INF2011 S Notes - Examples Included (University of Cape Town) PDF
Document Details
Uploaded by JubilantElm
University of Cape Town
Tshivhase Thanyani Rudolf
Tags
Related
- Botswana Accountancy College Systems Development Lecture PDF
- Systems Analysis and Design, 13th Edition Chapter 4: Requirements Engineering PDF
- Chapter 1: Introduction to Systems Analysis and Design PDF
- Systems Analysis and Design PDF
- Resumen de Análisis y Diseño de Sistemas PDF
- CAGL -Conception Architecturale en Génie Logiciel Cours 1 - PDF
Summary
These are study notes for INF2011 Systems Design & Development at the University of Cape Town. The document covers topics such as systems analysis and design, methodologies like Waterfall and Agile, and key design models. It is presented as downloadable study notes, not a past paper.
Full Transcript
lOMoARcPSD|14467589 INF2011 S notes - examples included Systems Design & Development (University of Cape Town) Scan to open on Studocu Studocu is not sponsored or endorsed by any college or university Download...
lOMoARcPSD|14467589 INF2011 S notes - examples included Systems Design & Development (University of Cape Town) Scan to open on Studocu Studocu is not sponsored or endorsed by any college or university Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 Tuesday, 26 July 2022 INF2011S Systems Design - Systems analysis and design System analysis— activities enabling a person to understand and specify what an IS should accomplish Systems design— activities enabling a person to define and describe the system that solves the need (how) System development— build, test and integrate system components according to the architecture and methodology System implementation— installing, testing and securing and backing up the system - Systems design Objective: define, organise and structure the components of the final solution to serve as a blueprint for development Provides the starting points for system development and system design 1 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 2 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - Analysis vs Design In design consideration of the new system in respect to current environment and systems that exist within the organisation as a whole - Environmental factors - Converting data from legacy systems - Leveraging skills that exit in-house - Getting user experience (UX) and user interfaces (UI) Key actives undertaken during design stage: - Examine several design strategies and decide which will be used to build the system - Detailed design of the individual classes and methods - Designing UI, system inputs and output - Making physical architecture decisions regarding the hardware and software that’ll be purchased Two levels of design 1. System design - High level architecture of the system, structural aspects and standards that affect the overall system Hardware, network and system infrastructure Communication between sub-systems Standards for screens, reports, help etc 2. Detailed design - Adds detail to the analysis to provide a detailed system specification Class design (attributes & methods) - Includes implementation classes to handle UI, business logic etc Sequence design (informs the methods of the software) Ui and report design Database design Security and controls design 3 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 4 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - Design models The formality of the project will dictate the type, complexity and depth Agile/iteration projects typically build fewer modes but they are still created Jumping to programming usually causes minimum solutions and require rework 5 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - Evolving he analysis models to design models Purpose is to increase likelihood of successfully delving a system that is affordable, usable and maintainable Must address functional and non-functional requirements Nonfunctional requirements - Operational - Performance - UX and UI - System controls and security - Cultural and political 6 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - Measurable objective in design Help tell whether the design requirements have been achieved Set clear targets Objectives should be quantified so they can be tested SMART - Specific - Measurable - Actionable - Realistic - Time based - Qualities of design Measured by how well we identify and resolve the systems nonfunctional requirements in the context go the functional requirements - Analysis: doing the right thing - Design: doing things right 7 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - 12 qualities and objectives of design 1. Functional Perform completely and correctly Documented requirements met fully 2. Efficient Perform required functionality efficiently in terms of time and resources 3. Economical Applies to fixed costs and running costs of the system (TCO) 4. Reliable Not prone to failure Reliably maintain integrity of the data Depends on the ability of the system being tested thoroughly 5. Secure Secure against malicious attacks Eg passwords, firewalls, two-factor authentication 6. Flexible Adapt to changing requirements Handle different circumstances based on control values that are available for the set to set at runtime 7. Buildable Clear and not unnecessarily complex (programmer perspective) Physical design features closely relate to development language 8. Manageable Allow project manager to estimate the amount of work involved in implementing the various subsystems Provide subsystems that are relatively self contained— allows easier modification without affecting other parts of the system 9. Maintainable Maintainable— implies less costs 8 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 10. Usable Satisfying and productive Characteristics of good human-computer interactions (HCI) 11. Reusable Designer should: 1. Consider how economies can be made by designing reuse into the system through the use of inheritance 2. Look for opportunities to implement design patterns (templates) 12. Elegant beautiful A delight, users must