Various approaches to information systems development?
· Traditional systems life cycle(SDLC)
· Prototyping
· Software packages
· End-user development
· Outsourcing
What? | When? | Why? | Why not? | |
SDLC | Building the system by completing 6 stages sequentially: 1. Project Definition 2. Systems Study 3. Design 4. Programming 5. Installation 6. Post-implementation | Medium to large mainframe-based systems | 1. Structured 2. Formal | 1. Time consuming 2. Costly 3. Inflexible |
Prototyping | Building an experimental system quickly and cheaply | Unclear user requirements | 1. User involvement 2. Fast | 1. Poor system quality 2. Lack of standard |
Packages | Purchasing programs that have been written and tested | Common system solution | 1. Limited technical skills 2. Cost saving 3. Clear expectations | 1. Not meeting all needs 2. Customization |
End-user Development | Building the system by end-users with little or no formal technical assistance | Personal & small applications | 1. No misunderstanding 2. Fast | 1. Limited scope 2. Loss of control |
Outsourcing | Using an external vendor to develop or operate an organization's ISs | Mission non-critical applications | 1. Reduce costs 2. Predictability | 1. Risky 2. Loss of control |
· Identify Major IS threats
· Implement IS controls
· Implement IS security & quality assurance
Identify Threats to IS(Destruction, Error, Crime, Abuse)
· Fire
· Power failure
· Hardware malfunction
· Software errors
· User errors
· Computer crime, hackers & viruses
· Computer abuse
Implement IS controls -the specific technology, policies, and manual procedures for protecting assets, accuracy, and reliability of ISs
Type of control | Example |
General/Organization-wide | |
Hardware | Restrict access Preventive maintenance |
Software | Activity logs Restrict access |
Data security | Password Restrict access Encryption |
Operations | Procedure standardization Backup & recovery |
Systems development | Management review & audit Documentation |
Management | Formal written policies & procedure Division of labor Supervision Accountability |
Application | |
Input | Authorization/validation Control totals, e. g. , record counts Edit checks, e. g, format check, existence check Error correction |
Processing | Edit checks, e. g. , check digit Control totals, e. g. , hash totals |
Output | Control totals User feedback Authorization |
IS security -protect from disruption, unauthorized use and modification
· Data security
· Hardware security
· Network security
· Recovery plan
IS quality
· Development methodology
· Quality measurements
· Programming standards
· Testing
· Development tools
· Quality audits
