Professional Documents
Culture Documents
IT Service Delivery CISA
IT Service Delivery CISA
IS Operations:
IT service management (ITSM) comprises processes and procedures for efficient and effective
delivery and support of various IT functions. It focuses on tuning IT services to meet the changing
demands of the enterprise, and to measure and show improvements in the quality of IT services
offered with a reduction in the cost of service in the long run = Service Level Agreement (SLA).
Job accounting applications are designed to monitor and record IS resource use. Information
recorded by these applications (such as the performance and utilization of the CPU, secondary
storage media and terminal connect time) is used by IS management to perform activities that
include matching resource utilization with associated users for billing purposes and optimizing
hardware performance by changing or tuning system software defaults.
Scheduling is a major function within the IS department. The schedule includes the jobs that must
be run, the sequence of job execution and conditions that cause program execution. It also permits
the scheduling of low priority jobs if time becomes available.
Monitoring Use of Resources - Computer resources, like any other organizational asset, should
be used in a manner that benefits the entire organization. This includes providing information when
and where it is needed, at a cost that is identifiable and auditable.
Problem Management - IS management should develop operations documentation to ensure that
procedures exist for the escalation of unresolved problems to a higher level of IS management.
Lights Out Operations (Automated Unattended Operations) refers to the automation of key
computer room operations whereby tasks can take place without human intervention (e.g. job
scheduling, console operations, report balancing, restart activities, tape mounting, physical security...)
Job scheduling software is system software used by installations that process a large number of batch
jobs. The scheduling software sets up daily work schedules and automatically determines which jobs
are to be submitted to the system for processing.
R
eportingLists of additions, deletions, modifications, the library catalog and library member
attributes can be prepared for management and auditor review.
InterfaceLibrary software packages may interface with the operating system, job scheduling
system, access control system and online program management.
Supercomputers Very large and expensive computers with the highest processing speed,
designed to be used for specialized purposes or few specific applications that require extensive
processing power (e.g., complex mathematical or logical calculations).
Large computer (mainframe) Large, general-purpose computers that are made to share their
processing power and facilities with thousands of internal or external users.
FirewallsA specific device that inspects all traffic going between segments and applies security
policies to help ensure a secure network. An effective implementation depends on the quality of the
security policies written and their compliance with best practices.
Intrusion detection system (IDS) Listens to all incoming and outgoing traffic to deduce and
warn of potentially malicious connections
Switches Switches are data link level devices that can divide and interconnect network segments
and help to reduce collision domains in Ethernet-based networks.
Routers Devices used to link two or more physically separate network segments. The network
segments linked remain logically separate and can function as independent networks.
Universal Serial Bus (USB) devices - Adapters, cables, CDRW, DVDRW, scanners, webcams,
flash readers, hard drives, hubs, switches and video phones can be connected to the computer using
the USB connection. USB ports overcome the limitations of the serial and parallel ports in terms of
speed and the actual number of connections that can be made.
Memory Cards - They are nonvolatile, removable, small, easy to erase and store, and often
referred as flash memory cards. They can be used in cameras, music players, PDAs, Mobile
phones, printers, navigation systems and many other portable devices. One of these devices is
known as a memory stick, which is quite useful in storing information.
Radio Frequency Identification (RFID) - Radio frequency identification uses radio waves to
identify tagged objects within a limited radius. A tag consists of a microchip and an antenna. The
microchip stores information along with an ID to identify a product. The other part of the tag is the
antenna, which transmits the information to the RFID reader.
Write Once and Read Many (WORM) - In the past, a floppy disc and a small capacity hard drive
would be sufficient to do almost everything. This no longer holds true. In recent years, many new
technologies have been introduced, including those in the WORM category. It is worth mentioning
that this type of WORM is totally unrelated to the malicious code also referred to as a worm.
Operating Systems. The most important component of the system software category which contains
programs that interface between the user, processor and applications software. It provides the primary
means of managing sharing by various users and controlling the sharing and use of computer resources,
such as processors, real memory (e.g., RAM), auxiliary memory (e.g., disk storage), and input/output
devices.
Data communications software is used to transmit messages or data from one point to another, which
may be local or remote.
File Organization:
SequentialOne record is processed after another, from the beginning to the end of a file.
Indexed sequentialRecords are logically ordered according to a data-related key and can be
accessed based on that key.
Direct random accessRecords are addressed individually based on a key not related to the data
(e.g., record number).
Some others are proprietary methods used by specific vendors, such as IBMs Indexed Sequential
Access Method (ISAM) and the Virtual Storage Access Method (VSAM).
