Task 1 – Class Diagram
For the Use Cases “Enter New Order’, ‘Create Case Manifest’ and “Record Order Fulfillment” develop a first-cut design class diagram for this use case. Recall that creating a booking involves at least a student group, a resort, a week, and a room type. The design class diagram should elaborate the attributes, the behaviours and show navigation visibility. You may also need to add more classes to the supplied analysis classes. It is not uncommon for developers to enhance early models as they begin to understand system requirements better. The class diagram should include
Domain classes and classes for the Controller and Boundary classes.
Task 2 - Interaction Diagrams
1.Draw a first-cut sequence diagram for the “Enter New Order’, ‘Create Case Manifest’ and “Record Order Fulfillment” use cases.
2.Update your earlier class diagram to include any additional classes from the use cases. Include elaborated attributes, navigation arrows, and all the method signatures from both use cases.
Task 3 – Security
As with other web sites and systems, users of the ChemExec system face such risks as identity theft, phishing attacks, and viruses. Review the following information related to social networking risks and security published by the United States Computer Emergency Readiness Team, including:
Socializing Securely: Using Social Networking Services (www.us-cert.gov/reading_room/safe_social_networking.pdf)
Cyber Security Tip ST06-003: Staying Safe on Social Network Sites (www.us-cert.gov/cas/tips/ST06-003.html)
Cyber Security Tip ST05-013: Guidelines for Publishing Information Online (www.us-cert.gov/cas/tips/ST05-013.html)
After reviewing this information, outline what specific controls and security measures should be incorporated into the Social Networking subsystem?
Task 4 – Database Schema
Develop a relational database schema (ER Diagram) in 3NF, specifying table names, attributes, Primary and Foreign Keys.
Task 5 – Implementation
Select a suitable deployment strategy (direct, parallel, or phased conversion) and justify your selection by outlining the logic behind your decisions.
Task 6 – Project Management
Produce a risk management analysis detailing any possible risks to the project design and implementation, likelihood of them arising, the impact (severity) of them happening and any countermeasures that may be taken to mitigate (prevent or minimise) their impact.
Preventing Attacks on the Social Network Application
Enter New Order
Create Case Manifest
Record Order Fulfillment
Enter New Order
Create Case Manifest
Record Order Fulfillment
ChemExec will include a social network application that will be implemented as individual subsystem. Ensuring security in this subsystem should be a top priority to ensure that the subsystem is not affected by attacks from malicious users and to make sure that the privacy of the users using the system are not violated or their access devices comprised from using the application. In order to define various ways the proposed web application could be protected from threats it’s crucial to understand different types of threats that the web application may be vulnerable to and then define various ways that the threat can be prevented or a way through which the possibility of an attack can be minimized.. These threats are and their protection measures are;
- SQL injection- This form of attack involves use of reserved SQL symbols to try and make the web server to execute malicious queries other than the one it’s intended to execute. This form of attack is common because it easy as it targets SQL query construction programmatically. And because most web applications are database driven, attackers can take advantage of vulnerable points of the web application to perform this attack. There are two ways of protecting against this form of attacks;
- Sanitizing user input- this involves the user input is sanitized to eliminate any reserved SQL symbols. Sanitization should be done both at client side and server side. Parameter binding is another great way to ensure injection is prevented.
- Granting least possible privileges- Apart from sanitizing the user’s input to secure the system, users should be granted rights and privileges only for those actions they are supposed to perform for example giving a normal user the privilege to drop tables or truncate tables can be a vulnerability.
- Cross-site scripting (xss)- This form of attack involves use of a malicious script in a trustworthy website to cause damage to users who visit the website. There are two types of xss vulnerability categories; reflected xss and stored xss. Reflected xss is also known as no persistent xss is an attack that sends malicious content to the server so that when the server is responding the malicious content is embedded. This attack is usually used to discover whether or not the site is vulnerable so that they can plan something complex. Stored xss which is also known as persistent xss is more dangerous because it can have an impact on each user that will visit the site. The attack is transmitted to the client through HTTP requests.
XSS attacks can be prevented through filtering of the user input as discussed in SQL Injection and escaping of dangerous content to make sure the user content is never executed.
- Insecure direct object reference is where the internal value or key of the application is exposed to the user thus granting malicious users the ability to manipulate the internal keys to gain access to the things that they should not have access to. This form of attack can be prevented by obfuscating the URLs by using hash values rather than normal names thus adding a degree of complexity to the URLs.
- Denial of service (DOS) attacks
DOS attacks are intended to overload the server with illegitimate thus overwhelming the machine or network resources of the host thus preventing legitimate requests. A common policy to stop this type of threat would be to block the IP address from where the requests are originating using the firewall or apache server.
