GIS Architectures, lecture 11

1
GIS Architectures, lecture 11

• Human resources
• Training
• Computing policies
• Security

2
HS vieraskynä 13.10.2003Juha Koivisto Hyöty
irti tietojärjestelmistä

• Main cause for failures in implementing an IS is
  not a technical one, but human/organisation
  related one
• lack of commitment in the management
• a lot of time is spent in solving problems and in
  extra work caused by disintegrated ways of working

3
Two different views

• The vendor/consultant
• thinks the problem is a technical one
• has no or little interest in the future of the
  client
• The organisation
• (should) see the problem as one of learning and
  change

4
Possible solution

• (still by Koivisto, Turun yliopiston
  tietojärjestelmälaboratorio)
• Description, Training, Use
• Two descriptions
• How are things done now?
• How things will be done with the new system?
• Recap GIS Design

5
Training

• Training has to be based on the task of the
  employee (not on the IS)
• how things were done before
• how things will be done with the new system
• Implementation of the IS is not over till new
  institutions are in place
• institutions how things are done
• Have faith in the local knowledge
• use local instructors
• local employees are experts on their tasks
• but to a limit

6
Organisation and GIS

• Software hardware people
• Organisational structures
• task structure
• specialization / generalization
• support people, experts
• Communication
• Links to non-GIS and non-spatial

7
Organisations

• Are often large, or have a large network
• interoperability
• institutions
• things change slowly!
• Costs vs. benefits
• Customers, products

8
Human side of system development

• Development
• Implementation
• Use
• Developers (technical problem)
• Implementors (organizational change and learning)
• Users (individual learning process)

time
9
(No Transcript)
10
Implementation process

• Description
• how does the new system change existing work
  processes?
• Training
• training should be organised (customized)
  according to the job descriptions people have
• Use
• implementation continues until the use of the new
  system is routine
• implementation has to be monitored

11
Capacity building

• Common term used by development agencies in
  relation to resource management
• Empowering individuals and organisations to
• assess their own information needs
• set their own priorities
• build their own information systems
• Not just provision of hardware, software, and
  training

12
Policies

• General computing policy
• General internet policy
• Electronic mail policy
• Software policy
• Hardware policy
• Support policy
• Backup policy
• Web development policy
• ...

13
What is in the policies?

• Mostly free / mostly forbidden
• free anything not specifically forbidden is
  allowed
• Who is responsible of what?
• Who can/should do what?
• Procedures when acquiring new hardware/software
• General guidelines for new hardware/software
• for example monitor resolution

14
Backup hardware

• Against hardware failures / user mistakes
• Backup vs. Archiving
• Hardware
• Tape drives (DAT, DLT, SDLT, ..)
• largest DAT tape is 72 GB
• Magneto-optical devices (archival)
• optical disk is typically 9 GB but they can be
  used in large jukeboxes
• CDR

15
Backup policies

• What is stored and how often?
• System software, local customizations, data, user
  files
• Complete backup
• once a month, twice per year
• Incremental backup
• daily
• Note all versions of the files are stored
• How long backups are stored?
• reliability of the media

16
Security

• The definition of secure computing?
• See for example Trusted Computing
• Integrity of systems and data against intruders
  and unauthorized access
• Secure communications
• Malicious code (viruses, worms, ...)

17
Dimensions of security

• Levels of access rights
• type of user
• type of action
• Strength of protection
• security through obscurity
• DO NOT TRUST
• unencrypted passwords/communications
• work against casual user
• secure communications

18
Rights

• Unix model
• user, group, all users
• read, write, execute
• Windows
• pre-NT all users can do everything, file
  permissions only suggestions, logins just for
  preferences
• NT and XP two groups Administrators, Others

19
(No Transcript)
20
SQL rights model

• GRANT SELECT INSERT UPDATE DELETE
  RULE REFERENCES TRIGGER
• ,... ALL PRIVILEGES
• ON TABLE tablename , ...
• TO username GROUP groupname PUBLIC ,
  ...
• GRANT CREATE TEMPORARY TEMP ,...
  ALL PRIVILEGES
• ON DATABASE dbname , ...
• TO username GROUP groupname PUBLIC ,
  ...
• GRANT EXECUTE ALL PRIVILEGES
• ON FUNCTION funcname (type, ...) , ...
• TO username GROUP groupname PUBLIC ,
  ...
• GRANT USAGE ALL PRIVILEGES
• ON LANGUAGE langname , ...
• TO username GROUP groupname PUBLIC ,
  ...
• GRANT CREATE USAGE ,... ALL
  PRIVILEGES
• ON SCHEMA schemaname , ...

This is PostgreSQL. To remove rights use the
command REVOKE.
21
Internet security

• Firewalls
• packet-filtering (source and dest IP ports)
• stateful inspection (connection awareness)
• application-level (content examination)
• Daemons
• accept connections only from selected addresses
• no holes in the socket interface
• do not allow remote execution of insecure code
• Email attachments and downloads
• need virus protection in client computers

22
Security compromise scenarios

• Program is executed with specific rights
• User who belongs to the Administrator group,
  opens a document which contains executable code
  (for example VBA), the code is set to be executed
  automatically when the document is opened...
• A program which is marked to be executed with
  elevated rights contains a bug which makes it
  possible for normal users to execute code with
  elevated rights
• There is no built-in restrictions in the internet
  for sending email or making connection attempts
• somebody makes a simple program which sends
  zillion emails to one address or one email to
  zillion addresses