INS 204.

2 – System Analysis and Design

Course content
Introduction to System Analysis, structured and object-oriented analysis and design,
structured and object-oriented tools, the systems life cycle. Organizational structure. Systems
investigation. Feasibility studies. Determination and evaluation of alternatives designs of
input and output. Documentation. Choice of system characteristics (hardware and software).
Testing, conversion. Parallel runs. Evaluation of systems performance. Structured approach to
analysis and design of information systems for businesses. Software development life cycle.
Structured top-down and bottom-up design. Dataflow diagramming. Entity modelling.
Computer aided software engineering. Input and output, prototyping design and validation.
File and database design. Design of user interfaces. Comparison of structured and object-
oriented designs.

WEEK 1: Introduction to System Analysis and Design

 Definition and importance of System Analysis and Design (SAD)
 Role of SAD in Cyber Security and IT Projects
 Overview of Information Systems
 Introduction to Structured and Object-Oriented Analysis and Design
 The System Analyst – roles and skills
 Components of a system: Input, Processing, Output, Feedback, Environment,
Boundaries

System Analysis and Design (SAD) refers to the process of studying existing systems and
designing new systems that can operate more efficiently and effectively. In the context of
information systems, it involves examining a business situation with the intent of improving
it through better procedures and technology. System analysis identifies the needs and
challenges within a system, while system design outlines solutions to meet those needs.
The importance of SAD in Cyber Security and IT projects cannot be overstated. It enables
organizations to build secure, functional, and user-oriented systems. For cybersecurity
professionals, understanding SAD ensures that systems are designed with adequate security
controls, minimizing risks and vulnerabilities. Additionally, it promotes efficiency, improves
communication between stakeholders, and results in systems that meet both user and business
requirements.
An information system is a set of components that collect, process, store, and distribute
information to support decision making, coordination, control, analysis, and visualization.
Common types of information systems include Transaction Processing Systems (TPS),
Management Information Systems (MIS), Decision Support Systems (DSS), and Expert
Systems. Each plays a role in enhancing business operations and service delivery.
There are two major approaches to system analysis and design: the structured approach and
the object-oriented approach. The structured approach is process-driven, focusing on the
procedures and sequence of actions to process data. It typically uses tools like flowcharts and
data flow diagrams. On the other hand, the object-oriented approach is based on real-world
modeling, where the system is viewed as a collection of interacting objects. This approach
employs tools such as Unified Modeling Language (UML) diagrams.
The system analyst plays a crucial role in the SAD process. A system analyst is responsible
for analyzing and designing systems that align with organizational goals. They must possess a
mix of technical, analytical, communication, and problem-solving skills. They act as a bridge
between the technical team and the business stakeholders, ensuring that the final system
meets user expectations.
Every system comprises essential components that work together to achieve a purpose. These
include input (data entered into the system), processing (manipulating data to produce
meaningful results), output (information generated by the system), feedback (data about
system performance), environment (the external conditions affecting the system), and
boundaries (what is and is not part of the system). Understanding these components is
fundamental for analyzing and designing effective systems.

Here is a properly formatted bibliography for the Week 1 lecture note on System Analysis
and Design. It includes both foundational texts and relevant academic sources:

Bibliography
1. Dennis, A., Wixom, B. H., & Roth, R. M. (2015). Systems Analysis and Design (6th
ed.). Hoboken, NJ: John Wiley & Sons.
2. Shelly, G. B., & Rosenblatt, H. J. (2012). Systems Analysis and Design (9th ed.).
Boston, MA: Cengage Learning.
3. Kendall, K. E., & Kendall, J. E. (2011). Systems Analysis and Design (8th ed.). Upper
Saddle River, NJ: Prentice Hall.
4. Singh, R. K. (2018). System Analysis and Design. New Delhi: Vikas Publishing
House.
5. Hoffer, J. A., George, J. F., & Valacich, J. S. (2014). Modern Systems Analysis and
Design (7th ed.). Boston, MA: Pearson.
6. Sommerville, I. (2011). Software Engineering (9th ed.). Boston, MA: Addison-
Wesley.
7. Laudon, K. C., & Laudon, J. P. (2020). Management Information Systems: Managing
the Digital Firm (16th ed.). Pearson Education.
WEEK 2: System Development Life Cycle (SDLC)
 System Development Life Cycle (SDLC)
 Phases of the SDLC: Planning, Analysis, Design, Implementation, Maintenance
 Structured approach vs Object-Oriented approach
 Top-down and bottom-up design
 Comparison of SDLC models: Waterfall, Spiral, Agile
 Overview of Software Development Life Cycle (SDLC) in business and
cybersecurity

Introduction
The System Development Life Cycle (SDLC) is a structured process used for developing
information systems. It provides a framework that ensures system development is systematic,
well-organized, and meets user requirements. In cybersecurity, understanding SDLC is
essential because it helps professionals anticipate, mitigate, and respond to threats at every
phase of development.

