SlideShare a Scribd company logo

Sadcw 6e chapter12

Download as PPT, PDF
Matthew McKenzie
Matthew McKenzie

This chapter discusses databases, database management systems, and relational databases. It covers how to design a relational database schema based on a domain model class diagram, including representing classes as tables and associations as foreign keys. The chapter also discusses database normalization, distributed database architectures, and the importance of designing integrity and security controls.

Technology
1 of 42
Chapter 12 Systems Analysis and Design in a Changing World, 6t 1
Databases, Controls, and Security Chapter 12 Systems Analysis and Design in a Changing World 6th Ed Satzinger, Jackson & Burd
Chapter 12 Outline  Databases and Database Management Systems (DBMS)  Relational Databases (RDBMS)  Data Access Classes  Distributed Database Architectures  Database Design Timing and Risks  Designing Integrity Controls  Designing Security Controls Systems Analysis and Design in a Changing World, 6t 3
Learning Objectives Design a relational database schema based on a class diagram  Evaluate and improve the quality of a database schema  Describe the different architectural models for distributed databases  Determine when and how to design the database  Explain the importance of integrity controls for inputs, outputs, data, and processing  Discuss issues related to security that affect the design and operation of information systems  Systems Analysis and Design in a Changing World, 6t 4
Overview  Databases and database management systems are important components of a modern information system  Database design transforms the domain model class diagram into a detailed database model for the system  A database management system is used to implement and interact with the database  System controls and security are crucial issues to databases and also apply to other aspects of the system Systems Analysis and Design in a Changing World, 6t 5
Some Database Concepts     Database (DB) -- an integrated collection of stored data that is centrally managed and controlled Database management system (DBMS) -- a system software component that manages and controls one or more databases Physical data store -- database component that stores the raw bits and bytes of data Schema -- database component that contains descriptive information about the data stored in the physical data store Systems Analysis and Design in a Changing World, 6t 6
Database Schema Organization of individual stored data items into higher level groups, such as tables  Associations among tables or classes  Details of physical data store organization, including types, lengths, locations, and indexing of data items  Access and content controls, including allowable values for specific data items, value dependencies among multiple data items, and lists of users allowed to read or update data items  Systems Analysis and Design in a Changing World, 6t 7
Database and DBMS Components Systems Analysis and Design in a Changing World, 6t 8
Relational Databases         Relational database management system (RDBMS) -- a DBMS that organizes data in tables (relations) Table -- a two-dimensional data structure of columns and rows Row -- one horizontal group of data attribute values Attribute -- one vertical group of data attribute values Attribute value -- the value held in a single table cell Key -- an attribute or set of attributes, the values of which occur only once in all the rows of the table Primary key -- the key chosen by a database designer to represent relationships among rows in different tables Foreign key -- an attribute that duplicates the primary key of a different (or foreign) table Systems Analysis and Design in a Changing World, 6t 9
Partial Display of a Relational Database Table Systems Analysis and Design in a Changing World, 6t 10
An Association Between Rows in Two Tables (key and foreign key) Systems Analysis and Design in a Changing World, 6t 11
Designing Relational Databases Based on the Domain Model Class Diagram 1. 2. 3. 4. 5. 6. 7. 8. 9. Create a table for each class Choose a primary key for each table (invent one, if necessary) Add foreign keys to represent one-to-many associations Create new tables to represent many-to-many associations Represent classification hierarchies Define referential integrity constraints Evaluate schema quality and make necessary improvements Choose appropriate data types Incorporate integrity and security controls Systems Analysis and Design in a Changing World, 6t 12
Initial Set of Tables Based on RMO Domain Classes Systems Analysis and Design in a Changing World, 6t 13
Initial Set of Tables With Primary Keys Added (bold) Systems Analysis and Design in a Changing World, 6t 14
Initial Set of Tables With Foreign Key Attributes Added (in italics) Systems Analysis and Design in a Changing World, 6t 15
Final Set of Tables Specialized subclasses of Sale and Online Cart added Promo Offering modified from association class to table with two keys Systems Analysis and Design in a Changing World, 6t 16
Designing Relational Databases Referential Integrity and Schema Quality    Referential integrity -- a consistent state among foreign key and primary key values Referential integrity constraint -- a constraint, stored in the schema, that the DBMS uses to automatically enforce referential integrity A high-quality relational database schema has these features:    Flexibility or ease of implementing future data model changes Lack of redundant data Normalization -- a formal technique for evaluating and improving the quality of a relational database schema Systems Analysis and Design in a Changing World, 6t 17
Designing Relational Databases Database Normalization  First normal form (1NF) -- restriction that all rows of a table must contain the same number of columns   Functional dependency -- a one-to-one association between the values of two attributes    No repeating groups of attributes Attribute A is functionally dependent on attribute B if for each value of attribute B there is only one corresponding value of attribute A Second normal form (2NF) -- restriction that a table is in 1NF and that each non-key attribute is functionally dependent on the entire primary key Third normal form (3NF) -- restriction that a table is in 2NF and that no non-key attribute is functionally dependent on any other non-key attribute Systems Analysis and Design in a Changing World, 6t 18
Data Access Classes Map design classes to RDBMS tables Systems Analysis and Design in a Changing World, 6t 19
Distributed Database Architectures     Single database server architecture -- one or more databases are hosted by a single DBMS running on a single server Replicated database server architecture -- complete database copies are hosted by cooperating DBMSs running on multiple servers Partitioned database server architecture -- multiple distributed database servers are used and the database schema is partitioned Cloud-based database server architecture -- use of a cloud computing service provider to provide some or all database services Systems Analysis and Design in a Changing World, 6t 20
Partitioning Database Schema Into Client Access Subsets Systems Analysis and Design in a Changing World, 6t 21
Architecture for RMO Replicated and Partitioned Database Systems Analysis and Design in a Changing World, 6t 22
Database Design Timing and Risks    Architecture—Decisions about DBMS, database servers, and database distribution are tightly integrated with other architectural decisions, including network design, Web and component services, and security. Existing databases—Most new or upgraded systems must interact with existing databases, with their preexisting constraints. While adapting existing databases to new or updated systems, analysts must ensure their continued operation. Domain model class diagram—Database design can’t proceed until related parts of the class diagram have been developed. Systems Analysis and Design in a Changing World, 6t 23
The Need for System Controls    A furniture store sells merchandise on credit with internal financing. Salespeople sometimes sell furniture on credit to friends and relatives. How do we ensure that only authorized employees can extend credit and record payments and adjustments to credit accounts? A bookkeeper uses accounting software to generate electronic payments to suppliers. How does the system ensure that the payment is for goods or services that were actually received? How does the system ensure that no one can generate payments to a bogus supplier? An online retailer collects and stores credit card and other information about customers. How does the company ensure that customer data is protected and secure? Systems Analysis and Design in a Changing World, 6t 24
