0% found this document useful (1 vote)

112 views124 pages

Cisa WB04

Uploaded by

Jean Dumas Maurice

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (1 vote)

112 views124 pages

Cisa WB04

Uploaded by

Jean Dumas Maurice

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 124

Certified Information Systems Auditor (CISA)

Module 4 - Information Systems Operations,

Maintenance and Support
Slide 1

Module 4
Information Systems Operations,
Maintenance and Support

_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 2

Lesson 1: Information Systems Operations

 IS operations are in charge of the daily support of an organizations IS

hardware and software environment. This function is particularly
important when very large and centralized computing tasks are
regularly executed for business purposes and producing output or
updating situations

Management of IS Operations
 IS management is responsible for all operations within the IS
Department. Therefore , operations management functions would:
 Resource allocation: Management is responsible to make sure the necessary
resources are available for plan activities
 Standards and procedures: IS management is responsible for establishing the
necessary standards procedures for all operations that are aligned with business
strategies
 Process monitoring IS management is responsible for monitoring and measuring the
effectiveness and efficiencies of the IS operation process

Management of IS Operations Continued

 Management control functions include:
 IS management
 Making adequate resources available

 Planning for the most efficient effective use of resources

 Authorizing and monitoring IT resource usage based on corporate policy
 Monitoring operations to ensure compliance of standards

Management of IS Operations Continued

 Control functions continued
 IS operations
 Working with schedules for operating shifts
 Authorization of changes to schedules
 Review and authorization of changes
 Ensuring changes do not cause an outage
 Monitoring system performance and resource usage
 Monitoring SLA’s
 Planning for equipment replacement
 Maintaining job accounting reports and other audits
 Log reviews
 Handling problems in a timely manner
 Planning for major or minor disruptions

Management of IS Operations Continued

 Control functions continued
 Information security
 Ensuring the CIA of data

 Monitoring the environment and security facility to maintain proper conditions

 Identifying security vulnerabilities
 Keeping up-to-date with patches
 Detection of intrusion attempts
 Resolving information security events in a timely manner
 Limiting logical and physical access to resources to only those authorized

Service Management
 IT Service Management (ITSM) is a concept made up of processes and
procedures for efficient and effective delivery of IT services to business
 ITSM focuses on business deliverables and infrastructure management
 Fine-tuning IT services to meet changing demands
 Measuring and demonstrating improvements in the quality of IT services
 Reduction of costs

Service Management Continued

 IT services are better managed with SLA’s, and the services offered
from such agreements
 Changes should be handled to the change control process
 Controlling releases and ability to rollback when needed

Service Level
 Remember that the IS Department is a service organization for end
users. Which means there needs to be in adherence to the SLA’s
 The SLA describes services in non-technical terms for the viewpoint of
the customer
 Service level management is the process of:
 Defining, agreeing upon, documenting and managing levels of service that are
required and cost justified
 The aim of service level management is to maintain and improve customer
satisfaction and improve service delivered to the customer

Service Level Continued

 Characteristics of IT services are used to define the SLA. There are
many tools available to monitor the efficiency and effectiveness of
services which include:
 Exception reports
 System and application logs
 Operator problem reports
 Operator work schedules

Infrastructure Operations
 IT operations are processes and activities that support and manage the
entire IT infrastructure, systems, applications and data, focusing on day-
to-day activities. Tasks of IT operations staff include:
 Executing and monitoring schedule jobs
 Performing timely backup
 Looking for unauthorized access
 Monitoring for the adherence to the operation procedures
 Working with testing of DRP’s
 Monitoring the performance, capacity, availability and failure of information resources

Scheduling
 Scheduling is a major function of the IS Department, and scheduling
includes:
 Jobs that must be run
 Sequence of job execution
 Conditions that cause program execution

Scheduling Continued
 Low priority jobs can be scheduled if
time is available
 Automated job scheduling software can
provide extra control over this process
 High priority jobs should be given optimal
resource availability
 Some examples, such as backups, may be done
at low peak times
 Job scheduling is necessary to make sure
that IS resources are optimally used

Monitoring Use of Resources

 Computer resources, for example, should be used
in a manner that benefits the entire organization.
Computer resources would include hardware,
software, telecommunications, networks,
applications and data

Process of Incident Handling

 Incident management is one of the critical processes in IT service
management, and needs to be attended to on a continuous basis.
 The goal is to increase continuity of service by reducing or removing the adverse
affect of disturbances
 Incident handling should have a method of prioritizing items to determine the impact
of urgency

Problem Management
 Problem management aims to resolve issues through the investigation
and in-depth analysis of a major incident, or several incidents that are of
a similar nature
 The goal is to determine the root cause
 This root cause is sometimes called the known error
 A workaround may have to be developed to address this error state and prevent any
future occurrences
 Problem management and incident management have slightly different
goals. Incident management tries to return to a normal state, whereas
problem management tries to reduce the number of incidents

Detection, Documentation, Control,

Resolution and Reporting of Abnormal
Conditions
 The complex nature of software, hardware and their interrelationships
should have a mechanism to detect and document any abnormal
conditions
 Logs should contain the following kinds of errors:
 Application, system, operator, network, telecommunication and hardware

 Log items should have the following information:

 Error date, description, code, source of error
 Individuals assigned to the error
 Status code of problem resolution
 Narrative of how the error was resolved

Detection, Documentation, Control,

Resolution and Reporting of Abnormal
Conditions Continued
 Logs should be accessible to only those who are authorized, and those
logs should be updated as problems are resolved
 IS management should ensure that problem management mechanisms
are maintained and monitored and outstanding errors are being
addressed in a timely manner
 Should also be documentation on how to escalate unresolved problems

Support/Helpdesk
 Technical supports functions are to provide specialized
knowledge of production systems, identify and assist in
system change, and assist in problem resolution
 Typical support functions:
 Determining the source of computer incidents and taking corrective
actions
 Initiating problem reports and resolving incidents in a timely manner
 Answering inquiries regarding specific systems
 Providing multi-tiered support
 Providing technical support
 Communicating with IS operations about abnormal patterns and calls

