In: Computer Science
ystems Analysis and Design in a Changing World (7th Edition)
on the Spot Courier Service
Case study for chapter # 6 [page # 182]
Previous chapters have described the technological
capabilities that Bill Wiley wants for servicing his customers. One
of the problems that Bill has is that his company is very small, so
he cannot afford to develop any special-purpose equipment or even
sophisticated software.
Given this limitation, Bill’s need for advanced technological
capabilities comes at an opportune time. Equipment manufacturers
are developing equipment with advanced telecommunications
capabilities, and freelance software developers are producing
software applications—many of which provide the capabilities that
Bill needs. The one caveat is that because this will be a live
production system, it needs to be reliable, stable, error-free,
dependable, and maintainable.
Let us review some of the required capabilities of the new system,
which has been described in previous chapters:
Customers
■ Customers can request package pickup via the
Internet.
■ Customers can check the status of packages via the
Internet.
■ Customers can print mailing labels at their
offices.
Drivers
■ Drivers can view their schedules via a portable
digital device while on their routes.
■ Drivers can update the status of packages while on
their routes.
■ Drivers can allow customers to “sign” for packages
that are delivered.
they only plan to provide some design specifications and guidelines
to each resort. The resort will be responsible for connecting to
the Internet and for providing a secure wireless environment for
the students.
1. For which subsystem(s) is(are) integrity and security controls
most important? Why?
2. What data should be encrypted during trans- mission through
resort wireless networks to SBRU systems? Does your answer change
if students interact with SBRU systems using a cell phone
(directly, or as a cellular modem)?
■ The system “knows” where the driver is on his route
and can send updates in real time.
■ Drivers can accept payments and record them on the
system.
Bill Wiley (management)
■ Bill can record package pickups from the ware-
house.
■ Bill can schedule delivery/pickup runs. ■
Bill can do accounting, billing, etc. ■ Bill can access
the company network from his
home. Given these requirements, do the following:
1. What kind of fraud is possible in this scenario? By
the customer? By the truck driver? By
colaboration between system users? What steps should Bill take to
minimize the opportunity for fraud?
2. What kind of access controls should be put in place?
For the customer? (Notice the customer has no financial
transactions. Would you change your answer if the customer could
also make payments online?) For the truck driver? For Bill? Are the
typical userID and password sufficient for all three, or would you
require more or less for each?
Types of possible fraud:
There are numerous types of fraud are available in this scenario. There are,
* One way to commit the fraud is when a person accepts the money
in the name of truck driver.
* Another way is “overprice”. That is. actual package price is tess
but the customer pay is high.
This could easily happen with huge packages for large
customers.
Fraud is more complex process for customer to commit by
themselves because; they don't have
direct control the money or weight.
+ But. the customer could work together with truck driver to
overprice for packages and divide the
overprice rate.
* Atruck driver work with himself or with customer could cause the “phantom ship packages”.
* Fundamentally, the customer will charge the packages will not be happen.
Steps to avoid the fraud:
Steps are taken by Bill to avoid the fraud is given below:
+ One way to prevent the fraud is to provide the “delivery
receipt” to customer at the pickup time,
it also provide the “package lists” and “package prices” are
transmit to customer on periodic
basis and verify it by the customers.
© This will help to reduce overprice.
« Another way to prevent the fraud is to provide the “tracking
number’ to all packages. Then, only
customer follows their package during its progress.
0 This will help to reduce the phantom packages.
« For each and every time, change the drivers during the delivery routes.
o Then only the drivers are not known by customer at customer focation.
The access contro! “userlD” and “password” are enough for basic
level for all three users such as
“customer”, “truck driver’, and “Bill’.
Customer:
Customer requires the “userlD” and “password” access control to
transmit the packages. Then,
only another people do not have rights to use the customer accounts
to transmit the packages.
* There is no change when the customer performs financial
transactions. Because, it has basic
leve! access contro! such as “userlD” and “password” and also it
has additional access controls
such as “mobile verification” is enough to transmit the
packages.
Truck driver:
Truck driver requires the “useriD" and “password” access control
to transmit the packages. But,
the issue is driver devices are “portable”. So easily transfer the
data or stolen by someone.
* For safety measures, the device should automatically log off
the authentication after some time.
* This method provides the security with efficient output, but it
is not an efficient method.
Because, it requires log in for each and every transaction.
Bill:
Bill requires the “useriD” and “password” access control to
transmit the packages and all financial
records. Bill should have access control similar to bank account
authentication which requires
“userlD” and “Password”.
Conclusion:
Therefore, the typical access control “userlD” and “password”
with additional access controls
such as “recognizable computers’, “mobile verification” and so on
are needed to protect the
system inside the organization.