Systems Analysis and Design, Tenth Edition Page 1 of 41
Systems Analysis and Design, Tenth
Edition
End of Chapter Solutions
Chapter
QuestionsExercises s
1. Describe four types of system maintenance and provide two examples of each type.
Students can refer to examples shown in Figure 12-5 on page 509. Instructors might
2. As an to
want IT try
manager, would
a different you assign
approach newly
to this hired and
question systems analysts to
ask students to cite an automotive
maintenance projects? Why or why not?
example for each type of maintenance. Sample answers might include the following:
a. Corrective
Newly hired and maintenance diagnoses
recently promoted and corrects
IT staff memberserrors in an are
sometimes operational
assignedsystem.
to
(An automotive
maintenance example
projects because would
mostbeIT replacing
managersabelieve
burnedthat
out maintenance
headlight.) work offers
b. best
the Adaptive maintenance
learning experience.involves adding is
The practice new capability
common, andandthe enhancements
pros and cons of to that
the
existing
approach aresystem. (An automotive
discussed example
in the chapter. (Pagewould
508) be adding a trailer hitch to your
SUV so you can tow your boat.)
3. What is configuration
c. Perfective management
maintenance and why
is designed is it important?
to improve efficiency. (An automotive
example would
Configuration be having(CM)
management a tune-up performed
is a process in order to changes
for controlling improve in gassystem
4. Define the termduring
mileage.)
requirements whatifthe
analysis. How could
development phases youof use a spreadsheet
the SDLC. It also in capacity
is an planning?
important
d.
What-if
Preventive
managementanalysis maintenance
toolallows you to
for managing is performed
vary one or
systems tomore
reduce
changes elements
andthe possibility
costsinafter
a capacity
a of future
system planning
system
becomes
model
failure.
to measure
operational. (An automotive
(Page the effect example
516) on the other
wouldelements.
be changing
Capacity
yourplanning
oil everyis3,000
a process
miles that
to
monitors current activity and performance levels, anticipates future activity, and
forecasts the resources needed to provide the desired level of service.A spreadsheet is
,Systems Analysis and Design, Tenth Edition Page 2 of 41
useful tool in capacity planning because it allows the analyze the overall effect when
one or more variables are changed. (Page 522)
5. What is a release methodology? Why is version control important?
Under a release methodology, all noncritical changes are held until they can be
implemented at the same time. Each change is documented and installed as a new
version of the system called a maintenance release. When a release method is used, a
numbering pattern distinguishes the different releases. In a typical system, the initial
version of the system is 1.0, and the release that includes the first set of maintenance
changes is version 1.1. A change, for example, from version 1.4 to 1.5 indicates
relatively minor enhancements, while whole number changes, such as from version 1.0
to 2.0, or from version 3.4 to 4.0, indicates a significant upgrade.
A release methodology offers several advantages, especially if two teams perform
maintenance work on the same system. When a release methodology is used, all changes
are tested together before a new system version is released. The release methodology
also reduces costs, because only one set of system tests is needed for all maintenance
changes. This approach results in fewer versions, less expense, and less interruption for
users.
Using a release methodology also reduces the documentation burden.
Version control is the process of tracking system releases. Typically, when a new
version is released, it is archived by a systems librarian who is responsible for archiving
current and previously released versions of the system. Using version control, in the
event of major system failure, the company can reinstate the prior version for system
recovery. Version control also allows one individual to track version changes. (Page
517)
6. Define the following terms: response time, bandwidth, throughput, and turnaround time.
How are the terms related?
• Response time measures the overall time between a request for system
activity and the delivery of the response to the user.
• Bandwidth describes the amount of data that the system can handle in a
fixed
time period.
• Throughput expresses a data transfer rate that measures actual
system performance under specific circumstances.
• Turnaround time applies to centralized batch processing operations and
measures the time between submitting a request and the fulfillment of the request.
Each term represents a different way of measuring system performance. Taken
together, response time, bandwidth, throughput, and turnaround time provide a
7. What are some key issues that you must address when considering data backup
and recovery?
