Database design transforms the domain model class diagram into a detailed

database model for the system

A database management system is used to implement and interact with the
database
System controls and security are crucial issues to databases and also apply to other
aspects of the system
Relational database management system (RDBMS) -- a DBMS that organizes
data in tables (relations)
Table -- a two-dimensional data structure of columns and rows
Row -- one horizontal group of data attribute values
Attribute -- one vertical group of data attribute values
Attribute value -- the value held in a single table cell
Key -- an attribute or set of attributes, the values of which occur only once in
all the rows of the table
Primary key -- the key chosen by a database designer to represent
relationships among rows in different tables
Foreign key -- an attribute that duplicates the primary key of a different (or
foreign) table
A high-quality relational database schema has these features:
Flexibility or ease of implementing future data model changes
Lack of redundant data
Database Design Timing and Risk
ArchitectureDecisions about DBMS, database servers, and database
distribution are tightly integrated with other architectural decisions, including
network design, Web and component services, and security.
Existing databasesMost new or upgraded systems must interact with
existing databases, with their pre-existing constraints. While adapting
existing databases to new or updated systems, analysts must ensure their
continued operation.
Domain model class diagramDatabase design cant proceed until related
parts of the class diagram have been developed.

Design System Control

Controls -- mechanisms and procedures that are built into a system to
safeguard the system and the information within it
Integrity control -- a control that rejects invalid data inputs, prevents
unauthorized data outputs, and protects data and programs against
accidental or malicious tampering
Security controls -- are part of the operating system and the network and
tend to be less application specific.
There is some overlap between Integrity and Security controls
Integrity Control
Access control -- a control that restricts which persons or programs can add,
modify, or view information resources
Transaction logging -- a technique by which any update to the database is
logged with such audit information as user ID, date, time, input data, and
type of update
Complex update control -- a control that prevents errors that can occur when
multiple programs try to update the same data at the same time or when
recording a single transaction requires multiple related database updates
Output control -- a control that ensures that output arrives at the proper
destination and is accurate, current, and complete
Designed to protect data from hardware failure and catastrophes
Redundancy continuous access to data through redundant databases,
servers, and sites
Backup procedures make partial or full copies of a database to removable
storage media, such as magnetic tape, or to data storage devices or servers
at another site
Recovery procedures read the off-site copies and replicate their contents to
a database server that can then provide access to programs and users.
Fraud triangle -- model of fraud that states that opportunity, motivation, and
rationalization must all exist for a fraud to occur
Opportunitythe ability of a person to take actions that perpetrate a
fraud. For example, unrestricted access to all functions of an accounts
payable system enables an employee to generate false vendor
payments.

 Motivationa desire or need for the results of the fraud. Money is the
usual motivation, although a desire for status or power as well as a
need to be a team player may be contributing factors.
Rationalizationan excuse for committing the fraud or an intention to
undo the fraud in the future. For example, an employee might falsify
financial reports to stave off bankruptcy, thus enabling fellow workers
to keep their jobs.
Design Security Control
Security control -- a control that protects the assets of an organization from
all threats, with a primary focus on external threats
Two Objectives
Maintain a stable, functioning operating environment for users and
application systems (usually 24 hours a day, 7 days a week).
Firewalls to protect from hackers, viruses, works, and denial of
service attacks
Protect information and transactions during transmission across the
Internet and other insecure environments
Information could be intercepted, destroyed or modified
Security (Access Control)
Authentication -- the process of identifying users who request access to
sensitive resources
Authorization -- the process of allowing or restricting a specific authenticated
users access to a specific resource based on an access control list
Multifactor authentication -- using multiple authentication methods for
increased reliability
Unauthorized user -- a person who isnt allowed access to any part or
functions of the system
Registered user -- a person who is authorized to access
Privileged user -- a person who has access to the source code, executable
program, and database structure of the system
Security Control (Data Encryption)
Common types of data requiring additional protection
Financial information

 Credit card numbers, bank account numbers, payroll information,

healthcare information, and other personal data
Strategies and plans for products and other mission-critical data
Government and sensitive military information
Data stored on such portable devices as laptop computers and cell
phones

Security Control (Digital Certificate)