DBMS can be defined as that class of system software that aids in organizing, controlling and using the
data needed by application programs. A DBMS provides the facility to create and maintain a well-
organized database. Primary functions include reduced data redundancy, decreased access time and
basic security over sensitive data.
DBMS data are organized in multilevel schemes, with basic data elements, such as the fields, at the
lowest level.
Utility programs are system software used to perform maintenance and routines that frequently are
required during normal processing operations. Utility programs can be categorized, by use, into the
five functional areas.
Smaller computer system (PC and server operating systems) are often equipped with specific utilities
to:
Operate verification, cleaning and defragmenting of hard disk and removable memory units
Define the file system standard [NT file system (NTFS) or file allocation table (FAT)] to be used for
each unit
Initialize removable data volumes (floppy disk) and volumes of disk/removable memory
Save/restore system images
Reconstruct and restore (logically) cancelled files
Test system units and peripherals
File sharingAllows users to share information and information resources among one another
E-mail servicesProvides the ability, via a terminal or PC connected to a communication
network, to send an unstructured message to another individual or group of people
Print servicesProvides the ability, typically through a print server on a network, to manage and
execute print request services from other devices on the network
ISO/OSI Model:
1. Application layer interface used by application S/W to access resources like printer, send e-
mail
2. Presentation layer transforms data (e.g. encryption) and provides communication services.
3. Session layer controls the dialog (sessions) between computers and terminates connections.
4. Transport layer - ensures that data sent by session layer is received by transport layer. Provides
reliable and transparent transfer of data; error recovery and control.
5. Network layer this layer understands IP addresses and is responsible for routing, forwarding and
error handling and congestion control. This layer prepares the packets for the data link layer.
6. Data link layer provides reliable transfer of data across a physical link. Error detection using
cyclic redundancy check (CRC); logically connects using MAC address.
7. Physical layer provides and defines the hardware that transmits and receives the bit stream as
electrical, optic or radio signals over a medium or carrier.
LAN Components:
RepeatersA physical layer device that extends the range of a network or connects two separate
network segments together. Repeaters receive signals from one network segment and amplify
(regenerate) the signal to compensate for signals (analog or digital) distorted due to a reduction of
signal strength during transmission (i.e., attenuation).
HubsA physical layer device that serves as the center of a star-topology network or a network
concentrator. Hubs can be active (if they repeat signals sent through them) or passive (if they merely
split, signals).
BridgesA data link layer device, bridges were developed in the early 1980s to connect LANs or
create two separate LAN or WAN network segments from a single segment to reduce collision
domains. Bridges act as a store- and forward-device in moving frames toward their destination.
Metropolitan area network (MAN) is a communication network, local to a metropolitan area, which
features services companies, cable television services and other vendors.
Message switchingSends a complete message to the concentration point for storage and routing to
the destination point as soon as a communications path becomes available. Transmission cost is based
on message length.
Packet switchingA sophisticated means of maximizing transmission capacity of networks. This is
accomplished by breaking a message into transmission units, called packets, and routing them
individually through the network, depending on the availability of a channel for each packet.
Passwords and all types of data can be included within the packet.
Circuit switchingA physical communications channel is established between communicating
equipment, through a circuit switched network. This network can be, for instance, point-to-point (e.g.,
leased line) multipoint, public switched telephone network (PSTN) or an integrated services digital
network (ISDN). The connection, once established, is used exclusively by the two subscribers for the
duration of the call. The network does not provide any error or flow control on the transmitted data, so
this task must be performed by the user.
Virtual circuits A logical circuit between two network devices that provides for reliable data
communications. Two types are available; these are referred to as switched virtual circuits (SVCs) or
permanent virtual circuits (PVCs). SVCs dynamically establish on-demand connectivity, and PVCs
establish an always-on connection.
WAN dial-up servicesDial-up services using asynchronous and synchronous connectivity are
widely available and well-suited for organizations with a large number of mobile users. Its
disadvantages are low bandwidth and limited performance.
WAN Devices, typically operating at either the physical or data link layer of the OSI reference model,
are specific to the WAN environment:
WAN switchA data link layer device used for implementing various WAN technologies, such as
ATM, point-to-point frame relay and ISDN. These devices are typically associated with carrier
networks providing dedicated WAN switching and router services to organizations via T-1 or T-3
connections.
Some common types of WAN technologies used to manage the communication links are:
Point-to-point Protocol (PPP) works in the data link layer. PPP provides a single, preestablished
WAN communication path from the customer premises to a remote network, usually reached through a
carrier network, such as a telephone company.
