Systems Analysis & Design

7th Edition

Chapter 11

Phase Description
Systems Operation, Support, and Security is the final phase in the systems development life cycle (SDLC) You will be supporting a functioning information system You continuously will access and improve the system, and you will be alert to any signs of obsolescence You will also address multi-level security issues
2

Chapter Objectives
Explain how the systems operation, support, and security phase relates to the overall system development process Describe user support activities, including user training and help desks Discuss the four main types of system maintenance

Chapter Objectives
Explain various techniques for managing systems operation and support Describe techniques for measuring, managing, and planning system performance Assess system security at five levels: physical security, network security, application security, file security, and user security

Chapter Objectives
Describe backup and disaster recovery policies and methods List factors indicating that a system has reached the end of its useful life Assess future challenges for IT professionals as technology reshapes the workplace

Introduction
Now that the system is operational, the IT staff members must assure that it meets user expectations, supports business objectives, and is secure More than half of all IT department effort goes into supporting existing systems and making them more valuable to users

Overview of Systems Support and Maintenance

The systems operation, support, and security begins when a system becomes operational and continues until the system reaches the end of its useful life After delivering the system, the analyst has two other important tasks: he or she must support users and provide necessary maintenance to keep the system operating properly
7

User Support Activities

User Training Additionally, new employees must be trained on the companys information systems Training users about system changes is similar to initial training
8

User Support Activities

Help Desk Often called an information center (IC) Enhance productivity and improve utilization of a companys information resources

User Support Activities

Help Desk Might have to perform the following tasks:
Show a user how to create a data query or report that displays specific business information Resolve network access or password problems Demonstrate an advanced feature of a system or a commercial package Help a user recover damaged data

10

User Support Activities

Online Chat Support Interactive support also can be delivered in the form of an online chat Blackboard provides a chat room called a Virtual Classroom, which is an online meeting-place where students can ask questions and interact with an instructor

11

Maintenance Activities
The systems operation, support and security phase is an important component of TCO (total cost of ownership) because ongoing maintenance expenses can determine the economic life of a system Operational costs Maintenance expenses Maintenance activities

12

Maintenance Activities
Four types of maintenance task can be identified Corrective maintenance Adaptive maintenance Perfective maintenance Preventative maintenance

13

Maintenance Activities
Four types of maintenance task can be identified

14

Managing Systems Support

Maintenance Team System administrator Systems analysts
Analysis Synthesis

15

Managing Systems Support

Maintenance Team Programmers
Applications programmer Systems programmer Database programmer Programmer/analyst

16

Managing Systems Support

Managing Maintenance Requests Involves a number of steps
Maintenance request Initial determination Role of the systems review committee Completion of the work User notification
17

Managing Systems Support

Establishing Priorities In many companies, systems review committee separates maintenance requests from new systems development requests Many IT managers believe that evaluating all projects together leads to the best possible decisions Neither approach guarantees an ideal allocation between maintenance and new systems development
18

Managing Systems Support

Configuration Management Configuration management (CM) As enterprise-wide information systems grow more complex, configuration management becomes critical Most maintenance projects require documentation changes

19

Managing Systems Support

Maintenance Releases Maintenance release methodology A numbering pattern distinguishes the different released Reduces the documentation burden But new features or upgrades are available less often Service packs

20

Managing Systems Support

Version Control Archived Systems librarian Companies can purchase software such as Serena

21

Managing Systems Support

Baseline Systems analysts use baselines as yardsticks to document features and performance during the systems development process Functional baseline Allocated baseline Product baseline

22

Managing System Performance

Performance and Workload Measurement Metrics Response time Bandwidth and throughput
Kbps (kilobits per second) Mbps (megabits per second) Gbps (gigabits per second)

23

Managing System Performance

Performance and Workload Measurement Turnaround time
The IT department often measures response time, bandwidth, throughput, and turnaround time to evaluate system performance both before and after changes to the system or business information requirements Management uses current performance and workload data as input for the capacity planning process

24

Managing System Performance

Capacity Planning What-if analysis You need detailed information about the number of transactions; the daily, weekly, or monthly transaction patterns; the number of queries; and the number, type, and size of all generated reports

25

Managing System Performance

System Maintenance Tools Many CASE tools include system evaluation and maintenance features In addition to CASE tools, you also can use spreadsheet and presentation software to calculate trends, perform what-if analyses, and create attractive charts and graphs to display the results

