chapter 11

Systems Analysis & Design

7th Edition

Systems Analysis & Design

7th Edition

Chapter 11

22

Phase Description

Systems Operation, Support, and Security is the final phase in the systems development life cycle (SDLC)

You will be supporting a functioning information system

You continuously will access and improve the system, and you will be alert to any signs of obsolescence

You will also address multi-level security issues

33

Chapter Objectives

Explain how the systems operation, support, and security phase relates to the overall system development process

Describe user support activities, including user training and help desks

Discuss the four main types of system maintenance

44

Chapter Objectives

Explain various techniques for managing systems operation and support

Describe techniques for measuring, managing, and planning system performance

Assess system security at five levels: physical security, network security, application security, file security, and user security

55

Chapter Objectives

Describe backup and disaster recovery policies and methods

List factors indicating that a system has reached the end of its useful life

Assess future challenges for IT professionals as technology reshapes the workplace

66

Introduction

Now that the system is operational, the IT staff members must assure that it meets user expectations, supports business objectives, and is secure

More than half of all IT department effort goes into supporting existing systems and making them more valuable to users

77

Overview of Systems Support and Maintenance

The systems operation, support, and security begins when a system becomes operational and continues until the system reaches the end of its useful life

After delivering the system, the analyst has two other important tasks: he or she must support users and provide necessary maintenance to keep the system operating properly

88

User Support Activities

User Training– Additionally, new

employees must be trained on the company’s information systems

– Training users about system changes is similar to initial training

99


Help Desk

– Often called an information center (IC)

– Enhance productivity and improve utilization of a company’s information resources

1010


Help Desk– Might have to perform the following tasks:

• Show a user how to create a data query or report that displays specific business information

• Resolve network access or password problems• Demonstrate an advanced feature of a system or

a commercial package• Help a user recover damaged data

1111


Online Chat Support

– Interactive support also can be delivered in the form of an online chat

– Blackboard provides a chat room called a Virtual Classroom, which is an online meeting-place where students can ask questions and interact with an instructor

1212

Maintenance Activities

The systems operation, support and security phase is an important component of TCO (total cost of ownership) because ongoing maintenance expenses can determine the economic life of a system

Operational costs Maintenance expenses Maintenance activities

1313


1414


Four types of maintenance task can be identified

– Corrective maintenance • fixing errors

– Adaptive maintenance• adding new enhancement

– Perfective maintenance• improving efficiency

– Preventative maintenance• preventing failures

1515


Four types of maintenance task can be identified

1616

Managing Systems Support

Maintenance Team– System administrator– Systems analysts

• Analysis• Synthesis

1717


Maintenance Team– Programmers

• Applications programmer• Systems programmer• Database programmer• Programmer/analyst

1818


Managing Maintenance Requests

– Involves a number of steps

• Maintenance request

• Initial determination

• Role of the systems review committee

• Completion of the work

• User notification

1919


Establishing Priorities

– In many companies, systems review committee separates maintenance requests from new systems development requests

– Many IT managers believe that evaluating all projects together leads to the best possible decisions

– Neither approach guarantees an ideal allocation between maintenance and new systems development

2020


Configuration Management

– Configuration management (CM) is a process for controlling changes in system requirements during SDLC development phases

– As enterprise-wide information systems grow more complex, configuration management becomes critical

– Many vendors offer configuration management software and technique.

2121


Maintenance Releases

– Maintenance release methodology

– A numbering pattern distinguishes the different released

– Reduces the documentation burden

– But new features or upgrades are available less often

– Service packs is maintenance release provided by commercial software suppliers.

2222


Version Control

– Archived

– Systems librarian

– Companies can purchase software such as Serena

2323


Baseline

– Baseline is a formal reference point that measures system characteristics at a specific time.

– Systems analysts use baselines as yardsticks to document features and performance during the systems development process

• Functional baseline is the configuration of the system documented at the beginning of the project. It consist of all the necessary system requirement and constrains.

2424


Baseline• Allocated baseline documents the system at the

end of the design phase and identifies any changes since the functional base line. It includes testing and verification of all system requirements and features.

• Product baseline describes the system at the beginning of the system operation. It includes the result of the performance and acceptance tests for the operational system.

2525

Managing System Performance

Performance and Workload Measurement

– Metrics such as number of lines printed, number of records accessed and number of transactions processed in a given period of time. The following is the metrics used for network base system.

– Response time

– Bandwidth and throughput• Kbps (kilobits per second)• Mbps (megabits per second)• Gbps (gigabits per second)

2626


Performance and Workload Measurement– Turnaround time

• The IT department often measures response time, bandwidth, throughput, and turnaround time to evaluate system performance both before and after changes to the system or business information requirements

• Management uses current performance and workload data as input for the capacity planning process

2727


Capacity Planning

– What-if analysis

– You need detailed information about the number of transactions; the daily, weekly, or monthly transaction patterns; the number of queries; and the number, type, and size of all generated reports

2828


System Maintenance Tools

– Many CASE tools include system evaluation and maintenance features

– In addition to CASE tools, you also can use spreadsheet and presentation software to calculate trends, perform what-if analyses, and create attractive charts and graphs to display the results

2929

System Security

Physical Security

– First level of security concerns the physical environment

– Computer room– Computer room security

• Biometric scanning systems• Motion sensor

3030

System Security

Physical Security– Servers and desktop computers

• Keystroke logger• Record everything that is been typed

• Tamper-evident cases• Show attempt to open or unlock a case

• BIOS-level password• Monitor screensaver password also called:

• Boot-level password• Power-on password

3131

System Security

Physical Security

– Notebook computers• Select an operating system that allows secure

logons and BIOS-level passwords

• Mark or engrave the computer’s case

• Consider notebook models that have a built-in fingerprint reader

• Universal Security Slot (USS) that can fasten to cable luck or alarm

• Back up all vital data

3232

System Security

Physical Security

– Notebook computers• Use tracking software

• While traveling, try to be alert to potential high-risk situations

• Establish stringent password protection policies that require minimum length and complexity.

