Required reading
	---------------------------------------------------------
	Textbook	Laudon & Laudon 1995 Ch. 11 Ch. 12, pp. 432-448
	---------------------------------------------------------

Overview

Chapter 11 discusses a traditional view of how information systems are developed, as well as several alternative approaches. The computer professionals who are usually involved in this process are called systems analysts, systems designers, programmers, software engineers, project leaders, database designers, data analysts, and so on. The ten years I spent in industry were spent almost entirely in jobs of this nature.

It is very important that management take an interest in systems development. Ultimately they are responsible for the introduction of any new system, they allocate the funds for it, and the important decisions made throughout the systems development lifecycle should be made by them.

Chapter 12 covers threats to computer security and controls which can be used to guard against these threats. Control is essential to minimise the effects of accidental errors, theft and fraud, environmental hazard, and deliberate sabotage. Remember that the cost of controls should be considered. A control should not cost more than the damage it is designed to prevent.

Review questions

REVIEW QUESTION 7-1	Textbook	Laudon & Laudon 1995 p. 428, Discussion questions 1 to 4.
REVIEW QUESTION 7-2	Textbook	Laudon & Laudon 1995 pp. 429-431, Air Force case study, Questions 1 to 4.
REVIEW QUESTION 7-3	Textbook	Laudon & Laudon 1995 pp. 463-464, Review questions 1 to 5.

Quiz

Mark the correct answer.

QUESTION 1

Maintenance is normally considered as:
(a) fine-tuning the system
(b) designing the system
(c) implementation of the system
(d) analysis of the system
(e) an audit of the system.

QUESTION 2

Changes to systems after they are in operation are called:
(a) input
(b) design changes
(c) updates
(d) maintenance
(e) syntax adjustments.

QUESTION 3

An application generator creates:
(a) input
(b) output
(c) program code
(d) documents
(e) spreadsheets.

QUESTION 4

Data quality, security, or conformity results from the use of:
(a) reports
(b) inputs
(c) prototypes
(d) custom programs
(e) standards.

QUESTION 5

Software testing:
(a) eliminates all bugs
(b) produces "spaghetti" code
(c) should seek out flaws
(d) tests all logical paths
(e) all of these.

QUESTION 6

Each of the following is NOT a major threat to computerized information systems?
(a) Fire
(b) User error
(c) Software errors
(d) Electronic power failure
(e) Copyright violations.

QUESTION 7

Encryption is used with data:
(a) input
(b) output
(c) processing
(d) backup
(e) communication.

Put a tick in the appropriate box.	True	False
QUESTION 8
The first stage of the systems life cycle is the system study.
QUESTION 9
Prototyping is an effective substitute for the detailed research and analysis usually required to build an information system.
QUESTION 10
Flexibility determines how easy a package is for end-users to learn and utilize.
QUESTION 11
Fourth-generation development tends to be more formal than traditional systems development methodologies.
QUESTION 12
Stand-alone microcomputers usually have more security features than mainframes.
QUESTION 13
Security refers to all of the policies, procedures,and technical tools used for safeguarding information systems.
Write the most appropriate word on the line.
QUESTION 14
The oldest methodology for building an information system is called a traditional systems ___________________.
QUESTION 15
The traditional systems lifecycle provides a formal division of labor between ___________________.
QUESTION 16
Before the design stage can proceed the company must determine the ___________________.
QUESTION 17
Input, processing, and output controls are ___________________ channel.

Answers to quiz

Question 1.	(a)
Question 2.	(d)
Question 3.	(c)
Question 4.	(e)
Question 5.	(c)
Question 6.	(e)
Question 7.	(e)
Question 8.	F
Question 9.	F
Question 10.	F
Question 11.	F
Question 12.	F
Question 13.	T
Question 14.	life cycle
Question 15.	business and technical specialists
Question 16.	requirements
Question 17.	application controls

Answer pointers to Review questions

Taken from Simmons (1995).

REVIEW QUESTION 7-1

1. The problem-solving methodology is at the core of each of these approaches to systems development. For example, in the traditional systems life cycle the project definition stage incorporates the first stage of problem solving. The system study stage incorporates the next two stages of problem solving. The design stage corresponds to solution design. The programming, installation, and post-implementation stages correspond to the last step of problem solving.

   In prototyping, identifying preliminary requirements corresponds to the first step of problem solving. Developing and using the working prototype encompasses the last three steps. Using and revising the prototype repeat these last three steps. Finalizing the prototype with a production version corresponds to the last problem-solving step.

   In software package-based development, problem solvers still have to investigate and analyze the problem, specify solution objectives, consider constraints, and evaluate solution alternatives. These correspond to the first three problem-solving steps. During these processes, however, they can determine whether a package solution alternative will meet information requirements and weigh the feasibility of a package solution against other solution options. If a package is selected, the solution design steps of problem solving will be carried out around the package. Instead of logical and physical design proceeding from scratch, the design work will focus on package evaluation and adjusting user requirements and specifications to the characteristics of the package. Matching the package to the organization and evaluating the package after installation correspond to the implementation stage of problem solving.