Designing System Controls     Controls -- mechanisms and procedures that are built into a system to safeguard the system and the information within it Integrity control -- a control that rejects invalid data inputs, prevents unauthorized data outputs, and protects data and programs against accidental or malicious tampering Security controls -- are part of the operating system and the network and tend to be less application specific. There is some overlap between Integrity and Security controls Systems Analysis and Design in a Changing World, 6t 25
Integrity and Security Controls Systems Analysis and Design in a Changing World, 6t 26
Integrity Controls Input Controls      Input control -- a control that prevents invalid or erroneous data from entering the system value limit control -- a control that checks numeric data input to ensure that the value is reasonable completeness control -- a control that ensures that all required data values describing an object or transaction are present data validation control -- a control that ensures that numeric fields that contain codes or identifiers are correct field combination control -- a control that reviews combinations of data inputs to ensure that the correct data are entered Systems Analysis and Design in a Changing World, 6t 27
Integrity Controls Access controls, Transaction logging, Complex update controls, Output controls     Access control -- a control that restricts which persons or programs can add, modify, or view information resources Transaction logging -- a technique by which any update to the database is logged with such audit information as user ID, date, time, input data, and type of update Complex update control -- a control that prevents errors that can occur when multiple programs try to update the same data at the same time or when recording a single transaction requires multiple related database updates Output control -- a control that ensures that output arrives at the proper destination and is accurate, current, and complete Systems Analysis and Design in a Changing World, 6t 28
Integrity Controls Redundancy, Backup, and Recovery     Designed to protect data from hardware failure and catastrophes Redundancy – continuous access to data through redundant databases, servers, and sites Backup – procedures make partial or full copies of a database to removable storage media, such as magnetic tape, or to data storage devices or servers at another site Recovery – procedures read the off-site copies and replicate their contents to a database server that can then provide access to programs and users. Systems Analysis and Design in a Changing World, 6t 29
Integrity Controls To Prevent Fraud  Fraud triangle -- model of fraud that states that opportunity, motivation, and rationalization must all exist for a fraud to occur    Opportunity—the ability of a person to take actions that perpetrate a fraud. For example, unrestricted access to all functions of an accounts payable system enables an employee to generate false vendor payments. Motivation—a desire or need for the results of the fraud. Money is the usual motivation, although a desire for status or power as well as a need to be a “team player” may be contributing factors. Rationalization—an excuse for committing the fraud or an intention to “undo” the fraud in the future. For example, an employee might falsify financial reports to stave off bankruptcy, thus enabling fellow workers to keep their jobs. Systems Analysis and Design in a Changing World, 6t 30
Integrity Controls To Prevent Fraud Systems Analysis and Design in a Changing World, 6t 31
Designing Security Controls   Security control -- a control that protects the assets of an organization from all threats, with a primary focus on external threats Two Objectives   Maintain a stable, functioning operating environment for users and application systems (usually 24 hours a day, 7 days a week).  Firewalls to protect from hackers, viruses, works, and denial of service attacks Protect information and transactions during transmission across the Internet and other insecure environments  Information could be intercepted, destroyed or modified Systems Analysis and Design in a Changing World, 6t 32
Security Controls Access Controls       Authentication -- the process of identifying users who request access to sensitive resources Authorization -- the process of allowing or restricting a specific authenticated user’s access to a specific resource based on an access control list Multifactor authentication -- using multiple authentication methods for increased reliability Unauthorized user -- a person who isn’t allowed access to any part or functions of the system Registered user -- a person who is authorized to access Privileged user -- a person who has access to the source code, executable program, and database structure of the system Systems Analysis and Design in a Changing World, 6t 33
Security Controls Access Controls Systems Analysis and Design in a Changing World, 6t 34
Security Controls Data Encryption  Common types of data requiring additional protection      Financial information Credit card numbers, bank account numbers, payroll information, healthcare information, and other personal data Strategies and plans for products and other missioncritical data Government and sensitive military information Data stored on such portable devices as laptop computers and cell phones Systems Analysis and Design in a Changing World, 6t 35
Security Controls Data Encryption      Encryption -- the process of altering data so unauthorized users can’t view them Decryption -- the process of converting encrypted data back to their original state Encryption algorithm -- a complex mathematical transformation that encrypts or decrypts binary data Encryption key -- a binary input to the encryption algorithm—typically a long string of bits Symmetric key encryption -- encryption method that uses the same key to encrypt and decrypt the data Systems Analysis and Design in a Changing World, 6t 36
Security Controls Data Encryption  Symmetric Key Encryption -- Systems Analysis and Design in a Changing World, 6t 37
Security Controls Data Encryption   Asymmetric key encryption -- encryption method that uses different keys to encrypt and decrypt the data Public key encryption -- a form of asymmetric key encryption that uses a public key for encryption and a private key for decryption Systems Analysis and Design in a Changing World, 6t 38
Security Controls Digital Certificate   Digital certificate -- an institution’s name and public key (plus other information, such as address, Web site URL, and validity date of the certificate) encrypted and certified by a third party Certifying authority -- a widely accepted issuer of digital certificates Systems Analysis and Design in a Changing World, 6t 39
Security Controls Secure Transactions     Secure Sockets Layer (SSL) -- a standard set of methods and protocols that address authentication, authorization, privacy, and integrity Transport Layer Security (TLS) -- an Internet standard equivalent to SSL IP Security (IPSec) -- an Internet standard for secure transmission of low-level network packets Secure Hypertext Transport Protocol (HTTPS) -- an Internet standard for securely transmitting Web pages Systems Analysis and Design in a Changing World, 6t 40
Summary     Most modern information systems store data and access data using a database management systems (DBMS) The most common database model is a relational database (RDBMS), which is a collection of data stored in tables The relational database schema is developed based on the domain model class diagram Each class is represented as a table. One to many associations are represented by adding foreign keys Database design is usually performed in an early iteration of a system development project Systems Analysis and Design in a Changing World, 6t 41
Summary (continued)     System controls are designed into the system to protect the system’s data and other resources Controls are either integrity controls, which focus primarily on the specific application, or security controls, which apply across systems to include operating systems, Web sites, and networks Integrity controls include input controls, access controls, transaction logging, complex update controls, redundancy-backup-recovery, output controls, and fraud controls Security controls include access controls, data encryption, digital signatures/certificates, and secure transactions Systems Analysis and Design in a Changing World, 6t 42

