Managing Systems Support and Security Chapter 12


Published on

Systems Analysis and Design

Published in: Technology, Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Managing Systems Support and Security Chapter 12

  1. 1. Systems Analysis and Design9th EditionChapter 12Managing Systems Support andSecurity
  2. 2. Phase Description• Systems Operation, Support, and Security is the final phase in the systems development life cycle• You will support and maintain the system, handle security issues, protect the integrity of the system and its data, and be alert to any signs of obsolescence• The deliverable for this phase is an operational system that is properly maintained, supported, and secured 2
  3. 3. Chapter Objectives• Explain the systems support and security phase• Describe user support activities, including user training and help desks• Define the four types of maintenance• Explain various techniques for managing systems maintenance and support 3
  4. 4. Chapter Objectives• Describe techniques for measuring, managing, and planning system performance• Explain risk management concepts• Assess system security at six levels: physical security, network security, application security, file security, user security, and procedural security 4
  5. 5. Chapter Objectives• Describe backup and disaster recovery• List factors indicating that a system has reached the end of its useful life• Assess future challenges and opportunities for IT professionals• Develop a strategic plan for career advancement and strong IT credentials 5
  6. 6. Introduction• Managing systems support and security involves three main concerns: user expectations, system performance, and security requirements• Successful, robust systems often need the most support• In most organizations, more than half of all IT department effort goes into supporting existing systems 6
  7. 7. Overview• The systems support and security phase begins when a system becomes operational and continues until the system reaches the end of its useful life• After delivering the system, the IT team focuses on support and maintenance tasks 7
  8. 8. User Support• User Training – Additionally, new employees must be trained on the company’s information systems – User training package – Training users about system changes is similar to initial training – Objective is to show users how the system can help them perform their jobs 8
  9. 9. User Support • Help Desks – Enhance productivity and improve utilization of a company’s information resources – The help desk is a central contact point for all IT maintenance activities – Can utilize many types of automated support 9
  10. 10. User Support• Outsourcing Issues – Offshore call centers can trim expenses and free up valuable human resources for product development – Critical factors might include phone wait times, support staff performance, and online support tools 10
  11. 11. Maintenance Tasks 11
  12. 12. Maintenance Tasks• Corrective Maintenance – Diagnoses and corrects errors in an operational system – Respond to errors in various ways, depending on nature – Worst-case situation is a system failure – When the system is operational again, the maintenance team determines the cause, analyzes the problem, and designs a permanent solution 12
  13. 13. Maintenance Tasks• Adaptive Maintenance – Adds enhancements to an operational system and makes the system easier to use – The procedure for minor adaptive maintenance is similar to routine corrective maintenance – Can be more difficult than new systems development because the enhancements must work within the constraints of an existing system 13
  14. 14. Maintenance Tasks• Perfective Maintenance – Involves changing an operational system to make it more efficient, reliable and maintainable – Cost-effective during the middle of the system’s operational life – Programs that need a large number of maintenance changes usually are good candidates for reengineering – The more a program changes, the more likely it is to become inefficient and difficult to maintain 14
  15. 15. Maintenance Tasks• Preventive Maintenance – Requires analysis of areas where trouble is likely to occur – IT department normally initiates preventive maintenance – Often results in increased user satisfaction, decreased downtime, and reduced TCO – Sometimes does not receive the high priority that it deserves 15
  16. 16. Maintenance Management• The Maintenance Team – System administrator – Systems analysts – Programmers – Organizational issues 16
  17. 17. Maintenance Management• Maintenance Requests – Involve a series of steps – All work must be covered by a specific request – Initial determination – The systems review committee – Task completion – User notification 17
  18. 18. Maintenance Management• Establishing Priorities – In many companies, systems review committee separates maintenance requests from new systems development requests – Some IT managers believe that evaluating all projects together leads to the best possible decisions – Object is to have a procedure that balances new development and necessary maintenance work 18
  19. 19. Maintenance Management • Configuration Management – As enterprise-wide information systems grow more complex, configuration management becomes critical – Also helps to organize and handle documentation 19
  20. 20. Maintenance Management• Maintenance Releases – A numbering pattern distinguishes the different releases – Reduces the documentation burden – Service packs• Version Control – Archived – Essential part of system documentation 20
  21. 21. Maintenance Management• Baselines – Systems analysts use baselines as yardsticks to document features and performance during the systems development process – Functional baseline – Allocated baseline – Product baseline 21
  22. 22. System Performance Management • Fault Management – The more complex the system, the more difficult it can be to analyze symptoms and isolate a cause – The best strategy is to prevent problems by monitoring system performance and workload 22
