Chapter 12 Flashcards
four types of maintenance
corrective maintenance is perform to fix errors
adaptive maintenance adds new capability and enhancements.
perfective maintenance improve efficiency
preventive maintenance reduces the possibility of future system failure
configuration management
sometimes referred to as change control (CC), is a process for controlling changes in a system requirements during software development.
configuration management is also an important tool for managing system changes and costs after a system becomes operational.
Version control
the process of tracking system releases or versions. when an ew version of a system is installed, prior release is archived, stored, if a new version causes a system to fail, a company can reinstall the prior version to restore operations.
baseline
a formal reference point that measures system characteristics at a specific time, systems analysts use baselines as yardsticks to document features and performance during the systems development process. the three types of baselines are functional, allocated, and product.
functional baseline
the configuration of the system documented at the beginning of the project. it consists of all the necessary system requirements and design constraints
allocated baseline
documents the system at the end of the design phase and identifies any changes since ethe functional baseline. the allocated baseline includes testing and verification of all system requirements and features.
product baseline
describes the system at the beginning of system operation. the product baseline incorporates any changes made since the allocated baseline and includes the results of performance and acceptance tests for the operational system.
benchmark testing
uses a set of standard tests to evaluate system performance and capacity.
throughput
measures actual system performance under specific circumstances and is affected by network loads and hardware efficiency. like bandwidth, throughput is expressed as a data transfer rate, such as Kbps, Mbps, or Gbps, just as traffic jams delay highway traffic, throughput limitations can slow system performance and response time.
turnaround time
applies to centralized batch processing operations, such as customer billing or credit card statement processing. turnaround time measures the time between submitting a request for information and the fulfillment of the request. turnaround time can be also used to measure the quality of IT support or services by measuring the time from a user request for help to the resolution of the problem.
CIA triangle
the three main elements of system security: confidentiality, integrity, and availability.
confidentiality protects information from unauthorized disclosure and safeguards privacy.
integrity prevents unauthorized users from creating, modifying, or deleting information
availability ensures that authorized users have timely and reliable access to necessary information.
Risk management
managers must balance the value of the assets being protected, potential risks to the organization, and security costs. to achieve the best results most firms use a risk management approach that involves constant attention to three interactive tasks: risks identification, risk assessment, and risk control.
risk identification analyzes the organization’s assets, threats, and vulnerabilities.
risk assessment measures risk likelihood and impact.
risk control develops safeguards that reduce risks and their impact.
threat
in risk management, an internal or external or external entity that could endanger an asset
vulnerability
a security weakness or soft spot
spoofing
IP address is forced to match a trusted host, and similar content may be displayed to simulate the real site for unlawful purposes.
security levels
to provide system security six separate but interrelated levels must be considered: physical, network, application, file, user, and procedural security.
Firewall
the main line of defense between a local network, or intranet, and the internet. a firewall must have at least one network interface with the internet, and at least one network interface with a local network or intranet. Firewall software examines all network traffic sent to and from each network interface. preset rules establish certain conditions that determine whether the firewall will allow their traffic to pass.
security token
a physical device that authenticates is a legitimate user. some firms provide employees with security tokens that generate a numeric validation code, which the employee enters in addition to his or her normal password
backup types
full backup is a complete backup of every file on the system. frequent full backups are time consuming and redundant if most files are unchanged since the last full backup.
differential backup, which is faster because it backs up only the files that are new or changed since the last full backup.
incremental backup, only includes recent files that never have been backup by any method. this approach, however, requires multiple steps to restore the data - one for each incremental backup.
continuous backup, which is a real-time streaming method that records all system activity as it occurs. this method requires hardware, software, and substantial network capacity. however a system restoration is rapid and effective because data is being captured in real time, as it occurs. continuous backup ofter uses a RAID (redundant array of independent disks) system that mirrors the data. RAID systems are called fault tolerant because a failure of any one disk does not disable the system.
business continuity plan (BCP)
which goes beyond a recovery plan, and defines how critical business functions can continue in the event of a major disruption. some BCP’s specify the use of a hot site. A host site is an alternate IT location, anywhere in the world, that can support critical systems in the vent of a power outage, system crash or physical catastrophe.
system obsolescence
a system becomes obsolete when it no longer supports user needs, or when the platform becomes outmoded. the most common reason for discontinuing a system is that it has reached the end of its economically useful life.
the system’s maintenance history indicates that adaptive and corrective maintenance are increasing steadily
operational costs or execution times are increasing rapidly, and routine perfective maintenance does not reverse o slow the trend
a software package is available that provides the same or additional services faster, better, and less expensively than the current system.
new technology offers a way to perform the same or additional functions more efficiently
maintenance changes or additions are difficult and expensive to perform
users request significant new features to support businsess requirements
privilege escalation attack
an unauthorized attempt to increase permission levels.
dumpster diving
in which an intruder raids desks or trash bins for valuable information. paper shredders should be used to destroy sensitive documents.
network intrusion detection system (NIDS)
suppose an intruder attempts to gain access to the system. obviously, an intrusion alarm should be sounded when certain activity or known attack patterns are detected. the NIDS is like a burglar alarm that goes off when it detects a configuration violation. the NIDS can also alert the administrator when it detects suspicious network traffic patterns. A NIDS requires fine-tuning to detect the difference between legitimate network traffic and an attack.
Systems implementation phase report
the report should include the following
Final versions of all system documentation
planned modifications and enhancements to the system that have been identified.
recap all the system development cost and schedules
comparison of actual costs and schedules to the original estimates
post-implementation evaluation, if it has been performed.
software logs
operating systems and applications typically maintain a log documents all events, including dates, times, and other specific information. logs can be important in understanding past attacks and preventing future intrusions.
encryption
encryption scrambles the contents of a file or documents to protect it from unauthorized access. all corporate data must be protected. but encryption is especially important for sensitive material, such as personnel or financial record. user data can be an encrypted using features built-in to modest modern operating systems