Change Management Process

 Change control is an important function that should be handled by IS
management. It is often thought of as moving changes or upgrades from
the test environment to the production environment
 Change management can also be used when changing hardware or
upgrading off-the-shelf applications

Change Management Process Continued

 Procedures associated with this migration process are in place to make
sure that:
 System, operations and program documentation are complete, up-to-date and in
compliance with standards
 Job preparation, scheduling and operating instructions have been established
 Test results have been reviewed and approved
 Any data conversion was done accurately and completely
 System conversion occurred accurately and completely and has proper approval
 The risk of causing an outage are reviewed and a rollback plan is developed

Release Management
 Software release management is a process where software is made
available to users, and the term release often describes the collection of
authorized changes
 Major release: Normally a significant change or addition to new functionality. A major
upgrade usually supersedes all preceding minor upgrades
 Minor software releases:These are normally upgrades for small enhancements and
fixes
 Emergency software release:These are normally updates that have corrections to the
small number of known problems.These are often submitted as quickly as possible to
prevent downtime and the potential of vulnerabilities going unpatched

Release Management Continued

 Planning a release involves:
 Getting consensus on the releases contents
 Agreeing to the release strategy. This may be done in phases
 Producing a high level release schedule
 Planning resource levels
 Agreeing on roles and responsibilities
 Creating a rollback plan
 Developing a quality plan for the release
 Planning acceptance of support groups and the customer

Information Security Management

 The goal is to ensure continuous IT operation and security of business
process and data. This is a critical part of IS operations. Security
management includes:
 Performing risk assessments on information assets
 Performing business impact analysis
 Developing and enforcing information security policies, procedures and standards
 Regular security assessments
 Implementing a formal vulnerability management process

Media Sanitization
 There should be a program establishing how to deal with media
sanitization. This is an necessary step to preserve the confidentiality of
sensitive information that is stored on media to be reused, transported,
or discarded
 Sanitization involves the permanent erasure of information stored on storage media
 It is necessary to make sure that information cannot be restored after being
sanitized
 The should be a process of identifying that media which needs sanitizing
 There should be a procedure for proper sanitization of the different types of storage
media

Lesson 2: Information Systems Hardware

 This section will introduce hardware platforms that make up the
enterprise systems of today’s organizations. We look at the basic
concepts of and history behind different types of computers and the
advances in information technology

Computer Hardware Components and

Architecture
 The central processing unit is made up of the
arithmetic logic unit, a control unit and internal
memory
 Other key components of the computer include the
motherboard, memory, read-only memory
 The I/O components pass instructions and
information to the computer, or display record
output generated by the computer

Common Enterprise Backend Devices

 Print servers
 File servers
 Application servers
 Web servers
 Proxy servers
 Database servers

Specialized Devices
 Firewall
 Intrusion detection systems
 Intrusion prevention systems
 Switches
 Routers
 Virtual private networks
 Load balancers

Risks
 Malware
 Data theft
 Data and media loss
 Corruption of data
 Loss of confidentiality

Security Control
 Encryption
 Granular control-such as active directory
 Educating security personnel
 Enforce the “lock desktop” policy
 Updating AV
 Use only secure devices

Radiofrequency Identification
 RFID uses radio waves to identify tagged objects within a limited range.
A tag consists of a microchip and antenna
 The tag can be passive, drawing power from the incident radiation arriving for the
reader
 An active tag has battery supplied power

RFID Applications
 Asset management
 Tracking
 Authenticity verification
 Matching
 Process control
 Access control
 Supply chain management

RFID Risks
 Business process risk is a direct attack on the RFID system components
 Business intelligence risk may come from a competitor or adversary
that gains unauthorized access to RFID
 Privacy risk can occur when the RFID system uses personally
identifiable information for purposes other than intended
 Externality risk occurs when RFID technology becomes a threat to a
non-RFID network or a non-RFID collected system

RFID Security Control

 Management control involves oversight of the security of the RFID
system
 An operational control involves the actions performed on a daily basis
by the systems administrator and users
 A technical control uses technology to monitor or restrict the actions
that can be performed within the system. RFID systems might use
technical controls to protect data on tags, causing a tag to self-destruct,
or to protect wireless communications

Hardware Maintenance Program

 For proper operation, hardware should be regularly cleaned and
serviced. The maintenance requirements will depend on complexity and
performance workloads

Hardware Monitoring Procedures

 Availability reports indicate the time periods during which the
computer is in operation and available for use. A key concern of this
report is downtime
 Hardware error reports would identify the computer components that
might fail. These reports should be monitored to make sure that
equipment is working properly
 Utilization reports are generally automated reports that document use
of the machine and peripherals.You can also use software monitors to
capture the measurements for processors, secondary storage, and other
components as they are used
 Asset management reports are basically an inventory of network
connected equipment

Capacity Management
 Capacity management can be thought of as planning and monitoring of
resources to ensure the available resources are used efficiently and
effectively
 Capacity planning is projections based on past experience, plans for
growth of existing business, as well as future expansions
 Capacity management ensures that all current and future capacity and
performance aspects of the business requirements are provided in a
cost-effective manner
 Capacity management can help with resource planning

Capacity Management Continued

 Capacity planning and monitoring elements:
 Developing a capacity plan
 Monitoring IT components to ensure SLA’s are achieved
 Analysis of the data collected for the monitoring activities identify trends and to
create baselines
 Tuning is the optimization of systems to the actual workload
 Implementation is the introduction of changes or new capacity to meet new
requirements
 Modeling can forecast the behavior of resources to look at future capacity transit
requirements
 Application sizing takes into consideration the prediction of new capacity. Sizing may
consider number of users, number of transactions, and data storage requirements

Lesson 3: IS Architecture and Software

 Basic processes associated with operating systems
 Interrupt handling
 Process creation/destruction
 Process state switching
 Process synchronization
 Interprocess communication
 I/O processes
 Management of memory

IS Architecture and Software Continued

 Software should be checked for compatibility with its operating system.
 Examples include:
 Access control software
 Data communications software
 Database management software
 Program library management systems
 Tape and disk management systems
 Network management software
 Job scheduling software
 Utility programs