Digital certificate -- an institutions name and public key (plus other
information, such as address, Web site URL, and validity date of the
certificate) encrypted and certified by a third party
Certifying authority -- a widely accepted issuer of digital certificates
Secure Sockets Layer (SSL) -- a standard set of methods and protocols that
address authentication, authorization, privacy, and integrity
Transport Layer Security (TLS) -- an Internet standard equivalent to SSL
IP Security (IPSec) -- an Internet standard for secure transmission of low-level
network packets
Secure Hypertext Transport Protocol (HTTPS) -- an Internet standard for
securely transmitting Web pages
The Need for Project Management
Reasons for failure
Undefined project management practices
Poor IT management and poor IT procedures
Inadequate executive support for the project
Inexperienced project managers
Unclear business needs and project objectives
Inadequate user involvement
The Role of the Project Manager

 Project Management
Organizing and directing other people to achieve a planned result
within a predetermined schedule and budget
The processes used to plan the project and then to monitor and control
it.
Project Manager
Great need for effective project managers
Internally managing people and resources
Externally conducting public relations

Project Manager Responsibilities

Internal Responsibilities
Developing the project schedule
Recruiting and training team members
Assigning work to teams and team members
Assessing project risks
Monitoring and controlling project deliverables and milestones
External Responsibilities
Reporting the projects status and progress
Working directly with the client (the projects sponsor) and other
stakeholders
Identifying resource needs and obtaining resources
Additional Project Stakeholder
Client
the person or group that funds the project
Oversight Committee
clients and key managers who review the progress and direct the
project
Users

 the person or group of people who will use the new system
Project Management Body of Knowledge (PMBOK)
PMPOK is organized into 9 knowledge areas:
Project Scope ManagementDefining and controlling the functions that
are to be included in the system as well as the scope of the work to be done
by the project team
Project Time ManagementCreating a detailed schedule of all project
tasks and then monitoring the progress of the project against defined
milestones
Project Cost ManagementCalculating the initial cost/benefit analysis and
its later updates and monitoring expenditures as the project progresses
Project Quality ManagementEstablishing a comprehensive plan for
ensuring quality, which includes quality control activities for every phase of a
project
Project Human Resource ManagementRecruiting and hiring project
team members; training, motivating, and team building; and implementing
related activities to ensure a happy, productive team
Project Communications ManagementIdentifying all stakeholders and
the key communications to each; also establishing all communications
mechanisms and schedules
Project Risk ManagementIdentifying and reviewing throughout the
project all potential risks for failure and developing plans to reduce these
risks
Project Procurement ManagementDeveloping requests for proposals,
evaluating bids, writing contracts, and then monitoring vendor performance
Project Integration ManagementIntegrating all the other knowledge
areas into one seamless whole
Project Management and Ceremony
Ceremony
The level of formality of a project; the rigor of holding meetings and
producing documentation
High Ceremony
Meetings are often held on a predefined schedule, with specific
participants, agendas, minutes, and follow-through

 Specifications are formally documented with an abundance of

diagrams and documentation and are frequently verified through
formal review meetings between developers and users.
Low Ceremony
Meetings occur in the hallway or around the water cooler.
Written documentation, formal specifications, and detailed models are
kept to a minimum
Developers and users usually work closely together on a daily basis to
define requirements and develop the system

Agile Project Management

Agile Scope Management
Scope is not well understood, but needs to be controlled
Agile Time Management
Schedule must be flexible due to changes
Agile Cost Management
Costs are more difficult to estimate
Agile Risk Management
Higher risk aspects of project are completed first
Agile Quality Management
Quality assessed after each iteration
Identify the Problem
IS Development Projects usually:

 Respond to an opportunity
Strategic initiative
Something that provides competitive advantage
Resolve a problem
Operational issues keep coming up
User needs arent being met
Respond to an external directive
Legislation requires new form of reporting
Changes in tax laws or regulations
System Vision Document
Problem Description
What is the problem and idea for the solution?
System Capabilities
What are the capabilities the new system will have?
Helps define the scope
Business Benefits
The benefits that accrue to the organization
Tangible (in dollars) and intangible benefits
Quantify Project Approval Factors
Estimated Benefits from New System
Opening up new markets with new services, products, or locations
Increasing market share in existing markets
Enhancing cross-sales capabilities with existing customers
Reducing staff by automating manual functions or increasing efficiency
Decreasing operating expenses, such as shipping charges for
emergency shipments
Reducing error rates through automated editing or validation
Reducing bad accounts or bad credit losses
Reducing inventory or merchandise losses through tighter controls