Recommended

Sadcw 6e chapter8
Sadcw 6e chapter8Sadcw 6e chapter8
Sadcw 6e chapter8Matthew McKenzie
 
1 pengantar-proses-bisnis
1 pengantar-proses-bisnis1 pengantar-proses-bisnis
1 pengantar-proses-bisnisWira Yasa
 
Konsep Dasar SIM Berbasis Komputer, (CBIS)
Konsep Dasar SIM Berbasis Komputer, (CBIS)Konsep Dasar SIM Berbasis Komputer, (CBIS)
Konsep Dasar SIM Berbasis Komputer, (CBIS)dhibah
 
Chapter 6
Chapter 6Chapter 6
Chapter 6Ahmed Magdy
 
levers of control
levers of controllevers of control
levers of controlJimmySetiawanOen
 
Implementing BPMN 2.0 with Microsoft Visio
Implementing BPMN 2.0 with Microsoft VisioImplementing BPMN 2.0 with Microsoft Visio
Implementing BPMN 2.0 with Microsoft VisioGoutama Bachtiar
 
information system analysis and design
information system analysis and designinformation system analysis and design
information system analysis and designEndalkachewYazie1
 
Promethee
PrometheePromethee
PrometheeRama Renspandy
 

Recommended

Sadcw 6e chapter8
Sadcw 6e chapter8Sadcw 6e chapter8
Sadcw 6e chapter8Matthew McKenzie
 
1 pengantar-proses-bisnis
1 pengantar-proses-bisnis1 pengantar-proses-bisnis
1 pengantar-proses-bisnisWira Yasa
 
Konsep Dasar SIM Berbasis Komputer, (CBIS)
Konsep Dasar SIM Berbasis Komputer, (CBIS)Konsep Dasar SIM Berbasis Komputer, (CBIS)
Konsep Dasar SIM Berbasis Komputer, (CBIS)dhibah
 
Chapter 6
Chapter 6Chapter 6
Chapter 6Ahmed Magdy
 
levers of control
levers of controllevers of control
levers of controlJimmySetiawanOen
 
Implementing BPMN 2.0 with Microsoft Visio
Implementing BPMN 2.0 with Microsoft VisioImplementing BPMN 2.0 with Microsoft Visio
Implementing BPMN 2.0 with Microsoft VisioGoutama Bachtiar
 
information system analysis and design
information system analysis and designinformation system analysis and design
information system analysis and designEndalkachewYazie1
 
Promethee
PrometheePromethee
PrometheeRama Renspandy
 
Ian Sommerville, Software Engineering, 9th Edition Ch2
Ian Sommerville, Software Engineering, 9th Edition Ch2Ian Sommerville, Software Engineering, 9th Edition Ch2
Ian Sommerville, Software Engineering, 9th Edition Ch2Mohammed Romi
 
Sadcw 7e chapter03-done(1)
Sadcw 7e chapter03-done(1)Sadcw 7e chapter03-done(1)
Sadcw 7e chapter03-done(1)LamineKaba6
 
PENGANTAR KONSEP PROSES BISNIS
PENGANTAR KONSEP PROSES BISNISPENGANTAR KONSEP PROSES BISNIS
PENGANTAR KONSEP PROSES BISNISRiri Satria
 
CIS 2303 LO1: Introduction to System Analysis and Design
CIS 2303 LO1: Introduction to System Analysis and DesignCIS 2303 LO1: Introduction to System Analysis and Design
CIS 2303 LO1: Introduction to System Analysis and DesignAhmad Ammari
 
System Engineering Unit 2
System Engineering Unit 2System Engineering Unit 2
System Engineering Unit 2Dr. Shailendra Singh Thakur
 
Sadcw 6e chapter2
Sadcw 6e chapter2Sadcw 6e chapter2
Sadcw 6e chapter2Matthew McKenzie
 
Chapter#1
Chapter#1Chapter#1
Chapter#1Rahmat Febrianto
 
Introduction to Systems Analysis and Design
Introduction to Systems Analysis and DesignIntroduction to Systems Analysis and Design
Introduction to Systems Analysis and DesignNikRHassan1
 
Requirements Engineering Processes in Software Engineering SE6
Requirements Engineering Processes in Software Engineering SE6Requirements Engineering Processes in Software Engineering SE6
Requirements Engineering Processes in Software Engineering SE6koolkampus
 
Over view of system analysis and design
Over view of system analysis and designOver view of system analysis and design
Over view of system analysis and designSaroj Dhakal
 
11 Sistem Pendukung Keputusan
11 Sistem Pendukung Keputusan11 Sistem Pendukung Keputusan
11 Sistem Pendukung KeputusanAinul Yaqin
 
