44
CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1

CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Embed Size (px)

Citation preview

Page 1: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

CHAPTER 12SECURING AND

SUPPORTING THE SYSTEM

1

Page 2: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Phase Description

• Systems Operation, Support, and Security is the final phase in the systems development life cycle• You will support and maintain the system,

handle security issues, protect the integrity of the system and its data, and be alert to any signs of obsolescence• The deliverable for this phase is an

operational system that is properly maintained, supported, and secured

2

Page 3: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Chapter Objectives • Explain the systems support and security phase• Describe user support activities, including user

training and help desks• Define the four types of maintenance• Explain various techniques for managing

systems maintenance and support• Describe techniques for measuring, managing,

and planning system performance• Explain risk management concepts• Assess system security at six levels: physical

security, network security, application security, file security, user security, and procedural security

3

Page 4: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Chapter Objectives

•Describe backup and disaster recovery•List factors indicating that a system has

reached the end of its useful life•Assess future challenges and

opportunities for IT professionals•Develop a strategic plan for career

advancement and strong IT credentials

4

Page 5: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Introduction

• Managing systems support and security involves three main concerns: user expectations, system performance, and security requirements• Successful, robust systems often need the

most support• In most organizations, more than half of

all IT department effort goes into supporting existing systems

5

Page 6: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Overview

•The systems operation, support, and security phase begins when a system becomes operational and continues until the system reaches the end of its useful life

•After delivering the system, the IT team focuses on support and maintenance tasks

6

Page 7: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

User Support

User Training– Additionally, new employees must be trained

on the company’s information systems–User training package– Training users about system changes is similar

to initial training– Objective is to show users how the system can

help them perform their jobs

7

Page 8: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

User Support•Help Desks

▫Helpdesk is a centralized resource staff by IT professionals who provides users with he support they need to do their jobs

▫Enhance productivity and improve utilization of a company’s information resources

▫The help desk is a central contact point for all IT maintenance activities

▫Can utilize many types of automated support

8

Page 9: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Maintenance Tasks

9

Page 10: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Maintenance Tasks•Four classification of maintenance

activities:• Corrective Maintenance

▫Diagnoses and corrects errors in an operational system

▫Respond to errors in various ways, depending on nature

▫Worst-case situation is a system failure▫When the system is operational again, the

maintenance team determines the cause, analyzes the problem, and designs a permanent solution

10

Page 11: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Maintenance Tasks

•Adaptive Maintenance▫Adds enhancements to an operational

system and makes the system easier to use▫The procedure for minor adaptive

maintenance is similar to routine corrective maintenance

▫Can be more difficult than new systems development because the enhancements must work within the constraints of an existing system

11

Page 12: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Maintenance Tasks• Perfective Maintenance– Involves changing an operational system to

make it more efficient, reliable and maintainable–Cost-effective during the middle of the system’s

operational life–Programs that need a large number of

maintenance changes usually are good candidates for reengineering

–The more a program changes, the more likely it is to become inefficient and difficult to maintain

12

Page 13: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Maintenance Tasks

•Preventive Maintenance▫Requires analysis of areas where trouble is

likely to occur▫IT department normally initiates preventive

maintenance▫Often results in increased user satisfaction,

decreased downtime, and reduced TCO▫Sometimes does not receive the high

priority that it deserves

13

Page 14: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Maintenance Management

• The Maintenance Team▫System administrator▫Systems analysts▫Programmers▫Organizational issues

14

Page 15: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Maintenance Management

•Maintenance Requests▫Involve a series of steps▫All work must be covered by a specific

request Initial determination The systems review committee Task completion User notification

15

Page 16: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Maintenance Management

•Establishing Priorities▫In many companies, systems review

committee separates maintenance requests from new systems development requests

▫Some IT managers believe that evaluating all projects together leads to the best possible decisions

▫Object is to have a procedure that balances new development and necessary maintenance work

