Online Shows Room Management System - Report Example

Online shows room management system Name: Institution name Introduction Even though this showroom management software is available in Saudi Arabia, this research seeks to develop a specific system to manage vehicle showroom data online that can vastly improve the ease with which motors are sold and purchased. In shows room management system each showroom will have the ability to access their online data individually. With improvements to the current technology, both the seller and the purchaser will use one online point of sale management system, although with differing access and functions. Major problems with the current technology where vehicle sales are recorded with pen and paper will be eliminated. Not only is this impractical, but it is not sustainable as projected units in 2015 will reach one million per year (Marketresearch.com, 2014). From the seller’s perspective, the website will allow for the supervision of profits, inventory, advertisements, as well as other administrative functions. The benefits of such a system include not only provision of an easy way for showrooms to record and store information such as sales, inventory, profit, and loss, but also the possibility of doing it the user’s first language. The system will also allow user to search inventory and request details about a specific automobile via the web application in Arabic instead of English, which will expand the consumer market. The Online shows room management system therefore undergo through a series of important stages of, analysis using appropriate methodology, design using latest technology, test and implementation to determine the suitability of the system in production environment Basic features of the system Basic front end features User interface with links The Auto system site is to consist of the following sections for static content: About Us, Contact Us, Terms & conditions, privacy and statement auto system- login. The pages shall be linked together using hyperlinks in order to ease of navigation, About Us page shall contain basic information regarding the company or business, the contact us page shall provide information of how to contact the business or the organisation, terms and conditions page will include information on how to use the products and services, and privacy page will have the information on how any personal information shall be kept. Advertisement Since the system will be a web based there shall be an advertisement section on all the pages. The advert shall be place strategically for all the users to see. Advert on home page is a must. Standard front end features User registration Customers will be able to register using a self-registration feature of the system; they will be required to provide email address, password, and answer two security questions. Advanced user registration features Single same email registration check The system will not permit multiple accounts to be registered with the same email address. If the system detects an email address is already registered the users is to be prompted to use the self-service password rest function. Email confirmation The user upon registration will be required to login on their email in order to confirm their registration. Self-service password reset In case the user forgets password, there shall be a user reset password feature which shall require the email address used during registration in order to provide the password reset code. Alternatively the user will be required to answer the questions asked during initial registration Unique user Id generation On completion of the account registration process a unique customer ID number is to be generated for the account. User guide The process of the customer entering the necessary personal and Business information should be made as simple as possible. Initially the customer should be guided through the process in a wizard format Save and continue feature during registration The customer must be able to leave the site at any time during the setup of their account and be able to return later without having to re-enter their details again. Photo upload Customers will be able to upload a car photos to specific profile Region recognition features A differentiation is to be made between addresses in the KSA and international addresses Search feature of the system Customers should be able to search for information regarding everything they desire. When a customer searches for cars they can simply entre the car registration ifit is known. Or use drop down menus of car make, model and age etc. to search for cars. Back end features of the system The system is to enable customers to manage a number of functions in their business, Marketing, Operations, HR, and Finance Account management. The backend user should be able to manage the account created by end user. The account can be deleted, modified or changed by the system admin. Report generation Back end user should be able to generate reports on various things such as number of users Website updating The back end user should be able to do webpage maintenance and changing of or adding content to the front pages. Requirements System requirements are determine using various methods, traditional common methods of system requirements determination include, organising interviews and using administration of questionnaires, observation and through critical analysis of important procedures and requirements (Kendall & Kendall, 2011). Software requirement Appropriate operating system, preferably windows 2008 server, network infrastructure, proper LAN configuration and