Information system availibility controlPresentation Transcript
Information Systems Availability Controls Shashwat Shriparv firstname.lastname@example.org InfinitySoft
What is Information? “Information is the processed and refined form of data that is meaningful or useful to the recipient”. Information processing is a societal activity. A significant part of an individual’s working and personal time is spent in recording, searching for, and absorbing information.
Some facts and figures! As much as 80% of a typical executive’s time is spent in the processing and communication of information. More than 50% of the united states work force is employed in jobs that primarily involve some form of information processing like :- documentation, report generation , analyses, plans etc.
Importance A valuable asset of any organization to achieve its goal and securing its existence in today’s competitive market. We can say that it works like a backbone for any organization.
Helping facets Hardware Software Database Procedures (documentation at each step) Operations personnel (operators, system analysts, programmers, data administrators etc.)
What we do for their proper safeguarding? Implement so many information system controls: Physical facilities control Terminal access control Backup and recovery
A catastrophe Time :- 6 am Venue :- Huntsville, Alabana Organization:- General Computer Services (GCS), a data processing bureau. Event :- GCS caught fire at 6 am. Loss:- Items like all the documentation, company records and corporate information destroyed in this catastrophe. Also hardware were the biggest losses.
Problem :- GCS was scheduled to deliver 15 payrolls on the same day. Now, what did GCS people do to manage and survive without losing a single customer?
Physical facilities control Computer and its other equipment installation consumes few thousands to several million dollars depending on the size of installation. So, it requires protection. Data are mostly stored in magnetic tapes or magnetic disk packs are highly valuable to the organization. Any type of disk damage or unauthorized access and the potential loss from theft may destroy the information.
Remedies Division of duties (so that a single person does not have complete control over the processing of an application), internal and external audit review, restricted access by operators to program documentation and restricted access to data files and program files. In spite of centralized processing, distributed system is implemented.
Advantage of distributed system Gives the “fail-soft” protection. Fail-soft protection :- “The capability to continue processing at all sites except the non functioning one is called “fail-soft” protection.” Disadvantage of centralized system :- If the server “goes down” all processing ceases.
Some other facets Fire Flood Human riots Earth Quakes Employee dishonesty . Employee dishonesty problem can be removed from organization by combination of careful employment screening plus fidelity insurance. From fire, flood, human riots, earth quakes like loses, the organization must be well insurance.
Terminal access control Today most of all systems are working online and for this, uses communication networks; there should be protection against illegal access. Terminals represent access to computer, also processing capabilities and stored data , therefore , there should be : Password control (from password security S/W ,or computer OS). Various locks to prevent unauthorized physical presence.
Backup and Recovery For events like fire, natural disaster, malicious damage or accident that destroys equipments, S/W or data, there need to be procedures to recover from errors or failures to correct procedures. The general approach to recovery is backup by creating copies of the files. Example:- If an error destroys records in a file, backup procedures permit a previous version of a file to be restored and the processing is repeated.
Backup copies of data and S/W stored at off premises. Arrangement of backup sites and facilities . Backup and recovery plan should be established. The backup may be in the form of diskettes or cassettes with which data should be copied each night from the organizations. The backup copies should be stored in a secure locations.
How GCS’s problem was solved? At 10 am GCS operating unit was established at four employee’s homes. Customers were informed about the fact and the entire processing was continued without any break. Cause of Success:- Nearly all the GCS S/W programs were accessible because a “backup system” was housed. Within 10 days ,GCS’s hardware vendors (insurance company) had supplied them the needed equipments.