The cornerstone of business data protection is a backup policy, which contains
detailed instructions and procedures for all backups. The backup policy should
specify backup media, schedules, and retention periods. An effective backup policy
can help assure continued business operations, and in some cases, be the key to a
firm’s survival. In addition to backing up critical business data, some companies have
taken a more dramatic step by establishing a hot site. A hot site is a separate IT
location, which might be in another state or even another country that can support
critical business systems in the event of a power outage, system crash, or physical
,Systems Analysis and Design, Tenth Edition Page 3 of 41
8. Explain the concept of risk management, including risk identification, assessment,
and control.
Risk management involves constant attention to three interactive tasks: risk
identification, risk assessment, and risk control. Risk identification analyzes the
organization’s assets, threats and vulnerabilities. Risk assessment measures risk
likelihood and impact. Risk control develops safeguards that reduce risks and their
impact. (Page 524)
9. What are the six security levels? Provide examples of threat categories, attacker profiles,
and types of attacks.
The six security levels are physical security, network security, application security,
file security, user security, and procedural security. The following is a list of issues
that pertain to each security level:
Physical Security Issues
•
Computer room
security Biometric
scanning systems Motion
sensors
•
Servers and desktop computers
Keystroke loggers
Tamperevident
cases
BIOSlevel passwords; bootlevel passwords; poweron passwords
•
Notebook computers
Universal Security Slot
(USS) Tracking software
Stringent password
requirements Account lockout
thresholds
Network Security Issues
•
Encrypting network
traffic Encryption vs. plain
text Public key encryption
WiFi Protected Access (WPA and
WPA2) Wired Equivalent Privacy
(WEP)
•
Private
networks Tunnels
•
Virtual private networks
•
Ports and
services Destination
ports Services
Port scans
Denial of service attacks
•
Firewalls
Protocols that control traffic
, Systems Analysis and Design, Tenth Edition Page 4 of 41
• Input validation Patches and updates
•
File Security Issues
Permissions
User groups
User Security Issues
Identity management
Password protection
Social engineering
User resistance
Procedural Security Issues
Managerial policies and controls
Corporate culture that stresses security
Define how particular tasks are to be performed
Employee responsibility for security
Dumpster diving
Use of paper shredders
Classification levels.
An attack is a hostile act that targets the system, or the company itself. Thus, an attack might be launched by
Attackers typically can be identified by one or more the following profiles:
Systems Analysis and Design, Tenth
Edition
End of Chapter Solutions
Chapter
QuestionsExercises s
1. Describe four types of system maintenance and provide two examples of each type.
Students can refer to examples shown in Figure 12-5 on page 509. Instructors might
2. As an to
want IT try
manager, would
a different you assign
approach newly
to this hired and
question systems analysts to
ask students to cite an automotive
maintenance projects? Why or why not?
example for each type of maintenance. Sample answers might include the following:
a. Corrective
Newly hired and maintenance diagnoses
recently promoted and corrects
IT staff memberserrors in an are
sometimes operational
assignedsystem.
to
(An automotive
maintenance example
projects because would
mostbeIT replacing
managersabelieve
burnedthat
out maintenance
headlight.) work offers
b. best
the Adaptive maintenance
learning experience.involves adding is
The practice new capability
common, andandthe enhancements
pros and cons of to that
the
existing
approach aresystem. (An automotive
discussed example
in the chapter. (Pagewould
508) be adding a trailer hitch to your
SUV so you can tow your boat.)
3. What is configuration
c. Perfective management
maintenance and why
is designed is it important?
to improve efficiency. (An automotive
example would
Configuration be having(CM)
management a tune-up performed
is a process in order to changes
for controlling improve in gassystem
4. Define the termduring
mileage.)
requirements whatifthe
analysis. How could
development phases youof use a spreadsheet
the SDLC. It also in capacity
is an planning?
important
d.