 Collecting receivables (accounts receivable) more rapidly

Tangible Dollar Benefits
Used for Cost/Benefit Analysis--process of comparing costs and
benefits to see whether investing in a new system will be beneficial-Cost/Benefit Analysis
Net Present Value (NPV)
the present value of dollar benefits and dollar costs of a particular
investment
Payback Period
the time period after which the dollar benefits have offset the dollar
costs
Tangible Benefit
a benefit that can be measured or estimated in terms of dollars
Intangible Benefit
a benefit that accrues to an organization but that cant be measured
quantitatively or estimated accurately
Use present value (after discount factor) for all dollar values
Estimate the useful life of the system
The NPV after 5 years is $1,713,097
Payback Period is 2 years amd 128 days
Example of Intangible Benefits
Increased levels of service (in ways that cant be measured in dollars)
Increased customer satisfaction (not measurable in dollars)
Survivalneed to do it to compete
Need to develop in-house expertise (such as a pilot program with new
technology)
Established the Project Environment
Project manager must establish project parameters and the work
environment:
Recording and communicatinginternal and external
Who, what, when, and how

 Work environment
Workstations, software development tools (IDE), servers and
repositories, office and meeting space, support staff
Process and procedures followed
Reporting and documentation, programming approach, testing,
deliverables, code and version control
In other words, tailor and operationalize the methodology being used
Schedule the Work
Project manager must establish initial project schedule and keep adjusting:
Project Iteration Schedule
The list of iterations and use cases or user stories assigned to
each iteration
Detailed Work Schedule
Within an iteration, the schedule that lists, organizes, and
describes the dependencies of the detailed work tasks
As each iteration is finished, a detailed work schedule is
prepared for the next iteration
The next detailed work schedule takes into account the changes
necessary based on feedback/progress
Developing Detailed Work Schedule takes three steps:
Develop a Work Breakdown Structure (WBS)
The list or hierarchy of activities and tasks used to estimate the
work to be done in a project or iteration
Estimate effort and identify dependencies
Task times
Tasks that must be completed before another task begins
Critical path--a sequence of tasks that cant be delayed without
causing the entire project to be delayed
Create a schedule using a Gantt chart
Bar chart that portrays the schedule by the length of horizontal
bars superimposed on a calendar
Staff and Allocation Resource

 Staffing activity tasks consists of 5 tasks:

Developing a resource plan for the project
Identifying and requesting specific technical staff
Identifying and requesting specific user staff
Organizing the project team into work groups
Conducting preliminary training and team-building exercises
Testing Concept
Testing the process of examining a component, subsystem, or system to
determine its operational characteristics and whether it contains any defects
Test case a formal description of a starting state, one or more events to
which the software must respond, and the expected response or ending state
Defined based on well understood functional and non-functional
requirements
Must test all normal and exception situations
Test data a set of starting states and events used to test a module, group of
modules, or entire system
The data that will be used for a test case
Unit Testing
Unit test tests of an individual method, class, or component before it is
integrated with other software
Driver a method or class developed for unit testing that simulates the
behavior of a method that sends a message to the method being tested
Stub a method or class developed for unit testing that simulates the
behavior of a method invoked that hasnt yet been written
Integration Testing
Integration test tests of the behavior of a group of methods, classes, or
components
Interface incompatibilityFor example, one method passes a
parameter of the wrong data type to another method
Parameter valuesA method is passed or returns a value that was
unexpected, such as a negative number for a price.
Run-time exceptionsA method generates an error, such as out of
memory or file already in use, due to conflicting resource needs