16

Page 17: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Maintenance Management• Configuration Management

▫ Configuration management (CM) /change control (CC) is a process for controlling changes in the system requirements during software development

▫As enterprise-wide information systems grow more complex, configuration management becomes critical

▫Also helps to organize and handle documentation

17

Page 18: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Maintenance Management• Maintenance Releases

▫ Each change is documented and installed as new version of the system

▫A numbering pattern distinguishes the different releases

▫Reduces the documentation burden▫Service packs-software maintenance release

• Version Control▫ Process of tracking system release or versions▫When new version of system is installed, the

prior release is Archived ▫Essential part of system documentation

18

Page 19: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Maintenance Management• Baselines

▫Is a formal reference point that measures system characteristics at a specific time

▫Systems analysts use baselines as yardsticks to document features and performance during the systems development process

▫Functional baseline-is the configuration of the system documented at the beginning of the project

▫Allocated baseline-documents the system at the end of the design phase and identifies any changes sine the functional baseline

▫Product baseline-describes the system at the beginning of system operation.

19

Page 20: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

System Performance Management

• Fault Management▫Detect and resolve operational problems as

quickly as possible▫The more complex the system, the more difficult

it can be to analyze symptoms and isolate a cause

▫The best strategy is to prevent problems by monitoring system performance and workload

20

Page 21: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

System Performance Management• Performance and Workload Measurement

▫ Benchmark testing-uses a set of standard tests to evaluate system performance and capacity

▫ Metrics –can monitor the number of transactions processed in a given time period, the number of record accessed and the volume of online data

▫ Network performance metrics: Response time

Is the overall time between a request for system activity and the delivery of the response

Bandwidth and throughput Bandwidth describes the amount of data that the system can transfer

in a fixed time period▫ Kbps (kilobits per second)▫ Mbps (megabits per second)▫ Gbps (gigabits per second)

Throughput-measures actual system performance under specific circumstances and s affected by network load and hardware efficiency.

21

Page 22: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

System Performance Management• Turnaround time– Measures the time between submitting a request

from information and the fulfillment of the request– The IT department often measures response time,

bandwidth, throughput, and turnaround time to evaluate system performance both before and after changes to the system or business information requirements

– Management uses current performance and workload data as input for the capacity planning process

22

Page 23: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

System Performance Management• Capacity Planning

▫ Process that monitors current activity and performance levels, anticipates future activity and forecast the resources needed to provide desired levels of service.

▫ What-if analysis-allow you to vary one or more elements in a model in order to measure the effect on other elements

▫ Need detailed information▫ Need an accurate forecast of future business

activities▫ Should develop contingency plans based on input

from users and management

23

Page 24: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

System Performance Management

• System Maintenance Tools▫Many CASE tools include system evaluation

and maintenance features▫In addition to CASE tools, you also can use

spreadsheet and presentation software to calculate trends, perform what-if analyses, and create attractive charts and graphs to display the results

24

Page 25: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

System Security Overview• Security is a vital part of

every computer system• Security protect the

system and keep it safe free from danger and reliable.

• System Security Concepts▫ CIA triangle-three main

element of system security: Confidentiality Integrity Availability

▫ Security policy

25

Page 26: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

System Security Overview

• Risk Management▫ Absolute security is not a

realistic goal▫ Risk identification -

exploit▫ Risk assessment - risk▫ Risk control

Avoidance, mitigation, transference, acceptance

26

Page 27: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

System Security Overview

•Attacker Profiles and Attacks▫An attack is a hostile act that targets the

system or the company itself.▫An attack might be launched by a

disgruntled employee, or a hacker who is 10,000 miles away

▫Attackers break into a system to cause damage, steal information, or gain recognition, among other reasons

27

Page 28: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Security Levels

28

Page 29: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Security Levels• Must consider six separate but interrelated

levels• Physical Security– First level of security concerns the physical

environment– Physical access to a computer represents an

entry point into the system and must be controlled and protected

▫Operations center security▫Servers and desktop computers▫Notebook computers

29

Page 30: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Security Levels• Network Security

