2/3/2020 Ensuring System Performance, Security and Control - INDRA Kenya - Software Factory - MIND

Ensuring System Performance, Security and Control

Created by Kangethe Wanjiru, Phyllis on Aug 21, 2019

System Performance

Performance

When defining the new processes and their tasks it will be necessary to specify the appropriate degree of availability, and the performance and response times for
the proposed system.
This also has to be done for existing systems.
Reaching appropriate performance levels is as important for the success of the system as meeting the functional requirements proposed.
The criteria used to evaluate the performance include:
Response Time: The response time of a system is the time elapsed between the process start order and the achievement of the requested results. This
period of time can be some seconds long in an on-line process and several hours in a batch process.
The response time depends on three factors:
1) Volume of information to be processed.
2) System capacity mainly based on the speed of the transmission lines and the access to the database.
3) Waiting queue as a result of the existence of multiple users. The average waiting time for a request against a resource is inversely proportional to its non-
used free capacity.
According to this criterion, our objective is to reach the balance between the performance and the cost of the team needed to fulfill it.
Processing Capacity: This criteria refers more to system capacity than to speed. It can be defined as the workload that the system can process within a
time unit.
In the on-line processes the performance is expressed in number of transactions per second, whereas, in the batch processes, it is expressed in number of
jobs per day or per month.
The system performance is designed according to the process needs in the critical moments of the business activity.
Availability: The system has to be able not only to process the number of transactions required in a specific response time but to do it when the user
requires so. This is expressed as a percentage that reflects the time in which the system is available in a period of time.
The concept of availability is related (in fact, it depends on) to the concept of reliability. The reliability of a system is assessed by means of two statistic
parameters: average time among interruptions and average time of recovery
Additional Requirements defined by the user: During the requirement gathering process the users will define their performance requirements, specifying
the degree of availability, performance and response time required for the system suggested. These requirements will be identified as soon as possible in
order to detect the system critical areas that can require a bigger design effort.

System Security

System Security

The criteria used to evaluate the performance include:

User Authentication
1. The access to the system must always be validated with the user name and password.
2. There will be a user and password maintenance that will include the following:
a. Detection of changes due to passwords equal to or similar to the previous password.
b. Blocking the user after several failed attempts.
c. The expiry date, the minimum length and the use of special or numerical characters in the passwords must be determined.
d. Storage of encrypted passwords.
e. If the passwords are assigned and distributed, their confidentiality will be guaranteed.
3. If the passwords are stored in Database, they must be encrypted.
4. There will be no files with un-encrypted passwords.
5. If the passwords are surfing the net, they must do it encrypted

User Profiles and Safe Use

1. If the system allows the existence and maintenance of user profiles, check that the profile changes are appropriately stated and respected.
2. It is necessary to define acceptable security limitations on the interfaces, if they exist.
3. It is necessary to define acceptable security limitations on Web clients, if they are used.

System Use Monitoring

1. To activate the automatic log-off by idleness.
2. To record allowed and failed accesses to the system, if any.

Source Code

https://mind.indra.es/display/IKENYA/Ensuring+System+Performance%2C+Security+and+Control 1/2
2/3/2020 Ensuring System Performance, Security and Control - INDRA Kenya - Software Factory - MIND
1. Only the maintenance and development staff should be able to query the source code in its corresponding environment.
2. There won't be passwords implemented in the source code.
CONTINGENCY
The purpose of these procedures is to guarantee that the system can go on working appropriately after suspending operation for reasons beyond our control. We
have to dine procedures on how to
1. Retrieve information lost or changed.
2. Restore the information after a system failure.
3. Energize the system operations after a general or partial failure.

System Control

Case Scenario

Control mechanisms are the methods and procedures defined by the users to obtain the security and integrity of their systems, the accuracy and reliability of the
information obtained, the system operating efficiency and, in general, the adaptation of the system operation results to the company standards.

GENERAL CONTROLS
This type of controls includes organizational and administrative controls, controls in the system development and controls on the system operation. When
designing them we will take into account the following:
1. The organization must clearly separate the environments of system development and production.
2. The standard operation procedures of the different company areas must be clearly defined, documented and updated.
3. Security procedures will be established with the purpose of minimizing losses by natural causes, human mistakes or technical failures.
4. Define for the company staff the access levels to the system.
5. Definition of contingency plans to continue the company activity when the system operation is suspended for any reason.

SYSTEM CONTROLS
This type of controls appears in the system applications to protect the organization from possible error sources.
In order to define them, we must identify specific risks for each system application and present them to the Dev Lead and customer for review, there after we can
jointly design the appropriate control processes compatible with the system general controls.
There are two types of system controls mainly
1) Logic controls: They refer to controls related to the operations of the business tasks that are being computerized.
2) Technical controls: They refer to controls related to the system software and hardware environment.

https://mind.indra.es/display/IKENYA/Ensuring+System+Performance%2C+Security+and+Control 2/2