Operating Systems
 The most important software related to computer is its operating
system. It is the operating system that is the interface between the user,
applications, and hardware
 Operating systems vary in how they manage resources, and how
comprehensive that management is
 A small workstation only needs to catalog files and load programs
 A mainframe must have handle large volumes of transactions and work with
extensive resources
 A server with multiple users would need to facilitate multiprocessing, multitasking
and multithreading

Software Integrity Issues

 The integrity of an OS is an important
requirement, and utilizes specific hardware and
software to do the following:
 Protect itself from deliberate or inadvertent modification
 Protect privilege programs from interference with other
user programs
 Provide process isolation
 Allows multiple processes to run concurrently that will not
interfere with each other
 Enforcement of least privilege, allowing a process only those
permissions it needs to perform its functions

Software Integrity Issues

 For system and data integrity, it is important to correctly and
consistently define, enforce and monitor the operating system
environment and grant permissions
 This is a responsibility of IS management

 Software patches are an important part of maintaining the integrity of

the operating system

Activity Logging and Reporting Options

 Computer activity can be logged for analysis of system functions.
 Examples of an activity log include:
 Data file versions used for production
 Program access to sensitive data
 Programs scheduled and run
 Utilities or service aides being used
 Operating system operations
 Database monitoring
 Auditing of access control

Data Communication Software

 Data communications software is used to transmit messages or data
from one point to another, whether locally or remote. Simple data
communications have three components:
 The source or transmitter
 The transmission path
 The receiver

Data Management
 Data management capabilities are enabled by the system software
components to support the definition, storage, sharing and processing of
user data and to support file management

File Organization
 User system data is usually organized into manageable units
 Sequentially represent one record being processed after another from the beginning
to the end of the file
 Direct random access are records that are addressed individually based on a key not
related to the data

Database Management Systems

 DBMS system software is designed to
organize, control and use the data needed
by application programs
 The primary functions of DBMS include
reduced data redundancy, decreased access
time, and basic security
 DBMS data is organized into such basic
data elements such as a field that is defined
by data dictionary
 A DBMS can also control user access at
many levels

Database Management Continued

 Some of the advantages of DBMS:
 Data independence for applications
 Easy support of flexibility in meeting changing data requirements
 Transaction processing efficiency
 Reduction of data redundancy
 Maximization of data consistency
 Enforcement of data/programming standards
 Enforcement of data security
 Integrity checks to store data

DBMS Architecture
 The objects that create the DBMS are defined by the metadata
 Metadata is the information about information
 Data elements
 Physical fields
 Files
 Data relationships
 Queries

 Metadata has three types: conceptual schema, external schema and

internal schema

DBMS Metadata Architecture

 Within each level, there is a data definition language (DDL) component
used to create the schema’s representation of interpreting and
responding to user request
 A data dictionary/directory system defines and stores source and object
forms of all data definitions for all schema types.
 DD/DS provides the following capabilities:
 A DDL processor which allows the creation or modification of data definitions
 Validation of the definition provided for integrity of the metadata
 Prevention of unauthorized access or manipulation of metadata
 Interrogation and reporting facilities that allow the DBA to inquire on the data
definition

Database Structure
 There are three major types of database structures:
 Hierarchical database model is a model of parent/child data segments. An example of
this is LDAP
 Network database model is a basic data modeling construction called a set. A set is
formed by an owner record type, a member record type and name
 Relational database model is based on set theory and relational calculations.This
model relates one table to another table

Relational Database
 Relational database has the following
properties:
 Values are atomic
 Each row is unique
 Column values are the same kind
 Column sequencing is unimportant
 Row sequencing is unimportant
 Each column has a unique name
 Primary keys
 Foreign key

 Relational databases are designed using

normalization rules to reduce the
duplication of data

Database Controls
 To maintain the integrity and availability of data the following controls
may be used:
 Enforcing definition standards
 Data backup and recovery
 Access control to data objects
 Assignment of privileged use
 Dealing with concurrent access problems i.e. data locks
 Ensuring accuracy, completeness and consistency of data elements and relationships
 Database checkpoints
 Monitoring database performance

Tape and Disk Management Systems

 Automated tape management systems
(TMS) or disk management systems
(DMS) are forms of specialized system
software to track and list tape/disk
resources needed for data center
processing

Utility Programs
 Utility programs consist of software to perform maintenance and
routines that may need to be repeated frequently. Utility programs are
categorized by use in the five functional areas:
 Understanding application systems via flowcharts, profile analyzers, executive path
analyzers etc.
 Assessing or testing data quality
 Testing of programs ability to function correctly and maintain data integrity
 Assisting in faster program development i.e. integrated development environments
 Improving operational efficiency such as CPU and memory utilization

Software Licensing Issues

 Whether connectivity to software is local or remote, software
copyright laws must be followed to protect against the possibility of the
company violating licensing rules.
 To prevent or detect software licensing violations the auditor should:
 Review the document policies and procedures and any preventive controls to guard
against unauthorized use or copying of software
 Obtain copies of all software contracts to determine the license agreements
 Review the list of all standard, used and licensed applications and system software
 Review software currently installed on user machines

Software Licensing Issues Continued

 Options available to prevent software license violations include:
 Centralizing control and automated distribution installation software
 Dumb terminals connecting to a secure LAN
 Installing metering software on the PCs
 Regular scanning of user PCs

 An alternative would be to acquire a site license agreement from the

vendor if possible

Digital Rights Management

 Due to the growth of software piracy through peer to peer or bit
torrent types of networks there’ve been many innovative ways to make
it nearly impossible to pirate software
 DRM refers to access control technique to protect copyright holders
and impose limitation on the use of digital content

Lesson 4: Network Infrastructure

 Networks are developed from the need to share information between
devices.
 In general the links communicate in either analog or digital signals
 Methods for transmitting signals over analog telecommunication links
use either baseband or broadband
 Baseband refers to a single signal injection of the communication link
 Broadband is two or more signals on the same link often at different carrier
frequencies

Enterprise Network Architecture

 Today’s networks are part of a large, centrally managed, internetwork
architecture solution of high-speed local and wide area computer
networks
 Some architectures might include clustering, types of functions in a
network segment such as web services or other application servers
 The auditor must understand information technologies associated with
the design and development of telecommunications infrastructures such
as a LAN or WAN