Network is defined as two or more devices that are connected

Network interface-combination of h/w and s/w that allows the computer to interact with the network

To provide security for network traffic,data can be Encrypted

▫Encrypting network traffic

30

Page 31: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Security Levels• Network Security

▫Wireless networks WEP WPA

▫ Private networks▫Virtual private networks

tunnel▫Ports and services

Port scan Denial of service

▫Firewalls▫Network intrusion detection

31

Page 32: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Security Levels

•Application Security▫Services▫Hardening▫Application permissions▫Input validation▫Patches and updates▫Software Logs

32

Page 33: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Security Levels

•File Security▫encryption▫Permissions

Read a file Write a file Execute a file Read a directory Write a directory

▫User Groups

33

Page 34: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Security Levels

• User Security▫User resistance▫Identity management▫Password protection▫Social engineering▫New technologies

34

Page 35: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Security Levels

• Procedural Security▫Operational security▫Dumpster diving▫Paper shredders

35

Page 36: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Backup and Disaster Recovery

• Backup refers to copying data at prescribed intervals or continuously

• Recovery involves restoring the data and restating the system after an interruption

• Backup Policies▫Backup policy contains detailed instructions

and procedures.▫Should specify:

Backup media Rotation schedule Offsiting

Backup Types Retention periods

36

Page 37: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

37

Page 38: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Backup and Disaster Recovery•Business Continuity Issues

▫Test plan▫Business continuity plan (BCP)▫Hot site▫Data replication▫Business insurance

38

Page 39: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

System Obsolescence• At some point every system becomes obsolete• Systems operation and support continues until a

replacement system is installed• A system become obsolete when it no longer supports user

needs or when he platform become outmoded.• Signs :

▫ The system’s maintenance history indicates that adaptive and corrective maintenance are increasingly steady

▫ Operational costs or execution times are increasingly rapidly, and routine perfective maintenance does not reverse or slow the trend.

▫ A software package is available that provides the same or additional services faster, better and less expensively than the current system

▫ New technology offers a way to perform the same or additional functions more efficiently

▫ Maintenance changes or additions are difficult and expensive to perform

▫ User request significant new features to support business requirements

39

Page 40: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Future Challenges and Opportunities

•Strategic planning for IT professionals▫Working backwards from your long-term

goals, you can develop intermediate mile stones and begin to manage your career just as you would manage an IT project

▫Planning a career is not unlike planting a tree that takes several years to reach a certain height

40

Page 41: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Future Challenges and Opportunities• IT Credentials and Certification

▫Credentials▫Certification▫In addition to Microsoft, many other IT

industry leaders offer certification, including Cisco, Novell, Oracle, and Sun Microsystems

• Critical thinking skills

41

Page 42: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Chapter Summary

• Systems support and security covers the entire period from the implementation of an information system until the system no longer is used

• A systems analyst’s primary involvement with an operational system is to manage and solve user support requests

• Systems analysts need the same talents and abilities for maintenance work as they use when developing a new system

• Security is a vital part of every computer system

42

Page 43: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Chapter Summary

• All information systems eventually become obsolete• An IT professional should have a strategic

career plan that includes long-term goals and intermediate milestones• An important element of a personal

strategic plan is the acquisition of IT credentials and certifications that document specific knowledge and skills

43

Page 44: CHAPTER 12 SECURING AND SUPPORTING THE SYSTEM 1. Phase Description Systems Operation, Support, and Security is the final phase in the systems development

Review Questions1. Describe four classification of maintenance and

provide an example of each type.2. What is configuration management and why is

it important?3. What is release methodology?4. What is purpose of version control?5. Explain three main elements of system security.6. What are the six security level?7. List six indications that an information system

is approaching obsolesces.

44