logical design of the system before beginning the physical design of any one componentData designUser interfaceSystems design specification
Systems Design GuidelinesSystems Design ObjectivesThe goal of systems design is to build a system that is effective, reliable, and maintainable
Systems Design GuidelinesSystem Design ObjectivesUser ConsiderationsData ConsiderationsData should be entered into the system where and when it occurs because delays cause data errorsData should be verified when entered to catch errors immediatelyAutomated methods of data entry should be used whenever possibleAccess for data entry should be controlled and all entries or changes to critical data values should be reported audit trails
Systems Design GuidelinesSystem Design ObjectivesData ConsiderationsData should be entered into a system only onceData duplication should be avoidedArchitecture considerationsUse a modular designDesign modules that perform a single function are easier to understand, implement, and maintain
Systems Design GuidelinesDesign Trade-OffsDesign goals often conflict with each otherMost design trade-off decisions that you will face come down to the basic conflict of quality versus costAvoid decisions that achieve short-term savings but might mean higher costs later
PrototypingPrototyping produces an early, rapidly constructed working version of the proposed information system, called a prototypePrototyping MethodsSystem prototypingDesign prototypingThrowaway prototyping
PrototypingPrototyping MethodsPrototyping offers many benefitsUsers and systems developers can avoid misunderstandingsManagers can evaluate a working model more effectively than a paper specificationConsider potential problemsThe rapid pace of development can create quality problemsIn very complex systems, the prototype becomes unwieldy and difficult to manage
PrototypingPrototyping ToolsSystems analysts can use powerful tools to develop prototypesCASE toolsApplication generatorsReport generatorsScreen generators
PrototypingLimitations of PrototypesA prototype is a functioning system, but it is less efficient than a fully developed systemSystems developers can upgrade the prototype into the final information system by adding the necessary capabilityOtherwise, the prototype is discardedOther Modeling ToolsSystems flowchart
Chapter SummaryThis chapter describes system development strategies, the preparation and presentation of the system requirements document, and the transition to the systems design phase of the SDLCAn important trend that views software as a service, rather than a product, has created new software acquisition optionsSystems analysts must consider Web-based development environments
IMPLEMENTATION PHASESystems Implementation is the fourth of five phases in the systems development life cycle (SDLC)Includes application development, testing, documentation, training, data conversion, system changeover, and post-implementation evaluation of the results
IntroductionThe system design specification serves as a blueprint for constructing the new systemThe initial task is application developmentBefore a changeover can occur, the system must be tested and documented carefully, users must be trained, and existing data must be convertedA formal evaluation of the results takes place as part of a final report to management
Overview of Application DevelopmentApplication developmentObjective is to translate the logical design into program and code modules that will function properlyCreation of the System DesignThe tasks involved in system design produced an overall design and a plan for physical implementation
Overview of Application DevelopmentApplication Development StepsModuleAfter the design is created, coding can begin
Overview of Application DevelopmentProject ManagementEven a modest-sized project might have hundreds or even thousands of modulesImportant to set realistic schedules, meet project deadlines, control costs, and maintain qualityShould use project management tools and techniques
Structured Application DevelopmentTop-down approach Modular designMust proceed carefully, with constant input from programmers and IT management to achieve a sound, well-integrated structureMust ensure that integration capability is built into each design and thoroughly tested
Testing the SystemAfter coding, a programmer must test each program to make sure that it functions correctlySyntax errorsDesk checkingLogic errorsStructured walkthrough, or code reviewDesign walkthrough
Testing the SystemUnit TestingTest dataProgrammers must test programs that interact with other programs and files individuallyRegardless of who creates the test plan, the project manager or a designated analyst also reviews the final test results
Testing the SystemIntegration TestingIntegration testing, or link testingTesting the programs independently does not guarantee that the data passed between them is correctA testing sequence should not move to the integration stage unless it has performed properly in all unit tests
Testing the SystemSystem TestingMajor objectives:Perform a final test of all programsVerify that the system will handle all input data properly, both valid and invalidEnsure that the IT staff has the documentation and instructions needed to operate the system properly and that backup and restart capabilities of the system are adequate
Testing the SystemSystem TestingMajor objectives:Demonstrate that users can interact with the system successfullyVerify that all system components are integrated properly and that actual processing situations will be handled correctlyConfirm that the information system can handle predicted volumes of data in a timely and efficient manner
DocumentationDocumentationProgram DocumentationSystem DocumentationOperations DocumentationUser DocumentationOnline documentation
Management ApprovalAfter system testing is complete, you present the results to managementIf system testing produced no technical, economical, or operational problems, management determines a schedule for system installation and evaluation
System Installation and EvaluationRemaining steps in systems implementation:Prepare a separate operational and test environmentProvide training for users, managers, and IT staffPerform data conversion and system changeoverCarry out post-implementation evaluation of the systemPresent a final report to management