Phases of the SDLC

The SDLC consists of five major phases. Each plays a critical role in the development of
secure and reliable systems.
1. Planning
This is the initial phase of the SDLC. It involves determining the scope, objectives, and
feasibility of the proposed system. Key activities include:
 Identifying business needs.
 Conducting feasibility studies (technical, economic, operational).
 Estimating cost and time.
 Defining system goals and project scheduling.
Cybersecurity concern: Early identification of potential threats and vulnerabilities is essential.
Security planning begins here.
2. Analysis
In this phase, the current system is studied in detail to gather requirements for the new
system. Activities include:
 Requirements gathering through interviews, questionnaires, and observations.
 Defining functional and non-functional requirements.
 Creating data flow diagrams and entity-relationship models.
Cybersecurity concern: Analysts identify security requirements, such as access controls,
authentication mechanisms, and data privacy needs.
3. Design
The system’s architecture is created based on requirements identified in the analysis phase.
The design phase includes:
 Logical design (data structures, database schema).
 Physical design (hardware, software specifications).
 Interface design (user interface, system interface).
 Security design (encryption methods, firewall placement).
Cybersecurity concern: Security must be integrated into the design of databases, interfaces,
and data transmission protocols.
4. Implementation
This phase involves the actual coding, testing, and installation of the system. It includes:
 Programming and software integration.
 Unit, integration, and system testing.
 User training and documentation.
Cybersecurity concern: Secure coding practices, code review, and testing for vulnerabilities
like SQL injection or buffer overflow are emphasized.
5. Maintenance
Once deployed, the system must be maintained. Maintenance includes:
 Fixing bugs not discovered during earlier testing.
 Updating software for performance or legal compliance.
 Enhancing system capabilities.
Cybersecurity concern: This phase involves regular patching, updates, monitoring, and
handling of new threats or incidents.

Structured Approach vs. Object-Oriented Approach

Structured Approach
 Based on procedural programming and focuses on processes and functions.
 Uses tools like data flow diagrams (DFDs) and flowcharts.
 Emphasizes step-by-step decomposition of tasks.
Advantages:
  Easy to understand and implement for small projects.
 Clear and linear workflow.
Limitations:
 Difficult to manage large systems.
 Low reusability of code.
Object-Oriented Approach
 Centers around real-world entities (objects) and classes.
 Promotes encapsulation, inheritance, and polymorphism.
 Uses Unified Modeling Language (UML) for design.
Advantages:
 Better code reusability and scalability.
 Easier maintenance and modification.
 Closer alignment with real-world problem-solving.
Limitations:
 Requires understanding of object-oriented concepts.
 More complex in initial learning phase.
Cybersecurity Note: Object-oriented design supports modular development, which makes it
easier to secure specific components or modules of a system.

Top-down and Bottom-up Design

Top-Down Design
 Begins with the system as a whole, then breaks it into smaller sub-components.
 Focuses on high-level design before diving into details.
Advantages:
 Good for complex projects.
 Easier to align with business goals.
Disadvantages:
 May overlook low-level issues early in development.
Bottom-Up Design
 Starts from building small modules or components first.
 Components are then integrated into larger systems.
Advantages:
 Reusable components.
 Early testing and development of parts.
Disadvantages:
 May be difficult to integrate into the full system if initial design was not holistic.

Comparison of SDLC Models

Cybersecurity Implication: Agile models require continuous security integration

(DevSecOps), while Waterfall assumes security is addressed after development, which may
introduce vulnerabilities.

Overview of SDLC in Business and Cybersecurity

In business environments, the SDLC is used to ensure that systems align with organizational
goals and deliver value efficiently. It allows for budgeting, scheduling, resource allocation,
and risk management.
In cybersecurity, integrating security practices throughout the SDLC ensures that systems
are designed and built with security in mind rather than as an afterthought. This includes:
 Security requirement identification during planning and analysis.
 Threat modeling and secure design patterns in the design phase.
 Secure coding standards during implementation.
  Regular testing using penetration tests and vulnerability scans.
 Continuous monitoring and patch management in maintenance.
Secure SDLC (SSDLC) is an enhanced approach that embeds security checks in every stage
of development. It reduces risk, ensures compliance with regulations (like GDPR or Nigeria’s
NDPR), and protects sensitive data.

Conclusion
The System Development Life Cycle provides a disciplined approach to system development,
ensuring quality, security, and alignment with user needs. For cybersecurity professionals,
understanding the SDLC is fundamental to building secure systems and effectively managing
risks at each stage of development.

8. Dennis, A., Wixom, B. H., & Roth, R. M. (2015). Systems analysis and design (6th
ed.). Wiley.
9. Hoffer, J. A., George, J. F., & Valacich, J. S. (2016). Modern systems analysis and
design (8th ed.). Pearson.
10. Bennett, S., McRobb, S., & Farmer, R. (2010). Object-oriented systems analysis and
design using UML (4th ed.). McGraw-Hill Education.
11. Sommerville, I. (2011). Software engineering (9th ed.). Addison-Wesley.
12. Chappell, D. (2008). Introducing the Secure Software Development Lifecycle.
Microsoft Corporation.