By following the measures outlined for each possible attack, the attack can be prevented or the chances of it ever happening significantly reduced.
To implement the proposed web based application the best implementation strategy to follow is parallel deployment strategy. Parallel deployment strategy involves deploying the system and using parallel to the old system until all the users and the organization is satisfied that the new system is working fine. This strategy is the best as it allows users to use the system while taking time to learn and adapt to it. Although using both systems can be tedious, this strategy minimizes the project risks that arise from project deployment as it user friendly and a fool proof strategy.
Direct Conversion
Multiple user would use the information system for the management of the inventory, delivering the orders and providing service to the patients. The following instruction should be followed such as:
Installation of multiple servers such that the secondary servers can act as a backup
Secure connection should be created for enabling for enabling the user to make payment for the medicine and the other hospital charges.
Advantages
The servers and the system should be backed up regularly and restore point should be created such that no data is lost.
The system should not fail due to overload and load balancer should be used for reducing the risk of server overload.
Disadvantages
An estimation should be done for the hardware needed for running the information system and create a budget plan
The server can breakdown or the link may get fail causing the information system collapse.
Risk Table
Risk_1: Loss of previous records and data due to no backup or restore point
Risk_2: Malicious attack on the server due to lack use of secure connection
Risk_3: risk of failure of budget
Risk_4: Lack of security measures
Risk_5: Breakdown of the server due to lack of maintenance
Risk_7: Malfunctioning of the server due to virus attacks and spywares
Risk_8: redundant storage of the information due to lack of normalization of the database tables
Mitigation of the risk
Risk_1: The data should be backed up automatically after a regular interval of time for avoiding the loss of data
Risk_2: The ISP router should be configured with access control list for restricting the user from accessing the server resources.
Risk_3: The activity of the user should be controlled for eliminating the risk of over budgeting
Risk_4: Firewall should be installed and secure connection should be used for the transmission of data
Risk_5: The server should be maintained and the health of the PC should be checked for eliminating the risk of sudden breakdown.
Risk_7: Antivirus software should be installed and the operating system should be updated for mitigating the risk.
Risk_8: Unique primary key should be used for eliminating the risk of redundant storage of the same data or information.
Risk Effect
The loss of data from the physical server would cause loss of the bank transactions and thus would have a monetary effect on the organization. The data can be misused by a third party for fraud the identity of the patient for performing illegal activity. The confidential data can be stolen for collapsing the project and crashing the website.
Jones, S.S., Rudin, R.S., Perry, T. and Shekelle, P.G., 2014. Health information technology: an updated systematic review with a focus on meaningful use. Annals of internal medicine, 160(1), pp.48-54.
Kayser, L., Kushniruk, A., Osborne, R.H., Norgaard, O. and Turner, P., 2015. Enhancing the effectiveness of consumer-focused health information technology systems through eHealth literacy: a framework for understanding users' needs. JMIR human factors, 2(1).
Laudon, K.C. and Laudon, J.P., 2016. Management information system. Pearson Education India.
Ledikwe, J.H., Grignon, J., Lebelonyane, R., Ludick, S., Matshediso, E., Sento, B.W., Sharma, A. and Semo, B.W., 2014. Improving the quality of health information: a qualitative assessment of data management and reporting systems in Botswana. Health research policy and systems, 12(1), p.7.
Milevska, N.K., Chichevalieva, S., Ponce, N.A. and Winkelmann, J., 2017. The former Yugoslav Republic of Macedonia: Health System Review. Health systems in transition, 19(3), pp.1-160.
To export a reference to this article please select a referencing stye below:
My Assignment Help. (2021). Protecting And Managing Health Information Systems For ChemExec Essay.. Retrieved from https://myassignmenthelp.com/free-samples/bit232-systems-design-and-development/interaction-diagrams.html.
"Protecting And Managing Health Information Systems For ChemExec Essay.." My Assignment Help, 2021, https://myassignmenthelp.com/free-samples/bit232-systems-design-and-development/interaction-diagrams.html.
My Assignment Help (2021) Protecting And Managing Health Information Systems For ChemExec Essay. [Online]. Available from: https://myassignmenthelp.com/free-samples/bit232-systems-design-and-development/interaction-diagrams.html
[Accessed 24 November 2024].
My Assignment Help. 'Protecting And Managing Health Information Systems For ChemExec Essay.' (My Assignment Help, 2021) <https://myassignmenthelp.com/free-samples/bit232-systems-design-and-development/interaction-diagrams.html> accessed 24 November 2024.
My Assignment Help. Protecting And Managing Health Information Systems For ChemExec Essay. [Internet]. My Assignment Help. 2021 [cited 24 November 2024]. Available from: https://myassignmenthelp.com/free-samples/bit232-systems-design-and-development/interaction-diagrams.html.