want to use and enjoy using the system 9 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 Systems Architecture - Key concept: Cowboy coding— a developer jumping straight to writing software without much thought Ends up with errors, patches and systems that are unreliable and difficult to update Architecture: - The fundamental organisation of a system, its components, their relationships to each other and to the environment and principles guiding it s deism snd evolution Architectural view: representation of a particular system or part of it from a particular perspective Architectural viewpoint: - a template that describe how to create and use an architectural view - Includes a name, stakeholders, concerns addressed by viewpoint and modelling and analytic conventions System - A set of connected components which form a complex whole which accomplished a specific functions - Eg respiratory and digestive system - Systems architecture Conceptual model that defines the structure, behaviour and views of a system Can posits of system components and sub-systems developed that will work together to implement the overall system Architecture description is a formal description and representation of a system, organised such that it supports reasoning about structures and behaviours of system, - Architectural concepts Technology architecture - Defines the infrastructure that supports application software and the services it provides 10 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - Computers, network computers and hardware, system software used by a company Application architecture - Deployed on a technology architecture by distributing application components t specific hardware devices and connecting them via networks and protocols - The IS (software programs and their configuration) used by a company - Systems architecture Modern IS - Consists of computing devices, networks, software and protocols - Deployed as stand-alone software, network based, web based or mobile Architectural concepts - Cloud services(SaaS, Paas, DBaaS) - Web services - Distributed services;; cline server and three layer architecture - Application programming interfaces (API’s) - Cloud services Service made available via the internet from cloud computing providers Designed to provide easy, scalable access to applications, resources and services Fully mangled by cloud services provider - Cloud services architectures Infrastructure as a service - Online services that provide high-level APIs used to abstract various low- level details of underlying network infrastructure like physical computing resources, location, data partitioning, scaling, security, backup, etc. - e.g. Amazon cloud Platform as a service 11 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - Consumer-created or acquired cloud applications created using programming languages, libraries, services, and tools deployed on cloud infrastructure Software as a service - Software and Applications that run on cloud infrastructure - i.e. Office 365, Pastel cloud Backend as a service - Web and mobile apps provided as services that link applications to cloud storage and cloud computing services with application programming interfaces (APIs) exposed to their applications and custom software development kits (SDKs). Function as a service - Service-hosted remote procedure call that leverages server-less computing to enable the deployment of individual functions in the cloud that run in response to events - e.g. Microsoft authentication - Web services Software function that are executed remotely with WEB standards - Access via a URL - Input sent via the URL - Executes remotely - Data returned within a web page Examples - AJAX Asynchronous Javascript And XML Set of web development techniques using many web technologies on the client side to create asynchronous web application - REST Representational State Transfer Manipulate XML representations of web resources using a uniform set of stateless operations 12 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - JSON JavaScript Object Notation Open standard file and data interchange format, uses human-0readable text to store and transmit data objects consisting of attribute-value pairs and array data types - SOAP Simple Object Access Protocol Messaging protocol specification for exchanging structured information int he implementation of services in computer networks— too provide extensibility, neutrality, verbosity and independence - Distributed architectures Client/serve architecture - Software design with part of the application on a server and part on the client Three-layer architecture - Client/serve architecture with application divided into: View layer: User interface Logic layer: program logic to implement functions Data layer: functions to access the data 13 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - Application programming interface (API’s) A computing interfaces Defines interactions between multiple software intermediaries Defines types of calls or requests that can be made, how to make them, data format used etc Provide extension mechanisms Eg; YouTube, twitter Facebook - Web protocols HTML— protocol for the structure and content ion webpage XML— enables defining semantics of tags HTTP— defines format and content transfer of web documents HTTPS— encrypted and secure http transfers Oath 2.0— industry-standard protocol for web authorisation Architecture models/diagrams - Location Diagrams Identify geographical placement of hardware, software and users - Network Diagrams How the application software is deployed across the hardware and system software - Deployment Diagrams How the components of a network are interconnected - Package Diagrams Used to define formal package such as subsystems Used informally to group classes together for understating Dependancy relationships 14 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - Enterprise Architectural Frameworks Togaf - The Open Group Architectural Framework - An EA methodology that offers a high-level framework for enterprise software