CISA study materials : Business continuity & disaster recovery
20 Monday Dec 2010
Posted Uncategorized
in20 Monday Dec 2010
Posted Uncategorized
in20 Monday Dec 2010
Posted Uncategorized
in20 Monday Dec 2010
Posted Uncategorized
inConfiguration management is widely accepted as one of the key components of any network.
Topological mappings provide outlines of the components of the network and its connectivity. Application monitoring is not essential and proxy server troubleshooting is used for troubleshooting purposes.
CRC > check for a block of transmitted data. CRC can detect all single-bit and bubble-bit errors.
Parity Check (Vertical redundancy check) >
Echo checks > detect line errors
Screening router / Packet filter > work at the protocol, service and port level. It analyze from layers 3 and 4.
Circuit gateway > like proxy or program that acts as an intermediary between external and internal accesses.
Managing risk steps : identification and classification of critical information > Identification of threats, vulnerabilities > calculation of potential damages.
Screened-subnet firewall > used as a demilitarized zone. Utilizes two packet filtering routes and a bastion host.
Screened-host firewall > utilizes a packet filtering router and a bastion host.
Atomicity > Guarantees that either the entire transaction is processed or none of it is.
Consistency > ensures that the database is in a legal state when the transaction begins
Isolation > means that, while in a intermediate state, the transaction data are invisible to external operations.
Durability > Guarantees that a successful transaction will persist, and cannot be undone.
Hardware maintenance program should be validated against vendor specifications. Maintenance schedules normally are not approved by the steering committee. Unplanned maintenance can’t be scheduled.
Library control software should be used to separate test from production libraries in mainframe and / or client server environments. The main objective of library control software is to provide assurance that program changes have been authorized. Library control software is concerned with authorized program changes and would not automatically move modified programs into production and can’t determine whether programs have been thoroughly tested.
Referential integrity is provided by foreign key.
Post-incident review improve internal control procedures.
Capacity management is the planning and monitoring of computer resources to ensure that available IT resources are used efficiently and effectively.
Determine unauthorized changes made to production code the auditor examine object code to find instances of changes and trace them back to change control records.
19 Sunday Dec 2010
Posted Uncategorized
inProvide assurance that the management practices for the development/acquisition, testing, implementation, maintenance and disposal of system and infrastructure will meet the organization’s objective.
Functional acknowledgements are standard electronic data interchange (EDI) transactions that tell trading partners that their electronic documents are received.
Base case system evaluation > uses test data sets developed as part of comprehensive testing programs. It is used to verify correct systems operations before acceptance as well as periodic validation.
Redundancy check > detects transmission errors by appending calculated bits onto the end of each segment of data.
Reasonableness check > compare data to predefined reasonability limits or occurrence rates established for the data.
Parity check > hardware control that detects data errors when data are read from one computer to another.
Check digits > detect transposition and transcription errors.
CMMI level 5 > Continuous improvement
CMMI level 4 > Optimizing, quantitative quality goals
CMMI level 3 > Documented process
Prototype system > provide significant time and cost savings. Also have several disadvantages like poor internal controls, change control becomes much more complicated and it often leads to functions or extras being added.
21 Sunday Nov 2010
Posted Uncategorized
inTags
Assessment methods provide a mechanism, whereby IS management can determine if the activities of the organization have deviated from planned or expected levels. These methods include IS budgets, capacity and growth planning, industry standards/ benchmarking, financial management practices, and goal accomplishment. Quality management is the means by which the IS department processes are controlled, measured and improved. Management principles focus on areas such as people, change, processes and security. Industry standards/benchmarking provide a means of determining the level of performance provided by similar information processing facility environments.