WEEK 3: Systems Investigation and Feasibility Studies

 Identifying system needs and problems
 Fact-finding techniques: Interviews, questionnaires, observation, document
review
 Feasibility analysis: Technical, Economic, Operational, Legal, and Schedule
(TELOS)
 Writing and evaluating feasibility study reports

Introduction to Feasibility Studies

What is a Feasibility Study?
A feasibility study is a preliminary analysis conducted to determine whether a proposed
system or project is viable and worth pursuing. It helps decision-makers understand if the
solution:
  Can be implemented successfully (technical and operational viability),
 Should be implemented (economic benefits),
 Can be completed on time and within legal constraints.
It is typically conducted after identifying a system problem or opportunity and before
starting the system design phase.

Objectives of a Feasibility Study

 To assess whether the proposed solution meets business needs.
 To identify possible risks and limitations.
 To estimate costs, resources, and timelines.
 To recommend whether to proceed, modify, or abandon the project.
Key Question: “Should we proceed with this project?”

Identifying System Needs and Problems

Before a feasibility study can be useful, the analyst must understand what problem or
opportunity the organization is facing.
Examples of Needs and Problems:
 Cybersecurity Department experiencing slow incident response → Need for
automated alert system.
 University Portal has frequent downtimes → Need for better server infrastructure.
 Manual clearance processes → Need for digitized workflow.

Fact-Finding Techniques
System analysts use several techniques to collect data from users and systems.
2.1 Interviews
 One-on-one discussions with users, managers, and IT staff.
 Provide deep insights into the current system and user needs.
Example: Interviewing a cybersecurity officer to understand current incident tracking
limitations.

2.2 Questionnaires
 Distributed to a large number of users.
  Use when time is limited or when gathering standard opinions.
Useful in surveying students about online clearance difficulties.

Observation
 Watching how tasks are actually performed.
 Helps identify inefficiencies that users may not mention.
E.g., observing how physical logbooks are filled during access control.

Document Review
 Analyzing existing records: forms, logs, policies, flowcharts.
 Helps validate existing processes and legal obligations.

Feasibility Analysis – TELOS Model

Feasibility is assessed using TELOS, which stands for:

Feasibility
Questions Answered
Type

Technical Do we have the technology and skills?

Economic Is the project cost-effective?

Legal Are we compliant with laws and policies?

Operational Will users adopt the system?

Schedule Can it be done in the required time?

TELOS Example – Digital Attendance System

Criteria Evaluation

Technical Yes – Existing servers and biometric devices are available.

Economic Yes – Budget secured from grants.

Legal Yes – Privacy policy complies with NDPR.

Operational Yes – Staff trained and supportive.

Schedule Yes – Project can be completed in 3 months.

Diagram – TELOS Wheel
[Technical]
|
[Legal] — [Feasibility] — [Economic]
|
[Operational]
|
[Schedule]

Writing and Evaluating Feasibility Study Reports

Components of a Feasibility Report
1. Title Page
2. Executive Summary – Brief of the report’s purpose and recommendations.
3. Introduction – Overview of the problem or opportunity.
4. Problem Statement
5. Proposed Solution Objectives
6. Fact-Finding Summary
7. TELOS Feasibility Analysis
8. Recommendations
9. Conclusion

Report Evaluation Criteria

 Does the report address all TELOS aspects?
 Are the recommendations backed by data?
 Are risks and mitigation strategies identified?
 Is the conclusion logical and justified?

Case Study: Cybersecurity Audit Tool Proposal

Problem: Manual audit logs in the cybersecurity unit are vulnerable to manipulation.
Proposal: Implement a digital audit tool with encryption and automatic timestamps.

TELOS Factor Evaluation

Technical Software exists, staff have basic training.

Economic Medium cost but justified by reduced data loss.

Legal Fully compliant with NDPR and internal policies.

Operational Staff require brief training; feedback is positive.

Schedule Can be deployed in 8 weeks.

Conclusion: System is feasible and recommended for implementation.

Summary
 A feasibility study is the first critical step before system development.
 It saves time, money, and effort by preventing failure-prone projects.
 TELOS helps analyze all major areas of concern.
 Good fact-finding is essential for accurate feasibility reporting.


Classroom Activity
Group Task:
Divide into 3 groups and conduct a mini feasibility study on one of the following:
 A digital library management system
 A biometric access control for hostels
 An online student complaint portal
Each group should:
 Identify system problems
 Use at least two fact-finding techniques
 Conduct a basic TELOS analysis
 Present findings in a 5-pages powerpoint

Suggested Reading
1. Kendall, K. E. & Kendall, J. E. (2011). Systems Analysis and Design (8th ed.).
Pearson.
2. Satzinger, J. W., et al. (2016). Systems Analysis and Design in a Changing World.
Cengage.
3. Whitten, J. L., et al. (2004). Systems Analysis and Design Methods. McGraw-Hill.