X.25 - As a packet switched or virtual circuit implementation, X.25 is a telecommunication standard
(ITU-T) that defines how connections between data terminal equipment and data communications or
circuit terminating equipment are maintained for remote terminal access and computer communications
in public data networks (PDNs).
Frame Relay - As a packet switched or virtual circuit implementation, Frame Relay is a data link
layer protocol for switch devices that uses a standard encapsulation technique to handle multiple virtual
circuits between connected devices.
Integrated Services Digital Network (ISDN) -As a circuit switched implementation, ISDN
corresponds to integrated voice, data and video, and is an architecture for worldwide
telecommunications. This service integrates voice, data and video communication through digital
switching and transmission over digital public carrier lines.
Asynchronous Transfer Mode (ATM) - As a packet switched implementation operating at the data
link layer, ATM is based on the use of a cell (a fixed-size data block) switching and multiplexing
technology standard that combines the benefits of circuit switching (guaranteed capacity and constant
transmission delay) with those of packet switching (flexibility and efficiency for intermittent traffic).
Multiprotocol Label Switching (MPLS) provides a mechanism for engineering network traffic
patterns that is independent of routing tables. MPLS assigns short labels to network packets that
describe how to forward them through the network. MPLS is independent of any routing protocol and
can be used for unicast packets.
Digital Subscriber Lines (DSL) - A network provider service using modem technology over existing
twisted-pair telephone lines to transport high-bandwidth data, such as multimedia and video.
Characteristics of DSL are
dedicated, point-to-point, public network access on the local loop. Local loops are generally the last
mile between a network service providers (NSP) central office and the customer site.
Virtual Private Networks (VPN) - Extends the corporate network securely via encrypted packets
sent out via virtual connections over the public Internet to distant offices, home workers, salespeople
and business partners. Rather than using expensive, dedicated leased lines, VPNs take advantage of the
public worldwide IP infrastructure, thereby enabling remote users to make a local call (versus dialing-
in at long distance rates) or use an Internet cable modem or DSL connections for inexpensive public
network connectivity.
AuthenticityA third party must be able to verify that the content of a message has not been
changed in transit.
NonrepudiationThe origin or the receipt of a specific message must be verifiable by a third party.
AccountabilityThe actions of an entity must be uniquely traceable to that entity.
Network availabilityThe information technology resource must be available on a timely basis to
meet mission requirements or to avoid substantial losses. Availability also includes ensuring that
resources are used only for intended purposes.
The interception of sensitive informationInformation is transmitted through the air, which increases
the potential for unprotected information to be intercepted by unauthorized individuals.
The loss or theft of devicesWireless devices tend to be relatively small, easy to steal or lose. If
encryption is not strong, a hacker can easily get at the information that is password or PIN-protected.
The misuse of devicesDevices can be used to gather information or intercept information that is
being passed over wireless networks for financial or personal benefit.
The loss of data contained in the devicesTheft or loss can result in the loss of data that has been
stored on these devices. Storage capacity can range from a few megabytes to several gigabytes of data
depending on the device.
Distractions caused by the devicesThe use of wireless devices distract the user. If these devices are
being used in situations where an individuals full attention is required (e.g., driving a car), they could
result in an increase in the number of accidents.
Possible health effects of device usageThe safety or health hazards have not, as yet, been
identified. However, there are currently a number of concerns with respect to electromagnetic radiation
especially for those devices that must be held beside the head for use.
Wireless user authenticationThere is a need for stronger wireless user authentication and
authorization tools at the device level. The current technology is just emerging.
File securityWireless phones and PDAs do not use the type of file access security that other
computer platforms can provide.
Wired Equivalent Privacy (WEP) security encryptionWEP security depends particularly on the
length of the encryption key and on the usage of static WEP (many users on a wireless LAN share the
same key) or dynamic WEP (per-user, per-session, dynamic WEP key tied to the network logon). The
64-bit encryption keys that are in use in the WEP standard encryption can be easily broken by the
currently available computing power.
InteroperabilityMost vendors offer 128-bit encryption modes. However, they are not standardized,
so there is no guarantee that they will interoperate. The use of the 128-bit encryption key has a major
impact on performance with 15-20 percent degradation being experienced. Some vendors offer
proprietary solutions; however, this only works if all access points and wireless cards are from the
same vendor.
The use of wireless subnetsTo increase security, it is possible to create special subnets for wireless
traffic and require authorization before packets are routed.