 Unexpected state interactionsThe states of two or more objects

interact to cause complex failures, as when an OnlineCart class
method operates correctly for all possible Customer object states
except one
Integration testing of object-oriented software is very complex because an
object-oriented program consists of a set of interacting objects
Methods can be (and usually are) called by many other methods, and
the calling methods may be distributed across many classes.
Classes may inherit methods and state variables from other classes.
The specific method to be called is dynamically determined at run time
based on the number and type of message parameters.
Objects can retain internal variable values (i.e., the object state)
between calls. The response to two identical calls may be different due
to state changes that result from the first call or occur between calls.
Usability Testing
Usability test a test to determine whether a method, class, subsystem, or
system meets user requirements
Many usability tests are required because they involve functional and nonfunctional requirements
Most common type evaluates functional requirements, use case by use case
Can be completed in each iteration as use cases are implemented
Can test ease of learning and ease of use
Can test whether results match actual requirements
Key type of feedback from users throughout project
System, Performance, and Stress Testing
System test an integration test of an entire system or independent
subsystem
Can be performed at the end of each iteration
Can be performed more frequently
Build and smoke test a system test that is performed daily or several
times a week
The system is completely compiled and linked (built), and a
battery of tests is executed to see whether anything
malfunctions in an obvious way (smokes)

 Automated testing tools are used. Catches any problems that

may have come up since the last system test
Performance test or stress test an integration and usability test that
determines whether a system or subsystem can meet time-based
performance criteria
Response time the desired or maximum allowable time limit for
software response to a query or update
Throughput the desired or minimum number of queries and
transactions that must be processed per minute or hour
User Acceptance Testing
User acceptance test a system test performed to determine whether the
system fulfills user requirements
May be performed near the end of the project (or at end of later project
iterations)
A very formal activity in most development projects. Payments tied to
passing tests
Details of acceptance tests are sometimes included in the request for
proposal (RFP) and procurement contract
Converting and Initializing Data
An operational system requires a fully populated database to support ongoing
processing
Data needed at system startup can be obtained from these sources:
Files or databases of a system being replaced
Manual records
Files or databases from other systems in the organization
User feedback during normal system operation

Training Users
Training is needed for end users and system operators
Training for end users must emphasize hands-on use for specific business
processes or functions, such as order entry, inventory control, or accounting

 Widely varying skill and experience levels call for at least some handson training, including practice exercises, questions and answers, and
one-on-one tutorials
System operator training can be much less formal when the operators arent
end users
Experienced computer operators and administrators can learn most or
all they need to know by self-study

Implementation, Testing and Deployment

Development Order
Input, process, output (IPO) a development order that implements
input modules first, process modules next, and output modules last
Top-down development a development order that implements toplevel modules first
Use stubs for testing
Bottom-up development a development order that implements lowlevel detailed modules first
Use drivers for testing
Source code control
An automated tool for tracking source code files and controlling
changes to those files
A programmer checks out a file in read-only mode when he or
she wants to examine the code without making changes (e.g., to
examine a modules interfaces to other modules)
When a programmer needs to make changes to a file, he or she
checks out the file in read/write mode
The SCCS allows only one programmer at a time to check out a
file in read/write mode.
Packaging, installing, and deploying components
Issues to consider when planning
Incurring costs of operating both systems in parallel
Detecting and correcting errors in the new system
Potentially disrupting the company and its IS operations

 Training personnel and familiarizing customers with new

procedures
Different approaches
Direct deployment
Parallel deployment
Phased deployment
Direct deployment a deployment method that installs a new system, quickly
makes it operational, and immediately turns off any overlapping systems
Higher risk, lower cost
Submitting Error Reports and Change Requests
Standard reporting methods
Review of requests by a project manager or change control committee
For operational systems, extensive planning for design and
implementation
Implementing a Change
Identify what parts of the system must be changed
Secure resources (such as personnel) to implement the change
Schedule design and implementation activities
Develop test criteria and a testing plan for the changed system
Change and Version Control tools and processes handle the complexity
associated with testing and supporting a system through multiple versions
Alpha version a test version that is incomplete but ready for some
level of rigorous integration or usability testing
Beta version a test version that is stable enough to be tested by end
users over an extended period of time
Production version, release version, or production release a system
version that is formally distributed to users or made operational for
long-term use
Maintenance release a system update that provides bug fixes and
small changes to existing features