Systems Analysis and Design 11th Edition Chapter 12 PDF
Document Details
Uploaded by FreshForsythia2223
2017
Tags
Summary
This document provides an overview of systems analysis and design, specifically focusing on chapter 12 about managing systems support and security. It covers topics like user support and maintenance.
Full Transcript
Systems Analysis and Design 11th Edition Chapter 12 Managing Systems Support and Security Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Chapter...
Systems Analysis and Design 11th Edition Chapter 12 Managing Systems Support and Security Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Chapter Objectives Explain the systems support and security phase Describe user support activities, including user training and help desks Define the four types of maintenance Explain various techniques for managing systems maintenance and support Describe techniques for measuring, managing, and planning system performance Explain risk management concepts Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 2 Chapter Objectives (Cont.) Assess system security at six levels: physical security, network security, application security, file security, user security, and procedural security Describe backup and disaster recovery List factors indicating that a system has reached the end of its useful life Assess future challenges and opportunities for IT professionals Develop a strategic plan for career advancement and strong IT credentials Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 3 Introduction Systems support and security phase begins when a system becomes operational ◦ Continues until the system reaches the end of its life After delivering the system, the IT team focuses on support and maintenance tasks ◦ Concerns in managing systems support and security User expectations System performance Security requirements Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 4 User Support User Training ◦ IT Department may develop a user training package ◦ Training users about system changes is similar to initial training ◦ Objective - To show users how the system can help them perform their jobs Help or Service Desks: Provide support and guidance Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 5 User Support (Cont. 1) ◦ Objectives To show people how to use system resources more effectively and provide answers to technical or operational questions To make users more productive by teaching them how to meet their own information needs ◦ Boost their productivity using remote control software Remote control software: Allows IT staff to take over a user’s workstation and provide support and troubleshooting Figure 12-2 A help desk, also called a service desk, provides support to system users. Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 6 User Support (Cont. 2) Outsourcing Issues ◦ Offshore call centers can trim expenses and free up valuable human resources for product development ◦ Customers may shop elsewhere if the quality of tech support decreases ◦ Critical factors Phone wait times Performance of support staff Online support tools Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 7 Maintenance Tasks Figure 12-3 The total cost of operating an information system includes operational and maintenance costs. Operational costs (green) are relatively constant, while maintenance costs (purple) vary over time. Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 8 Maintenance Tasks (Cont. 1) Figure 12-5 Information systems maintenance depends on the type of maintenance and the age of the system. Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 9 Maintenance Tasks (Cont. 2) Corrective Maintenance ◦ Diagnoses and corrects errors in an operational system ◦ Standard procedures are set for minor errors ◦ Worst-case situation is a system failure Requires a patch When the system is operational again, the maintenance team determines the cause, analyzes the problem, and designs a permanent solution Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 10 Maintenance Tasks (Cont. 3) Figure 12-6 This three-level ranking framework for IT support considers potential impact and response urgency. Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 11 Maintenance Tasks (Cont. 4) Adaptive Maintenance ◦ Adds enhancements to an operational system and makes the system easier to use ◦ Procedure for minor adaptive maintenance is similar to routine corrective maintenance Users submit requests that are evaluated and prioritized by the systems committee ◦ Can be more difficult than new systems development Enhancements must work within the constraints of an existing system Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 12 Maintenance Tasks (Cont. 5) Perfective Maintenance ◦ Changing an operational system to make it more efficient, reliable, and maintainable ◦ Cost-effective during the middle of the system’s operational life ◦ Performed using software reengineering Software reengineering: Uses analytical techniques to identify potential quality and performance improvements in an information system ◦ The more a program changes, the more likely it is to become inefficient and difficult to maintain Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 13 Maintenance Tasks (Cont. 6) Preventive Maintenance ◦ Requires analysis of areas where trouble is likely to occur ◦ IT department initiates preventive maintenance ◦ Results in: Increased user satisfaction Decreased downtime Reduced TCO ◦ Competes for IT resources along with other projects Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 14 Maintenance Management The Maintenance Team ◦ System administrator: Manages computer and network systems ◦ Systems analysts - Investigate and locate the source of a problem using analysis and synthesis skills ◦ Programmers - Include applications programmers, systems programmers, and database programmers ◦ Organizational issues Organizations have groups that perform maintenance and new systems development May rotate people from one assignment to the other Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 15 Maintenance Management (Cont. 1) FIGURE 12-9 LISA seeks to establish standards of professional conduct for its members. Source: ©2014 The USENIX Association Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 16 Maintenance Management (Cont. 2) Maintenance Requests ◦ Involve a series of steps Initial determination Consideration by the systems review committee Task completion and user notification Establishing Priorities ◦ Systems review committees may either separate maintenance requests from new systems development requests or evaluate all projects together ◦ Objective - To have a procedure that balances new development and necessary maintenance work Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 17 Maintenance Management (Cont. 3) Configuration Management or Change Control (CC) ◦ Controls changes in system requirements during software development ◦ Becomes critical as enterprise-wide information systems grow more complex Important to systems with multiple versions running in different hardware and software environments ◦ Helps in organizing and handling documentation Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 18 Maintenance Management (Cont. 4) Maintenance Releases ◦ Documents and installs changes as a new version ◦ Maintenance release methodology: Retains all noncritical changes and implements them simultaneously Advantage - All changes are tested together, resulting in fewer versions and lesser expense Disadvantage - New features of upgrades are available less often ◦ Service packs: Maintenance releases provided by commercial software suppliers Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 19 Maintenance Management (Cont. 5) Version Control ◦ Process of tracking system releases or versions Prior release is archived and restored in case the new version fails ◦ Firms use commercial applications that handle version control for complex systems Baselines ◦ Measure system characteristics at a specific time ◦ Types - Functional, allocated, and product Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 20 Maintenance Management (Cont. 6) Figure 12-13 Git is a popular free version control system. Source: git-scm.com Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 21 System Performance Management Fault Management ◦ Includes monitoring the system for signs of trouble, logging all system failures, diagnosing the problem, and applying corrective action Figure 12-14 The Activity Monitor application on Apple’s Mac OS X displays CPU, memory, energy, disk, and network activity of all running applications in real time. Source: Apple Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 22 System Performance Management (Cont. 1) Performance and Workload Measurement ◦ System performance is measured using benchmark testing and metrics ◦ Response time: Overall time between a request for system activity and the delivery of the response ◦ Bandwidth and throughput Can be measured in Kbps (kilobits per second), Mbps (megabits per second), and Gbps (gigabits per second) ◦ Examples of standards of metrics Arrivals - Number of items that appear on a device Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or during a given observation time duplicated, or posted to a publicly accessible website, in whole or in part. 23 System Performance Management (Cont. 2) Queue length - Number of requests pending for a service ◦ Turnaround time: Applies to centralized batch processing operations Measures the time between submitting a request for information and the fulfillment of the request Used to measure the quality of IT services Management uses current performance and workload data as input for the capacity planning process Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 24 System Performance Management (Cont. 3) Capacity Planning ◦ Monitors current activity and performance levels ◦ Anticipates future activity and forecasts resources required to provide desired levels of service ◦ Uses what-if analysis What-if analysis: Varies one or more elements to study their effect on other elements ◦ Requires: Detailed information An accurate forecast of future business activities ◦ Objective - To develop contingency plans based on input from users and management Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 25 System Performance Management (Cont. 4) Figure 12-16 In this Goal Seek example, the user wants to know the effect on processing time if the number of daily transactions increases from 3,840 to 9,000. Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 26 System Performance Management (Cont. 5) System Maintenance Tools ◦ Many CASE tools include system evaluation and maintenance features ◦ Spreadsheet and presentation software can be used to calculate trends, perform what-if analyses, and create charts and graphs Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 27 System Security Overview Security is a vital part of every computer system System Security Concepts ◦ CIA triangle: Shows the main elements of system security Elements are used to develop a security policy Figure 12-18 System security must provide information confidentiality, integrity, and availability (CIA). Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 28 System Security Overview (Cont. 1) Risk Management: Involves: ◦ Risk identification List and classify assets and analyze possible threats Identify vulnerabilities and how they might be exploited ◦ Risk assessment Risks need to be calculated and prioritized ◦ Risk control Strategies - Avoidance, Figure 12-19 Risk management requires continuous risk identification, assessment, mitigation, transference, and control. and acceptance Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 29 System Security Overview (Cont. 2) Figure 12-20 System threats can be grouped into several broad categories. Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 30 System Security Overview (Cont. 3) Figure 12-21 IT security professionals have names for various types of attackers. Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 31 System Security Overview (Cont. 4) Figure 12-22 Attacks can take many forms, as this table shows. IT security managers must be able to detect these attacks and respond with suitable countermeasures. Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 32 System Security Overview (Cont. 5) Figure 12-22 Attacks can take many forms, as this table shows. IT security managers must be able to detect these attacks and respond with suitable countermeasures. Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 33 System Security Overview (Cont. 6) Figure 12-22 Attacks can take many forms, as this table shows. IT security managers must be able to detect these attacks and respond with suitable countermeasures. Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 34 Security Levels System security involves six separated but interrelated levels Figure 12-23 Each security link has a specific focus, and the overall chain is only as strong as the weakest link. Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 35 Security Levels (Cont. 1) Physical Security ◦ Operations center security - Each entrance must be equipped with a suitable security device ◦ Servers and desktop computers Install locks on server racks to avoid unauthorized placement of keystroke loggers Tamper evident cases and BIOS-level passwords can be used Figure 12-24 Companies use biometric scanning to analyse the features of the eye’s iris, which has more than 200 points that can be measured and used for comparison. Andy Piatt/Shutterstock.com Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 36 Security Levels (Cont. 2) ◦ Portable computers Select an operating system with strong protection Mark the computer’s case with the company name and address Consider devices that have a built-in fingerprint reader and use the Universal Security Slot (USS) if available Back up all vital data before using the computer outside the office and link the system to a tracking software Be alert to high-risk situations while traveling Establish stringent password protection policies Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 37 Security Levels (Cont. 3) Network security ◦ Encrypt network traffic Encryption techniques - Private key encryption and public key encryption (PKE) ◦ Wireless networks - WPA2 strengthens the level of wireless protection ◦ Private networks can be used when speed is necessary ◦ Virtual Private Networks (VPN) establish secure connections for a large number of computers Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 38 Security Levels (Cont. 4) ◦ Ports and services can be affected by port scans and denial of service (DOS) attacks A port routes incoming traffic to the correct application and a service monitors a particular port ◦ Firewalls allow or block network traffic from each network interface based on preset rules ◦ Network intrusion detection system (NDIS) alerts the administrator when it detects suspicious network traffic patterns Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 39 Security Levels (Cont. 5) Figure 12-28 The upper screen shows an example of unencrypted text, which contains a visible password. In the lower screen, the encrypted text cannot be read. Figure 12-31 Examples of rules that determine whether the firewall will allow traffic to pass. Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 40 Security Levels (Cont. 6) Application Security ◦ Services that are not needed must be disabled Unnecessary or improperly configured service could create a security hole ◦ Hardening: Removes unnecessary accounts, services, and features ◦ Application permissions To provide unauthorized changes applications must be configured to be run by users who have specific rights ◦ Input validation helps safeguard data integrity and security Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 41 Security Levels (Cont. 7) ◦ Patches and updates - Used to repair security holes, reduce vulnerabilities, and update the system ◦ Software logs document all events Help understand past attacks and prevent future intrusions File Security ◦ Encryption - Scrambles the contents of a file or document to protect it from unauthorized access ◦ Permissions - Describe the rights a user has to a particular file or directory on a server ◦ Administrators can create user groups and assign file permissions Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 42 Security Levels (Cont. 8) User Security ◦ Identity management: Controls and procedures necessary to identify legitimate users and system components Strategy must balance technology, security, privacy, cost, and user productivity ◦ Password protection Password policies need to specify a set minimum length, complexity, and a limit on invalid attempts ◦ Social engineering: Intruder uses social interaction to gain unauthorized access to a computer system Includes pretexting Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 43 Security Levels (Cont. 9) ◦ User resistance Users need to understand and be a part of the organization’s commitment to security ◦ New technologies can be used to enhance security and prevent unauthorized access Figure 12-33 Security tokens, which come in various forms, can provide an additional level of security. Lim Yong Hian/Shutterstock.com Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 44 Security Levels (Cont. 10) Procedural Security (Operational Security) ◦ Defines how particular tasks are to be performed ◦ Includes safeguarding procedures that would be valuable to an attacker ◦ Organization must explain procedures and issue reminders that will make security issues a priority Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 45 Backup and Recovery Backup Policies ◦ Backup media: Includes tape, hard drives optical and online storage Offsiting: Storing backup away from the business location Cloud-based storage is growing rapidly ◦ Types - Full, differential, incremental, and continuous ◦ Retention periods: Backups are stored for a specific time beyond which they are either destroyed or reused Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 46 Backup and Recovery (Cont. 1) Figure 12-34 Comparison of full, differential, incremental, and continuous backup methods. Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 47 Backup and Recovery (Cont. 2) Business Continuity Issues ◦ A disaster recovery plan should be created along with a test plan Often part of a business continuity plan (BCP) BCP: Defines how critical business functions can continue during a major disruption Specifies the use of a hot site, which requires data replication Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 48 System Obsolescence Factors indicating obsolescence ◦ Adaptive and corrective maintenance are increasing steadily ◦ Operational costs or execution times are increasing rapidly ◦ A software package is available that provides the same or additional services more efficiently ◦ New technology offers a way to perform the same or additional functions more efficiently ◦ Maintenance changes or additions are difficult and expensive to perform ◦ Users request significant new features Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 49 Future Challenges and Opportunities Trends and Predictions ◦ Cybercrime will increase significantly ◦ Smartphones and tablets will become the dominant computing platform ◦ Software-as-a-service will become the norm, which will affect business models and consumer costs ◦ Cloud computing will become the principal computing infrastructure for the enterprise ◦ Insourcing will increase due to economic factors ◦ Large enterprises may require suppliers to certify their green credentials and sourcing policies Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or 50 duplicated, or posted to a publicly accessible website, in whole or in part. Future Challenges and Opportunities (Cont. 1) Strategic Planning for IT Professionals ◦ System analysts should work backwards from goals in order to develop intermediate milestones IT Credentials and Certification ◦ Professional organizations and IT industry leaders offer continuing educational courses and credentialed certifications Critical Thinking Skills and CyberEthics ◦ System analysts should: Possess soft skills and critical thinking skills Be able to address ethical, social, and legal aspects of IT Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 51 Future Challenges and Opportunities (Cont. 2) Figure 12-37 ISTQB has created a very successful scheme for certifying software testers worldwide. Source: ISTQB Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 52 Chapter Summary Systems support and security cover the period from the implementation of an information system until the system no longer is used Corrective, adaptive, perfective and preventative are types of system maintenance A maintenance team consists of systems analysts and programmers Configuration management and system performance measurements are necessities of maintenance management Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 53 Chapter Summary (Cont.) Security is a vital part of every computer system Risk management identifies, analyzes, anticipates and reduces risk to an acceptable level Data backup and recovery plans are essential All information systems eventually become obsolete Intense competition is predicted in the future IT professionals should have a strategic Copyright ©2017 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 54