Types of Networks
 Personal area network
 Local area network
 Wide area network
 Metropolitan area network
 Storage area network

Network Services
 Network file system
 E-mail services
 Print services
 Remote access services
 Directory services
 Network management
 Dynamic host configuration protocol
 Domain name service

Network Standards and Protocols

 Network architecture standards allow the process of creating an
integrated environment that applications can work within by having a
reference model that can be used for structuring inter-computer and
network communications
 Basically the goal is to have different platforms speaking the same
language.
 The major challenge of communications are:
 Interoperability
 Availability
 Flexibility
 Maintainability

OSI Architecture
 The purpose of the OSI architecture was to write a reference model
that organizations could use for building inter-computer and network
communications processes. This is a proof of concept model composed
of seven layers

Layer Layer Layer Layer Layer Layer Layer

7 6 5 4 3 2 1

OSI Layers
 Layer 7: Application Layer
 Layer 6: Presentation Layer
 Layer 5: Session Layer
 Layer 4: Transport Layer
 Layer 3: Network Layer
 Layer 2: Data Link Layer
 Layer 1: Physical Layer

Application of the OSI Model in Network

Architectures
 The local area network is almost always
implemented using switched Ethernet along
with twisted pair cabling. Wireless
communications are also beginning to become
more popular in the local area network
 As local area network grows and traffic
increases, it becomes important to look of the
logical configuration and find methods to
optimize that traffic

Network Physical Media Specifications

 The physical media that is used to connect various host computing
devices are:
 Twisted pairs-copper cable
 Fiber optics for high-capacity
 Infrared and radio

Implementation of WANs
 Fiber optics are commonly used for most high-capacity network
connections between buildings, between cities, or other long hauls
 Other systems that might be used include:
 Microwave radio systems
 Satellite radio link systems

LAN Media Access Technologies

 Ethernet
 Began as a bus configuration using 10 Mbs speed over coax cable
 The star configuration initially used hubs and the copper twisted pair cabling
 Today’s Ethernet has more modern versions:
 Fast Ethernet - 100 Mbs
 Gigabit Ethernet - 1000 Mbs
 10 Gb Ethernet
 40/100 Gb Ethernet
 Base IEEE 802.3 specification
 Carrier sense multiple access/collision detection
 Media access control

 Token ring

LAN Components
 Repeaters
 Hubs
 Bridges
 Layer 2 switches
 Routers
 Layer 3 and 4 switches
 Layer 4 – 7 switches
 Gateways

LAN Technology Selection Criteria

 Some of the more relevant selection criteria are:
 What are the applications to be supported
 What bandwidth needs to exist
 What area needs to be covered and what are the physical constraints
 Budget
 Remote management needs
 Security needs
 Redundancy/resiliency requirements

Wide Area Networks

 A WAN is a communications network
transmitting information across geographically
dispersed local area networks
 WAN characteristics include:
 They are applicable to the physical and data link layers of
the OSI model
 Data flow can be simplex, half duplex or full-duplex
 Communication lines can be either switched or
dedicated
 Emerging trends are to extend ethernet across the WAN

WAN Message Transmission Techniques

 Message switching
 Packet switching
 Circuit switching
 Virtual circuits
 WAN dial-up services

WAN Devices
 WAN switches
 Routers
 Modems
 Synchronous transmission
 Asynchronous transmission
 Access servers
 CSU/DSU
 Multiplexers
 Time division multiplexing
 Asynchronous time division multiplexing
 Frequency division multiplexing
 Statistical multiplexing

WAN Technologies
 Point-to-point protocol
 X.25
 Frame relay
 ISDN
 ATM
 MPLS
 DSL
 VPN
 Remote access VPNs
 Intranet VPNs
 Extranet VPNs
 Service provider VPNs

Wireless Networks
 Wireless technologies enable one of more devices to communicate
without a physical connection. Wireless technologies use radiofrequency
transmissions through free space as a means to transmit data.
 Going to a wireless network introduces new elements that should be
looked at, such as existing applications needing a retrofit to use a
wireless interface
 There are also new risks that are a part of wireless networks
 Wireless networks can be categorized in four ways based on the coverage range:
WANs, LANs, WPANs, ad hoc

Wireless Wide Area Networks

 Wireless wide area networking is a process of linking different
networks or large geographical area to allow wider IT resource sharing
connectivity.
 These connections of course are using radiofrequency
 2G, 3G, 4G
 GSM

Wireless Local Area Networks

 These allow greater flexibility and portability than a wired LAN. Again
this is using radiofrequency.
 The components that make up the wireless LAN are:
 An access point
 Wireless networking hub
 Wireless network adapters

Wireless Local Area Networks Continued

 IEEE standards
 802.11 a
 802.11 b
 802.11 g
 802.11 I
 802.11 n
 Bluetooth

Wireless Security
 Wired equivalent privacy
 Wi-Fi protected access
 WPA
 WPA2

Wireless Security Continued

 WEP uses symmetric encryption, and private keys
 Weaknesses include the key reuse problem and other flaws
in this is not considered a strong security control
 WPA uses public key cryptography, it is considered a
much more secure option of encryption

Wireless Application Protocol

 WAP is a general term to describe a multilayered protocol and related
technologies that bring Internet content to wireless mobile devices.
Examples would be PDAs and cellular technology.