Ian Sommerville, Software Engineering, 9th Edition Ch1
Ian Sommerville, Software Engineering, 9th Edition Ch1Ian Sommerville, Software Engineering, 9th Edition Ch1
Ian Sommerville, Software Engineering, 9th Edition Ch1Mohammed Romi
 
Decision support system dalam sistem informasi manajemen
Decision support system dalam sistem informasi manajemenDecision support system dalam sistem informasi manajemen
Decision support system dalam sistem informasi manajemenfatmaseptiani
 
Strategic Control
Strategic ControlStrategic Control
Strategic ControlAlfrianty Sauran
 
Decision Support System
Decision Support SystemDecision Support System
Decision Support SystemGusstiawan Raimanu
 
Bahan kuliah analisa proses bisnis
Bahan kuliah analisa proses bisnisBahan kuliah analisa proses bisnis
Bahan kuliah analisa proses bisnisFariszal Nova
 
Sistem Pendukung Keputusan
Sistem Pendukung KeputusanSistem Pendukung Keputusan
Sistem Pendukung KeputusanAhmad ZA
 
Analisis dan Pengembangan Rantai Nilai (Value Chains) untuk Pengurangan Kemis...
Analisis dan Pengembangan Rantai Nilai (Value Chains) untuk Pengurangan Kemis...Analisis dan Pengembangan Rantai Nilai (Value Chains) untuk Pengurangan Kemis...
Analisis dan Pengembangan Rantai Nilai (Value Chains) untuk Pengurangan Kemis...Dr. Astia Dendi
 
IS740 Chapter 13
IS740 Chapter 13IS740 Chapter 13
IS740 Chapter 13iDocs
 
Sadcw 6e chapter1
Sadcw 6e chapter1Sadcw 6e chapter1
Sadcw 6e chapter1Matthew McKenzie
 
Sadcw 6e chapter7
Sadcw 6e chapter7Sadcw 6e chapter7
Sadcw 6e chapter7Matthew McKenzie
 
Sadcw 6e chapter3
Sadcw 6e chapter3Sadcw 6e chapter3
Sadcw 6e chapter3Matthew McKenzie
 

More Related Content

What's hot

Ian Sommerville, Software Engineering, 9th Edition Ch2
Ian Sommerville, Software Engineering, 9th Edition Ch2Ian Sommerville, Software Engineering, 9th Edition Ch2
Ian Sommerville, Software Engineering, 9th Edition Ch2Mohammed Romi
 
Sadcw 7e chapter03-done(1)
Sadcw 7e chapter03-done(1)Sadcw 7e chapter03-done(1)
Sadcw 7e chapter03-done(1)LamineKaba6
 
PENGANTAR KONSEP PROSES BISNIS
PENGANTAR KONSEP PROSES BISNISPENGANTAR KONSEP PROSES BISNIS
PENGANTAR KONSEP PROSES BISNISRiri Satria
 
CIS 2303 LO1: Introduction to System Analysis and Design
CIS 2303 LO1: Introduction to System Analysis and DesignCIS 2303 LO1: Introduction to System Analysis and Design
CIS 2303 LO1: Introduction to System Analysis and DesignAhmad Ammari
 
Introduction to Systems Analysis and Design
Introduction to Systems Analysis and DesignIntroduction to Systems Analysis and Design
Introduction to Systems Analysis and DesignNikRHassan1
 
Requirements Engineering Processes in Software Engineering SE6
Requirements Engineering Processes in Software Engineering SE6Requirements Engineering Processes in Software Engineering SE6
Requirements Engineering Processes in Software Engineering SE6koolkampus
 
Over view of system analysis and design
Over view of system analysis and designOver view of system analysis and design
Over view of system analysis and designSaroj Dhakal
 
11 Sistem Pendukung Keputusan
11 Sistem Pendukung Keputusan11 Sistem Pendukung Keputusan
11 Sistem Pendukung KeputusanAinul Yaqin
 
Ian Sommerville, Software Engineering, 9th Edition Ch1
Ian Sommerville, Software Engineering, 9th Edition Ch1Ian Sommerville, Software Engineering, 9th Edition Ch1
Ian Sommerville, Software Engineering, 9th Edition Ch1Mohammed Romi
 
Decision support system dalam sistem informasi manajemen
Decision support system dalam sistem informasi manajemenDecision support system dalam sistem informasi manajemen
Decision support system dalam sistem informasi manajemenfatmaseptiani
 
Bahan kuliah analisa proses bisnis
Bahan kuliah analisa proses bisnisBahan kuliah analisa proses bisnis
Bahan kuliah analisa proses bisnisFariszal Nova
 
Sistem Pendukung Keputusan
Sistem Pendukung KeputusanSistem Pendukung Keputusan
Sistem Pendukung KeputusanAhmad ZA
 
Analisis dan Pengembangan Rantai Nilai (Value Chains) untuk Pengurangan Kemis...
Analisis dan Pengembangan Rantai Nilai (Value Chains) untuk Pengurangan Kemis...Analisis dan Pengembangan Rantai Nilai (Value Chains) untuk Pengurangan Kemis...
Analisis dan Pengembangan Rantai Nilai (Value Chains) untuk Pengurangan Kemis...Dr. Astia Dendi
 
IS740 Chapter 13
IS740 Chapter 13IS740 Chapter 13
IS740 Chapter 13iDocs
 

What's hot (20)

Ian Sommerville, Software Engineering, 9th Edition Ch2
Ian Sommerville, Software Engineering, 9th Edition Ch2Ian Sommerville, Software Engineering, 9th Edition Ch2
Ian Sommerville, Software Engineering, 9th Edition Ch2
 
Sadcw 7e chapter03-done(1)
Sadcw 7e chapter03-done(1)Sadcw 7e chapter03-done(1)
Sadcw 7e chapter03-done(1)
 
