1 / 71

Systems Support and Security

Systems Analysis and Design. Systems Support and Security. Phase Description. Systems Operation, Support, and Security is the final phase in the systems development life cycle

hailey
Télécharger la présentation

Systems Support and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Systems Analysisand Design Systems Support and Security

  2. Phase Description • Systems Operation, Support, and Security is the final phase in the systems development life cycle • You will support and maintain the system, handle security issues, protect the integrity of the system and its data, and be alert to any signs of obsolescence • The deliverable for this phase is an operational system that is properly maintained, supported, and secured

  3. Introduction • Managing systems support and security involves three main concerns: user expectations, system performance, and security requirements • Successful, robust systems often need the most support • In most organizations, more than half of all IT department effort goes into supporting existing systems

  4. Overview • The systems operation, support, and security phase begins when a system becomes operational and continues until the system reaches the end of its useful life • After delivering the system, the IT team focuses on support and maintenance tasks

  5. User Support • Initial Training, during system implementation • User Training • New employees must be trained on the company’s information systems • User training package can be developed • Training users about system changes is similar to initial training • Objective is to show users how the system can help them perform their jobs

  6. User Support • Help Desks • Often called an information center (IC) • Enhance productivity and improve utilization of a company’s information resources • Might have to perform the following tasks: • Show a user how to create a data query or report that displays specific business information • Resolve network access or password problems • Demonstrate an advanced feature of a system or a commercial package • Help a user recover damaged data

  7. Maintenance Tasks • The systems operation, support and security phase is an important component of TCO (total cost of ownership) because ongoing maintenance expenses can determine the economic life of a system • Operational costs are relatively constant • Maintenance expenses vary over time

  8. Maintenance Tasks • Four types of maintenance task can be identified • Corrective maintenance • Adaptive maintenance • Perfective maintenance • Preventative maintenance

  9. Maintenance Tasks • Corrective Maintenance • Diagnoses and corrects errors in an operational system • Respond to errors in various ways, depending on nature and severity of the problem • In a typical procedure, a user submits a systems request that is evaluated, prioritized and scheduled

  10. Maintenance Tasks • Corrective Maintenance • For more serious situations, a user submits a systems request with supporting evidence • Worst-case situation is a system failure • When the system is operational again, the maintenance team determines the cause, analyzes the problem, and designs a permanent solution

  11. Maintenance Tasks • Adaptive Maintenance • Adds enhancements to an operational system and makes the system easier to use • The procedure for minor adaptive maintenance is similar to routine corrective maintenance • Can be more difficult than new systems development because the enhancements must work within the constraints of an existing system

  12. Maintenance Tasks • Perfective Maintenance • Involves changing an operational system to make it more efficient, reliable and maintainable • Can improve system reliability • Cost-effective during the middle of the system’s operational life • Programs that need a large number of maintenance changes usually are good candidates for reengineering because the more a program changes, the more likely it is to become inefficient and difficult to maintain

  13. Maintenance Tasks • Preventive Maintenance • Requires analysis of areas where trouble is likely to occur • IT department normally initiates preventative maintenance • Often results in increased user satisfaction, decreased downtime, and reduced TCO • Sometimes does not receive the high priority that it deserves

  14. Maintenance Management • Requires effective management, quality assurance and cost control • To achieve these goals, companies use various strategies • In addition, firms use version control and baselines to track system releases and analyze the system’s life cycle

  15. Maintenance Management • The Maintenance Team • System administrator • Systems analysts • Analysis • Synthesis • Programmers • Applications programmer • Systems programmer • Database programmer • Programmer/analyst

  16. Maintenance Management • The Maintenance Team • Organizational issues • IT managers often divide systems analysts and programmers into two groups: one group performs new system development, and the other group handles maintenance • Many analysts feel that maintenance work is less attractive than developing new systems • One disadvantage of rotation is that it increases overhead costs

  17. Maintenance Management • Maintenance Requests • Involve a series of steps • All work must be covered by a specific request