Network performance matrics measured by latency (delay that a message or packet will have on its
way from source to destination) and throughput (quantity of useful work made by the system per unit
of time such as bytes per second).
Network management five basic tasks are fault management, configuration management,
accounting resources, performance management and security management.
Network management tools response time report, downtime reports, online monitors (check data
transmission accuracy and errors), help desk reports
Client-server Technology
is the name of network architecture in which each computer or process on the network is either a server
(a source of services and data) or a client (a user of these services and data that relies on servers to
obtain them). In a client-server technology, the available computing power can be distributed and
shared among the client workstations.
Client-server architecture can be organized based on two levels of computing tasks (i.e., two-tier
architectures) or three levels of computing tasks (i.e., three-tier architectures).
Middleware
is a client-server-specific term used to describe a unique class of software employed by client-server
applications. It serves as a glue between two otherwise distinct applications. It provides services such
as identification, authentication, authorization, directories and security. This software resides between
an application and the network, and manages the interaction between the GUI on the front end and data
servers on the back end.
Hardware Reviews:
The following approach may be adopted when auditing operating software development, acquisition or
maintenance:
Interview technical service and other personnel (regarding approval process and test procedures;
implementation and documentation procedures)
Review system software selection procedures (whether they comply with short & long-range IS
plans; align with business)
Review the feasibility study (consistent system objectives with request/proposal) and selection
process (same criteria applied to all proposals)
Review cost/benefit analysis of system software procedures (direct financial cost, product
maintenance, training requirements, impact on security)
Review controls over the installation of changed systems software (tests completed as planned,
fallback in place)
Review system software maintenance activities (changes made to system SW are documented,
current versions are supported by vendor)
Review system software change controls (limit access to libraries, authorized prior to moving from
test to production)
Review system documentation (in the areas of installation control statements, parameter tables, exit
definitions and activity logs/reports)
Review and test systems software implementation (change procedures, authorization, access security
features, audit. Trails )
Review authorization documentation (whether additions, deletions or changes to access authority
have been documented; violation reporting review and follow up
Review system software security (physical and logical security; established procedures; vendor-
supplied passwords changed)
Database Reviews:
Design - Verify the existence of a database model should be verified and all entities should have a
significant name and identified primary and foreign keys. Verify that the relations have explicit
cardinality and coherent and significant names and that the business rules are expressed in the diagram.
Access - Analyze the main accesses to the database as well as stored procedures and triggers, verify
that the use of indexes minimizes access time and that open searches, if not based in indexes, are
justified. If the DBMS allows the selection of the methods or types of indexes, the correct use should
be verified.
Administration - Security levels for all users and their roles should be identified within the database
and access rights for all users and/or groups of users should be justified.
Interfaces - To ensure the security and confidentiality of data, information import and export
procedures should be verified with other systems.
Portability - Verify that, whenever possible, Structured Query Language (SQL) is used.
LAN Reviews:
The potentially unique nature of each LAN makes it difficult to define standard audit procedures.
Physical controls should limit access to those individuals authorized by management. However,
unlike most mainframes, the computers in a LAN are usually decentralized. A file server
containing critical company data is much easier to damage or steal and it should be physically
protected.
Environmental controls are similar to those considered in the mainframe environment. However,
the equipment may not require as extensive atmospheric controls as a mainframe.
Logical security controls - a method should be in place to restrict, identify and report authorized
and unauthorized users of the LAN. LAN access should be monitored.
Computer operations controls - relate to the day-to-day operation of the hardware and software
within the IS organization, the responsibility for the operator of the computers including the
mounting of files located on secondary storage media, changing printer forms and the
discontinuance of the use of devices requiring maintenance.
File handling procedures - should be established to control the receipt and release of files and
secondary storage media to / from other locations. Internal tape labels should be used to help
ensure the correct tapes are mounted for processing.
Data entry controls
- Authorization of input documents
- Reconciliation of batch totals
- Segregation of duties between the person who keys the data and the person who reviews the
keyed data for accuracy and errors.
Problem Management Reporting Reviews- Adequately documented procedures should have been
developed to guide IS operations personnel in logging, analyzing,resolving and escalating problems in
a timely manner in accordance with management's intent and authorization.
Hardware Availability and Utilization Reporting Reviews - Hardware availability and utilization
can be obtained from the problem log, processing schedules, job accounting system reports,
preventative maintenance schedules and reports, and the hardware performance monitoring plan.
Scheduling Reviews - Workload job scheduling and personnel scheduling should be reviewed.