This document discusses information systems operations and infrastructure. It covers topics like IT service management, incident and problem management, change management, capacity management, hardware and software components, network architecture, disaster recovery planning, and the role of auditing. The key points are managing IT operations effectively through proper processes, monitoring infrastructure performance, ensuring adequate capacity, and having disaster recovery plans and testing in place.
Knowledge of the purpose of IT strategy, policies, standards & pro cedures for an organization and the essential elements of each
https://www.infosectrain.com/blog/part-2-cisa-domain-2-governance-and-management-of-it/
Knowledge of the purpose of IT strategy, policies, standards & pro cedures for an organization and the essential elements of each
https://www.infosectrain.com/blog/part-2-cisa-domain-2-governance-and-management-of-it/
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSShivamSharma909
ISACA IS Audit and Assurance Standards, Guidelines, and Tools & Techniques, Code of Professional Ethics & other applicable standard.
https://www.infosectrain.com/blog/cisa-domain-1-part-3-the-process-on-auditing-information-systems/
CISA Domain 4 Information Systems Operation | InfosectrainInfosecTrain
Study Flashcards On CISA Domain 4 Information Systems Operations, Maintenance and Support at Cram.com. Quickly memorize the terms, phrases and much more. Infosectrain.com makes it easy to get the grade you want!
ISO/IEC 27001 is the main standard that aims to enhance an organization’s information security.
Amongst others, the webinar covers:
• ISO/IEC 27001 & ISO/IEC 27002, catching up with history
• Quick recap on the ISO/IEC 27002:2022
• From ISO/IEC 27002 to the ISO/IEC 27001 updates
• Some considerations & consequences of the update
• What's up next with ISO/IEC 27001, in practice?
Presenters:
Peter Geelen
Peter Geelen is the director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Stefan Mathuvis
Stefan Mathuvis, is owner & senior consultant at Quality Management & Auditing BV, Zonhoven, Belgium. With over 20 years of experience, Stefan built strong experience in quality management systems, Information Security management systems, GDPR, data privacy & data protection. Stefan is accredited ISO/IEC 27001 Lead Auditor and operates as a third party auditor for DQS Belgium. Dividing his time between consultancy, training & third party auditing on an international scale, Stefan remains in touch with the issues of today allowing him to assist clients in their needs for Information Security and Data Privacy.
Date: November 9, 2022
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/isoiec-270022022--information-security-cybersecurity-and-privacy-protection
https://pecb.com/article/isoiec-27001---what-are-the-main-changes-in-2022
https://pecb.com/article/investing-in-information-security-awareness
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
This presentation is intended to assist CIO's with setting up a formal IT Governance model for their college or university. There are two companion files also in Slideshare linked at the end of an IT Governance Committee Charter and an IT Project Governance Guideline.
How can the ISO 27701 help to design, implement, operate and improve a privac...Hernan Huwyler, MBA CPA
- Applications, tools and software for the implementation and documentation of the new ISO 27701 for GDPR and DPA compliance
- Key control objectives, requirement based on the ISO 2700 on information security
- How to prepare for an independent certification
Due to the dramatic increase of threats worldwide, there is a need for the companies to find ways how to increase the information security. Therefore, one solution is to implement the ISO/IEC 27001 in order to protect information both internally and externally.
Main points that will be covered are:
• The scope of ISO 27001 & associated other standards references
• Information Security and ISIM Terminologies
• ISIM auditing principles
• Managing audit program & audit activities
Presenter:
Eng. Kefah El-Ghobbas is a specialist in ‘Business Process Excellence' through ‘Business Process Re-engineering' with over 20 years of experience.
Link of the recorded session published on YouTube: https://youtu.be/rTxA8PVULUs
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
New data protection regulations have significantly impacted the way that businesses collect, store, and handle clients’ personal information.
Considering the continuously increasing importance of data protection and privacy in today’s world, businesses should be up to speed with their data privacy policies and procedures.
The webinar covers:
1. ISO/IEC 27001 – Information Security Framework Key requirements under CCPA, CPRA, GDPR
• ISO/IEC 27005 – Information Security Risk Management
• ISO/IEC 27035 – Information Security Incident Management
• ISO/IEC 22301 & 27031 - Business Continuity Management (BCM)
2. Alternative Frameworks
• CMMC - Cybersecurity Maturity Model Certification
• NIST CSF Cybersecurity Framework
• ISO/IEC 27032 – Guidelines for Cybersecurity
3. Supplier Management
Date: April 21, 2021
Recorded Webinar: https://youtu.be/bi3tvvhGV1s
19600 compliance management system guidelinesNimonik
Most organizations have a siloed approach to compliance with environmental, safety, quality, community engagement and other departments managing their compliance issues separately. Increasing fines, penalties and criminal proceedings for non-compliance are driving organizations around the world to change their approach to compliance management. ISO recently introduced a unified compliance management system, 19600. This standard has not yet been widely adopted, but there is a clear trend to try and centralize compliance obligations.
In this webinar, we discuss the best practices and guidelines for compliance management as described in the standard.
You will learn:
- the 7 elements that make up an effective compliance management system - Context of the organization, Leadership, Planning, Support, Operations, Performance Evaluation and Improvement
- In-depth details of each of the 7 elements
- Examples of how you can apply the recommendations at your organization
Presenter - Jonathan Brun, CEO Nimonik
Understanding this course help you have an idea on how the audit assessment is performed and where the focus lies. General controls take a large percentage of the entire Audit function and should be paid adequate attention during the session.
PART 1 – CISA Domain 3 – Information Systems Acquisition, development and implementation
Overall understanding of Domain 3
What is benefits realization?