installation of appropriate serves, database, webserver among others, Latest version web browsers, Firefox, Mozilla and Google chrome. Other necessary environment configuration scripts such as zip, auto start up scripts, proper firewall configuration and passwords ports with password configured and having a database user Hardware requirements Memory 8.0 GB for a server in production environment for testing purposes 4GB will work , processor type should be 64 bit both for test environment and production environment , the processor speed should at least 3.5 GHZ duo-core in a test environment and core i7 for production environment. Minimum hard disk requirement of 500 GB in a test environment but for production 750 GB and above is appropriate. Development Model When deciding which system development method to use it is important to know the organisation , do a thorough budget of resources and time and come up with a proposal, do data gathering in the organisation using various data collection mechanism, from the information collected the business scenario is clearly understood(Kendall & Kendall, 2011). This system is best designed using a model that is sequential in nature. Sequential type of modelling was the first software development lifecycle model used to address software specific issues. It works on the believe that problems being tackled are understood as well as described before a solution is attained, it is sequential approach is easy to plan and follow up progress (Land &Wallin n.d.) Water fall development model The following steps in developing the system , Initiating the project, Doing project planning, System analysis, System design, System development, System implementation Project closure shall be done using pure water fall model (Land & Wallin, n.d.). Figure 1 water fall method Data analysis methods Data flow diagrams In attempt to understand information system it is important to conceptualize how data flow or moves in a system. to achieve this system developer uses data flow diagrams, which are and advantageous because they provide for deeper understanding of how systems and sub systems interacts, at the user level data flow diagrams assist in communication the system to the end user thus it becomes easy for them to conceptualize, it result in more productive system, offers avenue for better flexibility which will assist in maintenance (Kendall & Kendall, 2011).When developing data flows, the rules are, all data flow diagrams should have at least a process with no free standing objects, the process should receive at least one and create at least a data flow that leaves the process the data store should have a connection to a process and all external entities should a have a connection to each other (Kendall & Kendall, 2011). Figure 2: Level 0 Data dictionary Kendall & Kendall,( 2011) defines data dictionary as the references of data used in the system it is used reduce data redundancy as well as being helpful in system documentation they are used to give a brief overview of what kind of data is required to be stored in the stored files . Designing the output Output is important since it ensures that the system receives positive acceptance, however to come up with an effective out put it important to understand that output should achieve the purpose which it were meant to achieve i.e. it should fit the user by giving them the right quantity of desired information, ensuring it is strategically place in order to give the information on time (Kendall & Kendall, 2011). The types of output technologies the system implements include video audio ad animation, push and pull technology and electronic output however, for other documentation such as manual, CD-ROM will be used (Kendall & Kendall, 2011). Kendall & Kendall (2011) states designing website important consideration should be taken into account when designing website, use of professional tools, do a thorough study the website, make use of resources the website is offering, examination of websites professionally designed, employ tools understood and well learned. Make good use of available plug-in, and proper planning in terms of decision of structure, content development, employ useful graphics that will allow navigation and promotion. Database design Stephens & Plew, (2001) argue that database a collection of mechanism in which data are stored. Kendall & Kendall, (2011 ) states that databases is not just files, but a core source of data shared by many users in variety of system application databases are managed using databases management systems. An effective data base system ensures that data stored can be shared by the existing system users; data stored should be accurate other than being consistent, data availability. Various database environment exist, examples are main frame environment and client server. The system shall implement a client server data base environment. Here the database is going to be installed on a separate dedicated server and then the information is shared among clients (Stephens & Plew, 2001). There is distribution of overall work from the server to the clients since the two work independently and have their own resources memory and the CPU (Stephens & Plew, 2001) Figure 3 client server technology Figure 4: Components of a database environment A good database is built on the following main areas, schema development, objects modelled, tables to store data, column and fields, records rows, primary key and foreign keys relationships and data types, (Stephens & Plew, 2001) This system will employ a relational database model. Relational databases organises data into tables