   In "fourth-generation" development, problem definition corresponds to the first problem-solving stage, and solution generation and post implementation incorporate the remaining problem-solving stages.

   In outsourcing, problem definition corresponds to problem analysis. Solution design consists primarily of evaluating the outsources and other steps similar to the prewritten software solutions.

2. In the traditional systems life cycle methodology, solution design is performed primarily by technical specialists. Formal sign-offs between technical staff and business specialists are required to mark the completion of each stage. Business and technical specialists are separated, with business specialists playing a relatively passive role.

   In prototyping, business specialists are more actively involved in information system development. While technical specialists construct and modify the prototype, feedback from business specialists on the prototype is an integral part of the process. Business specialists work directly with solution design at a much earlier stage of the development process.

   In developing solutions with software packages, business specialists identify problem areas and concerns and evaluate packages from a functional perspective. Technical specialists recommend the best package and select the hardware in close consultation with the business specialists. The post-implementation audit is performed by business specialists.

   In "fourth-generation" development, systems are developed primarily by business specialists with little or no formal assistance from technical specialists. Business specialists are more in control of the problem-solving process.

3. In developing solutions with software packages, technical specialists are still necessary to determine whether the problem can be solved with a software package, assist with solution alternatives, determine feasibility and technical constraints, assist with logical design specifications for evaluating packages, recommended the best package, and supervise conversion. Professional programmers are needed to customize the package, correct problems, and install updates or enhancements to the package. No matter what the resources of the firm, some applications will still require conventional programming because they are unique or too complex to be satisfied with package software.

   In "fourth-generation" development, technical specialists are needed to determine whether the problem requires technical assistance, provide specialized technical assistance to business specialists, and provide specialized expertise for running the system in production. Professional programmers may be necessary to modify the system.

4. Capturing information requirements accurately is considered the most difficult aspect of system building. Information needs tend to be complex and often users can't agree with each other. Procedures and data needs may also be poorly defined. Under such circumstances it is almost impossible to visualize all aspects of an application solution correctly the first time around and design may have to be reworked and refined several times. This interaction is clearly illustrated by the upward arrow in the prototyping flowchart.

REVIEW QUESTION 7-2

1. The major problem was that the organization required timely communication among managers and subcontractors in distributed locations. Another problem was caused by the lack of standardization of technology. That many different platforms had to be included in the system created difficulty.

2. The solution development approach was definitely appropriate for this problem because of the complexity of the system, across platforms and because of the wide range of users that had to be accommodated.

3. People: Users expected to have GUI.

   Technology: The language of implementation, C, does not easily support a GUI across platforms.

   These problems were overcome by using a tool called Open Interface that could bridge the gap between multiple platforms.

4. The solution provides all the functionality required by the problem, its only drawback is that multiple tools were used. This may have been more expensive in the short term.

   REVIEW QUESTION 7-3

   1. Events such as a fire or electrical power failure have greater impact on computer information systems than on manual systems because a computer concentrates all the firm's information resources in one place. If disaster strikes in that one place, the information system is crippled. On-line information systems and those based on telecommunications networks are most vulnerable because there are many points where error, destruction, and unauthorized access to data can occur.

   2. Fire: Can destroy hardware, files and manual records.

      Electrical power failure: Halts all computer processing and can damage hardware.

      Hardware malfunction: Can result in data not processed accurately or completely.

      Software errors: Can result in data not processed accurately, completely, or according to user requirements.

      User error: Users are human and are therefore prone to making errors.

      Computer crime: Use of computers for illegal acts.

      Computer abuse: Using computers for unethical purposes.

   3. Computer crime is the use of computer hardware, software, or data for illegal activities. It can involve using software or hardware to alter or destroy data or applying knowledge of computer technology to perpetrate a crime. The various types of computer crime are:
      • monetary theft
      • theft of services, information, or computer programs
      • alteration of data
      • damage to software
      • trespassing.

   4. Security refers to all of the policies, procedures, and technical tools for safeguarding information systems from unauthorized access, alteration, theft, and physical damage. A paramount objective of computer security is to prevent computer crime. Another objective of security is to prevent hackers from accessing information systems.

   5. Computer viruses are rogue software programs which spread rampantly from system to system causing information systems to become congested and malfunction as the viruses endlessly replicate themselves. Depending on the intent of the creator, the virus might flash a harmless message on the screen or systematically destroy all of the data in the computer's memory. The following measures can be taken to prevent computer virus attacks:
      • Make backup copies of all new software and store the copies off site.
      • Quarantine each new piece of software on an isolated computer and review the software carefully before installing it on a network.
      • Restrict access to programs and data on a "need-to-use" basis.
      • Check all programs regularly for changes in size, which could be a sign of tampering or virus infiltration.
      • Be especially cautious with shareware and freeware programs, which have been a prime entry point for viruses.
      • Institute a plan for immediate removal of all copies of suspicious programs and backup of related data.
      • Make sure all purchased software is in its original shrink wrapping or sealed disk containers.
      • Prevent users from copying personal software such as games onto computer networks.