capiìtulo 4 isaca
DESCRIPTION
Presentación del capitulo 4 del manual de ISACATRANSCRIPT
Presentacin de PowerPoint
AUDITORA DE TECNOLOGADE INFORMACINEspinosa ngeles Juan AbdelHernndez Medina AdrinRamrez Antonio Alejandra
Chapter 4: Operations and Maintenance and Support of Information SystemsNr.ContentIntroductionQuick ReferenceOperations Information SystemsHardware Information SystemsSoftware Architecture and Information SystemsConclusionsReferencesNr.IntroductionFor 2011, ISACA has updated the domains reducing them from 6 to 5. Domain 4 now includes Disaster Recovery from the old Domain 6. This section has six areas that you need to understand for the CISA exam.
Nr.Information Systems OperationsOne of the management control functions is to ensure that IS processing can recover in a timely manner from minor or major disruptions of operations.Know what console logs are and why they are important.Nr.Why is documentation important?
Why is change management important?
What is the major objective of library software?Nr.Management Operating SystemA Management Operating System (often abbreviated "MOS") refers to the system of controls, communication and activity used to achieve organizational goals and objectives. Most often the MOS exists in a written form and is used to communicate to relevant stakeholders how an objective is being met.
Nr.ExampleA department manager has a goal of maintaining morale. By developing an MOS they can document the employee meetings that will be conducted, the employee Satisfaction surveys to be administered and the report-outs to other leaders.Nr.IT Service ManagementIT Service Management is a strategic approach to designing, delivering, managing and improving the way information technology (IT) is used within an organization. The goal of IT Service Management is to ensure that the right processes, people and technology are in place so that the organization can meet its business goals. The term IT Service Management is often associated with ITIL (Information Technology Infrastructure Library), a framework that provides best practices for aligning IT with business needs.Nr.Infrastructure OperationsRapidly changing business requirements place complex burdens on existing IT infrastructure and service delivery capabilities.
Nr.We understand the key issues you are facing.
Increasing demands are outstripping the capabilities of the existing IT infrastructure.
Outdated IT processes are making it difficult to exploit new technologies (e.g., cloud computing, virtualization)
Cost pressures require relentless focus on standardization, consolidation and optimizing service delivery.
Rapidly evolving I&O strategies are driving new shared services models and requirements.Nr.Monitoring Resource UsageComputers resources are considered limited commodity because the company provides them to help meets its overall goals. Althought many employees would never dream of placing all their long-distance phone calls on a company phone.Nr.Help DeskHas the responsability of providing technical support to organization and its employees.
Is typically charged with identifying problems, performe root cause analysis, and tracking change management or problem resolution.Nr.Change Management ProcessThe change management process is the sequence of steps or activities that a change management team or project leader would follow to apply change management to a project or change. Based on Prosci's research of the most effective and commonly applied change, they have created a change management process that contains the following three phases:Nr.Phases:Phase 1 - Preparing for change (Preparation, assessment and strategy development)Phase 2 - Managing change (Detailed planning and change management implementation)Phase 3 - Reinforcing change (Data gathering, corrective action and recognition)
Nr.Phase 1
Nr.Phase 2
Nr.Phase 3
Nr.Release ManagementComputer software is authorized for distribution via a release process. Software is released from development and authorized to be installed for production use. Each vendor has their own release schedule. Major release : A significant change in the design or generation of software is known as a major release. Major releases tend to occur in the interval of 12 to 24 months. Minor release or update :Nr.Updates are also known as minor releases. Their purpose is to correct small problems after the major release has been issued. Emergency software fixes : These are known as program patches, or hot fixes. Emergency fixes should be tested prior to implementation. Every fix should undergo a pretest, even if the test is informal. Emergency software fixes may introduce new problems that are unexpected. Every emergency fix must undergo change control review to determine the following: What to remediate Whether the change should remain in use The computer program is now a finished version ready for final acceptance testing and user training. The next step for implementation is to load the clients current data.
Nr.Quality AssuranceIn developing products and services, quality assurance is any systematic process of checking to see whether a product or service being developed is meeting specified requirements. Many companies have a separate department devoted to quality assurance. A quality assurance system is said to increase customer confidence and a company's credibility, to improve work processes and efficiency, and to enable a company to better compete with others. Quality assurance was initially introduced in World War II when munitions were inspected and tested for defects after they were made. Today's quality assurance systems emphasize catching defects before they get into the final product.Nr.Hardware Information Systems Hardware platforms that make business systems organizations today
Nr.Hardware Information SystemsThe hardware components of computer systems include various interdependent components that perform specific functions
Nr.Type computers Computers can be categorized on several criteria, mainly used in its processing power, size and architecture.
Nr.Processing devices common enterprise Nr.Artifacts (specialized devices )Nr.Universal Serial Bus (USB)
Nr.Memory Cards / Flash drives
Nr.Risks Nr.Security Checks Nr.Radio Frequency Identification (RFID) Uses radio waves to identify objects with tags within a limited radius. A label (tag) comprises a microchip and an antenna. The microchip stores information along with an ID to identify a product. The other part of the label is the antenna, which transmits information to the RFID reader.
Nr.RFID applicationsNr.Risk RFID Risk of business processes Risk business intelligence Privacy Risk Risk externality
Nr.RFID security control Management
Operating
Technical
Nr.Hardware Maintenance ProgramProper operation
Maintenance Routinely clean
Nr.Hardware Monitoring Procedures Nr.Capacity Management Nr.Planning and monitoring Nr.Software Architecture and ISComputer architectureNr.Software Architecture and ISOperating system and specific functions of Hardware and Software
Nr.Software Architecture and ISAccess Control SoftwareThe access control software is designed to prevent unauthorized access to data, access to use the system functions and programs, detect and prevent unauthorized access to the computer resources access.Nr.Software Architecture and ISData Communications SoftwareThe data communication system provides the interface to the operating system, application programs, system database, routing systems telecommunicationsNr.Software Architecture and ISData Base Management SystemA DBMS helps organize, manage and use data needed by application programs and provides a facility to create and maintain a well-organized data.It reduces data redundancyIt decrease access timeIt establishes basic safety over sensitive dataNr.Software Architecture and ISDatabase structures
Three types of database structure:Hierarchical structureNetwork structureRelational structureNr.Software Architecture and IS
Organization of a hierarchical database
Nr.Software Architecture and ISOrganization of a database of a network
Nr.Software Architecture and ISOrganization of a relational database
Nr.Software Architecture and ISDisk Management Systems and Tapes
Nr.Software Architecture and ISUtility Programs
Nr.Software Architecture and ISSoftware LicensingCurrently increasingly critical applications are under the supervision of the laws on copyright related software, which must abide by to avoid fines for copyright violations.Nr.ConclusionsEl mantenimiento y operacin de
Nr.ReferencesISACA. (2012). Preparation Manual CISA. ISACA
http://searchsoftwarequality.techtarget.com/definition/quality-assurance
Nr.Thanks!Nr.