3333

System Security

Network Security

– In order to connect to network , a computer must have Network interface which is a combination of hardware and software.

– Data can be protected be Encrypted to provide security.

– Encrypting network traffic• Unencrypted – plain text

• Public key encryption (PKE) a common encryption method

3434

System Security

Network Security

– Encrypting network traffic• Public key

• Private key

• Wi-Fi Protected Access (WPA) is a method for securing wireless network that is been replaced by Wired Equivalent Privacy (WEP) uses a special pre shared key between clients

• WPA2 is more secured method for protecting wireless network.

3535

System Security

Network Security

– Private networks• Network should not be

connected to outside

– Virtual private networks• By entering a secure Key

the tunnel of communication can be established between client and the access point of local interanet

3636

System Security

Network Security

– Ports and services• Port is a positive integer that is used for routing

incoming traffic to correct computer. All traffic received by a computer has a Destination port

• A Service is an application that monitors a particular port and it plays important role in computer security.

3737

System Security

Network Security• Service can be affected by port scan and denial

of service.• Port scans attempt to detect service that is running

on the computer. It can be used find the possible weakness of the network by finding the map of network

• Denial of service (DOS) happened when attacking computer makes repeated request to a service or services running on certain ports so that the computer can not answer to legitimate request

3838

System Security

Network Security

– Firewalls• Firewalls can be configured to detect and

respond to DOS attacks, port scans, and other suspicious activity

3939

System Security

Application Security– Combination of the services running on computer

is important • In some cases this combination causes variability called

Security hole• Administrator – super-user can only have special Access to the services

– Input validation can also reduces potential problem– Patches and updates

• Patches• Third-party software• Automatic update service

4040

System Security

Application Security– Patches and updates

• Patches are software module to repair the security holes.

• Patches that are released by Third-party software vendors usually are safe

• Many software vendors offer an automatic update service that enables an application to contact vendor for appropriate patches. And it can be downloaded automatically.

4141

System Security

File Security

– File security is based on establishing a set of permissions, the right the user has to a particular file or directory.

– System administrator can also create user group, add specific users and assign permission to the group.

4242

System Security

User Security

– Privilege escalation attack is an naturalized attempt to increase permission levels.

– Identity management is the controls and procedures necessary to identify legitimate user and system component.

– Identity management is the top priority of the IT managers.

4343

System Security

User Security

– Password protection issues.• IT managers should require passwords that have

minimum length and require a combination of case sensitive letters and numbers.

– Even if users are protected with password intruder might attempt to gain unauthorized access to system using Social engineering.

4444

Backup and Disaster Recovery

Backup Options

– Backup policy

– Backup media• Rotation schedule

• Offsiting

4545


Backup Options

– Schedules• Full backup

• Incremental backup

– Retention periods• Back ups are stored

for a specific period

called Retention

periods

4646


Disaster Recovery Issues

– Hot site

– Any transaction should automatically propagate to the hot site this is known as Data replication

– Companies that require a hot site view it as a justifiable and necessary business expense, whether or not it ever is needed

4747

System Obsolescence

Even with solid support, at some point every system becomes obsolete

Signs:1. The system’s maintenance history indicates

that adaptive and corrective maintenance is increasing steadily

2. Operational costs or execution times are increasing rapidly, and routine perfective maintenance does not reverse or slow the trend

4848

System Obsolescence

Signs:3. A software package is available that

provides the same or additional services faster, better, and less expensively than the current system

4. New technology offers a way to perform the same or additional functions more efficiently

5. Maintenance changes or additions are difficult and expensive to perform

4949

System Obsolescence

Signs:6. Users request

significant new features to support business requirements

5050

Facing the Future: Challenges and Opportunities

Predictions

– It is clear that companies will continue to face intense competition and global change, especially in the wake of economic, social, and political uncertainty

– Although disruptions will occur, technology advances will spur business growth and productivity

5151

Facing the Future: Challenges and Opportunities

Predictions

– It is interesting to note that some observers, such as Bill Joy, wonder whether technology is moving so fast that humans will be left behind

– What does seem clear is that the future world of IT must be envisioned, planned, and created by skilled professionals

5252

Strategic Planning for IT Professionals

An IT professional should think of himself or herself as a business corporation that has certain assets, potential liabilities, and specific goals

Working backwards from your long-term goals, you can develop intermediate mile stones and begin to manage your career just as you would manage an IT project

Planning a career is not unlike planting a tree that takes several years to reach a certain height

5353

IT Credentials and Certification

Credentials Certification Many other IT

industry leaders offer certification, including Cisco, Novell, Oracle, and Sun Microsystems

5454

Chapter Summary

Systems operation, security, and support covers the entire period from the implementation of an information system until the system no longer is used

A systems analyst’s primary involvement with an operational system is to manage and solve user support requests

5555

Chapter Summary

Systems analysts need the same talents and abilities for maintenance work as they use when developing a new system

Configuration management is necessary to handle maintenance requests

System performance measurements include response time, bandwidth, throughput, and turnaround time

All information systems eventually become obsolete

5656

Chapter Summary

An IT professional should have a strategic career plan that includes long-term goals and intermediate milestones

An important element of a personal strategic plan is the acquisition of IT credentials and certifications that document specific knowledge and skills

Chapter 11 complete

chapter 11

Documents