development Zachmann - An ontology: theory existence of a structured set of essential components for which explicit expressions is necessary and perhaps even mandatory for creating, operating and changing the object FEAF - The US reference enterprise architecture of federal government Gartner 15 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - Provides a useful approach to structuring enterprise architecture content - Key questions for designing an IS architecture 1. What are the key features of the existing or new environment - O/S, system software, networks, tools 2. What are the external systems or DBMSs - What kind of interaction - What is the data - What are the protocols - What kind of security 3. What user-interface technology that will be used - Where and who are users, and what skills - What hardware and devices - What client O/S will be used - Security requirements - What APIs are needed 4. What devices will be required - Protocols for devices - Security - What APIs Class Design - Object orientation Set of design principles based on objects Object represents real world entity with ability to interact with itself and others Objects have attributes, identity and behaviour Objects are an instance of a class - OOP principles Encapsulation: only exposes the selected information Abstraction: hides complex details to reduce complexity Inheritance: entities can inherit attributes from other entities Polymorphism: entities can have more than one form - From analysis to design models Business analysis identify 2 types of info requirements 1. Information about things - Domain model class diagram 16 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 2. Information about business processes - Use case descriptions - Activity diagrams - System sequence diagrams - Systems design Based on a given use case diagram programmers infer: 1. Classes that define the objects - Design class diagram 2. Methods - Design sequence diagrams - INF2009 recap Class: a category used to describe collection of objects Domain class models: describe things in the problem domain Design class models: - describe objects in the system. - More detail of domain classes for programmers to implement Domain class diagrams - show things in suers domains - Rectangles with two sections: name and attributes - Lines represent associations - Association indicated by 0,1 or many (*), included for clarity - Design class diagram Show objects attributes and their methods of the system Three kinds of relationships 1. Association 2. Whole/part (aggregation and composition) 3. Generalisation 17 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 Stereotype - Categorising model element by its characteristics using guillemots () Persistent class - Class whose objects exist after a system is show down Entity class - A design identifier for a problem domain class (usually persistent) Boundary class or view class - A class that exists on a systems automation boundary ie input window form or web page Controller class - Class that mediates between boundary classes and entity class, acting as switchboard between views and domain layers Data access class - Used to retrieve data from and send data to a database - Notation for design classes Attributes 18 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - Visibility: +, -, # - Attribute name - Type expression - Initial value (default if applicable) - Property if applicable ie {key} - Eg startingJobCode: integer = 01 Method signature Methods - Visibility: +, -, # - Method name: camel back, verb-noun - Parameters - Return type Class level method - Applies to class rather than objects - Underlined Class level attribute - Underlined Abstract class - Only for inheritance. - Italics Concrete class - Can be instantiated 19 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - Class specs: operations Constructor - operations to create an instance of a class - usually has the same name as class Destructor - Operation to delete an instance of a class form memory Get operations - Get the value of an attribute - Aka accessor Set operations - Set the value of an attribute - Aka mutator Operations to show: - Generally don’t show primary operations; gets and sets (case generated - One show constructors where they have special significance - Varying level of detail t different stages - Class (static) methods - Fundamental OO design principles Software design patterns: provide a means for providing knowledge about problems and successful; solutions in system designs (best practices) 3 grouped types of software design patterns 1. Creational - Designed for class instantiation, can be either class-creation patterns or object-creational patterns 2. Structural - Designed with regard to a class’ structure and composition. Main fold is to increase functionality of classes involved, without changing much of its composition 3. Behavioural 20 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 Designed depending on how one class communicates with others OO design principles through GRASP - Nine fundamental principles in object design and responsibility assignment. General Responsibility Assignment Software Patterns - Describe fundamental principles of assigning responsibilities to objects and it has following principles and patterns 1. Information expert 2. Creator 3. Controller 4. Low coupling 5. High cohesion 6. Polymorphism 7. Pure fabrication 8. Indirection 9. Protected variations Systems sequence diagrams (SSD) - Provides detail of the use case’s processing requirements - Components Actor The system (treated as a black box in that the internal processing isn’t addressed) The messages - 21 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 22 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 Detailed sequence diagram - Emphasises the sequence of messages involves in a use case - SSD is expanded by adding a use case controller and domain classes - View layer can also be added to show interactions of multiple - Understanding sequence diagrams Lifeline Activation lifeline Messages have