Más contenido relacionado


The Importance of Security within the Computer Environment

  1. The Importance of Security within the Computer Environment
  2. Objectives • Identify and explain standard operating procedures of a computer centre. • Explain the need for computer room security. • Identify and describe computer systems auditing. • Explain prevailing safety regulations in computer centre. • Describe methods of preventing hazards (fire, flooding, sabotage, etc) .
  3. What is Standard Operation Procedure An SOP is a procedure specific to your operation that describes the activities necessary to complete tasks in accordance with industry regulations, provincial laws or even just your own standards for running your business. Any document that is a “how to” falls into the category of procedures. In a manufacturing environment, the most obvious example of an SOP is the step by step production line procedures used to make products as well train staff.
  4. Standard Operating Procedures of a Computer Centre The following are the standards procedure in operating a computer centre: Change Control: in addition to defining the formal change control process include a roster of change control and forms for change requests, plans and logs. Facilities: Injury prevention program information, documentation regarding power and cooling emergency shut off processes; fire suppression system information; unsafe condition reporting forms; new employee safety training information, logs and attendance records; illness or injury reporting forms; and visitor policies
  5. SOPs of a Computer Centre • Human Resources: Include policies regarding technology training, as well as acceptable use policies, working hours and shift schedules, workplace violence policies, employee emergency contact update forms, vacation schedules and anti-harassment and discrimination policies. • Security: This a critical area. An IT organization should implement policies regarding third-party or customer system access, security violations, auditing, classification of sensitive resources, confidentiality, physical security, passwords, information control, encryption and system access controls
  6. SOPs of Computer Centre • Templates: Providing templates for regularly used documentation types makes it easier to accurately capture the data you need in a format familiar to your staff. Templates to consider include policies, processes, logs, user guides and test/report forms. • Crisis Management: Having a crisis response scripted out in a advance goes a long way toward reducing the stress of a bad situation. Consider including crisis management documentation around definitions; a roster of crisis response team members; crisis planning; an escalation and notification matrix; a crisis checklist; guidelines for communications; situation update forms, policies and processes; and post-mortem processes and policies.
  7. SOPs of Computer Centre • Deployment: Repeatable processes are the key to speedy and successful workload deployments. Staff should be provided with activation checklists, installation procedures, deployment plans, location of server baseline loads or images, revision history of past loads or images and activation testing processes. • Materials Management: Controlling your inventory of IT equipment pays off. Consider including these items in your organization's document library: policies governing requesting, ordering, receiving and use of equipment testing; procedures for handling storing, inventorying, and security hardware and software; and forms for requesting and borrowing hardware for testing.
  8. SOPs of Computer Centre • Internal Communications: Interactions with other divisions and departments within your organization may be straightforward, but it is almost always helpful to provide a contact list of all employees in each department with their work phone numbers and email addresses. • Engineering Standards: Testing, reviewing and implementing new technology in the computer center is important for every organization. The following should be added to organization's SOP manuals: new technology request forms, technology evaluation forms and reports, descriptions of standards, testing processes, standards review and change processes and test equipment policies.
  9. Need for Computer Room Security The vulnerability of business critical information systems and the data they contain within the Computer Room make the site a high value asset which requires a high degree of protection. A range of security measures are therefore in place to protect employees, information and physical assets, along with the reputation of the organization and interested third parties with equipment in the Computer Room. There usually policies for the computer room use such as the once stated below: • Hours of Operation • Available Facilities • Equipment Delivery • Environmental Restrictions and Considerations • Control of Equipment and Spares • Console equipment (monitor, keyboard and mouse) • Prohibited Items
  10. Computer Systems Auditing. • Computer Systems Auditing also known as IT Audit or EDP Audit is an examination of the management controls within Information technology (IT) infrastructure. • The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives • CSA include but not limited to efficiency and security protocols, development processes, and IT governance or oversight.
  11. Types of Computer Systems Auditing Various authorities have created differing taxonomies to distinguish the various types of IT audits. Goodman & Lawless state that there are three specific systematic approaches to carry out an IT audit: •Technological innovation process audit. This audit constructs a risk profile for existing and new projects. The audit will assess the length and depth of the company's experience in its chosen technologies, as well as its presence in relevant markets, the organization of each project, and the structure of the portion of the industry that deals with this project or product, organization and industry structure. •Innovative comparison audit. This audit is an analysis of the innovative abilities of the company being audited, in comparison to its competitors. This requires examination of company's research and development facilities, as well as its track record in actually producing new products. •Technological position audit: This audit reviews the technologies that the business currently has and that it needs to add. Technologies are characterized as being either "base", "key", "pacing" or "emerging".
  12. Steps for Computer Auditing The following are basic steps in performing the Computer Audit Process: •Planning •Studying and Evaluating Controls •Testing and Evaluating Controls •Reporting •Follow-up
  13. Prevailing Safety Regulations in Computer Centre. • Use only computer resources that are authorized. • Sharing of computer accounts is not allowed. • Users must not attempt making unauthorized connections to, breaking into, or adversely affecting the performance of other systems on the network, irrespective of whether these systems are owned by the Institute or not Abide by all applicable copyright laws and licenses. • Users must not intrude on the legitimate or convenient use of computer resources by others. • When sending personal messages to other users, always identify yourself as the sender. • Unauthorized commercial use is prohibited.
  14. Methods of Preventing Hazards For the most part, these methods consist of the following elements, performed, more or less, in the following order. •Identify, characterize threats •Assess the vulnerability of critical assets to specific threats •Determine the risk (i.e. the expected likelihood and consequences of specific types of attacks on specific assets) •Identify ways to reduce those risks •Prioritize risk reduction measures based on a strategy