1. CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM

2. Phase Description
Systems Operation, Support, and Security is the final phase in the systems development life cycle
You will support and maintain the system, handle security issues, protect the integrity of the system and its data, and be alert to any signs of obsolescence
The deliverable for this phase is an operational system that is properly maintained, supported, and secured

3. Chapter Objectives Explain the systems support and security phase
Describe user support activities, including user training and help desks
Define the four types of maintenance
Explain various techniques for managing systems maintenance and support
Describe techniques for measuring, managing, and planning system performance
Explain risk management concepts
Assess system security at six levels: physical security, network security, application security, file security, user security, and procedural security

4. Chapter Objectives Describe backup and disaster recovery
List factors indicating that a system has reached the end of its useful life
Assess future challenges and opportunities for IT professionals
Develop a strategic plan for career advancement and strong IT credentials

5. Introduction
Managing systems support and security involves three main concerns: user expectations, system performance, and security requirements
Successful, robust systems often need the most support
In most organizations, more than half of all IT department effort goes into supporting existing systems

6. Overview
The systems operation, support, and security phase begins when a system becomes operational and continues until the system reaches the end of its useful life
After delivering the system, the IT team focuses on support and maintenance tasks

7. User Support User Training
Additionally, new employees must be trained on the company’s information systems
User training package
Training users about system changes is similar to initial training
Objective is to show users how the system can help them perform their jobs

8. User Support Help Desks
Helpdesk is a centralized resource staff by IT professionals who provides users with he support they need to do their jobs
Enhance productivity and improve utilization of a company’s information resources
The help desk is a central contact point for all IT maintenance activities
Can utilize many types of automated support

9. Maintenance Tasks

10. Maintenance Tasks Four classification of maintenance activities:
Corrective Maintenance
Diagnoses and corrects errors in an operational system
Respond to errors in various ways, depending on nature
Worst-case situation is a system failure
When the system is operational again, the maintenance team determines the cause, analyzes the problem, and designs a permanent solution

11. Maintenance Tasks Adaptive Maintenance
Adds enhancements to an operational system and makes the system easier to use
The procedure for minor adaptive maintenance is similar to routine corrective maintenance
Can be more difficult than new systems development because the enhancements must work within the constraints of an existing system

12. Maintenance Tasks Perfective Maintenance
Involves changing an operational system to make it more efficient, reliable and maintainable
Cost-effective during the middle of the system’s operational life
Programs that need a large number of maintenance changes usually are good candidates for reengineering
The more a program changes, the more likely it is to become inefficient and difficult to maintain

13. Maintenance Tasks Preventive Maintenance
Requires analysis of areas where trouble is likely to occur
IT department normally initiates preventive maintenance
Often results in increased user satisfaction, decreased downtime, and reduced TCO
Sometimes does not receive the high priority that it deserves

14. Maintenance Management
The Maintenance Team
System administrator
Systems analysts
Programmers
Organizational issues

15. Maintenance Management
Maintenance Requests
Involve a series of steps
All work must be covered by a specific request
Initial determination
The systems review committee
Task completion
User notification

16. Maintenance Management
Establishing Priorities
In many companies, systems review committee separates maintenance requests from new systems development requests
Some IT managers believe that evaluating all projects together leads to the best possible decisions
Object is to have a procedure that balances new development and necessary maintenance work

17. Maintenance Management
Configuration Management
Configuration management (CM) /change control (CC) is a process for controlling changes in the system requirements during software development
As enterprise-wide information systems grow more complex, configuration management becomes critical
Also helps to organize and handle documentation

18. Maintenance Management
Maintenance Releases
Each change is documented and installed as new version of the system
A numbering pattern distinguishes the different releases
Reduces the documentation burden
Service packs-software maintenance release
Version Control
Process of tracking system release or versions
When new version of system is installed, the prior release is Archived
Essential part of system documentation

19. Maintenance Management
Baselines
Is a formal reference point that measures system characteristics at a specific time
Systems analysts use baselines as yardsticks to document features and performance during the systems development process
Functional baseline-is the configuration of the system documented at the beginning of the project
Allocated baseline-documents the system at the end of the design phase and identifies any changes sine the functional baseline
Product baseline-describes the system at the beginning of system operation.

20. System Performance Management
Fault Management
Detect and resolve operational problems as quickly as possible
The more complex the system, the more difficult it can be to analyze symptoms and isolate a cause
The best strategy is to prevent problems by monitoring system performance and workload

21. System Performance Management
Performance and Workload Measurement
Benchmark testing-uses a set of standard tests to evaluate system performance and capacity
Metrics –can monitor the number of transactions processed in a given time period, the number of record accessed and the volume of online data
Network performance metrics:
Response time
Is the overall time between a request for system activity and the delivery of the response
Bandwidth and throughput
Bandwidth describes the amount of data that the system can transfer in a fixed time period
Kbps (kilobits per second)
Mbps (megabits per second)
Gbps (gigabits per second)
Throughput-measures actual system performance under specific circumstances and s affected by network load and hardware efficiency.

