1 / 44

Managing Systems Support & Security

Managing Systems Support & Security. Learning Objectives. Explain how the systems operation, support, and security phase relates to the overall system development process Describe user support activities, including user training and help desks Discuss the four main types of system maintenance

noel
Download Presentation

Managing Systems Support & Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Managing Systems Support & Security

  2. Learning Objectives • Explain how the systems operation, support, and security phase relates to the overall system development process • Describe user support activities, including user training and help desks • Discuss the four main types of system maintenance • Explain various techniques for managing systems operation and support

  3. Learning Objectives • Describe techniques for measuring, managing, and planning system performance • Assess system security at five levels: physical security, network security, application security, file security, and user security • Describe backup and disaster recovery policies and methods • List factors indicating that a system has reached the end of its useful life • Assess future challenges for IT professionals as technology reshapes the workplace

  4. Introduction • Now that the system is operational, the IT staff members must assure that it meets user expectations, supports business objectives, and is secure • More than half of all IT department effort goes into supporting existing systems and making them more valuable to users

  5. Overview of Systems Support and Maintenance • The systems operation, support, and security begins when a system becomes operational and continues until the system reaches the end of its useful life • After delivering the system, the analyst has two other important tasks: he or she must support users and provide necessary maintenance to keep the system operating properly

  6. User Support Activities • User Training • Additionally, new employees must be trained on the company’s information systems • Training users about system changes is similar to initial training

  7. User Support Activities • Help Desk • Often called an information center (IC) • Enhance productivity and improve utilization of a company’s information resources

  8. User Support Activities • Help Desk • Might have to perform tasks such as the following: • Show a user how to create a data query or report that displays specific business information • Resolve network access or password problems • Demonstrate an advanced feature of a system or a commercial package • Help a user recover damaged data • Offer tips for short cuts to enhance efficiency • And others

  9. User Support Activities • Online Chat Support • Interactive support also can be delivered in the form of an online chat • Blackboard provides a chat room called a Virtual Classroom, which is an online meeting-place where students can ask questions and interact with an instructor • FAQs

  10. Maintenance Activities • The systems operation, support and security phase is an important component of TCO (total cost of ownership) because ongoing maintenance expenses can determine the economic life of a system • Operational costs • Maintenance expenses • Maintenance activities

  11. Maintenance Activities • Four types of maintenance task can be identified • Corrective maintenance • Diagnoses, identifies and corrects errors (HW & SW)in operational system • Adaptive maintenance • Add new features (reports, links, etc) to make the system easier to use • Perfective maintenance • Changing system to make it more efficient, reliable or maintainable • Preventative maintenance • Involves analysis of problematic areas and take precautions to minimize system downtime or failure.

  12. Maintenance Activities • Four types of maintenance task can be identified

  13. Managing Systems Support • Maintenance Team • System administrator • Systems analysts • Analysis • Synthesis • Programmers • Applications programmer • Systems programmer • Database programmer • Programmer/analyst

  14. Managing Systems Support • Managing Maintenance Requests • Involves a number of steps • Maintenance request • Initial determination • Role of the systems review committee (decision) • Completion of the maintenance work • User notification (feedback)

  15. Managing Systems Support • Establishing Priorities • In many companies, systems review committee separates maintenance requests from new systems development requests • Many IT managers believe that evaluating all projects together leads to the best possible decisions • Neither approach guarantees an ideal allocation between maintenance and new systems development

  16. Managing Systems Support • Configuration Management • Configuration management (CM) • Controlling changes in system requirements during software development and after system has become operational • As enterprise-wide information systems grow more complex, configuration management becomes critical • Most maintenance projects require documentation changes • Documents must be complete & updated with changes made to system

  17. Managing Systems Support • Maintenance Releases • Maintenance release methodology to ensure each change is documented as a new version (maintenance release) • A numbering pattern distinguishes the different releases (a form of coding) • All non critical changes are tested & implemented at one tome to reduce the documentation burden • This approach, however, means new features or upgrades are available less often (less responsive to users’ requests) • Service packs maintenance releases from commercial software vendors)

  18. Managing Systems Support • Version Control to track system releases or versions • Archived • Systems librarian • Companies can purchase software from vendors with version control, such as Serena

  19. Managing Systems Support • Baseline • Systems analysts use baselines as yardsticks to document features and performance during the systems development process • Functional baseline • System configuration (necessary requirements & constraints) at beginning of project • Allocated baseline • Identifies changes to designstage since functional baseline • Product baseline • Describes system at beginning of system operation stage

  20. Managing System Performance • Performance and Workload Measurement • Benchmark testing (measured against a set of standards or performance measures called metrics) • Response time to user’s query or request • Bandwidth (data transferred in bits per second) and throughput (actual data transferred in bits per second). Other transfer rates are: • Kbps (kilobits per second) • Mbps (megabits per second) • Gbps (gigabits per second)

  21. Managing System Performance • Performance and Workload Measurement • Turnaround time • Time between submitting request or data to request fulfilled or processed • The IT department often measures response time, bandwidth, throughput, and turnaround time to evaluate system performance both before and after changes to the system or business information requirements • Management uses current performance and workload data as input for the capacity planning process

  22. Managing System Performance • Capacity Planning – to monitor current activity & performance levels, anticipated future activity & forecast resources needed • What-if -analysis • You need detailed information about the number of transactions; the daily, weekly, or monthly transaction patterns; the number of queries; and the number, type, and size of all generated reports

