managing computer resource

Upload: edmer-cruz

Post on 06-Apr-2018

222 views

Category:

Documents


0 download

TRANSCRIPT

  • 8/2/2019 Managing Computer Resource

    1/12

    Tan, John Randolph S.BSIE 5

  • 8/2/2019 Managing Computer Resource

    2/12

    Information Security Issues Key Actions

    If equipment is operatedincorrectly mistakes and damagemay result.

    Ensure you receive all

    operational and technicalmanuals for each piece ofequipment.

    Store the documentationaccessibly but safely.

    Systems users must be trainedaccording to the supplier'smanuals.

    Managing and UsingHardware Documentation

    'Documentation' refers to both the operator manuals and the technicaldocumentation that should be provided by the supplier / vendor.

  • 8/2/2019 Managing Computer Resource

    3/12

    A failure to follow therecommended schedule of

    maintenance runs the risk ofsystem malfunction, which couldpossibly jeopardize your businessoperation.

    Ensure all regular maintenance iscarried out and monitored.

    Adopt procedures which ensurethat your operators complete allmaintenance for which they areresponsible according to themanufacturer's recommendation.

    Failure to operate equipment inaccordance with the instructionscan invalidate the warranty.

    Ensure you receive alloperational and technicalmanuals for each piece ofequipment.

    Ensure that such manuals arereadily available and form thebasis of all training.

  • 8/2/2019 Managing Computer Resource

    4/12

    Failure to complete and returnthe manufacturer's warranty card

    may invalidate the warranty andhence limit the manufacturer'sliability.

    Failure to complete and returnthe manufacturer's warranty card

    may invalidate the warranty andhence limit the manufacturer'sliability.

  • 8/2/2019 Managing Computer Resource

    5/12

    Maintaining a Hardware Inventory or Register

    A register / data base of all computer equipment used within your

    organisation is to be established and maintained.

    Information Security Issues Key Actions

    Theft of equipment is most likely

    to result in additional cost to theorganization and couldcompromise data security.

    Establish an inventory and

    implement procedures forupdating it.Ensure that you have aprocedure to advise theacquisition of new hardware, thedisposal of old items, and anychanges of location.Periodically verify the correctnessof the inventory by checking thata sample of hardware isphysically present.

  • 8/2/2019 Managing Computer Resource

    6/12

    Inadequate insurance couldrender your organization liable toloss in the event of a claimable

    event.

    Establish an inventory andimplement procedures forkeeping it up-to-date.

    Ensure that you periodicallyreview the adequacy of yourinsurance cover.

    Shortcomings in the planning ofequipment replacement, canmake it difficult to plan ahead fornew technology.

    Establish an inventory and, inconformance with your IT Plan,'ear mark' equipment forreplacement and plan accordingly

  • 8/2/2019 Managing Computer Resource

    7/12

    Where documentation is poor, orperhaps non existent, theplanning and performance of

    upgrades to equipment can beboth time consuming and alsofraught with problems.

    Establish an inventory andimplement procedures forkeeping it up to date.

    Record key information,especially hardware specificationsand system software names andversions.

  • 8/2/2019 Managing Computer Resource

    8/12

    Software Maintenance & Upgrade

    - Applying 'Patches' to Software

    - Upgrading Software

    - Responding to Vendor RecommendedUpgrades to Software

    - Interfacing Applications Software / Systems

    - Supporting Application Software

    - Operating System Software Upgrades

    - Recording and Reporting Software Faults

  • 8/2/2019 Managing Computer Resource

    9/12

    Applying 'Patches' to Software

    Patches are software bug 'fixes', that is, they resolve problems

    reported by users. Usually available for downloading on the vendor'sWeb site, their use requires consideration of the relevant securityissues.

    Information Security Issues Key Actions

    If a patch is appliedincorrectly or withoutadequate testing, your systemand its associated informationcan be placed at risk, possibly

    corrupting your live data files.

    Verify that the patches arenecessary and come from anauthorized source, normally thesoftware developers.

  • 8/2/2019 Managing Computer Resource

    10/12

    If a patch is applied incorrectlyor without adequate testing, yoursystem and its associated

    information can be placed at risk,possibly corrupting your live datafiles.

    Always test patched versions ofsoftware prior to release for liveuse. See System Testing

    The testing and implementationof patches should notcompromise your software libraryupdating procedures.

    If a patch is applied incorrectly orwithout adequate testing, yoursystem and its associatedinformation can be placed at risk,possibly corrupting your live data

    files.

    Apply patches only withmanagement authorization.

    Monitor these procedures so thatpatches cannot 'slip through the

    net'.

    Ensure you receive updates tothe system documentation.

  • 8/2/2019 Managing Computer Resource

    11/12

    Information Security Issues Key Actions

    The new version may simply failto perform as expected and / ormay have key features removed,enhanced or otherwise modified -potentially disrupting yourbusiness operations.

    Consider all such releases asbrand new code which must betested properly.

    Your Test Plan should includeRegression Testing to test all the

    key features - not only thosewhich have been changed orupdated.

    Upgrading Software

    The status of software is rarely static. Software companies areeither releasing bug fixes (patches), or introducing new versionswith enhanced functionality.

  • 8/2/2019 Managing Computer Resource

    12/12

    Users of an older version of thesoftware can be prevented fromreading files created using a later

    release of the software.

    Always ensure that the newerversion can read and write files inthe older format. Investigate

    'save options' accordingly

    Do not permit upgrades to takeplace informally. Schedule themas a project and inform usersaccordingly.

    New software versions releasedfollowing the merger of softwarecompanies may containunanticipated (new) code and /

    or bugs.

    Consider all such software asbrand new code which must betested properly.