that help in minimizing data duplication (Kendall & Kendall, 2011). The reason for this choosing this kind of data base is simply because, its structure is easily changed, it is easier to use complex queries to retrieve complex information, data contained is accurate, in relational databases, data is logically represented, this offers the user advantage because the user do not need to know how the data is stored (Stephens & Plew, 2001). Database design process Database is designed through a process involving a series of steps which include, clearly examining what the mission and objectives are , then ensuring a proper work plan is in place, each step should have milestones or deliverables, setting task allocation if need be and finally setting up deadline(Stephens & Plew, 2001). Database system development model The development of the database will constitute three primary sections, doing a requirement analysis, data modelling and normalization The process steps Design process constitutes the following steps, first there is data definition, secondly there is formulating data structures, followed by defining the relationships between different aspects of entities, and finally formulating views (Stephens & Plew, 2001). Database life circle consist of developing database environment, subjecting the database through a test and finally the production environment. Normalization This is the steps taken in transformation of data to get a small stable data structures; there are three steps in data normalization, first normal form, second normal form and third normal for relationships in data bases there various types of relationships that exist, one to many , many to many (Kendall & Kendall, 2011) Database security The main idea of a database is to store and share information. The information in the database will therefore be accessed by system network, and database administrator, different types of users- end users ad customers to ensure database security use of different levels of access shall be used (Stephens & Plew, 2001). System building and coding The system coding is done by following the principles of coding which include, having a track, classification of information, appropriately revealing and concealing information, appropriate track is achieved through use of simple sequence coding classification using , classification code. The guideline that helps the system to be properly coded include principle of precision, stability of codes, uniqueness of the codes, sortability of codes, complete avoidance of confusing codes, uniformity of codes, flexibility of codes to allow for future modification (Kendall & Kendall, 2011). Data quality will be ensured by doing appropriate input validation mechanism. All input transactions shall be validated in order to allow only submission of appropriate and required data and from authorized persons, this will also protect against situations where the user asks the system to perform unacceptable operations. All input data will be validated, this will ensure that data input into the system and their transaction are all appropriate. Process of input data validation shall comprise of number of thing, a test for missing data is done, testing to ensure that correct the appropriate ness of correct field lengths, test for other invalid inputs, others include doing a cross-references checking and doing comparison of test data with the stored data. An important mechanism to ensure data accuracy is by implementing self-validation codes also called the check digits. Testing and maintenance The testing process This step involve putting to test all the new system and programs to see how it work before releasing it to the market, the areas tested are interfaces between the system, how correct is the output, how useful and level of understanding of the systems documentation. The involved category of users include system analysts, programmers, systems operators and ordinary users The various kind of test will includes doing program test using test data and linking the test data with data to be tested. Another set of testing will include full system testing and linking with test data (Kendall & Kendall, 2011). Implementation of the new system The system will be implemented through client server-technology, (Kendall & Kendall, 2011) User training User training shall done after coming up with training objectives, deciding on relevant and best methods of training using the desired training site and finally using materials that are easily understood(Kendall & Kendall, 2011). Methods of System change over employed There are various ways of changing from the old system to the new system. The methods to be used include, direct system change over, parallel system change over gradual and phased system change over. Any of the above can be used depending on the organization readiness of the staff and complexity of the business environment (Kendall & Kendall, 2011). Direct change In direct system change over the old systems is stopped and the new system implemented on a given day. For this kind of change over, planning is necessary and a lot of pretesting is required in order to make it a success. The advantage is that there are no delays in system implementation (Kendall & Kendall, 2011). Parallel change over, Here the two systems, old and new system will be allowed to run in parallel, all the same time, as the new systems is understood and the result is satisfactory then the old system is stopped and the new one takes over (Kendall & Kendall, 2011). Phased or gradual system change over Here the two systems run together but the size of activity assigned