јјј1IIIЈ•

Р СОМ PUTER
OPERATIONS
Lesson 3

й
~~
 ввв • 1
i

'' ~ и Data con#ro1— receiцing

batcheѕ of transaction
вввввв•., documentѕfrom end uѕerѕ
and then diѕtribute repvrtѕ
Databaѕe adminiѕtration —
bac1C to the uѕerѕ
reѕpanѕible for the
`
. nd integrity of the
Data converѕion —

transcribeѕ tranѕaction data

~~ •, ,11~
г frorn ѕource documentѕ to
Cen ralizea• Data procesѕing —
computer input.
• the computer reѕourceѕ
DBta~• to perform day-to-day
roceѕѕing of \
,

Р ► Computer vperations
 ocëssi
—

proceѕѕing of e1ectronic
fi1eѕ
-

, Data lіbrary — a roом

• •• f
~~ •f~~ , adјacent to the computer
, center for ѕafe ѕtorage for
~~~ ~~,~ , off-1ine data fi1eѕ
~
,
 а~ иеиа}иiеш шоај іиашдоіалар sша}sAs маи ui~e.aedaS .
suoiіe)iјi ~ ads su ~ isap ауі о иiраоэ ~ е ше.а ~ оад sароз аашше.а ~оад .
шa~s~s ЈоЈ. sше.а~о~д paіie~apa~npoЈd о sЈasn уіiм s ~ іом іsAіeue шaіsl(S .

а~иеиа~иiеш шощ диашдо ~апар sшадsАs маи uiдeaedaS

L

suoiдeЈado ша} АaeЈqi еде uiдeaedaS

suoiд ~un; ааудо шоаЈ uoiдeaдsiuiшpe аsередер uiдeaedaS

—

suoiдеaado аадnдшо шоај диашдоіалар шадss uiдeaedaS

sxoiiХып3 гi
~zsiг~arІo~ыi 3о ыоiгN~~и~~s
 Risks associated with DDP

➢ Inefiicient use of resources -

mismanagement of company-wide
resources by end users, risk of
. . hardware-software incompatibility,
D1Strlbuted risk of redundant tasks
Data ➢Destruction of audit trail if files
Processing were not kept on the server
➢ Inadequate segregation of duties

➢Hiring qualified professionals

➢ Lack of standards
Distributed Dаtа Processing

Advantages of DDP
Cost reduction
➢Improved cost control responsibility
➢

Ва_сkuр flexibility
➢

Improved user satisfaction

Can control resources for ргоггtаbilitу
➢

➢ Can actively develop and implement own system

 Audit objectives
➢ Physical security controls are
adequateto reasonaЫy protect from
physical exposures
COMPUTER
CENTER Insurance coverage is adequate tо
compensate organization
CONTROL
➢ Qperation documentation is
adequate to
деаl with system failures
 Audit procedures

➢ Test of physical construction - evaluate

physical
l o c a t i o n o f c o m p u t e r c e n t e r

Test of fire detection system - in рlасе and tested

r e g u l a r l y
COMPUTER yTest of access control - observe, review cctv and
CENTER access logs
CONTROL ➢ Test of backup power supply
YTest of insurance coverage - review annually
insurance coverage
~ Test of operator documentation controls - review
run manual for completeness and accuracy -
name of the system, run schedule, required
hardware devices, file requirements, run-time
instructions, list of receipients of the output from
the run
DISASTER RECOVERY PLANNING

E V E N T S THAT MAY D I S R U P T O R D E S T R O Y
COMPUTER CENTER

Nа-turаi disasters
➢ Human-таде disasters
System failure
➢

Disaster Recovery P1an (DRР) is a comprehensive

-

statement of all actions to be taken before, during and

after any type of disaster, along with documented,
tested procedures that wi11 ensure the continuity of
operations,
DISASTER RECOVERY PLANNING

➢ Identify critical applications

➢Customer sales and service
Fulfіllment of iеgаi oЫigations
➢Accounts receivaЫe maintenance and
collection
➢Pproduction and distribution decisions
➢Purchasing functions
➢Communications between branches or
agencies
➢РиЫiс relations
 DISASTER RECOVERY PLANNING

Creating a Disaster Recovery Теат

Preparation of backup site for operation and acquire hardware from vendors
➢Provide current versions of all critical applications, data files and
dосumеntаtiоn
ReestaЫish the data conversion and data control functions necessary to
process critical applications
➢ Providing Site Backup
Hot Site / Recovery Operations Center - tailor-equipped to serve the needs of
several sharing companies.
➢ Со1д Site / Empty She11
➢ Mutual Aid Pact - agreement between two or more organizations to aid each
other with their data processing need in time of disaster.
➢ Internally provided back-up
➢Hardware backup
➢ Software backup - operating system and applications
OPER.ATING SYSTEM

Oрerating ѕyѕtem

 1t is the computer's control program.

 Aalows users and their applications to share
and access computer resources
 1t performs 3 main tasks:
 Translates hig-1eve1 languages intothe
machine-1eve1 thatthe computer can
execute. The translator тодиlе is саllед compilers
and interpreters
 1t allocates computer resources to users,
workgroups and applicaitons
 which includes assigning memory workplace
(partition) to applications
and authorizing access to terminals,
telecommunicaitons, databases and
printers.
 1t manages the tasks of job scheduling and
multiprogramming.
  Mu1ti-user - A11ows two or more
users
to run programs at the same time.