Risks of Wireless Communications

 Interception of sensitive information
 Loss or theft of devices
 Misuse of devices
 Loss of data contained in the devices
 Distractions caused by the devices
 Possible health effects of device usage
 Wireless user authentication
 File security
 WEP security encryption
 Interoperability
 Use of wireless subnets
 Translation point

World Wide Web Services

 URL
 Common gateway interface
 Cookie
 Applet
 Servlet
 Bookmark

General Internet Terminology

 Network access point
 Internet service provider
 Internet link
 Remote terminal control protocol
 Secure shell
 Domain name service
 Direct connection
 Internet appliance
 Online services
 File transfer protocol
 Simple mail transport protocol
 Transborder data flow

Network Administration and Control

 Network administration are responsible to make sure the network is
functioning properly from both a performance and security perspective
 Monitoring usage and throughput
 Load-balancing
 Response to security violations
 Failure conditions
 Saving and restoring data
 Planning for networks growth

Network Performance Metrics

 The metrics of performance or measurements that can determine how
well the network is meeting the organizations needs. These metrics can
also determine their capability of supporting a variety of applications.
 Latency
 Throughput
 Errors and drops
 Retransmissions

Network Management Issues

 It is much more common today to see WANs communicate with a mix
of LANs and host network architectures. Nearly all organizations are
standardizing their telecommunications, and infrastructure on TCP/IP
and modern routers
 There are five defined basic tasks related to network management:
 Fault management
 Configuration management
 Accounting resources
 Performance management
 Security management

Network Management Tools

 Response time reports
 Downtime reports
 Online monitors
 Network monitors
 Protocol analyzers
 Simple network management protocol
 Helpdesk reports

Client Server Technology

 This network architecture model uses computers or processes on the
network as either a server (a source of services and data) or client (a
user of the services)
 The client/server architecture is a number of advantages such as
shipping work among servers

Client/Server Technology Continued

 Business challenges:
 The rapid growth and complexity of client/server environments
 More companies are moving to client/server platforms for mission critical
applications
 Companies are experiencing more problems integrating application changes to
existing network systems
 High staff turnover can result in the need for constant hiring and training to support
the client/server technologies
 Companies that have numerous office locations and an aggressive merger/acquisition
strategy often do not have centrally located client/server systems

Client/Server Technologies Continued

 The solution: To address business challenges, management has to
address COBIT’s delivery and support domain.
 The domain is concerned with the actual delivery of required services
which include service delivery, management of security and continuity.
 It also addresses service support for users, and management of data and
operational facilities
 This domain typically addresses the following:
 Are IT services being delivered in line with business priorities
 IT cost optimized
 Is the workforce able to use IT systems productively
 Is adequate security in place

Client/Server Technology Continued

 Middleware is a client/server specific term used to describe a class
software employed by client/server applications.
 Middleware serves as the glue between two otherwise distinct
applications and can provide services such as audit of identification,
authentication, authorization, directories and security
 Middleware is commonly used for:
 Transaction processing
 Remote procedure calls
 Object request broker technology
 Messaging servers

Client/Server Technology Continued

 Risks of middleware:
 Risks can come about on the system’s integrity because of the very purpose of
middleware, which is designed to support multiple operating systems. Lack of proper
software to control portability of data or programs across multiple platforms can
result in loss of data or program integrity
 Controls aren’t limited by management to ensure the integrity of the client/server
networks. Management should ensure the systems are properly tested and approved

Lesson 5: Disaster Recovery Planning

 DRP is an element of internal control systems to manage availability and
restore critical processes in the event of interruption
 DRP is a continuous planning process to use cost-effective controls to
prevent possible disruptions and recover the capacity of the
organization

Recovery Point Objective and Recovery Time

Objective
 The RPO is determined based on acceptable data loss in case of
disruption of operations. It is the earliest point in time that is acceptable
to recover data
 The RPO quantifies the permissible amount of data loss incase of
interruption
 The RTO is determined based on the acceptable downtime if a
disruption of operations occurs
 The RTO indicates the earliest point in time at which the business
operations must resume after disaster
 Both of these are based on time parameters
 The lower the time requirements the higher the cost recovery

Recovery Point Objective and Recovery Time

Objective Continued
 There are some additional parameters that need to be defined for the
recovery strategies:
 Interruption window which is the time the organization can wait from the point of
failure to the restoration. After this time the progressive losses caused by the
interruption are unaffordable
 Service delivery objective is level of services to be reached during the alternate
process mode until restoration
 Maximum tolerable outages represents the most time an organization can support
processing an alternate mode

Recovery Strategies
 A recovery strategy outlines the best way to recover a system in case
interruption and is used for guidance to each of the recovery
procedures that need to be developed
 A variety of strategies should be developed and all alternatives should be presented
to senior management
 Senior management should select the most appropriate strategy from the
alternatives provided
 Strategies will depend on:
 How critical the business processes
 Cost
 Time to recover
 Security

Recovery Strategies Continued

 Recovery strategies could include developing:
 Hot sites
 Warm sites
 Cold sites
 Duplicate information processing facilities
 Mobile sites
 Reciprocal agreements

Recovery Strategies Continued

 The contractual provisions for the use of a third-party site should cover:
 Configurations that would facilitate the companies needs
 The definition of disaster
 Is a facility exclusive or is it shared space
 Will the facility be available to the company without delay
 How soon after disaster with the facility be available
 Who gets preference if there are common regional disasters
 Usage
 Proper communications available
 Is there a right to audit
 What testing rights are included
 What is the reliability of the site
 Is the site secure

Application Disaster Recovery Methods

 The goal of protecting an application against a disaster is to find a way
to restore it as quickly as possible
 Clustering is a solution that can help maintain high availability.
 There are two major types of clusters:
 Active passive
 Active active

Data Storage Disaster Recovery Methods

 As with applications, there should be a recovery method to protect
against data loss in case of disaster or hardware failure.
 The most common solution is a redundant array of independent disks
(RAID)

Telecommunication Networks Disaster

Recovery Methods
 Telecommunications can also succumb to natural disasters but they have
other events to plan for that are unique to telecommunications
 Central switching office
 Cable cuts
 Communication software errors
 Security breaches

Methods for Network Protection

 Redundancy
 Plan for extra capacity
 Multiple paths between routers
 Dynamic routing protocols
 Eliminating single points of failure
 Alternative routing is a method of using an alternate medium:
 Copper backup for fiber optics
 Different types of circuits such as ISDN or dial-up
 Diverse routing is often best described as dual homed
 Long-haul network diversity
 Last mile circuit protection
 Voice recovery

Development of Disaster Recovery Plans

 DRP is a part of the business continuity process and usually follows a BIA
and risk assessment
 DRP contents:
 Procedures for declaring a disaster
 Criteria for plan activation
 It’s linkage with overarching plans
 Personnel responsibilities
 Recovery team
 Notification lists
 A step-by-step explanation of the recovery process
 Recovery procedures
 Vendor contacts