PENGANTAR KONSEP PROSES BISNIS
PENGANTAR KONSEP PROSES BISNISPENGANTAR KONSEP PROSES BISNIS
PENGANTAR KONSEP PROSES BISNIS
 
CIS 2303 LO1: Introduction to System Analysis and Design
CIS 2303 LO1: Introduction to System Analysis and DesignCIS 2303 LO1: Introduction to System Analysis and Design
CIS 2303 LO1: Introduction to System Analysis and Design
 
System Engineering Unit 2
System Engineering Unit 2System Engineering Unit 2
System Engineering Unit 2
 
Sadcw 6e chapter2
Sadcw 6e chapter2Sadcw 6e chapter2
Sadcw 6e chapter2
 
Chapter#1
Chapter#1Chapter#1
Chapter#1
 
Introduction to Systems Analysis and Design
Introduction to Systems Analysis and DesignIntroduction to Systems Analysis and Design
Introduction to Systems Analysis and Design
 
Requirements Engineering Processes in Software Engineering SE6
Requirements Engineering Processes in Software Engineering SE6Requirements Engineering Processes in Software Engineering SE6
Requirements Engineering Processes in Software Engineering SE6
 
Over view of system analysis and design
Over view of system analysis and designOver view of system analysis and design
Over view of system analysis and design
 
11 Sistem Pendukung Keputusan
11 Sistem Pendukung Keputusan11 Sistem Pendukung Keputusan
11 Sistem Pendukung Keputusan
 
Ian Sommerville, Software Engineering, 9th Edition Ch1
Ian Sommerville, Software Engineering, 9th Edition Ch1Ian Sommerville, Software Engineering, 9th Edition Ch1
Ian Sommerville, Software Engineering, 9th Edition Ch1
 
Decision support system dalam sistem informasi manajemen
Decision support system dalam sistem informasi manajemenDecision support system dalam sistem informasi manajemen
Decision support system dalam sistem informasi manajemen
 
Strategic Control
Strategic ControlStrategic Control
Strategic Control
 
Decision Support System
Decision Support SystemDecision Support System
Decision Support System
 
Bahan kuliah analisa proses bisnis
Bahan kuliah analisa proses bisnisBahan kuliah analisa proses bisnis
Bahan kuliah analisa proses bisnis
 
Sistem Pendukung Keputusan
Sistem Pendukung KeputusanSistem Pendukung Keputusan
Sistem Pendukung Keputusan
 
Analisis dan Pengembangan Rantai Nilai (Value Chains) untuk Pengurangan Kemis...
Analisis dan Pengembangan Rantai Nilai (Value Chains) untuk Pengurangan Kemis...Analisis dan Pengembangan Rantai Nilai (Value Chains) untuk Pengurangan Kemis...
Analisis dan Pengembangan Rantai Nilai (Value Chains) untuk Pengurangan Kemis...
 
IS740 Chapter 13
IS740 Chapter 13IS740 Chapter 13
IS740 Chapter 13
 
Sadcw 6e chapter1
Sadcw 6e chapter1Sadcw 6e chapter1
Sadcw 6e chapter1
 

Viewers also liked

System Analysis and Design
System Analysis and Design System Analysis and Design
System Analysis and Design Matthew McKenzie
 

Viewers also liked (7)

Sadcw 6e chapter7
Sadcw 6e chapter7Sadcw 6e chapter7
Sadcw 6e chapter7
 
Sadcw 6e chapter3
Sadcw 6e chapter3Sadcw 6e chapter3
Sadcw 6e chapter3
 
Sadcw 6e chapter6
Sadcw 6e chapter6Sadcw 6e chapter6
Sadcw 6e chapter6
 
Sadcw 6e chapter9
Sadcw 6e chapter9Sadcw 6e chapter9
Sadcw 6e chapter9
 
Sadcw 6e chapter4
Sadcw 6e chapter4Sadcw 6e chapter4
Sadcw 6e chapter4
 
Sadcw 6e chapter5
Sadcw 6e chapter5Sadcw 6e chapter5
Sadcw 6e chapter5
 
System Analysis and Design
System Analysis and Design System Analysis and Design
System Analysis and Design
 

Similar to Sadcw 6e chapter12

Lecture 09 dblc centralized vs decentralized design
Lecture 09 dblc centralized vs decentralized designLecture 09 dblc centralized vs decentralized design
Lecture 09 dblc centralized vs decentralized designemailharmeet
 
Lecture 09 dblc centralized vs decentralized design
Lecture 09 dblc centralized vs decentralized designLecture 09 dblc centralized vs decentralized design
Lecture 09 dblc centralized vs decentralized designemailharmeet
 
World2016_T1_S8_How to upgrade your cubes from 9.x to 10 and turn on optimize...
World2016_T1_S8_How to upgrade your cubes from 9.x to 10 and turn on optimize...World2016_T1_S8_How to upgrade your cubes from 9.x to 10 and turn on optimize...
World2016_T1_S8_How to upgrade your cubes from 9.x to 10 and turn on optimize...Karthik K Iyengar
 
Chapter2databaseenvironment 120307033742-phpapp01
Chapter2databaseenvironment 120307033742-phpapp01Chapter2databaseenvironment 120307033742-phpapp01
Chapter2databaseenvironment 120307033742-phpapp01Ankit Dubey
 
Chapter Five Physical Database Design.pptx
Chapter Five Physical Database Design.pptxChapter Five Physical Database Design.pptx
Chapter Five Physical Database Design.pptxhaymanot taddesse
 
wepik-foundations-of-database-management-system-concepts-20240419193015rdTe.pdf
wepik-foundations-of-database-management-system-concepts-20240419193015rdTe.pdfwepik-foundations-of-database-management-system-concepts-20240419193015rdTe.pdf
wepik-foundations-of-database-management-system-concepts-20240419193015rdTe.pdfMoniSankarHazra
 
Database design process
Database design processDatabase design process
Database design processTayyab Hameed
 
Chapter 2 database environment
Chapter 2 database environmentChapter 2 database environment
Chapter 2 database environment>. <
 