26

System Security
Physical Security First level of security concerns the physical environment Computer room Computer room security
Biometric scanning systems Motion sensor

27

System Security
Physical Security Servers and desktop computers
Keystroke logger Tamper-evident cases BIOS-level password Boot-level password Power-on password

28

System Security
Physical Security Notebook computers
Select an operating system that allows secure logons and BIOS-level passwords Mark or engrave the computers case Consider notebook models that have a built-in fingerprint reader Universal Security Slot (USS) Back up all vital data

29

System Security
Physical Security Notebook computers
Use tracking software While traveling, try to be alert to potential high-risk situations Establish stringent password protection policies

30

System Security
Network Security Network Network interface Encrypted Encrypting network traffic
Unencrypted plain text Public key encryption (PKE)

31

System Security
Network Security Encrypting network traffic
Public key Private key Wi-Fi Protected Access (WPA) Wired Equivalent Privacy (WEP) WPA2

32

System Security
Network Security Private networks
Private network

Virtual private networks

Virtual private network (VPN) Tunnel

33

System Security
Network Security Ports and services
Port Destination port Service Port scans Denial of service (DOS) Distributed denial of service (DDOS)

34

System Security
Network Security Firewalls
Firewalls can be configured to detect and respond to DOS attacks, port scans, and other suspicious activity

35

System Security
Application Security Services
Security hole Administrator super-user Permissions

Input validation Patches and updates

Patches Third-party software Automatic update service
36

System Security
Application Security Patches and updates
Exploits Patches Third-party software Automatic update service

File Security Permissions User Groups

37

System Security
User Security Privilege escalation attack Identity management Password protection Social engineering
Pretexting

User resistance

38

Backup and Disaster Recovery

Backup Options Backup policy Backup media
Rotation schedule Offsiting

39

Backup and Disaster Recovery

Backup Options Schedules
Full backup Incremental backup

Retention periods

40

Backup and Disaster Recovery

Disaster Recovery Issues Hot site Data replication Companies that require a hot site view it as a justifiable and necessary business expense, whether or not it ever is needed

41

System Obsolescence
Even with solid support, at some point every system becomes obsolete Signs: 1. The systems maintenance history indicates that adaptive and corrective maintenance is increasing steadily 2. Operational costs or execution times are increasing rapidly, and routine perfective maintenance does not reverse or slow the trend
42

System Obsolescence
Signs: 3. A software package is available that provides the same or additional services faster, better, and less expensively than the current system 4. New technology offers a way to perform the same or additional functions more efficiently 5. Maintenance changes or additions are difficult and expensive to perform
43

System Obsolescence
Signs: 6. Users request significant new features to support business requirements

44

Facing the Future: Challenges and Opportunities

Predictions It is clear that companies will continue to face intense competition and global change, especially in the wake of economic, social, and political uncertainty Although disruptions will occur, technology advances will spur business growth and productivity

45

Facing the Future: Challenges and Opportunities

Predictions It is interesting to note that some observers, such as Bill Joy, wonder whether technology is moving so fast that humans will be left behind What does seem clear is that the future world of IT must be envisioned, planned, and created by skilled professionals

46

Strategic Planning for IT Professionals

An IT professional should think of himself or herself as a business corporation that has certain assets, potential liabilities, and specific goals Working backwards from your long-term goals, you can develop intermediate mile stones and begin to manage your career just as you would manage an IT project Planning a career is not unlike planting a tree that takes several years to reach a certain height
47

IT Credentials and Certification

Credentials Certification Many other IT industry leaders offer certification, including Cisco, Novell, Oracle, and Sun Microsystems

48

Chapter Summary
Systems operation, security, and support covers the entire period from the implementation of an information system until the system no longer is used A systems analysts primary involvement with an operational system is to manage and solve user support requests

49

Chapter Summary
Systems analysts need the same talents and abilities for maintenance work as they use when developing a new system Configuration management is necessary to handle maintenance requests System performance measurements include response time, bandwidth, throughput, and turnaround time All information systems eventually become obsolete
50

Chapter Summary
An IT professional should have a strategic career plan that includes long-term goals and intermediate milestones An important element of a personal strategic plan is the acquisition of IT credentials and certifications that document specific knowledge and skills Chapter 11 complete
51