  23. 23. System Performance Management• Performance and Workload Measurement – Benchmark testing – Metrics – Response time – Bandwidth and throughput • Kbps (kilobits per second) • Mbps (megabits per second) • Gbps (gigabits per second) 23
  24. 24. System Performance Management• Performance and Workload Measurement – Turnaround time – The IT department often measures response time, bandwidth, throughput, and turnaround time to evaluate system performance both before and after changes to the system or business information requirements – Management uses current performance and workload data as input for the capacity planning process 24
  25. 25. System Performance Management• Capacity Planning – What-if analysis – Need detailed information – Need an accurate forecast of future business activities – Should develop contingency plans based on input from users and management 25
  26. 26. System Performance Management• System Maintenance Tools – Many CASE tools include system evaluation and maintenance features – In addition to CASE tools, you also can use spreadsheet and presentation software to calculate trends, perform what-if analyses, and create attractive charts and graphs to display the results 26
  27. 27. System Security Overview • Security is a vital part of every computer system • System Security Concepts – CIA triangle – Integrity – Availability – Security policy 27
  28. 28. System Security Overview• Risk Management – Absolute security is not a realistic goal – Risk identification - exploit – Risk assessment - risk – Risk control • Avoidance, mitigation, transference, acceptance 28
  29. 29. System Security Overview• Attacker Profiles and Attacks – An attack might be launched by a disgruntled employee, or a hacker who is 10,000 miles away – Attackers break into a system to cause damage, steal information, or gain recognition, among other reasons 29
  30. 30. Security Levels • Must consider six separate but interrelated levels • Physical Security – First level of security concerns the physical environment – Physical access to a computer represents an entry point into the system and must be controlled and protected 30
  31. 31. Security Levels• Physical Security – Operations center security – Servers and desktop computers – Notebook computers 31
  32. 32. Security Levels • Network Security – Network – Network interface – Encrypted – Encrypting network traffic 32
  33. 33. Security Levels• Network Security – Wireless networks – Private networks – Virtual private networks – Ports and services – Firewalls 33
  34. 34. Security Levels• Application Security – Services – Hardening – Application permissions – Input validation – Patches and updates – Software Logs 34
  35. 35. Security Levels• File Security – Permissions • Read a file • Write a file • Execute a file • Read a directory • Write a directory – User Groups 35
  36. 36. Security Levels • User Security – Privilege escalation attack – Identity management – Password protection – Social engineering 36
  37. 37. Security Levels• User Security – User resistance – New technologies • Security token• Procedural Security – Operational security – Dumpster diving – Paper shredders 37
  38. 38. Backup and Disaster Recovery• Backup Policies – Backup policy – Backup media • Rotation schedule • Offsiting – Backup Types – Retention periods 38
  39. 39. Backup and Disaster Recovery• Backup Policies 39
  40. 40. Backup and Disaster Recovery• Business Continuity Issues – Test plan – Business continuity plan (BCP) – Hot site – Data replication 40
  41. 41. System Obsolescence• At some point every system becomes obsolete• Systems operation and support continues until a replacement system is installed• At some point in a system’s operational life, maintenance costs start to increase, users begin to ask for more features and capability, new systems requests are submitted, and the SDLC begins again 41
  42. 42. Future Challenges and Opportunities• Predictions – The highest priorities will be the safety and security of corporate operations, environmental concerns, and bottom-line TCO – Gartner, Inc. is a leading IT consulting firm that is famous for forecasting industry trends – Author Randall Stross notes that the enormous amount of energy needed to drive cloud computing, including Google’s servers, has raised serious environmental concerns 42
  43. 43. Future Challenges and Opportunities• Strategic planning for IT professionals – Working backwards from your long-term goals, you can develop intermediate mile stones and begin to manage your career just as you would manage an IT project – Planning a career is not unlike planting a tree that takes several years to reach a certain height 43
  44. 44. Future Challenges and Opportunities • IT Credentials and Certification – Credentials – Certification – In addition to Microsoft, many other IT industry leaders offer certification, including Cisco, Novell, Oracle, and Sun Microsystems 44
  45. 45. Future Challenges and Opportunities • Critical Thinking Skills – Soft skills – Certiport, Inc. and the Educational Testing Service (ETS) introduced the iCritical Thinking certification exam – Individual and team- based exercises can strengthen critical thinking skills 45
  46. 46. Chapter Summary• Systems support and security covers the entire period from the implementation of an information system until the system no longer is used• A systems analyst’s primary involvement with an operational system is to manage and solve user support requests• Systems analysts need the same talents and abilities for maintenance work as they use when developing a new system• Security is a vital part of every computer system 46
  47. 47. Chapter Summary• All information systems eventually become obsolete• An IT professional should have a strategic career plan that includes long-term goals and intermediate milestones• An important element of a personal strategic plan is the acquisition of IT credentials and certifications that document specific knowledge and skills• Chapter 12 complete 47