Each IT environment should have a data library that control access
to data files, programs, and documentation. An important data
library control centers on assurance that all file media are clearly and accurately labeled. WHAT IS DATA LIBRARY? refers to a centralized repository or storage system where important data files, programs, and documentation are organized, stored, and managed. It typically involves: 1. Centralized Storage: Where all important data files, programs, and documentation are stored in one central location. This makes it easier to manage and access the information when needed. It also involves 2. Organization: Wherein the Data in the library is organized in a structured manner, usually based on categories, types, or departments. This helps users find the information they need quickly and efficiently. 3. Access Control: Access to the data library is tightly controlled. Only authorized individuals or teams are allowed to access, modify, or delete the stored data. This helps prevent unauthorized access or tampering. 4. Version Control: Changes made to data files and programs are carefully tracked and managed. This ensures that there is a clear record of who made the changes and when they were made. It also helps prevent confusion or conflicts that can arise from different versions of the same file. 5. Backup and Recovery: Regular backups of the data library are performed to ensure that valuable information is not lost in case of accidents, hardware failures, or cyberattacks. These backups are stored securely and can be used to restore the data in case of emergencies. DATA MEDIA LABELING That is, external labels should be affixed to or marked upon the data media themselves. On tape cartridges and disk packs, pressure-sensitive labels are usually affixed to identify both the volume and the file content. Procedures should be in place to assure that all labels are current and that all information they contain is accurate. ACCESS CONTROL The data library should assure that only authorized persons receive files, programs, or documents, and that these persons acknowledge their responsibility at the time of each issuance. -Only authorized individuals should access files, programs, and documents. - Individuals must acknowledge responsibility upon issuance, ensuring accountability. FILE MANAGEMENT Each time a file is removed for processing, controls over data files should assure that a new file would be generated and returned to the library. If appropriate to the backup system in place, both issued and new files should be returned together with the prior version serving as backup. - Controls should ensure that files are returned to the library after use. - Backup systems may require both issued and new files to be returned, with prior versions serving as backup. INVENTORY MANAGEMENT Control is enhanced by maintaining an inventory of file media within the data library. In other words, an inventory record should exist for each tape cartridge or disk pack. The record should note any utilization or activity. After a given number of users, the file medium or device is cleaned and recertified. Further, if any troubles are encountered in reading or writing to the device, maintenance steps are taken and noted. SEGREGATION OF DUTIES Ideally, a full-time person independent of IS operations will be assigned as the data librarian. In smaller IT environments, however, such assignment might not be economically feasible. When an environment cannot afford a full-time data librarian, this custodial duty should be segregated from operations. That is, for adequacy of control, the function of a librarian should be assigned as a specific responsibility to someone who does not have access to the system. - Ideally, a dedicated data librarian oversees library operations. - In smaller environments, the librarian's role should be segregated from system operations to ensure adequate control.
That is all for the Protection of data files and programs next topic will be Physical security and access controls which will be discussed by the next reporter.