What-if
Preventive
managementanalysis maintenance
toolallows you to
for managing is performed
vary one or
systems tomore
reduce
changes elements
andthe possibility
costsinafter
a capacity
a of future
system planning
system
becomes
model
failure.
to measure
operational. (An automotive
(Page the effect example
516) on the other
wouldelements.
be changing
Capacity
yourplanning
oil everyis3,000
a process
miles that
to
monitors current activity and performance levels, anticipates future activity, and
forecasts the resources needed to provide the desired level of service.A spreadsheet is
,Systems Analysis and Design, Tenth Edition Page 2 of 41
useful tool in capacity planning because it allows the analyze the overall effect when
one or more variables are changed. (Page 522)
5. What is a release methodology? Why is version control important?
Under a release methodology, all noncritical changes are held until they can be
implemented at the same time. Each change is documented and installed as a new
version of the system called a maintenance release. When a release method is used, a
numbering pattern distinguishes the different releases. In a typical system, the initial
version of the system is 1.0, and the release that includes the first set of maintenance
changes is version 1.1. A change, for example, from version 1.4 to 1.5 indicates
relatively minor enhancements, while whole number changes, such as from version 1.0
to 2.0, or from version 3.4 to 4.0, indicates a significant upgrade.
A release methodology offers several advantages, especially if two teams perform
maintenance work on the same system. When a release methodology is used, all changes
are tested together before a new system version is released. The release methodology
also reduces costs, because only one set of system tests is needed for all maintenance
changes. This approach results in fewer versions, less expense, and less interruption for
users.
Using a release methodology also reduces the documentation burden.
Version control is the process of tracking system releases. Typically, when a new
version is released, it is archived by a systems librarian who is responsible for archiving
current and previously released versions of the system. Using version control, in the
event of major system failure, the company can reinstate the prior version for system
recovery. Version control also allows one individual to track version changes. (Page
517)
6. Define the following terms: response time, bandwidth, throughput, and turnaround time.
How are the terms related?
• Response time measures the overall time between a request for system
activity and the delivery of the response to the user.
• Bandwidth describes the amount of data that the system can handle in a
fixed
time period.
• Throughput expresses a data transfer rate that measures actual
system performance under specific circumstances.
• Turnaround time applies to centralized batch processing operations and
measures the time between submitting a request and the fulfillment of the request.
Each term represents a different way of measuring system performance. Taken
together, response time, bandwidth, throughput, and turnaround time provide a
7. What are some key issues that you must address when considering data backup
and recovery?
The cornerstone of business data protection is a backup policy, which contains
detailed instructions and procedures for all backups. The backup policy should
specify backup media, schedules, and retention periods. An effective backup policy
can help assure continued business operations, and in some cases, be the key to a
firm’s survival. In addition to backing up critical business data, some companies have
taken a more dramatic step by establishing a hot site. A hot site is a separate IT
location, which might be in another state or even another country that can support
critical business systems in the event of a power outage, system crash, or physical
,Systems Analysis and Design, Tenth Edition Page 3 of 41
8. Explain the concept of risk management, including risk identification, assessment,
and control.
Risk management involves constant attention to three interactive tasks: risk
identification, risk assessment, and risk control. Risk identification analyzes the
organization’s assets, threats and vulnerabilities. Risk assessment measures risk
likelihood and impact. Risk control develops safeguards that reduce risks and their
impact. (Page 524)
9. What are the six security levels? Provide examples of threat categories, attacker profiles,
and types of attacks.
The six security levels are physical security, network security, application security,
file security, user security, and procedural security. The following is a list of issues
that pertain to each security level:
Physical Security Issues
•
Computer room
security Biometric
scanning systems Motion
sensors
•
Servers and desktop computers
Keystroke loggers
Tamperevident
cases
BIOSlevel passwords; bootlevel passwords; poweron passwords
•
Notebook computers
Universal Security Slot
(USS) Tracking software
Stringent password
requirements Account lockout
thresholds
Network Security Issues
•
Encrypting network
traffic Encryption vs. plain
text Public key encryption
WiFi Protected Access (WPA and
WPA2) Wired Equivalent Privacy
(WEP)
•
Private
networks Tunnels
•
Virtual private networks
•
Ports and
services Destination
ports Services
Port scans
Denial of service attacks
•
Firewalls
Protocols that control traffic
, Systems Analysis and Design, Tenth Edition Page 4 of 41
• Input validation Patches and updates
•
File Security Issues
Permissions
User groups
User Security Issues
Identity management
Password protection
Social engineering
User resistance
Procedural Security Issues
Managerial policies and controls
Corporate culture that stresses security
Define how particular tasks are to be performed
Employee responsibility for security
Dumpster diving
Use of paper shredders
Classification levels.
An attack is a hostile act that targets the system, or the company itself. Thus, an attack might be launched by
Attackers typically can be identified by one or more the following profiles:
