Upload
edmer-cruz
View
222
Download
0
Embed Size (px)
Citation preview
8/2/2019 Managing Computer Resource
1/12
Tan, John Randolph S.BSIE 5
8/2/2019 Managing Computer Resource
2/12
Information Security Issues Key Actions
If equipment is operatedincorrectly mistakes and damagemay result.
Ensure you receive all
operational and technicalmanuals for each piece ofequipment.
Store the documentationaccessibly but safely.
Systems users must be trainedaccording to the supplier'smanuals.
Managing and UsingHardware Documentation
'Documentation' refers to both the operator manuals and the technicaldocumentation that should be provided by the supplier / vendor.
8/2/2019 Managing Computer Resource
3/12
A failure to follow therecommended schedule of
maintenance runs the risk ofsystem malfunction, which couldpossibly jeopardize your businessoperation.
Ensure all regular maintenance iscarried out and monitored.
Adopt procedures which ensurethat your operators complete allmaintenance for which they areresponsible according to themanufacturer's recommendation.
Failure to operate equipment inaccordance with the instructionscan invalidate the warranty.
Ensure you receive alloperational and technicalmanuals for each piece ofequipment.
Ensure that such manuals arereadily available and form thebasis of all training.
8/2/2019 Managing Computer Resource
4/12
Failure to complete and returnthe manufacturer's warranty card
may invalidate the warranty andhence limit the manufacturer'sliability.
Failure to complete and returnthe manufacturer's warranty card
may invalidate the warranty andhence limit the manufacturer'sliability.
8/2/2019 Managing Computer Resource
5/12
Maintaining a Hardware Inventory or Register
A register / data base of all computer equipment used within your
organisation is to be established and maintained.
Information Security Issues Key Actions
Theft of equipment is most likely
to result in additional cost to theorganization and couldcompromise data security.
Establish an inventory and
implement procedures forupdating it.Ensure that you have aprocedure to advise theacquisition of new hardware, thedisposal of old items, and anychanges of location.Periodically verify the correctnessof the inventory by checking thata sample of hardware isphysically present.
8/2/2019 Managing Computer Resource
6/12
Inadequate insurance couldrender your organization liable toloss in the event of a claimable
event.
Establish an inventory andimplement procedures forkeeping it up-to-date.
Ensure that you periodicallyreview the adequacy of yourinsurance cover.
Shortcomings in the planning ofequipment replacement, canmake it difficult to plan ahead fornew technology.
Establish an inventory and, inconformance with your IT Plan,'ear mark' equipment forreplacement and plan accordingly
8/2/2019 Managing Computer Resource
7/12
Where documentation is poor, orperhaps non existent, theplanning and performance of
upgrades to equipment can beboth time consuming and alsofraught with problems.
Establish an inventory andimplement procedures forkeeping it up to date.
Record key information,especially hardware specificationsand system software names andversions.
8/2/2019 Managing Computer Resource
8/12
Software Maintenance & Upgrade
- Applying 'Patches' to Software
- Upgrading Software
- Responding to Vendor RecommendedUpgrades to Software
- Interfacing Applications Software / Systems
- Supporting Application Software
- Operating System Software Upgrades
- Recording and Reporting Software Faults
8/2/2019 Managing Computer Resource
9/12
Applying 'Patches' to Software
Patches are software bug 'fixes', that is, they resolve problems
reported by users. Usually available for downloading on the vendor'sWeb site, their use requires consideration of the relevant securityissues.
Information Security Issues Key Actions
If a patch is appliedincorrectly or withoutadequate testing, your systemand its associated informationcan be placed at risk, possibly
corrupting your live data files.
Verify that the patches arenecessary and come from anauthorized source, normally thesoftware developers.
8/2/2019 Managing Computer Resource
10/12
If a patch is applied incorrectlyor without adequate testing, yoursystem and its associated
information can be placed at risk,possibly corrupting your live datafiles.
Always test patched versions ofsoftware prior to release for liveuse. See System Testing
The testing and implementationof patches should notcompromise your software libraryupdating procedures.
If a patch is applied incorrectly orwithout adequate testing, yoursystem and its associatedinformation can be placed at risk,possibly corrupting your live data
files.
Apply patches only withmanagement authorization.
Monitor these procedures so thatpatches cannot 'slip through the
net'.
Ensure you receive updates tothe system documentation.
8/2/2019 Managing Computer Resource
11/12
Information Security Issues Key Actions
The new version may simply failto perform as expected and / ormay have key features removed,enhanced or otherwise modified -potentially disrupting yourbusiness operations.
Consider all such releases asbrand new code which must betested properly.
Your Test Plan should includeRegression Testing to test all the
key features - not only thosewhich have been changed orupdated.
Upgrading Software
The status of software is rarely static. Software companies areeither releasing bug fixes (patches), or introducing new versionswith enhanced functionality.
8/2/2019 Managing Computer Resource
12/12
Users of an older version of thesoftware can be prevented fromreading files created using a later
release of the software.
Always ensure that the newerversion can read and write files inthe older format. Investigate
'save options' accordingly
Do not permit upgrades to takeplace informally. Schedule themas a project and inform usersaccordingly.
New software versions releasedfollowing the merger of softwarecompanies may containunanticipated (new) code and /
or bugs.
Consider all such software asbrand new code which must betested properly.