Organization and Assignment Of

Responsibilities
 The DRP should identify teams and their responsibilities.
 The response teams may include:
 Incident response team
 Emergency action team
 Information security team
 Damage assessment team
 Emergency management team
 Off-site storage team
 Software team
 Application team
 Emergency operations team

Organization and Assignment Of

Responsibilities Continued
 Response teams continued
 Network recovery team
 Communication team
 Transportation team
 User hardware team
 Data preparation records team
 Administrative support team
 Supplies team
 Salvage team
 Relocation team

Organization and Assignment Of

Responsibilities Continued
 Response teams continued
 Coordination team
 Legal affairs team
 Recovery testing
 Training team

Backup and Restoration

 To ensure the critical activities of an organization are not interrupted in
the event of disaster, secondary storage media can be used to store
software’s associated data
 Removable media such as CDs, DVDs, or tape
 Network storage

Off-Site Library Controls

 When a disaster strikes, the off-site storage library may be the only
remaining copy of the organizations data. Is important to have to
controls over this data both physically and logically
 Controls over the off-site storage may include:
 Physical security
 Proper constructed physical location
 Locating the library away from the data center
 Maintaining the inventory of storage media files of the library
 Ensuring that a record of all storage media and files are catalogued

Types of Backup Devices and Media

 Backup devices and media should be chosen based on the following
factors:
 Standardization of the technologies for the primary and off-site facility
 Capacity
 Speed
 Price

Types of Backup Devices and Media

 Disk-based backup systems exist in different types:
 Virtual tape libraries are systems of disk storage and software to control backup and
data recovery sets
 Host-based replication is done at the server level by special software running on the
server
 Disk array-based replication which is similar to the host-based replication but done
on a disk array such as a storage area network
 Snapshots

Periodic Backup Procedures

 Both data and software file should be backed up on a periodic basis as
defined by your RPO
 Scheduling can be done by most backup management systems
 The time period to schedule the backup may differ per application

Frequency of Rotation
 The considerations for establishing file backup schedules can include the
following:
 The frequency of the backup cycle and depth of retention
 Anticipation of the failures
 Transaction files should coincide with master files
 DBMS require specialized backups
 Backup for custom-built software should also include the object code and source
code

Backup Schemes
 The full backup
 Incremental backup
 Differential backup
 Methods of rotation
 Grandfather-father-son method

1. Which of the following devices extends the network and has the capacity to store frames
and act as a storage and forward device?
A. Router
B. Bridge
C. Repeater
D. Gateway

2. A critical function of a firewall is to act as a:

A. Special router that connects the Internet to a LAN
B. Device for preventing unauthorized users from accessing the LAN
C. Server used to connect authorized users to private trusted network resources
D. Proxy server to increase the speed of access to authorized users

3. A hub is a device that connects:

A. Two LANs using different protocols
B. A LAN with a WAN
C. A LAN with a metropolitan area network (MAN)
D. Two segments of a single LAN

4. Which of the following is a telecommunication device that translates data from digital form
to analog form and back to digital?
A. Multiplexer
B. Modem
C. Protocol converter
D. Concentrator

5. What type(s) of firewalls provide(s) the greatest degree of protection and control because
the firewall technology inspects all seven OSI layers of network traffic?
A. A first-generation packet-filtering firewall
B. A circuit-level gateway
C. An application-layer gateway, or proxy firewall, and stateful-inspection firewalls
D. An application-layer gateway, or proxy firewall, but not stateful-inspection firewalls

6. Using the OSI reference model, what layer(s) is/are used to encrypt data?
A. Transport layer
B. Session layer
C. Session and transport layers
D. Data link layer
7. Relatively speaking, firewalls operated at the application level of the seventh layer OSI
model are:
A. Almost always less efficient
B. Almost always less effective
C. Almost always less secure
D. Almost always less costly to setup

8. An offsite information processing facility having electrical wiring, air conditioning and
flooring, but no computer or communications equipment is a:
A. Cold site
B. Warm site
C. Dial-up site
D. Duplicate processing facility

9. Off-site data backup and storage should be geographically separated so as to _________

the risk of a widespread physical disaster such as a hurricane or earthquake.
A. Accept
B. Eliminate
C. Transfer
D. Mitigate
Answer Key:

1. B
A bridge connects two separate networks to form a logical network (e.g., joining an Ethernet
and Token network) and has the storage capacity to store frames and act as a storage and
forward device. Bridges operate at the OSI data link layer by examining the media access
control header of a data packet.

2. B
A firewall is a set of related programs, located at a network gateway server that protects the
resources of a private network from users of other networks. An enterprise with an intranet
that allows its workers access to the wider Internet installs a firewall to prevent outsiders
from accessing its own private data resources and for controlling the outside resources to
which its own users have access. Basically, a firewall, working closely with a router program,
filters all network packets to determine whether or not to forward them toward their
destination. A firewall includes or works with a proxy server that makes network requests
on behalf of workstation users. A firewall is often installed in a specially designated
computer separate from the rest of the network so no incoming request can get directed to
private network resources.

3. D
A hub is a device that connects two segments of a single LAN. A hub is a repeater. It
provides transparent connectivity to users on all segments of the same LAN. It is a level 1
device.

4. B
A modem is a device that translates data from digital to analog and back to digital.

5. C
An application-layer gateway, or proxy firewall, and stateful -inspection firewalls provide the
greatest degree of protection and control because both firewall technologies inspect all
seven OSI layers of network traffic.
6. C
User applications often encrypt and encapsulate data using protocols within the OSI session
layer or farther down in the transport layer.

7. A
The early attempts of producing a firewall operating at the application level of the seventh-
layer OSI model required too much CPU processing power. Packet filters operate at the
network layer and function more efficiently because they only look at the header part of a
packet.

8. A
A cold site is ready to receive equipment but does not offer any components at the site in
advance of the need.

9. D
Off-site data backup and storage should be geographically separated to mitigate the risk of a
widespread physical disaster such as a hurricane or an earthquake.

