Overview of System Development

Various approaches to information systems development?
·        Traditional systems life cycle(SDLC)
·        Prototyping
·        Software packages
·        End-user development
·        Outsourcing
Approach
What?
When?
Why?
Why not?
SDLC
Building the system by completing 6 stages sequentially:
1. Project Definition
2. Systems Study
3. Design
4. Programming
5. Installation
6. Post-implementation
Medium to large mainframe-based systems
1. Structured
2. Formal
1. Time consuming
2. Costly
3. Inflexible
Prototyping
Building an experimental system quickly and cheaply
Unclear user requirements
1. User involvement
2. Fast
1. Poor system quality
2. Lack of standard
Packages
Purchasing programs that have been written and tested
Common system solution
1. Limited technical skills
2. Cost saving
3. Clear expectations
1. Not meeting all needs
2. Customization
End-user Development
Building the system by end-users with little or no formal technical assistance
Personal & small applications
1. No misunderstanding
2. Fast
1. Limited scope
2. Loss of control
Outsourcing
Using an external vendor to develop or operate an organization's ISs
Mission non-critical applications
1. Reduce costs
2. Predictability
1. Risky
2. Loss of control
 Ways in safeguarding information systems?
·        Identify Major IS threats
·        Implement IS controls
·        Implement IS security & quality assurance
Identify Threats to IS(Destruction, Error, Crime, Abuse)
·        Fire
·        Power failure
·        Hardware malfunction
·        Software errors     
·        User errors            
·        Computer crime, hackers & viruses
·        Computer abuse
Implement IS controls -the specific technology, policies, and manual procedures for protecting assets, accuracy, and reliability of ISs 
Type of control
Example
General/Organization-wide

Hardware
Restrict access
Preventive maintenance
Software
Activity logs
Restrict access
Data security
Password
Restrict access
Encryption
Operations
Procedure standardization
Backup & recovery
Systems development
Management review & audit
Documentation
Management
Formal written policies & procedure
Division of labor
Supervision
Accountability
Application

Input 
Authorization/validation
Control totals, e. g. , record counts
Edit checks, e. g, format check, existence check
Error correction
Processing
Edit checks, e. g. , check digit 
Control totals, e. g. , hash totals
Output
Control totals
User feedback
Authorization
IS security -protect from disruption, unauthorized use and modification
·        Data security
·        Hardware security
·        Network security
·        Recovery plan
IS quality
·        Development methodology
·        Quality measurements
·        Programming standards
·        Testing
·        Development tools
·        Quality audits

Post a comment

0 Comments