to the new systems keeps on increasing slowly overtime as the activities of the old system are reduced. It offers users of the system time to understand and get used to the new system (Kendall & Kendall, 2011). Modular conversion strategy In this method, conversion utilizes the inbuilt system operational subsystem to initiate change to the new system from the olds one gradually. Here every module that is implemented at a time is tested and user response is gathered (Kendall & Kendall, 2011). System documentation Kendall & Kendall (2011) argue that proper system documentation is required as per the total quality assurance. This will allow users, both programmers and ordinary users as well as analyst to have a look at the system without coming in contact or handling the real system. Procedure manuals shall be documented using the best documentation techniques such as FOLKLORE; the procedures involved include interviewing users, examining relevant documented files and using system observation. Project Schedule Gantt chart Activity/ month 1 2 3 4 5 6 7 8 Project initiation Creating of a project brief or summary create business proposal create business case scenario presentation for approval to the body in charge phase complete( milestone) Project planning define high level requirements identify and secure key project resources baseline initial resource and project plan perform risk management create project repository establish project status report create issues/ decision log create change request log develop and execute communication plan phase complete( milestone) System analysis develop business requirements finalize procumbent need Establish of a relevant traceability matrix determine regulatory compliance approach capture and evaluate current flows against requirements Doing business flows Doing technical flows reconcile high level requirements develop high level business system design benefits realization review project funding phase complete (milestone) system design develop detailed and technical system design Doing a business system design technical system design finalize resource / operational impact create a best test strategy redesign business and technical process flows develop a suitable training plan develop project contingency plan Revising the project plan benefits realization review phase complete (milestone) System coding Developed a coding solution Coding the system appropriately Configuration of non-production environment execute user data conversion and system configuration plan Develop various unit testing plans Executing the unit testing develop system and performance testing plan develop training context Doing a benefits realization review phase complete (milestones) System testing ad debugging create remedy request to move to production execute system and performance test plans and report results execute system and performance test plans and report results execute integration test plan and report results develop implementation plan conduct training review operational readiness Systems implementation and transition Subjecting the solution into production environment Executing the implementation plans Monitoring customer and business out comes Doing post implementation, training maintenance Conducting a post implementation review Doing live monitoring of the system System project closure Performing an audit review of benefits and finances phase complete (implementation) phase complete (milestones) a complete and productive working system Risk Assessment Risks Willcocks and Margetts ( n.d.) defines risk as a results of the system when it ; fails produce the anticipated results, has longer and costly implementation process, performs below the technical specification, backward, forward, hardware and software incompatibility. Đurković & Raković, (2009) simply defines risk as an event which existing presently or might emerge in future affect or will affect the project negatively. No single information system exists without risks (Willcocks and Margetts n.d.). Risks are generally grouped into three, risks well know, risks that causes unknown effects, and finally unknown risks. Types of risk that affect the system Shortage of staff both technical and skilled, change of requirements frequently, uncertainty in terms of list of requirements, team members withdrawal from the project, and unrealistic kind of schedules and threats (Đurković & Raković, 2009). Threats are of various types, there are natural threats which are caused by nature such as floods, there exist human caused threats, intentionally caused or unintentionally caused they include attacks, unauthorised access environmental threats caused water damages, chemicals and pollution (SANS, n.d.). Willcocks and Margetts (n.d.) identifies risk that are exposed to information as, organisational caused risk, this relates to preparedness of the personnel in the organisation in terms of relevant skill and knowledge, another kind of risk has to do with infrastructure, this are issues of how well the infrastructure is, uncertainty of technicality and the risk of the organisation not implementing the project. How to avoid risk Performing necessary and intensive staff training through different training programs concerning the system, ensuring that there are guideline stipulating the end dates for requirements proposed by the clients, having a clear procedures to be used in case there are necessary changes needed to be made , organising teams into manageable groups, having a schedule of any changes proposed by the clients, clearly identifying the tasks that can run in parallel, and those fields that