Operational and Test EnvironmentsThe environment for the actual system operation is called the operational environment or production environmentThe environment that analysts and programmers use to develop and maintain programs is called the test environmentA separate test environment is necessary to maintain system security and integrity and protect the operational environment
Operational and Test Environments
TrainingTraining PlanThe first step is to identify who should receive training and what training is neededThe three main groups for training are users, managers, and IT staffYou must determine how the company will provide training
TrainingOutside Training ResourcesMany training consultants, institutes, and firms are available that provide either standardized or customized training packagesYou can contact a training provider and obtain references from clients
TrainingIn-House TrainingThe IT staff and user departments often share responsibilityWhen developing a training program, you should keep the following guidelines in mind:Train people in groups, with separate training programs for distinct groupsSelect the most effective place to conduct the trainingPrepare effective training materials, including interactive tutorials
TrainingIn-House TrainingWhen developing a training program, you should keep the following guidelines in mind:Rely on previous traineesTrain-the-trainer strategyWhen Training is complete, many organizations conduct a full-scale test, or simulation
Data ConversionData Conversion StrategiesThe old system might be capable of exporting data in an acceptable format for the new system or in a standard format such as ASCII or ODBCIf a standard format is not available, you must develop a program to extract the data and convert itOften requires additional data items, which might require manual entry
Data ConversionData Conversion Security and ControlsYou must ensure that all system control measures are in place and operational to protect data from unauthorized access and to help prevent erroneous inputSome errors will occurIt is essential that the new system be loaded with accurate, error-free data
System ChangeoverDirect CutoverInvolves more risk than other changeover methodsCompanies often choose the direct cutover method for implementing commercial software packagesCyclical information systems usually are converted using the direct cutover method at the beginning of a quarter, calendar year, or fiscal year
System ChangeoverParallel OperationEasier to verify that the new system is working properly under parallel operation than under direct cutoverRunning both systems might place a burden on the operating environment and cause processing delayIs not practical if the old and new systems are incompatible technicallyAlso is inappropriate when the two systems perform different functions
System ChangeoverPilot OperationThe group that uses the new system first is called the pilot siteThe old system continues to operate for the entire organizationAfter the system proves successful at the pilot site, it is implemented in the rest of the organization, usually using the direct cutover methodIs a combination of parallel operation and direct cutover methods
System ChangeoverPhased OperationYou give a part of the system to all usersThe risk of errors or failures is limited to the implemented module onlyIs less expensive than full parallel operationIs not possible, however, if the system cannot be separated easily into logical modules or segments
Post-Implementation TasksPost-Implementation EvaluationIncludes feedback for the following areas:Accuracy, completeness, and timeliness of information system outputUser satisfactionSystem reliability and maintainabilityAdequacy of system controls and security measuresHardware efficiency and platform performance
Post-Implementation TasksPost-Implementation EvaluationIncludes feedback for the following areas:Effectiveness of database implementationPerformance of the IT teamCompleteness and quality of documentationQuality and effectiveness of trainingAccuracy of cost-benefit estimates and development schedules
Post-Implementation TasksPost-Implementation EvaluationWhen evaluating a system, you should:Interview members of management and key usersObserve users and computer operations personnel actually working with the new information systemRead all documentation and training materials Examine all source documents, output reports, and screen displaysUse questionnaires to gather information and opinions form a large number of usersAnalyze maintenance and help desk logs
Post-Implementation TasksPost-Implementation EvaluationUsers can forget details of the developmental effort if too much time elapses Pressure to finish the project sooner usually results in an earlier evaluation in order to allow the IT department to move on to other tasksIdeally, conducting a post-implementation evaluation should be standard practice for all information systems projects
Post-Implementation TasksFinal Report to ManagementYour report should include the following:Final versions of all system documentationPlanned modifications and enhancements to the system that have been identifiedRecap of all systems development costs and schedulesA comparison of actual costs and schedules to the original estimatesPost-implementation evaluation, if it has been performedMarks the end of systems development work
Risks, Security, and Disaster Recovery
ObjectivesDescribe the primary goals of information security and types of risks to ISList the various types of attacks on networked systems and controls required to ensure integrityDescribe the various kinds of security measures that can be taken to protect data and ISOutline the principles of developing a recovery planExplain the economic aspects of information security
Goals of Information SecurityProtecting IT resources is a primary concernSecuring corporate ISs increasingly challengingMajor goals of information securityReduce risk of systems ceasing operationMaintain information confidentialityEnsure integrity of data resourcesEnsure uninterrupted availability of resourcesEnsure compliance with policies
Risks to Information SystemsDowntime: time when IS is not availableExtremely expensive$4 billion lost annually in U.S.