IT Governance & Operations Guide
100% (2)
IT Governance & Operations Guide
46 pages
1 Intro To Information Systems Operations Maintenance
No ratings yet
1 Intro To Information Systems Operations Maintenance
1 page
ISOM Prelim Lec1
No ratings yet
ISOM Prelim Lec1
20 pages
WWW Infosectrain Com Blog Cisa Domain 4 Information Systems Operations Maintenan
No ratings yet
WWW Infosectrain Com Blog Cisa Domain 4 Information Systems Operations Maintenan
43 pages
Isom Chapter 1 5 Module
No ratings yet
Isom Chapter 1 5 Module
10 pages
Information Systems Operations and Maintenance
100% (1)
Information Systems Operations and Maintenance
8 pages
ISOMPDF
No ratings yet
ISOMPDF
7 pages
Domain 4 - CISA
No ratings yet
Domain 4 - CISA
110 pages
AIS 02-19 - Information Systems Operations & Maintenance
No ratings yet
AIS 02-19 - Information Systems Operations & Maintenance
8 pages
IT Ops
No ratings yet
IT Ops
21 pages
CISA Domain IV - Is Operations & Business Resilience
No ratings yet
CISA Domain IV - Is Operations & Business Resilience
57 pages
Domain 4 - PPT Slides
No ratings yet
Domain 4 - PPT Slides
70 pages
2012 CISA Review Course: Chapter 4 - Information Systems Operations, Maintenance and Support
100% (1)
2012 CISA Review Course: Chapter 4 - Information Systems Operations, Maintenance and Support
119 pages
Chapter 2 Hall
No ratings yet
Chapter 2 Hall
45 pages
ISOM Midterm Reviewer
No ratings yet
ISOM Midterm Reviewer
4 pages
1 - Information Systems Operations
No ratings yet
1 - Information Systems Operations
4 pages
IT Service Delivery and Support
No ratings yet
IT Service Delivery and Support
26 pages
AIS 5 Lecture
No ratings yet
AIS 5 Lecture
4 pages
Information Systems Operations, Maintenance and Service Management CISA 4
No ratings yet
Information Systems Operations, Maintenance and Service Management CISA 4
12 pages
Most Important Topics-CISA Review Manual (27th Edition)
No ratings yet
Most Important Topics-CISA Review Manual (27th Edition)
8 pages
CISA+Domain+4+Cyvitrix+ +updated+2024
No ratings yet
CISA+Domain+4+Cyvitrix+ +updated+2024
104 pages
Information Technology Service Management
No ratings yet
Information Technology Service Management
20 pages
CISA Student Handout Domain4 PDF
100% (1)
CISA Student Handout Domain4 PDF
43 pages
IT Audit and Controls Module 3
No ratings yet
IT Audit and Controls Module 3
2 pages
CISA - 27e - CH - 4 - Information Systems Operations and Business Resilience
No ratings yet
CISA - 27e - CH - 4 - Information Systems Operations and Business Resilience
154 pages
The MIS Organisationpart1
No ratings yet
The MIS Organisationpart1
25 pages
Group 7 - Seafty in It
No ratings yet
Group 7 - Seafty in It
13 pages
Ais 3
No ratings yet
Ais 3
2 pages
Stages and Processes ITIL
No ratings yet
Stages and Processes ITIL
6 pages
Functions in IT Operations
No ratings yet
Functions in IT Operations
2 pages
Unit 4 - Notes - ITSM
No ratings yet
Unit 4 - Notes - ITSM
9 pages
Acquisition, Maintenance, and Auditing of IT Infrastructure
No ratings yet
Acquisition, Maintenance, and Auditing of IT Infrastructure
3 pages
The Management of Information Systems
No ratings yet
The Management of Information Systems
36 pages
ISO 27001 - Operations
100% (2)
ISO 27001 - Operations
13 pages
DS13
No ratings yet
DS13
4 pages
Session 3 - Information Security BW PDF
No ratings yet
Session 3 - Information Security BW PDF
13 pages
Demystifying ITIL: Greg Charles, PH.D
No ratings yet
Demystifying ITIL: Greg Charles, PH.D
41 pages
Operations Security Overview
100% (1)
Operations Security Overview
74 pages
Is and It Audit-Infrastructure and Operations (Nov 26)
No ratings yet
Is and It Audit-Infrastructure and Operations (Nov 26)
21 pages
CISA Job Practice 2019
100% (1)
CISA Job Practice 2019
4 pages
IT Infrastructure Library: by Ritika Rattan Puneet Kapahtia
No ratings yet
IT Infrastructure Library: by Ritika Rattan Puneet Kapahtia
25 pages
2 Audit Sistem Informasi - Pertemuan 2
No ratings yet
2 Audit Sistem Informasi - Pertemuan 2
72 pages
CISA Course Details
No ratings yet
CISA Course Details
11 pages
Chapter 11 Iso
No ratings yet
Chapter 11 Iso
32 pages
It Strategy To Transition To Operations
No ratings yet
It Strategy To Transition To Operations
23 pages
Iso27k Iso Iec 27002 Outline
No ratings yet
Iso27k Iso Iec 27002 Outline
4 pages
Chapter 11 - Information Systems Management (Thuyet Trinh)
No ratings yet
Chapter 11 - Information Systems Management (Thuyet Trinh)
42 pages
AIT Report
No ratings yet
AIT Report
45 pages
Cyber Security UNIT-3 Update
No ratings yet
Cyber Security UNIT-3 Update
73 pages
Unit 1
No ratings yet
Unit 1
20 pages
Itsm 1,2,3,4.5
No ratings yet
Itsm 1,2,3,4.5
18 pages
CISA-Domain-4-Information Systems Operations and Business Resilience
No ratings yet
CISA-Domain-4-Information Systems Operations and Business Resilience
172 pages
Auditoría de Tecnología de Información: Espinosa Ángeles Juan Abdel Hernández Medina Adrián Ramírez Antonio Alejandra
No ratings yet
Auditoría de Tecnología de Información: Espinosa Ángeles Juan Abdel Hernández Medina Adrián Ramírez Antonio Alejandra
53 pages
