Download - Chapter 11
Systems Analysis & Design
7th Edition
Systems Analysis & Design
7th Edition
Chapter 11
22
Phase Description
Systems Operation, Support, and Security is the final phase in the systems development life cycle (SDLC)
You will be supporting a functioning information system
You continuously will access and improve the system, and you will be alert to any signs of obsolescence
You will also address multi-level security issues
33
Chapter Objectives
Explain how the systems operation, support, and security phase relates to the overall system development process
Describe user support activities, including user training and help desks
Discuss the four main types of system maintenance
44
Chapter Objectives
Explain various techniques for managing systems operation and support
Describe techniques for measuring, managing, and planning system performance
Assess system security at five levels: physical security, network security, application security, file security, and user security
55
Chapter Objectives
Describe backup and disaster recovery policies and methods
List factors indicating that a system has reached the end of its useful life
Assess future challenges for IT professionals as technology reshapes the workplace
66
Introduction
Now that the system is operational, the IT staff members must assure that it meets user expectations, supports business objectives, and is secure
More than half of all IT department effort goes into supporting existing systems and making them more valuable to users
77
Overview of Systems Support and Maintenance
The systems operation, support, and security begins when a system becomes operational and continues until the system reaches the end of its useful life
After delivering the system, the analyst has two other important tasks: he or she must support users and provide necessary maintenance to keep the system operating properly
88
User Support Activities
User Training– Additionally, new
employees must be trained on the company’s information systems
– Training users about system changes is similar to initial training
99
User Support Activities
Help Desk
– Often called an information center (IC)
– Enhance productivity and improve utilization of a company’s information resources
1010
User Support Activities
Help Desk– Might have to perform the following tasks:
• Show a user how to create a data query or report that displays specific business information
• Resolve network access or password problems• Demonstrate an advanced feature of a system or
a commercial package• Help a user recover damaged data
1111
User Support Activities
Online Chat Support
– Interactive support also can be delivered in the form of an online chat
– Blackboard provides a chat room called a Virtual Classroom, which is an online meeting-place where students can ask questions and interact with an instructor
1212
Maintenance Activities
The systems operation, support and security phase is an important component of TCO (total cost of ownership) because ongoing maintenance expenses can determine the economic life of a system
Operational costs Maintenance expenses Maintenance activities
1313
Maintenance Activities
1414
Maintenance Activities
Four types of maintenance task can be identified
– Corrective maintenance • fixing errors
– Adaptive maintenance• adding new enhancement
– Perfective maintenance• improving efficiency
– Preventative maintenance• preventing failures
1515
Maintenance Activities
Four types of maintenance task can be identified
1616
Managing Systems Support
Maintenance Team– System administrator– Systems analysts
• Analysis• Synthesis
1717
Managing Systems Support
Maintenance Team– Programmers
• Applications programmer• Systems programmer• Database programmer• Programmer/analyst
1818
Managing Systems Support
Managing Maintenance Requests
– Involves a number of steps
• Maintenance request
• Initial determination
• Role of the systems review committee
• Completion of the work
• User notification
1919
Managing Systems Support
Establishing Priorities
– In many companies, systems review committee separates maintenance requests from new systems development requests
– Many IT managers believe that evaluating all projects together leads to the best possible decisions
– Neither approach guarantees an ideal allocation between maintenance and new systems development
2020
Managing Systems Support
Configuration Management
– Configuration management (CM) is a process for controlling changes in system requirements during SDLC development phases
– As enterprise-wide information systems grow more complex, configuration management becomes critical
– Many vendors offer configuration management software and technique.
2121
Managing Systems Support
Maintenance Releases
– Maintenance release methodology
– A numbering pattern distinguishes the different released
– Reduces the documentation burden
– But new features or upgrades are available less often
– Service packs is maintenance release provided by commercial software suppliers.
2222
Managing Systems Support
Version Control
– Archived
– Systems librarian
– Companies can purchase software such as Serena
2323
Managing Systems Support
Baseline
– Baseline is a formal reference point that measures system characteristics at a specific time.