Risks to HardwareMajor causes of damage to machineNatural disastersFireFlood StormsBlackouts and brownoutsBlackout: total loss of electricityBrownout: partial loss of electricityUninterruptible power supply (UPS): backup powerVandalismDeliberate destruction
Risks to Data and ApplicationsData primary concern because uniqueSusceptible toDisruptionDamageTheft
Identity theft: pretending to be another person
Risks to Data and Applications (continued)Risk to dataAlterationDestructionWeb defacementDeliberate alteration or destruction is a prankTarget may be Web site
Risks to Data and Applications (continued)Honeypot: server containing mirrored copy of databaseVirus: spread from computer to computerWorm: spread in network without human interventionTrojan horse: virus disguised as legitimate softwareLogic bomb: cause damage at specific time
Risks to Online OperationsMany hackers try to interrupt business dailyAttacksUnauthorized accessData theftDefacing of Web pagesDenial-of-serviceHijacking
Computer HijackingHijacking: linking computer to public network without consentDone for DDoSDone by installing bot on computerHijackers usually send SPAMBot planted by exploiting security holesInstall e-mail forwarding software
ControlsControls: constraints on user or systemCan secure against risksEnsure nonsensical data is not enteredCan reduce damage
Controls (continued)Figure 14.1: Common controls to protect systems from risks
BackupBackup: duplication of all dataRedundant Arrays of Independent Disks (RAID): set of disks programmed to replicate stored dataData must be routinely transported off-site
Access ControlsAccess controls: require authorized accessPhysical locksSoftware locksThree types of access controlsWhat you knowUser ID and passwordWhat you haveRequire special devicesWhat you arePhysical characteristics
Access Controls (continued)Passwords stored in OS or databaseSecurity card more secure than passwordAllows two-factor accessBiometric: unique physical characteristicFingerprintsRetinal picturesVoiceprints
Atomic TransactionsAtomic transaction: set of indivisible transactions. Either all files are updated or none is updated, and if not, control produces error reportsAll executed or noneEnsure only full entry occursControl against malfunction and fraud
Atomic Transactions (continued)Figure14.2: Atomic transactions ensure updating of all appropriate files.Either all files are updated, or none are updated and the control produces an error message
Audit TrailAudit trail: documented facts that help detect who recorded transactionsSometimes automatically created
Security MeasuresOrganizations can protect against attacksFirewallsAuthenticationEncryptionDigital signaturesDigital certificates
Firewalls and Proxy ServersFirewall: best defenseHardware and softwareBlocks access to computing resourcesRoutinely integrated into routersDMZ: demilitarized zone approachOne end of network connected to trusted network other end to public networkProxy server: represent another serverEmploys firewall
Authentication and EncryptionEncrypt and authenticate messages to ensure securityMessage may not be textImageSoundAuthentication: process of ensuring sender is validEncryption: coding message to unreadable form
Authentication and Encryption (continued)Figure 14.4: Encrypting communications increases security
Authentication and Encryption (continued)Encryption programsPlaintext: original messageCiphertext: coded messageUses mathematical algorithm and keyKey is combination of bits that deciphers ciphertextSymmetric encryption: sender and recipient use same keyAsymmetric encryption: public and private key used
The Downside of Security MeasuresSingle sign-on (SSO): user name/password entered only onceSaves timeEncryption slows down communicationIT specialists must clearly explain implications of security measures
The Business Recovery PlanBusiness recovery plans: plan to recover from disasterNine stepsObtain managements commitmentEstablish planning committeePerform risk assessment and impact analysisPrioritize recovery needsSelect recovery planSelect vendorsDevelop and implement planTest planContinually test and evaluate
The Economics of Information SecuritySecurity analogous to insuranceSpending should be proportional to potential damageAccess minimum rate of system downtime
How Much Security Is Enough Security?Two costs to considerCost of potential damageCost of implementing preventative measureCompanies try to find optimal pointNeed to define what needs to be protectedNever exceed value of protected system
Calculating DowntimeTry to minimize downtimeMission-critical systems must be connected to alternative source of powerMore ISs interfaced with other systemsInterdependent systems have greater downtime
SummaryPurpose of controls and security measures is to maintain functionality of ISsRisks to IS include risks to hardware, data, and networks, and natural disaster and vandalismRisks to data include theft, data alteration, data destruction, defacement of Web sites, and virusesRisk to online systems include denial of service and hijacking
Summary (continued)Controls used to minimize disruptionAccess controls require information to be entered before resources are made availableAtomic transactions ensures data integrityFirewalls protect against Internet attacksEncryption schemes protect messaging on Internet
**4*4****12*******18*19*20*21*22*23*24*25*******27**********************************3**********************************49*49*49*4******************************