Advanced Database Management System_Introduction Slide.ppt
Advanced Database Management System_Introduction Slide.pptAdvanced Database Management System_Introduction Slide.ppt
Advanced Database Management System_Introduction Slide.pptBikalAdhikari4
 
3._DWH_Architecture__Components.ppt
3._DWH_Architecture__Components.ppt3._DWH_Architecture__Components.ppt
3._DWH_Architecture__Components.pptBsMath3rdsem
 
Database administration
Database administrationDatabase administration
Database administrationAnish Gupta
 
No Sql On Social And Sematic Web
No Sql On Social And Sematic WebNo Sql On Social And Sematic Web
No Sql On Social And Sematic WebStefan Ceriu
 
NoSQL On Social And Sematic Web
NoSQL On Social And Sematic WebNoSQL On Social And Sematic Web
NoSQL On Social And Sematic WebStefan Prutianu
 

Similar to Sadcw 6e chapter12 (20)

RDBMS to NoSQL. An overview.
RDBMS to NoSQL. An overview.RDBMS to NoSQL. An overview.
RDBMS to NoSQL. An overview.
 
Unit 1 DBMS
Unit 1 DBMSUnit 1 DBMS
Unit 1 DBMS
 
Lecture 09 dblc centralized vs decentralized design
Lecture 09 dblc centralized vs decentralized designLecture 09 dblc centralized vs decentralized design
Lecture 09 dblc centralized vs decentralized design
 
Lecture 09 dblc centralized vs decentralized design
Lecture 09 dblc centralized vs decentralized designLecture 09 dblc centralized vs decentralized design
Lecture 09 dblc centralized vs decentralized design
 
RDBMS-b2_geetanjali.pptx
RDBMS-b2_geetanjali.pptxRDBMS-b2_geetanjali.pptx
RDBMS-b2_geetanjali.pptx
 
World2016_T1_S8_How to upgrade your cubes from 9.x to 10 and turn on optimize...
World2016_T1_S8_How to upgrade your cubes from 9.x to 10 and turn on optimize...World2016_T1_S8_How to upgrade your cubes from 9.x to 10 and turn on optimize...
World2016_T1_S8_How to upgrade your cubes from 9.x to 10 and turn on optimize...
 
Dbms unit i
Dbms unit iDbms unit i
Dbms unit i
 
Chapter2databaseenvironment 120307033742-phpapp01
Chapter2databaseenvironment 120307033742-phpapp01Chapter2databaseenvironment 120307033742-phpapp01
Chapter2databaseenvironment 120307033742-phpapp01
 
Chapter Five Physical Database Design.pptx
Chapter Five Physical Database Design.pptxChapter Five Physical Database Design.pptx
Chapter Five Physical Database Design.pptx
 
wepik-foundations-of-database-management-system-concepts-20240419193015rdTe.pdf
wepik-foundations-of-database-management-system-concepts-20240419193015rdTe.pdfwepik-foundations-of-database-management-system-concepts-20240419193015rdTe.pdf
wepik-foundations-of-database-management-system-concepts-20240419193015rdTe.pdf
 
Database design process
Database design processDatabase design process
Database design process
 
Chapter 2 database environment
Chapter 2 database environmentChapter 2 database environment
Chapter 2 database environment
 
Advanced Database Management System_Introduction Slide.ppt
Advanced Database Management System_Introduction Slide.pptAdvanced Database Management System_Introduction Slide.ppt
Advanced Database Management System_Introduction Slide.ppt
 
20CS402_Unit_1.pptx
20CS402_Unit_1.pptx20CS402_Unit_1.pptx
20CS402_Unit_1.pptx
 
3._DWH_Architecture__Components.ppt
3._DWH_Architecture__Components.ppt3._DWH_Architecture__Components.ppt
3._DWH_Architecture__Components.ppt
 
Database administration
Database administrationDatabase administration
Database administration
 
Lecture 05 dblc
Lecture 05 dblcLecture 05 dblc
Lecture 05 dblc
 
No Sql On Social And Sematic Web
No Sql On Social And Sematic WebNo Sql On Social And Sematic Web
No Sql On Social And Sematic Web
 
NoSQL On Social And Sematic Web
NoSQL On Social And Sematic WebNoSQL On Social And Sematic Web
NoSQL On Social And Sematic Web
 