Some operating systems permit
hundreds or even thousands of
concurrent users.
 Mu1ti-processing - Supports
running a
Classificatio program on more than one CPU.
n  Mu1ti-taskiпg - A11ows more than
one
program to run concurrently.
 Mu1ti-threading - A11ows
different
parts of a single program to run
concurrently.
 Rea1-time - Responds to input
instantly. General-purpose operating
systems, such as DOS and UNIX, are
not real-time.

i /
 оf Operating
~ systems 1. Logon procedure - the
first
~ line of defense against
Operating system unauthorized access
2. Access token - once
security - involves logon is
successful the OS creates an
policy, procedures and access token containing
controls that determine information about the user
who can access the which is usedto approve а11
acctions attempted bythe
operating system. user during the session.
3. Access controllist -
contains
the access privileges
assigned to valid users to
grant access to directories,
files, programs and printers.
4. Discretionary access
control
 %
Threats to
Privileged personnel who abuse their
authority

lndividuals who browse the OS to

identify and exploit security flaws

lndividual who inserts a computer virus

or other forms of destructive program
 operating system
integrity
CONTROLLING ACCESS PRIVILEGES
Logon procedure — the first line of defense
against unauthorized access
Access token — once logon is successful the OS
creates an access token containing information
about the user which is used to approve а11
actions attempted by the user during the
session.
Access control list — contains the access
privileges assigned to va1id users to grant
access to directories, files, programs and
printers.
 Discretionary access control
 PAЅЅWORD CONTROL

SYSTEM- Password is a secret code entered Ьу the user to

WIDE gain access to systems, applications, data йiеs,
or a network server.
CONTROL ReusaЫe password the user dеfinеs the password
and then reuses it to gain future access
Опе-time password is valid for only one login
session or transaction, on a computer system or
other digital device.
Common forms of coпtra-securitp behaviour on
passwords:
1.Forgetting password and being locked out of the
system
2.Failing to change passwords on a frequent basis
3.The post-it syndrome
4.Simplistic password easily anticipated by a
computer criminal
 VIRUS is a program (usually destructive)
that attaches itself to a legitimate
program to penetrate the operating
systern.
➢
A computer virus is a type of malicious
software рrоgrаm ("mаlwаrе") that, when
executed, replicates itself by modifying
CONTROLLING other computer programs and inserting
AGAINST E-MAIL its own code.
Microcomputers are a major source of
RISKS virus penetration
WORM used interchangeaЫy with virus is a
software program that burrows into the
computer's memory and replicates itself
into the areas of the memory
 LOGIC BOMB is a malicious program timed
to cause harm at a certain point in time,
but is inactive up until that point. A set
trigger, such as a preprogrammed date
and time, activates a logic bomb. Once
activated, a logic bomb implements a
malicious code that causes harm to a
CONTROLLING computer.
AGAINST E-MAIL
RISKS BACK DOOR (Trap Door) is a software
program that allows unauthtorized access
to a system without going through the
normal logon procedure.
 SPOOFING involving trickery makes a message
appear as if it came from an authorized
individual or firm when it did not.

SPAMMING is defined generally as any

CONTROLLING unsolicited e-mai1.
AGAINST E-MAIL CHAIN LETTERS A message is usually
RISKS associated with some emotional арреаl to the
recepient.
URBAN LEGENDS Stories that are generally
entertaining and the last line of the message
encourages recipient to forward it on to their
friends.
 НОАХ VIRUS WARNING is a from of
trickery
that sends out hoax virus warnings of some
CONTROLLING non-existent virus and end the message
with an appeal to notify their friends before
AGAINST E-MAIL they get infected.
RISKS
FLAMING is a message in which the
writer
attacks another participant in overly harsh
and ofter personal message
 SOCIAL ENGINEERING is used by cyber-
criminals with a psychological twist to build
truth bеfоrе stealing confidential information.
S H O U L D E R S U R F I N G i s a n e - m a i l s ec u r i t y
threat that takes the place in person working
CONTROLLING remotely in crowded places like coffee shop and
AGAINST E-MAIL airport terminals.
RISKS TROJAN HORSE is a program whose purpose is
to capture IDs and passwords from
unsuspecting users.
PH I 5 HI N G at t ac ks i mp ersonat e a l egi t im at e
company or individual and attempt to
stealpeople's personal information or login
credentials.
End of Lesson 3