should be automated need to be automated (Đurković & Raković, 2009). Identify vulnerability using vulnerabilities scanners, these scanners are used in operating system examination, network or subjecting it to the source code of the application to identify flaws. Vulnerabilities can be examined too by using penetration kind of testing and finally using operating and management controls audits (SANS, n.d.). Having a regular system database back up mechanisms, back up should be done using the following ways, having a separate backup system within the same server room, doing internal back up within the system and finally having a separated remote data base server that will use mirroring technology. Ensuring strict system access, using password with 30 days aging implementation, the password should be complex alphanumeric with a minimum of 10 inclusive of ordinary and special character encrypted using 2048-bit RSA military grade encryption mechanisms, implementing secure online protection mechanisms to protect online shopping , this will use SSL technology. Regularly changing of administrators passwords, detecting inactive or old user accounts, constantly doing auditing of database (Stephens & Plew, 2001) Risk assessment Risk assessment is done for the purposes of identifying the risk, analysing the risk, and finally prioritizing the risk (Đurković & Raković, 2009). Risk identification This involves the process examining the whole system aiming at identifying situations or events that are likely to influence the system negatively (Đurković & Raković, 2009). Risk prioritisation Even after identifying a risk in a system, it is management cannot begin immediately since risk management involves resources which are scarce in some point. This calls for risk prioritization to determine the risk of the risk as priorities are first given to bigger risks first risk of risk is influenced by the ease of identification of the risks and the consequences it causes (Đurković & Raković, 2009). Risk control This comes after performing risk identification and risk prioritization (Đurković & Raković, 2009). Risk management planning performing analysis and prioritization will provide clear understanding of what risk should be managed first. Planning involves identifying the right action to take to mitigate the risk, (Đurković & Raković, 2009). Risk are managed in order to preserve the organisation values, mission and goals, therefore risk management is not a technical issue rather it is a management issue, risk is assessed by looking at vulnerabilities and threats identification. Measures to cope with security threats Mitigation measures The most used method that involve, fixing flaws. The system will be installed with a patch which will aide in fixing flaws in the system (SANS, n.d.). Acceptance This is the notion of allowing system to run under known risks; however the risks should be low. For this kind of mitigation to work without raising issues in the organisation the management have to be aware of existence of such risk and that they are allowed. Avoidance Here the systems with high risks exposure is not allowed to run. The risks are removed by making the systems risks known through communicating it to the right persons in the organisation (SANS, n.d.). Use of risk management strategies Employing risk management and risk assessment and management methodologies such as FRAP, COBRA and Risk Watch (SANS, n.d.). Specifically the NIST which split risk assessment into nine major steps, characterizing the system, doing threat and vulnerability identification, doing control analysis, checking the likelihood of emergence of risks, performing an impact analysis, demining the possibility of risks and finally issuing some recommendation regarding control measures needed to be implemented (SANS, n.d.). Conclusion Analysis and design of information management systems is a problem solving ways in which the systems analysis identifies the various ways of solving problem in an organisation. For the success of the system development there should be proper communication between the system developer and the stake holder involved. When analysing a system the important aspects of system development, information gathering, analysis using data flow diagrams, database modelling, testing and implementation should not only be included in system development but communicated well to the stakeholders in order to develop a system that is not only understood by the developer but the whole world of users who will interact with it. References DJurkovi'c, O., & Rakovi'c, L. (2009). Risks in Information Systems Development Projects. Management, 4(1), 013--019. Kendall, K., & Kendall, J. (2011). Systems analysis and design (1st ed.). Upper Saddle River, N.J.: Pearson Prentice Hall. Land, R., & Wallin, C. (n.d.). Software Development Lifecycle Models The Basic Types (1st ed.). Retrieved from http://www.idt.mdh.se/kurser/ISD_cdt417/files/articles/paper5.pdf Marketresearch.com, S. (2014). Saudi Arabia Autos Report Q4 2012 | Market Research. Marketresearch.com. Retrieved 30 April 2014, from http://www.marketresearch.com/Business-Monitor-International-v304/Saudi-Arabia-Autos-Q4-7179509/ SANS, I. (n.d.). An Introduction to Information System Risk Management (1st ed.). Retrieved from https://www.sans.org/reading-room/whitepapers/auditing/introduction-information-system-risk-management-1204 Stephens, R., & Plew, R. (2001). Database design (1st ed.). Indianapolis, Ind.: Sams. Willcocks, L., & Margetts, H. (n.d.). Risk assessment and information system (1st ed.). Retrieved from http://sdaw.info/asp/aspecis/19930042.pdf Read More