- The system will have disconnected tables for all the relevant information. This will aid the user when they desire to enter in new information
- As the current system is paper based, it will be an advantage that all employees within the company are computer literate. Eventually this will make the whole system work more efficiently as everybody will be able to use it. Alongside my instruction manual it there should be no problems with people trying to work my system.
Data Security for the new system
There are many ways of protecting the system, below are ways that I will consider protecting the system for the user, or what I will be telling them to do:
Write – protecting disks
A simple measure such as write protecting disks and tapes so they can’t be accidentally overwritten can be effective in guarding against operator error. Both disks and tapes have write-protected mechanisms.
If the company were to copy onto disk they would have to protect every day. Take the disks off location and place it into a fireproof safe.
User Ids and passwords
Each user in the organisation who is permitted to access the company database is issued with a user ID and a password, which will normally give them a certain level of access rights set by the database manager. Common rules issued by companies regarding passwords include:
- Passwords must be at least 6 characters
- Password display must be automatically suppressed on screen or printout output
- Files containing passwords must be encrypted
- All users must ensure that their password is kept confidential, not written down, not made up of easily guessed words and is changed regularly, at least every 3 months.
Access rights
Even authorised users have the right to see all the data held on a company database.
Access rights to a particular set of data could typically be set to Read-Only, Read/Write, or No Access. This ensures that users within a company can only gain access to data that they are permitted to see, and can only change data on the database if they are authorised to.
Securing against fraudulent use or malicious damage
Disgruntled employees or theft of software or data that may fall into the hands of competitors often exposes organisations to the possibility of fraud, deliberate corruption of data. Measures to counteract these risks include:
- Careful vetting of prospective employees
- Immediate removal of employees who have been sacked or who hand in their resignation, and cancellation of all passwords and authorisations
- Separation of duties
- Prevention of unauthorised access by employees and others to secure areas such as computer operations rooms, by means of machine readable cards or badges or other type of locks
- The use of passwords to gain access to the computer system from terminals
Protection against viruses
Below are steps that can be taken to minimise the risk of suffering damage from viruses:
- Making sure that all purchased software comes in sealed packaging
- Not permitting floppy disks containing software or data to be removed from or brought into the office
- Using anti virus software to check all floppy disks before use
Periodic backups
This is the most common technique to ensure that data isn’t lost. This is copying files and keeping them in a safe place, however this system has many weaknesses.
- All updates to a file since the last backup may be lost
- The system may need to be shut down during the backup operations
- Backups of large files can be extremely time-consuming
- When a failure occurs, recovery from the backup can be even more time consuming
The benefit of this backup is that files which may have become fragmented by additions and deletions can be reorganised to occupy contiguous space, usually resulting in much faster access time.
An important feature of all backup systems is the safe storage of the backup copies; it is usually necessary to safe a copy in a safe.
Backup Strategies
The simplest backup strategy for a small business is to copy the contents of a computers hard dick at the end of each day to a tape or removable disk.
It is not necessary to copy software programs except when they are changed, so a better solution is to keep data files in separate directories from the software and selectivity back up only certain directories.
If this result in backing up large quantities of data, backing up only those files that has changed since the last backup can reduce it.
Backup hardware
- Small quantities of data only require removable disks.
- SuperDisk drives are also available
- For larger backups, magnetic tape is the preferred medium. Low-cost tape drives use 2Gb tape cartridges.
- Renewable optical disk drives can hold up to 650 Mb
- RAID (Redundant Array of Inexpensive Disk) – see work below
Backing up on-line databases
The database I create may one day be hooked up to go on-line. This will mean that it will be constantly updated, precautions have to be taken out to ensure that data is not lost ion the event of hardware failure such as disk crash. Methods available include:
- Transaction logging. Information about every updating transaction is recorded onto separate transaction files. A before-image and after-image of any record being updated is saved so that if part of the database is destroyed by a disk failure, an up-to-date copy can be created from the backup copy together with the transaction log using a utility program.
- Using RAID. These devices use a technology that enables data to be written simultaneously onto several disks. Three copies of the database may be held, two in the same room and one at a remote location, all three copies are kept up to date. This is incase one disk fails, there are two left over.
Factors in a backup strategy
When a company is planning a backup strategy, there are several factors that need to be taken into account:
- Frequency of backup. Many organisations find it sufficient to back up once or twice a day. Online databases need to be backed up constantly to stop loss of data
- Backup medium. Magnetic tape is cheap, compact and can store large amounts of data, and is used by many organisations. Smaller amounts of data may be able to fit onto zip drives.
- Location of backup storage. The data needs to be held in a secure location incase of fire ore burglary. Many organisations have fireproof safes for latest backups, with other sets of backups stored off-site
- Responsibility for implementing the backup strategy. Although a computer operator may perform the regular backup routine, the senior manager should have overall responsibility for ensuring that all aspects of the backup strategy are properly implemented.
- Testing of recovery procedures. At regular intervals the effectiveness of the backup strategy needs to be tested to ensure that the organisation can recover quickly from loss of data. It would be bad to see that the tapes or disks meant for backup ended up to be blank
Recovery procedures
A contingency plan needs to be developed to allow rapid recovery from major disruptions. In addition to file back-up procedures it is necessary to:
- Identify alternative compatible equipment and security facilities, or implement a service agreement that provides replacement equipment when needed. This may also include putting up temporary office space
- Have provision for alternative communication links
As you can see from all the procedures above doing these measures will take time. The company is also quite weak with computers so training them on how to get the best from their security will have to come from an external source.