22. System Performance Management
Turnaround time
Measures the time between submitting a request from information and the fulfillment of the request
The IT department often measures response time, bandwidth, throughput, and turnaround time to evaluate system performance both before and after changes to the system or business information requirements
Management uses current performance and workload data as input for the capacity planning process

23. System Performance Management
Capacity Planning
Process that monitors current activity and performance levels, anticipates future activity and forecast the resources needed to provide desired levels of service.
What-if analysis-allow you to vary one or more elements in a model in order to measure the effect on other elements
Need detailed information
Need an accurate forecast of future business activities
Should develop contingency plans based on input from users and management

24. System Performance Management
System Maintenance Tools
Many CASE tools include system evaluation and maintenance features
In addition to CASE tools, you also can use spreadsheet and presentation software to calculate trends, perform what-if analyses, and create attractive charts and graphs to display the results

25. System Security Overview
Security is a vital part of every computer system
Security protect the system and keep it safe free from danger and reliable.
System Security Concepts
CIA triangle-three main element of system security:
Confidentiality
Integrity
Availability
Security policy

26. System Security Overview
Risk Management
Absolute security is not a realistic goal
Risk identification - exploit
Risk assessment - risk
Risk control
Avoidance, mitigation, transference, acceptance

27. System Security Overview
Attacker Profiles and Attacks
An attack is a hostile act that targets the system or the company itself.
An attack might be launched by a disgruntled employee, or a hacker who is 10,000 miles away
Attackers break into a system to cause damage, steal information, or gain recognition, among other reasons

28. Security Levels

29. Security Levels Must consider six separate but interrelated levels
Physical Security
First level of security concerns the physical environment
Physical access to a computer represents an entry point into the system and must be controlled and protected
Operations center security
Servers and desktop computers
Notebook computers

30. Security Levels Network Security Encrypting network traffic
Network is defined as two or more devices that are connected
Network interface-combination of h/w and s/w that allows the computer to interact with the network
To provide security for network traffic,data can be Encrypted
Encrypting network traffic

31. Security Levels Network Security Wireless networks Private networks
WEP
WPA
Private networks
Virtual private networks
tunnel
Ports and services
Port scan
Denial of service
Firewalls
Network intrusion detection

32. Security Levels Application Security Services Hardening
Application permissions
Input validation
Patches and updates
Software Logs

33. Security Levels File Security encryption Permissions User Groups
Read a file
Write a file
Execute a file
Read a directory
Write a directory
User Groups

34. Security Levels User Security User resistance Identity management
Password protection
Social engineering
New technologies

35. Security Levels Procedural Security Operational security
Dumpster diving
Paper shredders

36. Backup and Disaster Recovery
Backup refers to copying data at prescribed intervals or continuously
Recovery involves restoring the data and restating the system after an interruption
Backup Policies
Backup policy contains detailed instructions and procedures.
Should specify:
Backup media
Rotation schedule
Offsiting
Backup Types
Retention periods

38. Backup and Disaster Recovery
Business Continuity Issues
Test plan
Business continuity plan (BCP)
Hot site
Data replication
Business insurance

39. System Obsolescence At some point every system becomes obsolete
Systems operation and support continues until a replacement system is installed
A system become obsolete when it no longer supports user needs or when he platform become outmoded.
Signs :
The system’s maintenance history indicates that adaptive and corrective maintenance are increasingly steady
Operational costs or execution times are increasingly rapidly, and routine perfective maintenance does not reverse or slow the trend.
A software package is available that provides the same or additional services faster, better and less expensively than the current system
New technology offers a way to perform the same or additional functions more efficiently
Maintenance changes or additions are difficult and expensive to perform
User request significant new features to support business requirements

40. Future Challenges and Opportunities
Strategic planning for IT professionals
Working backwards from your long-term goals, you can develop intermediate mile stones and begin to manage your career just as you would manage an IT project
Planning a career is not unlike planting a tree that takes several years to reach a certain height

41. Future Challenges and Opportunities
IT Credentials and Certification
Credentials
Certification
In addition to Microsoft, many other IT industry leaders offer certification, including Cisco, Novell, Oracle, and Sun Microsystems
Critical thinking skills

42. Chapter Summary
Systems support and security covers the entire period from the implementation of an information system until the system no longer is used
A systems analyst’s primary involvement with an operational system is to manage and solve user support requests
Systems analysts need the same talents and abilities for maintenance work as they use when developing a new system
Security is a vital part of every computer system

43. Chapter Summary All information systems eventually become obsolete
An IT professional should have a strategic career plan that includes long-term goals and intermediate milestones
An important element of a personal strategic plan is the acquisition of IT credentials and certifications that document specific knowledge and skills

44. Review Questions
Describe four classification of maintenance and provide an example of each type.
What is configuration management and why is it important?
What is release methodology?
What is purpose of version control?
Explain three main elements of system security.
What are the six security level?
List six indications that an information system is approaching obsolesces.