Systems Analysis & Design 7 th Edition Systems Analysis & Design 7 th Edition Chapter 11
22 Phase Description Systems Operation, Support, and Security is the final phase in the systems development life cycle (SDLC) You will be supporting a functioning information system You continuously will access and improve the system, and you will be alert to any signs of obsolescence You will also address multi-level security issues
33 Chapter Objectives Explain how the systems operation, support, and security phase relates to the overall system development process Describe user support activities, including user training and help desks Discuss the four main types of system maintenance
44 Chapter Objectives Explain various techniques for managing systems operation and support Describe techniques for measuring, managing, and planning system performance Assess system security at five levels: physical security, network security, application security, file security, and user security
55 Chapter Objectives Describe backup and disaster recovery policies and methods List factors indicating that a system has reached the end of its useful life Assess future challenges for IT professionals as technology reshapes the workplace
66 Introduction Now that the system is operational, the IT staff members must assure that it meets user expectations, supports business objectives, and is secure More than half of all IT department effort goes into supporting existing systems and making them more valuable to users
77 Overview of Systems Support and Maintenance The systems operation, support, and security begins when a system becomes operational and continues until the system reaches the end of its useful life After delivering the system, the analyst has two other important tasks: he or she must support users and provide necessary maintenance to keep the system operating properly
88 User Support Activities User Training – Additionally, new employees must be trained on the company’s information systems – Training users about system changes is similar to initial training
99 User Support Activities Help Desk – Often called an information center (IC) – Enhance productivity and improve utilization of a company’s information resources
10 User Support Activities Help Desk – Might have to perform the following tasks: Show a user how to create a data query or report that displays specific business information Resolve network access or password problems Demonstrate an advanced feature of a system or a commercial package Help a user recover damaged data
11 User Support Activities Online Chat Support – Interactive support also can be delivered in the form of an online chat – Blackboard provides a chat room called a Virtual Classroom, which is an online meeting-place where students can ask questions and interact with an instructor
12 Maintenance Activities The systems operation, support and security phase is an important component of TCO (total cost of ownership) because ongoing maintenance expenses can determine the economic life of a system Operational costs Maintenance expenses Maintenance activities
13 Maintenance Activities
14 Maintenance Activities Four types of maintenance task can be identified – Corrective maintenance fixing errors – Adaptive maintenance adding new enhancement – Perfective maintenance improving efficiency – Preventative maintenance preventing failures
15 Maintenance Activities Four types of maintenance task can be identified
16 Managing Systems Support Maintenance Team – System administrator – Systems analysts Analysis Synthesis
17 Managing Systems Support Maintenance Team – Programmers Applications programmer Systems programmer Database programmer Programmer/analyst
18 Managing Systems Support Managing Maintenance Requests – Involves a number of steps Maintenance request Initial determination Role of the systems review committee Completion of the work User notification
19 Managing Systems Support Establishing Priorities – In many companies, systems review committee separates maintenance requests from new systems development requests – Many IT managers believe that evaluating all projects together leads to the best possible decisions – Neither approach guarantees an ideal allocation between maintenance and new systems development
20 Managing Systems Support Configuration Management – Configuration management (CM) is a process for controlling changes in system requirements during SDLC development phases – As enterprise-wide information systems grow more complex, configuration management becomes critical – Many vendors offer configuration management software and technique.
21 Managing Systems Support Maintenance Releases – Maintenance release methodology – A numbering pattern distinguishes the different released – Reduces the documentation burden – But new features or upgrades are available less often – Service packs is maintenance release provided by commercial software suppliers.
22 Managing Systems Support Version Control – Archived – Systems librarian – Companies can purchase software such as Serena
23 Managing Systems Support Baseline – Baseline is a formal reference point that measures system characteristics at a specific time. – Systems analysts use baselines as yardsticks to document features and performance during the systems development process Functional baseline is the configuration of the system documented at the beginning of the project. It consist of all the necessary system requirement and constrains.
24 Managing Systems Support Baseline Allocated baseline documents the system at the end of the design phase and identifies any changes since the functional base line. It includes testing and verification of all system requirements and features. Product baseline describes the system at the beginning of the system operation. It includes the result of the performance and acceptance tests for the operational system.
25 Managing System Performance Performance and Workload Measurement – Metrics such as number of lines printed, number of records accessed and number of transactions processed in a given period of time. The following is the metrics used for network base system. – Response time – Bandwidth and throughput Kbps (kilobits per second) Mbps (megabits per second) Gbps (gigabits per second)
26 Managing System Performance Performance and Workload Measurement – Turnaround time The IT department often measures response time, bandwidth, throughput, and turnaround time to evaluate system performance both before and after changes to the system or business information requirements Management uses current performance and workload data as input for the capacity planning process
27 Managing System Performance Capacity Planning – What-if analysis – You need detailed information about the number of transactions; the daily, weekly, or monthly transaction patterns; the number of queries; and the number, type, and size of all generated reports
28 Managing System Performance System Maintenance Tools – Many CASE tools include system evaluation and maintenance features – In addition to CASE tools, you also can use spreadsheet and presentation software to calculate trends, perform what-if analyses, and create attractive charts and graphs to display the results
29 System Security Physical Security – First level of security concerns the physical environment – Computer room – Computer room security Biometric scanning systems Motion sensor
30 System Security Physical Security – Servers and desktop computers Keystroke logger Record everything that is been typed Tamper-evident cases Show attempt to open or unlock a case BIOS-level password Monitor screensaver password also called: Boot-level password Power-on password
31 System Security Physical Security – Notebook computers Select an operating system that allows secure logons and BIOS-level passwords Mark or engrave the computer’s case Consider notebook models that have a built-in fingerprint reader Universal Security Slot (USS) that can fasten to cable luck or alarm Back up all vital data
32 System Security Physical Security – Notebook computers Use tracking software While traveling, try to be alert to potential high-risk situations Establish stringent password protection policies that require minimum length and complexity.