– Systems analysts use baselines as yardsticks to document features and performance during the systems development process
• Functional baseline is the configuration of the system documented at the beginning of the project. It consist of all the necessary system requirement and constrains.
2424
Managing Systems Support
Baseline• Allocated baseline documents the system at the
end of the design phase and identifies any changes since the functional base line. It includes testing and verification of all system requirements and features.
• Product baseline describes the system at the beginning of the system operation. It includes the result of the performance and acceptance tests for the operational system.
2525
Managing System Performance
Performance and Workload Measurement
– Metrics such as number of lines printed, number of records accessed and number of transactions processed in a given period of time. The following is the metrics used for network base system.
– Response time
– Bandwidth and throughput• Kbps (kilobits per second)• Mbps (megabits per second)• Gbps (gigabits per second)
2626
Managing System Performance
Performance and Workload Measurement– Turnaround time
• The IT department often measures response time, bandwidth, throughput, and turnaround time to evaluate system performance both before and after changes to the system or business information requirements
• Management uses current performance and workload data as input for the capacity planning process
2727
Managing System Performance
Capacity Planning
– What-if analysis
– You need detailed information about the number of transactions; the daily, weekly, or monthly transaction patterns; the number of queries; and the number, type, and size of all generated reports
2828
Managing System Performance
System Maintenance Tools
– Many CASE tools include system evaluation and maintenance features
– In addition to CASE tools, you also can use spreadsheet and presentation software to calculate trends, perform what-if analyses, and create attractive charts and graphs to display the results
2929
System Security
Physical Security
– First level of security concerns the physical environment
– Computer room– Computer room security
• Biometric scanning systems• Motion sensor
3030
System Security
Physical Security– Servers and desktop computers
• Keystroke logger• Record everything that is been typed
• Tamper-evident cases• Show attempt to open or unlock a case
• BIOS-level password• Monitor screensaver password also called:
• Boot-level password• Power-on password
3131
System Security
Physical Security
– Notebook computers• Select an operating system that allows secure
logons and BIOS-level passwords
• Mark or engrave the computer’s case
• Consider notebook models that have a built-in fingerprint reader
• Universal Security Slot (USS) that can fasten to cable luck or alarm
• Back up all vital data
3232
System Security
Physical Security
– Notebook computers• Use tracking software
• While traveling, try to be alert to potential high-risk situations
• Establish stringent password protection policies that require minimum length and complexity.
3333
System Security
Network Security
– In order to connect to network , a computer must have Network interface which is a combination of hardware and software.
– Data can be protected be Encrypted to provide security.
– Encrypting network traffic• Unencrypted – plain text
• Public key encryption (PKE) a common encryption method
3434
System Security
Network Security
– Encrypting network traffic• Public key
• Private key
• Wi-Fi Protected Access (WPA) is a method for securing wireless network that is been replaced by Wired Equivalent Privacy (WEP) uses a special pre shared key between clients
• WPA2 is more secured method for protecting wireless network.
3535
System Security
Network Security
– Private networks• Network should not be
connected to outside
– Virtual private networks• By entering a secure Key
the tunnel of communication can be established between client and the access point of local interanet
3636
System Security
Network Security
– Ports and services• Port is a positive integer that is used for routing
incoming traffic to correct computer. All traffic received by a computer has a Destination port
• A Service is an application that monitors a particular port and it plays important role in computer security.
3737
System Security
Network Security• Service can be affected by port scan and denial
of service.• Port scans attempt to detect service that is running
on the computer. It can be used find the possible weakness of the network by finding the map of network
• Denial of service (DOS) happened when attacking computer makes repeated request to a service or services running on certain ports so that the computer can not answer to legitimate request
3838
System Security
Network Security
– Firewalls• Firewalls can be configured to detect and
respond to DOS attacks, port scans, and other suspicious activity
3939
System Security
Application Security– Combination of the services running on computer
is important • In some cases this combination causes variability called
Security hole• Administrator – super-user can only have special Access to the services
– Input validation can also reduces potential problem– Patches and updates
• Patches• Third-party software• Automatic update service
4040
System Security
Application Security– Patches and updates
• Patches are software module to repair the security holes.