Db lec 05_new
Db lec 05_newDb lec 05_new
Db lec 05_new
 

Recently uploaded

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 

Recently uploaded (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

Sadcw 6e chapter12

  • 1. Chapter 12 Systems Analysis and Design in a Changing World, 6t 1
  • 2. Databases, Controls, and Security Chapter 12 Systems Analysis and Design in a Changing World 6th Ed Satzinger, Jackson & Burd
  • 3. Chapter 12 Outline  Databases and Database Management Systems (DBMS)  Relational Databases (RDBMS)  Data Access Classes  Distributed Database Architectures  Database Design Timing and Risks  Designing Integrity Controls  Designing Security Controls Systems Analysis and Design in a Changing World, 6t 3
  • 4. Learning Objectives Design a relational database schema based on a class diagram  Evaluate and improve the quality of a database schema  Describe the different architectural models for distributed databases  Determine when and how to design the database  Explain the importance of integrity controls for inputs, outputs, data, and processing  Discuss issues related to security that affect the design and operation of information systems  Systems Analysis and Design in a Changing World, 6t 4
  • 5. Overview  Databases and database management systems are important components of a modern information system  Database design transforms the domain model class diagram into a detailed database model for the system  A database management system is used to implement and interact with the database  System controls and security are crucial issues to databases and also apply to other aspects of the system Systems Analysis and Design in a Changing World, 6t 5
  • 6. Some Database Concepts     Database (DB) -- an integrated collection of stored data that is centrally managed and controlled Database management system (DBMS) -- a system software component that manages and controls one or more databases Physical data store -- database component that stores the raw bits and bytes of data Schema -- database component that contains descriptive information about the data stored in the physical data store Systems Analysis and Design in a Changing World, 6t 6
  • 7. Database Schema Organization of individual stored data items into higher level groups, such as tables  Associations among tables or classes  Details of physical data store organization, including types, lengths, locations, and indexing of data items  Access and content controls, including allowable values for specific data items, value dependencies among multiple data items, and lists of users allowed to read or update data items  Systems Analysis and Design in a Changing World, 6t 7
  • 8. Database and DBMS Components Systems Analysis and Design in a Changing World, 6t 8
  • 9. Relational Databases         Relational database management system (RDBMS) -- a DBMS that organizes data in tables (relations) Table -- a two-dimensional data structure of columns and rows Row -- one horizontal group of data attribute values Attribute -- one vertical group of data attribute values Attribute value -- the value held in a single table cell Key -- an attribute or set of attributes, the values of which occur only once in all the rows of the table Primary key -- the key chosen by a database designer to represent relationships among rows in different tables Foreign key -- an attribute that duplicates the primary key of a different (or foreign) table Systems Analysis and Design in a Changing World, 6t 9
  • 10. Partial Display of a Relational Database Table Systems Analysis and Design in a Changing World, 6t 10
  • 11. An Association Between Rows in Two Tables (key and foreign key) Systems Analysis and Design in a Changing World, 6t 11
  • 12. Designing Relational Databases Based on the Domain Model Class Diagram 1. 2. 3. 4. 5. 6. 7. 8. 9. Create a table for each class Choose a primary key for each table (invent one, if necessary) Add foreign keys to represent one-to-many associations Create new tables to represent many-to-many associations Represent classification hierarchies Define referential integrity constraints Evaluate schema quality and make necessary improvements Choose appropriate data types Incorporate integrity and security controls Systems Analysis and Design in a Changing World, 6t 12
  • 13. Initial Set of Tables Based on RMO Domain Classes Systems Analysis and Design in a Changing World, 6t 13
  • 14. Initial Set of Tables With Primary Keys Added (bold) Systems Analysis and Design in a Changing World, 6t 14
  • 15. Initial Set of Tables With Foreign Key Attributes Added (in italics) Systems Analysis and Design in a Changing World, 6t 15
  • 16. Final Set of Tables Specialized subclasses of Sale and Online Cart added Promo Offering modified from association class to table with two keys Systems Analysis and Design in a Changing World, 6t 16
  • 17. Designing Relational Databases Referential Integrity and Schema Quality    Referential integrity -- a consistent state among foreign key and primary key values Referential integrity constraint -- a constraint, stored in the schema, that the DBMS uses to automatically enforce referential integrity A high-quality relational database schema has these features:    Flexibility or ease of implementing future data model changes Lack of redundant data Normalization -- a formal technique for evaluating and improving the quality of a relational database schema Systems Analysis and Design in a Changing World, 6t 17
  • 18. Designing Relational Databases Database Normalization  First normal form (1NF) -- restriction that all rows of a table must contain the same number of columns   Functional dependency -- a one-to-one association between the values of two attributes    No repeating groups of attributes Attribute A is functionally dependent on attribute B if for each value of attribute B there is only one corresponding value of attribute A Second normal form (2NF) -- restriction that a table is in 1NF and that each non-key attribute is functionally dependent on the entire primary key Third normal form (3NF) -- restriction that a table is in 2NF and that no non-key attribute is functionally dependent on any other non-key attribute Systems Analysis and Design in a Changing World, 6t 18
  • 19. Data Access Classes Map design classes to RDBMS tables Systems Analysis and Design in a Changing World, 6t 19
  • 20. Distributed Database Architectures     Single database server architecture -- one or more databases are hosted by a single DBMS running on a single server Replicated database server architecture -- complete database copies are hosted by cooperating DBMSs running on multiple servers Partitioned database server architecture -- multiple distributed database servers are used and the database schema is partitioned Cloud-based database server architecture -- use of a cloud computing service provider to provide some or all database services Systems Analysis and Design in a Changing World, 6t 20
  • 21. Partitioning Database Schema Into Client Access Subsets Systems Analysis and Design in a Changing World, 6t 21
  • 22. Architecture for RMO Replicated and Partitioned Database Systems Analysis and Design in a Changing World, 6t 22
  • 23. Database Design Timing and Risks    Architecture—Decisions about DBMS, database servers, and database distribution are tightly integrated with other architectural decisions, including network design, Web and component services, and security. Existing databases—Most new or upgraded systems must interact with existing databases, with their preexisting constraints. While adapting existing databases to new or updated systems, analysts must ensure their continued operation. Domain model class diagram—Database design can’t proceed until related parts of the class diagram have been developed. Systems Analysis and Design in a Changing World, 6t 23
  • 24. The Need for System Controls    A furniture store sells merchandise on credit with internal financing. Salespeople sometimes sell furniture on credit to friends and relatives. How do we ensure that only authorized employees can extend credit and record payments and adjustments to credit accounts? A bookkeeper uses accounting software to generate electronic payments to suppliers. How does the system ensure that the payment is for goods or services that were actually received? How does the system ensure that no one can generate payments to a bogus supplier? An online retailer collects and stores credit card and other information about customers. How does the company ensure that customer data is protected and secure? Systems Analysis and Design in a Changing World, 6t 24