  23. Managing System Performance • System Maintenance Tools • Many CASE tools include system evaluation and maintenance features • In addition to CASE tools, you also can use spreadsheet and presentation software to calculate trends, perform what-if analyses, and create attractive charts and graphs to display the results

  24. System Security • Risk identification & management • Threats to system • Assess probability & potential losses • Mitigation measures • Physical Security • First level of security concerns the physical environment • Computer room • Computer room security • Biometric scanning systems • CCTV • Motion sensor

  25. System Security • Physical Security • Servers and desktop computers • Keystroke logger • Records all keystrokes • Tamper-evident cases • To detect security breach (unlocking computer) • BIOS-level password or boot-level password or power-on password • Uninterruptible power supply (UPS)

  26. System Security • Physical Security • Notebook computers • Select an operating system that allows secure logons and BIOS-level passwords • Mark or engrave the computer’s case • Consider notebook models that have a built-in fingerprint reader • Universal Security Slot (USS) to fasten to a cable or a laptop alarm • Back up all vital data

  27. System Security • Physical Security • Notebook computers • Use tracking software to direct laptop to tracking centre • While traveling, try to be alert to potential high-risk situations • Establish stringent password protection policies

  28. System Security • Network Security • Encrypting network traffic • Public key (PKE) • Private key • Wireless network • Wi-Fi Protected Access (WPA) • Wired Equivalent Privacy (WEP) • WPA2

  29. System Security • Network Security • Private networks • Private network • Virtual private networks • Virtual private network (VPN) that uses a special key exchange to check authenticity of user • Tunnel is a secure network connection

  30. System Security • Network Security • Ports and services • Port identified as a number to facilitate routing of data or messages to the correct application on a computer • Service is an application that monitors a particular port • Port scans to detect services running on a computer and possible weaknesses of ports • Denial of service (DOS) –repeated requests for services to jam a particular server • Distributed denial of service (DDOS) – multiple attacking computers

  31. System Security • Network Security • Firewalls • A main line of defense between a local network or intranet and the Internet • Firewalls can be configured to detect and respond to DOS attacks, port scans, and other suspicious activity

  32. System Security • Network Intrusion Detection system to detect suspicious network pattern • Application Security • Services • Security hole ( a breach in security to hacker) • Administrator – super-user • Permissions or access control matrix • Input validation • Patches and updates • Patches are software modules to repair service holes • Be careful with automatic update service • Software or transaction log to ducument system activities

  33. System Security • User Security • Privilege escalation attack • Attempt to increase access permission levels • Password protection • Social engineering where intruder uses social interaction to gain personal information to gain access to system, e.g., pretexting obtain information under false pretenses • Procedural security, e.g., guard garbage against “dumpster diving” and use paper shredders

  34. Backup and Disaster Recovery • Backup Options • Backup policy • Backup media • Physical storage store in secured locations, e.g., in different building or locations (offsiting)

  35. Backup and Disaster Recovery • Backup Options • Schedules • Full backup of every file • Differential backup, i..e, back up files that are new or changed since last back up • Incremental backup, i.e., only includes files never have been backed up by any method • Continuous back up using RAID systems that provides real time back up (mirrors data files) • Retention periods

  36. Backup and Disaster Recovery • Disaster Recovery Issues • Hot site that mirrors the primary system through data replication • Companies that require a hot site view it as a justifiable and necessary business expense, whether or not it ever is needed

  37. System Obsolescence • Even with solid support, at some point every system becomes obsolete • Signs: • The system’s maintenance history indicates that adaptive and corrective maintenance is increasing steadily • Operational costs or execution times are increasing rapidly, and routine perfective maintenance does not reverse or slow the trend

  38. System Obsolescence • Signs: • A software package is available that provides the same or additional services faster, better, and less expensively than the current system • New technology offers a way to perform the same or additional functions more efficiently • Maintenance changes or additions are difficult and expensive to perform

  39. System Obsolescence • Signs: • Users request significant new features to support business requirements

  40. Facing the Future: Challenges and Opportunities • Predictions • It is clear that companies will continue to face intense competition and global change, especially in the wake of economic, social, and political uncertainty • Although disruptions will occur, technology advances will spur business growth and productivity • In fact technology is moving so fast that humans may be left behind • What does seem clear is that the future world of IT must be envisioned, planned, and created by skilled professionals

  41. Strategic Planning for IT Professionals • An IT professional should think of himself or herself as a business corporation that has certain assets, potential liabilities, and specific goals • Credentials • Certification • Many other IT industry leaders offer certification, including Cisco, Novell, Oracle, and Sun Microsystems

  42. Summary • Systems operation, security, and support covers the entire period from the implementation of an information system until the system no longer is used • A systems analyst’s primary involvement with an operational system is to manage and solve user support requests

  43. Summary • Systems analysts need the same talents and abilities for maintenance work as they use when developing a new system • Configuration management is necessary to handle maintenance requests • System performance measurements include response time, bandwidth, throughput, and turnaround time • All information systems eventually become obsolete

  44. Summary • An IT professional should have a strategic career plan that includes long-term goals and intermediate milestones • An important element of a personal strategic plan is the acquisition of IT credentials and certifications that document specific knowledge and skills

More Related