• Patches that are released by Third-party software vendors usually are safe
• Many software vendors offer an automatic update service that enables an application to contact vendor for appropriate patches. And it can be downloaded automatically.
4141
System Security
File Security
– File security is based on establishing a set of permissions, the right the user has to a particular file or directory.
– System administrator can also create user group, add specific users and assign permission to the group.
4242
System Security
User Security
– Privilege escalation attack is an naturalized attempt to increase permission levels.
– Identity management is the controls and procedures necessary to identify legitimate user and system component.
– Identity management is the top priority of the IT managers.
4343
System Security
User Security
– Password protection issues.• IT managers should require passwords that have
minimum length and require a combination of case sensitive letters and numbers.
– Even if users are protected with password intruder might attempt to gain unauthorized access to system using Social engineering.
4444
Backup and Disaster Recovery
Backup Options
– Backup policy
– Backup media• Rotation schedule
• Offsiting
4545
Backup and Disaster Recovery
Backup Options
– Schedules• Full backup
• Incremental backup
– Retention periods• Back ups are stored
for a specific period
called Retention
periods
4646
Backup and Disaster Recovery
Disaster Recovery Issues
– Hot site
– Any transaction should automatically propagate to the hot site this is known as Data replication
– Companies that require a hot site view it as a justifiable and necessary business expense, whether or not it ever is needed
4747
System Obsolescence
Even with solid support, at some point every system becomes obsolete
Signs:1. The system’s maintenance history indicates
that adaptive and corrective maintenance is increasing steadily
2. Operational costs or execution times are increasing rapidly, and routine perfective maintenance does not reverse or slow the trend
4848
System Obsolescence
Signs:3. A software package is available that
provides the same or additional services faster, better, and less expensively than the current system
4. New technology offers a way to perform the same or additional functions more efficiently
5. Maintenance changes or additions are difficult and expensive to perform
4949
System Obsolescence
Signs:6. Users request
significant new features to support business requirements
5050
Facing the Future: Challenges and Opportunities
Predictions
– It is clear that companies will continue to face intense competition and global change, especially in the wake of economic, social, and political uncertainty
– Although disruptions will occur, technology advances will spur business growth and productivity
5151
Facing the Future: Challenges and Opportunities
Predictions
– It is interesting to note that some observers, such as Bill Joy, wonder whether technology is moving so fast that humans will be left behind
– What does seem clear is that the future world of IT must be envisioned, planned, and created by skilled professionals
5252
Strategic Planning for IT Professionals
An IT professional should think of himself or herself as a business corporation that has certain assets, potential liabilities, and specific goals
Working backwards from your long-term goals, you can develop intermediate mile stones and begin to manage your career just as you would manage an IT project
Planning a career is not unlike planting a tree that takes several years to reach a certain height
5353
IT Credentials and Certification
Credentials Certification Many other IT
industry leaders offer certification, including Cisco, Novell, Oracle, and Sun Microsystems
5454
Chapter Summary
Systems operation, security, and support covers the entire period from the implementation of an information system until the system no longer is used
A systems analyst’s primary involvement with an operational system is to manage and solve user support requests
5555
Chapter Summary
Systems analysts need the same talents and abilities for maintenance work as they use when developing a new system
Configuration management is necessary to handle maintenance requests
System performance measurements include response time, bandwidth, throughput, and turnaround time
All information systems eventually become obsolete
5656
Chapter Summary
An IT professional should have a strategic career plan that includes long-term goals and intermediate milestones
An important element of a personal strategic plan is the acquisition of IT credentials and certifications that document specific knowledge and skills
Chapter 11 complete