33 System Security Network Security – In order to connect to network, a computer must have Network interface which is a combination of hardware and software. – Data can be protected be Encrypted to provide security. – Encrypting network traffic Unencrypted – plain text Public key encryption (PKE) a common encryption method
34 System Security Network Security – Encrypting network traffic Public key Private key Wi-Fi Protected Access (WPA) is a method for securing wireless network that is been replaced by Wired Equivalent Privacy (WEP) uses a special pre shared key between clients WPA2 is more secured method for protecting wireless network.
35 System Security Network Security – Private networks Network should not be connected to outside – Virtual private networks By entering a secure Key the tunnel of communication can be established between client and the access point of local interanet
36 System Security Network Security – Ports and services Port is a positive integer that is used for routing incoming traffic to correct computer. All traffic received by a computer has a Destination port A Service is an application that monitors a particular port and it plays important role in computer security.
37 System Security Network Security Service can be affected by port scan and denial of service. Port scans attempt to detect service that is running on the computer. It can be used find the possible weakness of the network by finding the map of network Denial of service (DOS) happened when attacking computer makes repeated request to a service or services running on certain ports so that the computer can not answer to legitimate request
38 System Security Network Security – Firewalls Firewalls can be configured to detect and respond to DOS attacks, port scans, and other suspicious activity
39 System Security Application Security – Combination of the services running on computer is important In some cases this combination causes variability called Security hole Administrator – super-user can only have special Access to the services – Input validation can also reduces potential problem – Patches and updates Patches Third-party software Automatic update service
40 System Security Application Security – Patches and updates Patches are software module to repair the security holes. Patches that are released by Third-party software vendors usually are safe Many software vendors offer an automatic update service that enables an application to contact vendor for appropriate patches. And it can be downloaded automatically.
41 System Security File Security – File security is based on establishing a set of permissions, the right the user has to a particular file or directory. – System administrator can also create user group, add specific users and assign permission to the group.
42 System Security User Security – Privilege escalation attack is an naturalized attempt to increase permission levels. – Identity management is the controls and procedures necessary to identify legitimate user and system component. – Identity management is the top priority of the IT managers.
43 System Security User Security – Password protection issues. IT managers should require passwords that have minimum length and require a combination of case sensitive letters and numbers. – Even if users are protected with password intruder might attempt to gain unauthorized access to system using Social engineering.
44 Backup and Disaster Recovery Backup Options – Backup policy – Backup media Rotation schedule Offsiting
45 Backup and Disaster Recovery Backup Options – Schedules Full backup Incremental backup – Retention periods Back ups are stored for a specific period called Retention periods
46 Backup and Disaster Recovery Disaster Recovery Issues – Hot site – Any transaction should automatically propagate to the hot site this is known as Data replication – Companies that require a hot site view it as a justifiable and necessary business expense, whether or not it ever is needed
47 System Obsolescence Even with solid support, at some point every system becomes obsolete Signs: 1.The system’s maintenance history indicates that adaptive and corrective maintenance is increasing steadily 2.Operational costs or execution times are increasing rapidly, and routine perfective maintenance does not reverse or slow the trend
48 System Obsolescence Signs: 3.A software package is available that provides the same or additional services faster, better, and less expensively than the current system 4.New technology offers a way to perform the same or additional functions more efficiently 5.Maintenance changes or additions are difficult and expensive to perform
49 System Obsolescence Signs: 6.Users request significant new features to support business requirements
50 Facing the Future: Challenges and Opportunities Predictions – It is clear that companies will continue to face intense competition and global change, especially in the wake of economic, social, and political uncertainty – Although disruptions will occur, technology advances will spur business growth and productivity
51 Facing the Future: Challenges and Opportunities Predictions – It is interesting to note that some observers, such as Bill Joy, wonder whether technology is moving so fast that humans will be left behind – What does seem clear is that the future world of IT must be envisioned, planned, and created by skilled professionals
52 Strategic Planning for IT Professionals An IT professional should think of himself or herself as a business corporation that has certain assets, potential liabilities, and specific goals Working backwards from your long-term goals, you can develop intermediate mile stones and begin to manage your career just as you would manage an IT project Planning a career is not unlike planting a tree that takes several years to reach a certain height
53 IT Credentials and Certification Credentials Certification Many other IT industry leaders offer certification, including Cisco, Novell, Oracle, and Sun Microsystems
54 Chapter Summary Systems operation, security, and support covers the entire period from the implementation of an information system until the system no longer is used A systems analyst’s primary involvement with an operational system is to manage and solve user support requests
55 Chapter Summary Systems analysts need the same talents and abilities for maintenance work as they use when developing a new system Configuration management is necessary to handle maintenance requests System performance measurements include response time, bandwidth, throughput, and turnaround time All information systems eventually become obsolete
56 Chapter Summary An IT professional should have a strategic career plan that includes long-term goals and intermediate milestones An important element of a personal strategic plan is the acquisition of IT credentials and certifications that document specific knowledge and skills Chapter 11 complete