origins and destinations - Guidelines Determine all internal messages Determine all objects as origins/destinations Flesh out Esch message with true/false conditions, parameters and returned values - Assumptions Perfect technology - No logon or other technician issues 23 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 Perfect memory - No need to read or write data Perfect solution - No exception conditions, no error handling - Multilayer sequence diagrams Add the view layer for input screens to handle inputs Add data layer to read and write data - Data layer Data access to insatiate a new object: two methods— - Instantiates the object in memory, object invokes the data access to get required persistent data - Send a message to the data access object and obtains required persistent data then instantiates the new object User interface - UI the point at which human users interact with a computer inputs and outputs that directly involve user A dialog goes on between actor and system - Goals: easy, intuitive, minimum effort and maximum desired outcome - Components of UI Equipment (screen, keyboard mouse etc) Screen elements (windows, screens, menus etc) Application (functions, organisation, ads etc) Mobile equipment (touch screen, screen size, brightness) - User Experience (UX) UI design Human Computer Interaction (HCI) User-centred design - Focus on users and their work 24 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - Evaluate designs (ensure usability) - Use iterative development Usability is the objective - UX design VS UI design UI Design UIX Design Visual side Mainly constructing Creating visual language and identity of app Flowcharts, wireframe and conducting user research “The look” Decking features and functionality - Interaction designer How user interacts with elements of the software Focus on animations, loading indicators and page transitions - Visual designer Designing for software Responsible for illustrations, graphics and complex icon design May not be needed Common in video fame design; interfaces often visual and skeuomorphic - Metaphors of HCI Direct manipulation metaphor - Objects on display are manipulated to look like pictures or icons - Eg dragging folder icon to recycle bin icon to delete collection Desktop metaphor - Visual display is organised into distinct regions, with large empty workspace in the middle and a collection of tool icons around the perimeter - Eg computer startup; windows user sees, icons for clocks calendars etc Document metaphor - Data is visually represented as paper pages or forms - Eg adobe acrobate file 25 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 Dialog metaphor - User and computer accomplish a task by engaging in a conversations/dialog/ tools - Eg clicking a button “troubleshoot” - Principles of User-interface design Human-interface objects - Affordance; appearance of the object suggests its functions - Visible on display and user action (feedback) - Eg radio buttons Consistency Continuity Discoverability Closure Readability and Navigation Usability and efficiency - Considerations for web-based apps Layout and formatting Data entry and user action Navigation and visibility - Transitioning from analysis to UI design Use cases and menu hierarchy - Design use case by use case - Menus typical way to organise access too use case functionality - Different types pf users different types of menus - Design overall menu hierarchy then subjects for different users - Then implement 26 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 Report design - Designing Reports Designing inputs — identifying devices and mechanisms, identifying inputs and data content and determining the controls Designing outputs— designing operational, detailed, summary, exception, and executive reports Electronic reports and other outputs— can include drill down, graphics, multimedia and dashboards Modern systems— mainly online and reports are available real-time Printed reports— can be made from online reports, mainly used for operational purposes ie notes, orders, delivery notes etc - Report types Operational - Day t day - Usually available online and realtime - Can be detailed - Represented according to business need - Eg sale items, invoices, shipping notes etc Detailed - Provide specific information on business reports - Eg list of all account each including information about the particular account Summary - Managers often use to track departmental or division performance - Used to recap periodic activity - Eg daily/weekly summary of all sales transactions Exception - Details/summary about transactions/operating results that fall outside of a predefined range of values - No report needed when business is progressing 27 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - Eg stock items at takelot are popular or reaching critical low Executive - Used by high-level managers to asses overall organisational health and performance - Summary information from activities within the company - Show comparative performance with industry-wide averages Electronic - Dynamic reprots allow users to specify the information needed - Serves specific business need - Allow flexibility and presentation of information - Some have detailed and summary sections - Eg results of search queries Multimedia - Permit data to be easily depicted in charts and graphs - Information is used for strategic business decisions making (trends ad changes) - Only effective way to use data is by summarising presenting it graphically - Simplified information reporting for printed and electronic formats - Dashboards Information management tool Uses visualisation Displays key performance indicators (KPIs) Tracked by business Asses various aspects of performance Generate actionable insights - Dashboard design Read left to right Key metrics at the top and enlarged 28 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 Highlight important information Related visualisation/comparisons should be adjacent for information context and users to make correlations Try keep single page BI/ analytics - Management solutions implemented in companies and enterprises - Collect historical and present data, while using statistics and software to analyse raw information and deliver insight for better future decisions - BI What happened and how it happened leading up to the present moment Identifies big trends and patterns without diffing into why’s or predicting the future - Analytics The why’s of what happened in the pas Breaks down contributing factors and causality Used to make predictions - Data visualisation Graphical representation of information and data Using visual elects eg charts, graphs maps to Provide accessible way to see and understand trends, outliers and patterns - Guid to designing reports Keep it simple Consistency Contact is important Quality > quantity Actionable information 29 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 Software testing - Implementation and deployment activities Complex processes Consist of many interdependent activities Implementation activities: - Program the software - Unit tests building test cases - Integrate and test components Employment activities: - Perform system and stress tests, - Perform acceptance test - Convert existing data - Build training materials/ conduct training - Configure and set up production environment - Deploy solution Testing is a key activity - Unit tests - Integration tests - Usability tests - System/performance/stress tests - Acceptance tests 30 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - Testing concepts Testing: process of examining a components, subsystem or system to determine its operational characteristics and whether it contains any defects Test case: a formal description of a starting state, one to more events to which the software must respond and the expected response or ending state - Defined based on functional and nonfunctional requirements - Must test all normal and exception situations Test data: a set of starting states and events used to test a module, group of modules or entire system - Data that will be used for test case 31 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - Unit testing Unit test: tests of an individual method, class or component before its integrated Drive: a method or class developed that stimulates the behaviour of a method that sends a message to the method being tested Stub: a method/class developed that stimulates the behaviour infield that hasn’t yet been written - Integration testing Testing of the behaviour of a group of methods, classes to components 32 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - Interface incompatibility - Parameter values - Runtime exceptions - Unexpected state interactions Very complicit because OOP consist of set of interacting objects - Methods called by other methods and calls distributed across classes - Classes may inherit methods and state variables - Specific method to be called is dynamically determined at runtime based on the number and type of message parameters - Objects can retain internal values between calls. Response may be different due to state changes Required procedure - Build and unit test components to be integrated - Create test data - Conduct integration test - Evaluate the test results - Log the test results (and log errors) - Correct the code and retest System test: an integration test of an entire system or independent subsystem - Can be performed ay end of each iteration - Can be performers frequently - Build and smoke test: a system test that is performed daily/ several times a week System is completely compiled and linked(built), a battery of tests is executes to see any obvious malfunctions (smokes) Automated testing tools are used Performance/stress test: an integration and usability test that determines whether a system or subsystem can meet time-based performance criteria - Response time— desired/maximum allowable time limi for system response to query/update 33 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - Throughput— desired/maximum number of queries and transactions that must be processed per minute/hour - User Acceptance Testing (UAT) A system test performed to determine whether the system fulfils user requirements - Performed near the end - Formal activity in most development projects— payments tied to passing - Details of tests are included in the request for proposal(RFP) and procurement contract Plan the UAT - Should be done early - Test cases for every use case and user story 34 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - Identify conditions to verify the system supports the use case accurately and completely Preparation and pre-UAT activities - Develop test data - Plan and schedule specific tests - Set up test environment Manage and execute UAT - Mini project - Assign responsibilities - Document and track results (errors and fixes) - Rework plan for retesting Log and results tracking list - V model for waterfall testing 35 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - Purpose of V model V: verification and validation Software development model Sequential path of execution States what, how and what tools used in phases Determine if given products satisfy conditions imposed at start of the phase Validation against requirements Identify relationships between development and testing phasers Ensure quality assurance and testing continues Advantages - Simple and easy to use - Time saver high chance of success - Protective defect tracking - Avoids toward flow of defects - Good for small projects Disadvantages - Rigid and inflexible - No early prototypes of software - Document has to be updated for any changes - Full-lifecycle OO testing(FLOOT) Methodology is a collection of testing techniques to verify and validate OO software Wide carroty of testing techniques available throughout software development Wide range of options Techniques can be applied with evolutionary/agile processes as well Test throughout not just during coding 36 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 37 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - Five