440 likes | 454 Views
CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM. Phase Description. Systems Operation, Support, and Security is the final phase in the systems development life cycle
E N D
Phase Description • Systems Operation, Support, and Security is the final phase in the systems development life cycle • You will support and maintain the system, handle security issues, protect the integrity of the system and its data, and be alert to any signs of obsolescence • The deliverable for this phase is an operational system that is properly maintained, supported, and secured
Chapter Objectives • Explain the systems support and security phase • Describe user support activities, including user training and help desks • Define the four types of maintenance • Explain various techniques for managing systems maintenance and support • Describe techniques for measuring, managing, and planning system performance • Explain risk management concepts • Assess system security at six levels: physical security, network security, application security, file security, user security, and procedural security
Chapter Objectives • Describe backup and disaster recovery • List factors indicating that a system has reached the end of its useful life • Assess future challenges and opportunities for IT professionals • Develop a strategic plan for career advancement and strong IT credentials
Introduction • Managing systems support and security involves three main concerns: user expectations, system performance, and security requirements • Successful, robust systems often need the most support • In most organizations, more than half of all IT department effort goes into supporting existing systems
Overview • The systems operation, support, and security phase begins when a system becomes operational and continues until the system reaches the end of its useful life • After delivering the system, the IT team focuses on support and maintenance tasks
User Support User Training • Additionally, new employees must be trained on the company’s information systems • User training package • Training users about system changes is similar to initial training • Objective is to show users how the system can help them perform their jobs
User Support • Help Desks • Helpdesk is a centralized resource staff by IT professionals who provides users with he support they need to do their jobs • Enhance productivity and improve utilization of a company’s information resources • The help desk is a central contact point for all IT maintenance activities • Can utilize many types of automated support
Maintenance Tasks • Four classification of maintenance activities: • Corrective Maintenance • Diagnoses and corrects errors in an operational system • Respond to errors in various ways, depending on nature • Worst-case situation is a system failure • When the system is operational again, the maintenance team determines the cause, analyzes the problem, and designs a permanent solution
Maintenance Tasks • Adaptive Maintenance • Adds enhancements to an operational system and makes the system easier to use • The procedure for minor adaptive maintenance is similar to routine corrective maintenance • Can be more difficult than new systems development because the enhancements must work within the constraints of an existing system
Maintenance Tasks • Perfective Maintenance • Involves changing an operational system to make it more efficient, reliable and maintainable • Cost-effective during the middle of the system’s operational life • Programs that need a large number of maintenance changes usually are good candidates for reengineering • The more a program changes, the more likely it is to become inefficient and difficult to maintain
Maintenance Tasks • Preventive Maintenance • Requires analysis of areas where trouble is likely to occur • IT department normally initiates preventive maintenance • Often results in increased user satisfaction, decreased downtime, and reduced TCO • Sometimes does not receive the high priority that it deserves
Maintenance Management • The Maintenance Team • System administrator • Systems analysts • Programmers • Organizational issues
Maintenance Management • Maintenance Requests • Involve a series of steps • All work must be covered by a specific request • Initial determination • The systems review committee • Task completion • User notification
Maintenance Management • Establishing Priorities • In many companies, systems review committee separates maintenance requests from new systems development requests • Some IT managers believe that evaluating all projects together leads to the best possible decisions • Object is to have a procedure that balances new development and necessary maintenance work
Maintenance Management • Configuration Management • Configuration management (CM) /change control (CC) is a process for controlling changes in the system requirements during software development • As enterprise-wide information systems grow more complex, configuration management becomes critical • Also helps to organize and handle documentation
Maintenance Management • Maintenance Releases • Each change is documented and installed as new version of the system • A numbering pattern distinguishes the different releases • Reduces the documentation burden • Service packs-software maintenance release • Version Control • Process of tracking system release or versions • When new version of system is installed, the prior release is Archived • Essential part of system documentation
Maintenance Management • Baselines • Is a formal reference point that measures system characteristics at a specific time • Systems analysts use baselines as yardsticks to document features and performance during the systems development process • Functional baseline-is the configuration of the system documented at the beginning of the project • Allocated baseline-documents the system at the end of the design phase and identifies any changes sine the functional baseline • Product baseline-describes the system at the beginning of system operation.
System Performance Management • Fault Management • Detect and resolve operational problems as quickly as possible • The more complex the system, the more difficult it can be to analyze symptoms and isolate a cause • The best strategy is to prevent problems by monitoring system performance and workload
System Performance Management • Performance and Workload Measurement • Benchmark testing-uses a set of standard tests to evaluate system performance and capacity • Metrics –can monitor the number of transactions processed in a given time period, the number of record accessed and the volume of online data • Network performance metrics: • Response time • Is the overall time between a request for system activity and the delivery of the response • Bandwidth and throughput • Bandwidth describes the amount of data that the system can transfer in a fixed time period • Kbps (kilobits per second) • Mbps (megabits per second) • Gbps (gigabits per second) • Throughput-measures actual system performance under specific circumstances and s affected by network load and hardware efficiency.