  18. Maintenance Management • Establishing Priorities • In many companies, systems review committee separates maintenance requests from new systems development requests • Some IT managers believe that evaluating all projects together leads to the best possible decisions • Object is to have a procedure that balances new development and necessary maintenance work

  19. Maintenance Management • Configuration Management is a process for controlling changes in system requirements during software development or after system becomes operational • As enterprise-wide information systems grow more complex, configuration management becomes critical • Also helps to organize and handle documentation

  20. Maintenance Management • Maintenance Releases • With maintenance release methodology all noncritical changes are held until they can be implemented at the same time. • Each change is documented and installed as a new version of the system called maintenance release • A numbering pattern distinguishes the different released

  21. Maintenance Management • Version Control • Version control tracks system releases • Old version is archived

  22. Maintenance Management • Baselines • Systems analysts use formal reference points called baselines to measure and document system characteristics at a specific time • Functional baseline, beginning of project • Allocated baseline, end of design phase • Product baseline, beginning of system operation

  23. System Performance Management • Today, companies use complex networks and client/server systems to support business needs • To ensure satisfactory support for business operations, the IT department must manage system faults and interruptions, measure system performance and workload, and anticipate future needs

  24. System Performance Management • Fault Management • The more complex the system, the more difficult it can be to analyze symptoms and isolate a cause • The best strategy is to prevent problems by monitoring system performance and workload

  25. System Performance Mgmt. • Performance and Workload Measurement • Benchmark testing, use of standards • Metrics such as number of transactions for a given time period • Response time • Bandwidth (amount of data transferred in a fixed time period) and throughput (actual system performance under specific conditions) • Turnaround time measures time between request submission and its fulfillment

  26. System Performance Management • Capacity Planning • Monitors current activity and oerformance levels, anticipates future activity and forecasts resources needed to provide desired levels • Detailed information about the number of transactions; the daily, weekly, or monthly transaction patterns; the number of queries; and the number, type, and size of all generated reports are required

  27. Goal seek feature of Excel provides what-if analysis

  28. System Security Overview • Security is a vital part of every computer system • System Security Concepts, CIA triangle • Confidentiality: protect information from unauthorized disclosure • Integrity: Prevent unauthorized users to create, modify or delete information • Availability: Ensure authorized users to have timely and reliable access

  29. System Security Overview • Risk Management • Absolute security is not a realistic goal • Risk management uses risk identification, risk assessment and risk control

  30. System Security Overview • A threat is an internal or external entity that could endanger an asset (hardware, software, people, etc.) of a company. • Vulnerability is a securit weakness • Exploit is an attack that takes advantage of a vulnerability • Risk is the impact of an attack multiplied by the likelihood of a vulnerability being exploited

  31. System Security Overview • Avoidance eliminates risk by adding protective safeguards (firewall) • Mitigation reduces impact by careful planning and preparation (disaster recovery plan) • Transference shifts the risk to another asset or party (insurance company) • Acceptance means that nothing is done

  32. System Security Overview • An attack is a hostile act that targets the system • Attacker Profiles and Attacks • An attack might be launched by a disgruntled employee, or a hacker who is 10,000 miles away • Attackers break into a system to cause damage, steal information, or gain recognition, among other reasons

  33. Six levels of security

  34. Security Levels • Physical Security • Physical access to a computer represents an entry point into the system and must be controlled and protected • Operations center security • Biometric scanning systems • Servers and desktop computers • Keystroke logger • Tamper-evident cases (alarm when unlocked) • BIOS-level, Boot-level, or Power-on password • Uninterruptible power supply (UPS)

  35. Security Levels • Physical Security - Notebook computers • Select an operating system that allows secure logons and BIOS-level passwords • Mark or engrave the computer’s case (make less desirable for resell) • Built-in fingerprint reader • Universal Security Slot (USS) that can be fastened to an alarm • Back up all vital data • Use tracking software • While traveling, try to be alert to potential high-risk situations • Establish stringent password protection policies

  36. Security Levels • Network Security • Data can be encrypted • Unencrypted – plain text • Private key encryption, symmetric, single key is used and known by both sender and receiver beforehand • Public key encryption (PKE), asymmetric, each user has a pair of keys

More Related