141 Flashcards
(17 cards)
Define a system:
a collection of interrelated parts that form a whole and has some purpose, a change in any part can lead to a change in other part(s)
What is the system development lifestyle?
planning - plan, feasibility assessment + goal
analysis - problem + requirements analysis
design - arch. + interface (system spec.)
implementation - system construction, installation, support plan, maintenance + testing
What are the system development lifestyle models?
waterfall dev. - one stage at a time so inflexible but easy
rapid application dev. (e.g agile dev.) - feature oriented rather than activity, deliver in each iteration so can make changes
What are the diff. types of requirements?
- business
- user
- functional (software)
- non-functional (system qualities)
- system (system implementation)
(non-functional can be split into product, organisational, external, quality, process, + constraints requirements)
What is requirements elicitation?
articulating + understanding users’ needs as well as any constraints + processes that need to be followed
often inc. questionnaires, interviews, brainstorming, observations, think aloud, workshops/focus groups + prototyping
What are the stages involving requirements?
requirements elicitation, analysis, documentation and verification + validation
What does user-centred design concern?
- interaction design - good UI
- HCI
- user experience (UX) design - enhancing satisfaction + ease of use
- requirements engineering
need to consider physiological, cognitive + affective (emotional) aspects
best to use scenarios to imagine these aspects
What is usability?
the extent to which a product can be specified to achieve goals with effectiveness, efficiency + satisfaction in a specified context of use
Nielsen’s usability characteristics:
- learnability
- efficiency
- memorability
- errors - low error rate
- satisfaction
How to evaluate usability?
- analytic approaches (guideline/heuristic assessment)
- empirical approaches (user eval.)
- inspection methods (expert evaluation): inc. heuristic evaluation, walkthroughs + guideline checklist
- inquiry methods (observations, focus groups, questionnaires, etc.)
- testing methods (user evaluation)
can use system usability scale to get quantitative feedback
finally may perform usability testing to see how user interacts in real time
What is a dark pattern?
deceptive UI design features to mislead users into making choices not in their best interest by exploiting human weakness
e.g. Zuckering - using jargon to deceive users
roach motel - user enters diff. to leave situation
forced continuity - auto. billed after free trial w/o notice
bait + switch - undesirable result occurs when user does an action
What is design ethnography + participatory design?
design ethnography = observe how users interact w/ the prototype in real settings/natural environment
- earliest dev. step
participatory design = actively involve users in refining design, using their insights to minimise risks
Give some system failure case studies:
titanic - very complex socio-technical system + management structures, involved latest data communications + engineering technologies and complex political + organisational context
post office - Post Office - didn’t listen to staff complaints about new software → over 700 PO branch managers received criminal convictions for faulty accounting + theft (2004-14) due to false suggested cash shortfalls from Horizon
Boeing 737 MAX - tried to use software solution to fix hardware issue (engine size + plane design), little open communication around system risks + pilots concerns were ignored - whole plane died in a crash
What are the types of system failures?
- regulatory failures - lack of info
- managerial failures - safety climate, lines of command + responsibility, quality control, etc.
- hardware failures - design/req./implementation failure,
- software failures - req./spec failure
- human failures - human error
Discuss a system failure model:
swiss cheese model = holes from failures + latent conditions (start as hazard → losses)
successive layers of defences
Explain Laprie’s dependability model:
impairments =
failure - system doesn’t deliver the service users expect
error - system behaviour doesn’t conform to its spec
fault - incorrect system state not expected by designers
means =
fault avoidance - preventing fault occurrence
fault tolerance - delivering correct service though faults present
fault removal - reducing no./severity of faults
fault forecasting - estimating no. of faults, future occurrences + consequences
attributes =
availability - ability of system to deliver services when requested
reliability - ability of the system to deliver services as specified
safety - ability of the system to operate w/o catastrophic failure
security - ability of the system to protect itself against intrusion
What are some security case studies?
Jan 2024: 2nd biggest Spanish mobile carrier had major outage due to weak password
May 2017: hacker exploited windows vulnerability (EternalBlue) in a cyber attack against NHS - 48 hospitals affected
undermined trust leads to downtime, data loss + safety risks
What are the CIA Triad foundations of security?
confidentiality - computing resources, data + info should be accessible only to authorised users
- privacy - gives owner control over what data is collected, how it’s stored + how it’s used
- ensure w/ encryption, access control + authentication
integrity - resources should only be modified/removed by authorised users
- data integrity - ensures data isn’t tampered w/ (maliciously/accidentally)
- system integrity - system should function as intended, free of unauthorised modifications
- ensure w/ checksums, hashing, digital signatures + version control
availability - resources need to be accessible when needed by authorised users
- performance - slow/overloaded systems hurt vulnerability
- single point of failure - avoid designs where failing components take down entire system
security fails if any pillars are compromised