  • 25. Designing System Controls     Controls -- mechanisms and procedures that are built into a system to safeguard the system and the information within it Integrity control -- a control that rejects invalid data inputs, prevents unauthorized data outputs, and protects data and programs against accidental or malicious tampering Security controls -- are part of the operating system and the network and tend to be less application specific. There is some overlap between Integrity and Security controls Systems Analysis and Design in a Changing World, 6t 25
  • 26. Integrity and Security Controls Systems Analysis and Design in a Changing World, 6t 26
  • 27. Integrity Controls Input Controls      Input control -- a control that prevents invalid or erroneous data from entering the system value limit control -- a control that checks numeric data input to ensure that the value is reasonable completeness control -- a control that ensures that all required data values describing an object or transaction are present data validation control -- a control that ensures that numeric fields that contain codes or identifiers are correct field combination control -- a control that reviews combinations of data inputs to ensure that the correct data are entered Systems Analysis and Design in a Changing World, 6t 27
  • 28. Integrity Controls Access controls, Transaction logging, Complex update controls, Output controls     Access control -- a control that restricts which persons or programs can add, modify, or view information resources Transaction logging -- a technique by which any update to the database is logged with such audit information as user ID, date, time, input data, and type of update Complex update control -- a control that prevents errors that can occur when multiple programs try to update the same data at the same time or when recording a single transaction requires multiple related database updates Output control -- a control that ensures that output arrives at the proper destination and is accurate, current, and complete Systems Analysis and Design in a Changing World, 6t 28
  • 29. Integrity Controls Redundancy, Backup, and Recovery     Designed to protect data from hardware failure and catastrophes Redundancy – continuous access to data through redundant databases, servers, and sites Backup – procedures make partial or full copies of a database to removable storage media, such as magnetic tape, or to data storage devices or servers at another site Recovery – procedures read the off-site copies and replicate their contents to a database server that can then provide access to programs and users. Systems Analysis and Design in a Changing World, 6t 29
  • 30. Integrity Controls To Prevent Fraud  Fraud triangle -- model of fraud that states that opportunity, motivation, and rationalization must all exist for a fraud to occur    Opportunity—the ability of a person to take actions that perpetrate a fraud. For example, unrestricted access to all functions of an accounts payable system enables an employee to generate false vendor payments. Motivation—a desire or need for the results of the fraud. Money is the usual motivation, although a desire for status or power as well as a need to be a “team player” may be contributing factors. Rationalization—an excuse for committing the fraud or an intention to “undo” the fraud in the future. For example, an employee might falsify financial reports to stave off bankruptcy, thus enabling fellow workers to keep their jobs. Systems Analysis and Design in a Changing World, 6t 30
  • 31. Integrity Controls To Prevent Fraud Systems Analysis and Design in a Changing World, 6t 31
  • 32. Designing Security Controls   Security control -- a control that protects the assets of an organization from all threats, with a primary focus on external threats Two Objectives   Maintain a stable, functioning operating environment for users and application systems (usually 24 hours a day, 7 days a week).  Firewalls to protect from hackers, viruses, works, and denial of service attacks Protect information and transactions during transmission across the Internet and other insecure environments  Information could be intercepted, destroyed or modified Systems Analysis and Design in a Changing World, 6t 32
  • 33. Security Controls Access Controls       Authentication -- the process of identifying users who request access to sensitive resources Authorization -- the process of allowing or restricting a specific authenticated user’s access to a specific resource based on an access control list Multifactor authentication -- using multiple authentication methods for increased reliability Unauthorized user -- a person who isn’t allowed access to any part or functions of the system Registered user -- a person who is authorized to access Privileged user -- a person who has access to the source code, executable program, and database structure of the system Systems Analysis and Design in a Changing World, 6t 33
  • 34. Security Controls Access Controls Systems Analysis and Design in a Changing World, 6t 34
  • 35. Security Controls Data Encryption  Common types of data requiring additional protection      Financial information Credit card numbers, bank account numbers, payroll information, healthcare information, and other personal data Strategies and plans for products and other missioncritical data Government and sensitive military information Data stored on such portable devices as laptop computers and cell phones Systems Analysis and Design in a Changing World, 6t 35
  • 36. Security Controls Data Encryption      Encryption -- the process of altering data so unauthorized users can’t view them Decryption -- the process of converting encrypted data back to their original state Encryption algorithm -- a complex mathematical transformation that encrypts or decrypts binary data Encryption key -- a binary input to the encryption algorithm—typically a long string of bits Symmetric key encryption -- encryption method that uses the same key to encrypt and decrypt the data Systems Analysis and Design in a Changing World, 6t 36
  • 37. Security Controls Data Encryption  Symmetric Key Encryption -- Systems Analysis and Design in a Changing World, 6t 37
  • 38. Security Controls Data Encryption   Asymmetric key encryption -- encryption method that uses different keys to encrypt and decrypt the data Public key encryption -- a form of asymmetric key encryption that uses a public key for encryption and a private key for decryption Systems Analysis and Design in a Changing World, 6t 38
  • 39. Security Controls Digital Certificate   Digital certificate -- an institution’s name and public key (plus other information, such as address, Web site URL, and validity date of the certificate) encrypted and certified by a third party Certifying authority -- a widely accepted issuer of digital certificates Systems Analysis and Design in a Changing World, 6t 39
  • 40. Security Controls Secure Transactions     Secure Sockets Layer (SSL) -- a standard set of methods and protocols that address authentication, authorization, privacy, and integrity Transport Layer Security (TLS) -- an Internet standard equivalent to SSL IP Security (IPSec) -- an Internet standard for secure transmission of low-level network packets Secure Hypertext Transport Protocol (HTTPS) -- an Internet standard for securely transmitting Web pages Systems Analysis and Design in a Changing World, 6t 40
  • 41. Summary     Most modern information systems store data and access data using a database management systems (DBMS) The most common database model is a relational database (RDBMS), which is a collection of data stored in tables The relational database schema is developed based on the domain model class diagram Each class is represented as a table. One to many associations are represented by adding foreign keys Database design is usually performed in an early iteration of a system development project Systems Analysis and Design in a Changing World, 6t 41
  • 42. Summary (continued)     System controls are designed into the system to protect the system’s data and other resources Controls are either integrity controls, which focus primarily on the specific application, or security controls, which apply across systems to include operating systems, Web sites, and networks Integrity controls include input controls, access controls, transaction logging, complex update controls, redundancy-backup-recovery, output controls, and fraud controls Security controls include access controls, data encryption, digital signatures/certificates, and secure transactions Systems Analysis and Design in a Changing World, 6t 42