principles of agile testing 1. Fast feedback 2. High level of automation 3. Low overhead 4. Termination of testing roles 5. Termination of testing phase Release cycles are shorter Requirements change rapidly Quality standards are higher - Ambler’s philosophies with testing Find defects Validate all artefacts Test often and early — potential cost of change to rise exponentially Builds confidence Test to the risk of the artefact One test is with a thousand options - Test plan — an approach Purpose — objects scope and approach Test items — approaches, pass/fail criteria, deliverables, staffing/trianing Risk and mitigation — test risks/issues Test environment and infrastructure Roiled and responsibilities Test schedule Test plan approval - Test cases Allow repeated testing with each application change during acceptance testing Formulated ruing use-case specification 38 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 Accompanied by datasets (test packs)— designed to facilitate test scenario Given a scenario of actions a user needs to complete Specifies expected result Specifies expected functionality — given by use-case narrative - Writing test cases Test Case Number and Strong Title Version/Last updated, Tester Details, strong description Pre and post conditions Assumptions Test Data Test Steps; clear and concise Expected Results Test Results Make it reusable 39 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 Security and control - Types of security Security (general) Cybersecurity Information security - Integrity controls: controls that maintain integrity of inputs, outputs and data and programs Inout controls Output controls Backup and recovery Fraud protection - Security controls: controls that protect the assets from threats, internal and external Access controls Data encryption Digital signatures and certificates Open ID authentications - Security Being safe and protected from threats and hazards ;holes - Loss - Damage - Unauthorised alterations - Cybersecurity The governance, development, management and use information security, operational technology (OT) security and information technology (IT) security to ensure a sack cyber environment - Threats - Vulnerabilities - Assets 40 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - Non repudiation - Accountability - Authenticity - Reliability - Information security (ICA triad) Confidentiality - Limit access to information - Authorised access only Availability - Guarantee of reliable access to information Integrity - Information is trustworthy and accurate - Information is not changed/deleted by unauthorised individuals - Integrity controls Integrated into application programs and DBMS Objects ensure - Appropriate and correct business transactions are accepted - Transactions are recored and processed correctly - Protection and safeguard assets ie database - Input controls Prevent invalid or erroneous data from entering system Value limit control - Check the range of inputs for reasonableness Completeness control - Ensure all data has been entered Data validation control - Ensure that specific data values are correct Field combination control 41 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - Ensure data is corrected based on relationship between fields - Output controls Ensure output arrives at proper destination and is accurate, current and complete Examples - Physical access - Discarded data - Labels - Redundancy, backup and recovery Protect data and systems from catastrophe - Datavases - Hardware - Software applications - Networks Onsite vs offsite copied - Fraud prevention Critical to repents internal fraud, embezzlement or loss Fraud triangle 42 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - Designing Security controls Protect all assets against external threats Other objectives - Protect and maintain stable, functioning operating environment - Protect information and transactions during transmission - Access control limit a persons ability to access servers, files, data and applications - Authentication (multi factor) - Access control list - Authorisation (list of permission level for each resource) Registered users Unauthorised users Privileged users - Data encryption Method to secure data — stored or in transmission Encryption — alter data so its unrecognisable Decryption — convert encrypted data 43 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 Encryption algorithm — mathematical transformation of data Encryption key — long data string allowing the same algorithm to proceed unique encryptions - Symmetric key encryption Used the same ket to encrypt and decrypt - Asymmetric key encryption Different keys to encrypt and decrypt Aka public key encryption - Digital signatures and certificates Digital signature — technique where a document is encrypted using a private key - Implements encrypted private ket then only decrypted with public key Digital certification — an organisations name and public that is encrypted and certified by an authorised third party Certifying authority — the authorised third party - Widely known and accepted, built into web browsers - Secure transactions Secure sockets layer (SSL) - Standard set of protocols for authentication and authorisation Transport layer security (TLS) - An internet standard equivalent to SSL IP security (IPSec) - Internet security protocol at a low-level transmission Hypertext transfer Protocol Secure (HTTPS) - Internet standard to transmit web pages - Open ID authentications Allow for convenience and security User centric technology Identity provider 44 Downloaded by Tshivhase Thanyani Rudolf ([email protected]) lOMoARcPSD|14467589 - communications between users and the identity provider - Keeps users passwords and identity Relying party— relies on IDP to sign in its users and get information such as email IDP eg MyViDoop - Two factor authentication Adds a second method of identity verification to secure accounts Effective method to prevent hackers Eg OTP, authorisation app 45 Downloaded by Tshivhase Thanyani Rudolf ([email protected])