System Performance Management • Turnaround time • Measures the time between submitting a request from information and the fulfillment of the request • The IT department often measures response time, bandwidth, throughput, and turnaround time to evaluate system performance both before and after changes to the system or business information requirements • Management uses current performance and workload data as input for the capacity planning process
System Performance Management • Capacity Planning • Process that monitors current activity and performance levels, anticipates future activity and forecast the resources needed to provide desired levels of service. • What-if analysis-allow you to vary one or more elements in a model in order to measure the effect on other elements • Need detailed information • Need an accurate forecast of future business activities • Should develop contingency plans based on input from users and management
System Performance Management • System Maintenance Tools • Many CASE tools include system evaluation and maintenance features • In addition to CASE tools, you also can use spreadsheet and presentation software to calculate trends, perform what-if analyses, and create attractive charts and graphs to display the results
System Security Overview • Security is a vital part of every computer system • Security protect the system and keep it safe free from danger and reliable. • System Security Concepts • CIA triangle-three main element of system security: • Confidentiality • Integrity • Availability • Security policy
System Security Overview • Risk Management • Absolute security is not a realistic goal • Risk identification - exploit • Risk assessment - risk • Risk control • Avoidance, mitigation, transference, acceptance
System Security Overview • Attacker Profiles and Attacks • An attack is a hostile act that targets the system or the company itself. • An attack might be launched by a disgruntled employee, or a hacker who is 10,000 miles away • Attackers break into a system to cause damage, steal information, or gain recognition, among other reasons
Security Levels • Must consider six separate but interrelated levels • Physical Security • First level of security concerns the physical environment • Physical access to a computer represents an entry point into the system and must be controlled and protected • Operations center security • Servers and desktop computers • Notebook computers
Security Levels • Network Security • Network is defined as two or more devices that are connected • Network interface-combination of h/w and s/w that allows the computer to interact with the network • To provide security for network traffic,data can be Encrypted • Encrypting network traffic
Security Levels • Network Security • Wireless networks • WEP • WPA • Private networks • Virtual private networks • tunnel • Ports and services • Port scan • Denial of service • Firewalls • Network intrusion detection
Security Levels • Application Security • Services • Hardening • Application permissions • Input validation • Patches and updates • Software Logs
Security Levels • File Security • encryption • Permissions • Read a file • Write a file • Execute a file • Read a directory • Write a directory • User Groups
Security Levels • User Security • User resistance • Identity management • Password protection • Social engineering • New technologies
Security Levels • Procedural Security • Operational security • Dumpster diving • Paper shredders
Backup and Disaster Recovery • Backup refers to copying data at prescribed intervals or continuously • Recovery involves restoring the data and restating the system after an interruption • Backup Policies • Backup policy contains detailed instructions and procedures. • Should specify: • Backup media • Rotation schedule • Offsiting • Backup Types • Retention periods
Backup and Disaster Recovery • Business Continuity Issues • Test plan • Business continuity plan (BCP) • Hot site • Data replication • Business insurance
System Obsolescence • At some point every system becomes obsolete • Systems operation and support continues until a replacement system is installed • A system become obsolete when it no longer supports user needs or when he platform become outmoded. • Signs : • The system’s maintenance history indicates that adaptive and corrective maintenance are increasingly steady • Operational costs or execution times are increasingly rapidly, and routine perfective maintenance does not reverse or slow the trend. • A software package is available that provides the same or additional services faster, better and less expensively than the current system • New technology offers a way to perform the same or additional functions more efficiently • Maintenance changes or additions are difficult and expensive to perform • User request significant new features to support business requirements
Future Challenges and Opportunities • Strategic planning for IT professionals • Working backwards from your long-term goals, you can develop intermediate mile stones and begin to manage your career just as you would manage an IT project • Planning a career is not unlike planting a tree that takes several years to reach a certain height
Future Challenges and Opportunities • IT Credentials and Certification • Credentials • Certification • In addition to Microsoft, many other IT industry leaders offer certification, including Cisco, Novell, Oracle, and Sun Microsystems • Critical thinking skills
Chapter Summary • Systems support and security covers the entire period from the implementation of an information system until the system no longer is used • A systems analyst’s primary involvement with an operational system is to manage and solve user support requests • Systems analysts need the same talents and abilities for maintenance work as they use when developing a new system • Security is a vital part of every computer system
Chapter Summary • All information systems eventually become obsolete • An IT professional should have a strategic career plan that includes long-term goals and intermediate milestones • An important element of a personal strategic plan is the acquisition of IT credentials and certifications that document specific knowledge and skills
Review Questions • Describe four classification of maintenance and provide an example of each type. • What is configuration management and why is it important? • What is release methodology? • What is purpose of version control? • Explain three main elements of system security. • What are the six security level? • List six indications that an information system is approaching obsolesces.