Baa Ais It Controls
No ratings yet
Baa Ais It Controls
31 pages
IT Audit Checklist
100% (7)
IT Audit Checklist
40 pages
Tech Brief Understanding Smart Contracts - Res - Eng - 1217
No ratings yet
Tech Brief Understanding Smart Contracts - Res - Eng - 1217
4 pages
Information Technology General Controls Review (ITGC) Audit Program
No ratings yet
Information Technology General Controls Review (ITGC) Audit Program
18 pages
Data Governance for Businesses
No ratings yet
Data Governance for Businesses
2 pages
Firewall Administration Audit Work Program
No ratings yet
Firewall Administration Audit Work Program
6 pages
Tech Brief Understanding Smart Contracts - Res - Eng - 1217
No ratings yet
Tech Brief Understanding Smart Contracts - Res - Eng - 1217
4 pages
Cisa WB03
No ratings yet
Cisa WB03
212 pages
Use Case Diagram Relationships Explained With Examples
No ratings yet
Use Case Diagram Relationships Explained With Examples
5 pages
Cisa WB05
No ratings yet
Cisa WB05
102 pages
Cisa WB02
No ratings yet
Cisa WB02
136 pages
Auditing Applications Framework Part 2
No ratings yet
Auditing Applications Framework Part 2
4 pages
WAPITS IT Strategic MGMT AP
No ratings yet
WAPITS IT Strategic MGMT AP
29 pages
From Static Networks To Software Defined Networking - Joa - Eng - 0716
No ratings yet
From Static Networks To Software Defined Networking - Joa - Eng - 0716
7 pages
Vulnerability Management Guideline v1.0.0 PUBLISHED
No ratings yet
Vulnerability Management Guideline v1.0.0 PUBLISHED
11 pages
WAPO01 Manage The IT Management Framework Audit Assurance Program - Icq - Eng - 0814
100% (1)
WAPO01 Manage The IT Management Framework Audit Assurance Program - Icq - Eng - 0814
32 pages
Gtag - Appendix - 5: 5.2 Top 10 Questions Caes Should Ask About Vulnerability Management
No ratings yet
Gtag - Appendix - 5: 5.2 Top 10 Questions Caes Should Ask About Vulnerability Management
2 pages
WAPO04 Manage Innovation Audit Assurance Program - Icq - Eng - 0814
No ratings yet
WAPO04 Manage Innovation Audit Assurance Program - Icq - Eng - 0814
28 pages
WAPO02 Manage Strategy Audit Assurance Program - Icq - Eng - 0814
No ratings yet
WAPO02 Manage Strategy Audit Assurance Program - Icq - Eng - 0814
31 pages
WAPO09 Manage Service Agreements Audit Assurance Program - Icq - Eng - 0814
No ratings yet
WAPO09 Manage Service Agreements Audit Assurance Program - Icq - Eng - 0814
28 pages
01-Quizz W0 - L1
No ratings yet
01-Quizz W0 - L1
2 pages
Data Integrity Slides 02012024 092949am
No ratings yet
Data Integrity Slides 02012024 092949am
28 pages
Teradata To Snowflake Migration Guide
100% (2)
Teradata To Snowflake Migration Guide
15 pages
Software Developer Profile
No ratings yet
Software Developer Profile
3 pages
MTech Front Pages Sample
No ratings yet
MTech Front Pages Sample
9 pages
MRA Project Milestone 2
71% (17)
MRA Project Milestone 2
20 pages
Azure Essentials
100% (2)
Azure Essentials
17 pages
CISA
No ratings yet
CISA
3 pages
Understanding Process Management
No ratings yet
Understanding Process Management
53 pages
2.2 Data Modeling and Management Relationship Types
No ratings yet
2.2 Data Modeling and Management Relationship Types
15 pages
IT Network Support Engineer CV
No ratings yet
IT Network Support Engineer CV
4 pages
Week3 Recap OOP
No ratings yet
Week3 Recap OOP
56 pages
Rampant Advanced Oracle DBMS Packages
No ratings yet
Rampant Advanced Oracle DBMS Packages
591 pages
What Cloud Computing Really Means: by Eric Knorr, Galen Gruman Created 2008-04-07 02:00AM
No ratings yet
What Cloud Computing Really Means: by Eric Knorr, Galen Gruman Created 2008-04-07 02:00AM
4 pages
IIT Patna M.Tech Student Resume
No ratings yet
IIT Patna M.Tech Student Resume
1 page
Module 1 - ITM
No ratings yet
Module 1 - ITM
5 pages
What's New Aruba Central Licensing
No ratings yet
What's New Aruba Central Licensing
2 pages
Cloudera Data Scientist - Xebia Training
No ratings yet
Cloudera Data Scientist - Xebia Training
9 pages
Android RAT Remote Administrative Tool
No ratings yet
Android RAT Remote Administrative Tool
3 pages
Sample Data Excel Pivot Table
No ratings yet
Sample Data Excel Pivot Table
4,265 pages
Resumes - Ronithvalluri11@gmail - Com - Resume
No ratings yet
Resumes - Ronithvalluri11@gmail - Com - Resume
1 page
Discover Public Domain Books
No ratings yet
Discover Public Domain Books
603 pages
DVS SPARK Course Content PDF
No ratings yet
DVS SPARK Course Content PDF
2 pages
ODK Documentation
No ratings yet
ODK Documentation
571 pages
Oracle Internet Directory Updates
No ratings yet
Oracle Internet Directory Updates
7 pages
Chapter 1 - Understanding Requirements
No ratings yet
Chapter 1 - Understanding Requirements
35 pages
Group Basic Software Requirements LAH 893.909
0% (1)
Group Basic Software Requirements LAH 893.909
36 pages
Yr 10 Classtest1
No ratings yet
Yr 10 Classtest1
2 pages
Pythone Notes
No ratings yet
Pythone Notes
103 pages
Using Sentiment Analysis in Complaint Management System
100% (1)
Using Sentiment Analysis in Complaint Management System
6 pages
Win32 C++ Programming Guide
No ratings yet
Win32 C++ Programming Guide
191 pages