What is portfolio management?
https://www.infosectrain.com/blog/cisa-domain-3-information-systems-acquisition-development-and-implementation-part1/
This presentation explains COBIT (Control Objectives for Information and Related Technology) standard.
Courtesy:
http://www.ifour-consultancy.com
http://www.ifourtechnolab.com
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSShivamSharma909
ISACA IS Audit and Assurance Standards, Guidelines, and Tools & Techniques, Code of Professional Ethics & other applicable standard.
https://www.infosectrain.com/blog/cisa-domain-1-part-3-the-process-on-auditing-information-systems/
CISA Domain 4 Information Systems Operation | InfosectrainInfosecTrain
Study Flashcards On CISA Domain 4 Information Systems Operations, Maintenance and Support at Cram.com. Quickly memorize the terms, phrases and much more. Infosectrain.com makes it easy to get the grade you want!
ISO/IEC 27001 is the main standard that aims to enhance an organization’s information security.
Amongst others, the webinar covers:
• ISO/IEC 27001 & ISO/IEC 27002, catching up with history
• Quick recap on the ISO/IEC 27002:2022
• From ISO/IEC 27002 to the ISO/IEC 27001 updates
• Some considerations & consequences of the update
• What's up next with ISO/IEC 27001, in practice?
Presenters:
Peter Geelen
Peter Geelen is the director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Stefan Mathuvis
Stefan Mathuvis, is owner & senior consultant at Quality Management & Auditing BV, Zonhoven, Belgium. With over 20 years of experience, Stefan built strong experience in quality management systems, Information Security management systems, GDPR, data privacy & data protection. Stefan is accredited ISO/IEC 27001 Lead Auditor and operates as a third party auditor for DQS Belgium. Dividing his time between consultancy, training & third party auditing on an international scale, Stefan remains in touch with the issues of today allowing him to assist clients in their needs for Information Security and Data Privacy.
Date: November 9, 2022
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/isoiec-270022022--information-security-cybersecurity-and-privacy-protection
https://pecb.com/article/isoiec-27001---what-are-the-main-changes-in-2022
https://pecb.com/article/investing-in-information-security-awareness
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
This presentation is intended to assist CIO's with setting up a formal IT Governance model for their college or university. There are two companion files also in Slideshare linked at the end of an IT Governance Committee Charter and an IT Project Governance Guideline.
How can the ISO 27701 help to design, implement, operate and improve a privac...Hernan Huwyler, MBA CPA
- Applications, tools and software for the implementation and documentation of the new ISO 27701 for GDPR and DPA compliance
- Key control objectives, requirement based on the ISO 2700 on information security
- How to prepare for an independent certification
Due to the dramatic increase of threats worldwide, there is a need for the companies to find ways how to increase the information security. Therefore, one solution is to implement the ISO/IEC 27001 in order to protect information both internally and externally.
Main points that will be covered are:
• The scope of ISO 27001 & associated other standards references
• Information Security and ISIM Terminologies
• ISIM auditing principles
• Managing audit program & audit activities
Presenter:
Eng. Kefah El-Ghobbas is a specialist in ‘Business Process Excellence' through ‘Business Process Re-engineering' with over 20 years of experience.
Link of the recorded session published on YouTube: https://youtu.be/rTxA8PVULUs
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
New data protection regulations have significantly impacted the way that businesses collect, store, and handle clients’ personal information.
Considering the continuously increasing importance of data protection and privacy in today’s world, businesses should be up to speed with their data privacy policies and procedures.
The webinar covers:
1. ISO/IEC 27001 – Information Security Framework Key requirements under CCPA, CPRA, GDPR
• ISO/IEC 27005 – Information Security Risk Management
• ISO/IEC 27035 – Information Security Incident Management
• ISO/IEC 22301 & 27031 - Business Continuity Management (BCM)
2. Alternative Frameworks
• CMMC - Cybersecurity Maturity Model Certification
• NIST CSF Cybersecurity Framework
• ISO/IEC 27032 – Guidelines for Cybersecurity
3. Supplier Management
Date: April 21, 2021
Recorded Webinar: https://youtu.be/bi3tvvhGV1s
19600 compliance management system guidelinesNimonik
Most organizations have a siloed approach to compliance with environmental, safety, quality, community engagement and other departments managing their compliance issues separately. Increasing fines, penalties and criminal proceedings for non-compliance are driving organizations around the world to change their approach to compliance management. ISO recently introduced a unified compliance management system, 19600. This standard has not yet been widely adopted, but there is a clear trend to try and centralize compliance obligations.
In this webinar, we discuss the best practices and guidelines for compliance management as described in the standard.
You will learn:
- the 7 elements that make up an effective compliance management system - Context of the organization, Leadership, Planning, Support, Operations, Performance Evaluation and Improvement
- In-depth details of each of the 7 elements
- Examples of how you can apply the recommendations at your organization
Presenter - Jonathan Brun, CEO Nimonik
Understanding this course help you have an idea on how the audit assessment is performed and where the focus lies. General controls take a large percentage of the entire Audit function and should be paid adequate attention during the session.
PART 1 – CISA Domain 3 – Information Systems Acquisition, development and implementation
Overall understanding of Domain 3
What is benefits realization?
What is portfolio management?
https://www.infosectrain.com/blog/cisa-domain-3-information-systems-acquisition-development-and-implementation-part1/
This presentation explains COBIT (Control Objectives for Information and Related Technology) standard.
Courtesy:
http://www.ifour-consultancy.com
http://www.ifourtechnolab.com
ISO27001 standard was revised and a new version was published in 2013. ISO27001 is also becoming more common Information Security standard among service providers. This presentation focuses on the recent changes in 2013 version and also the process for implementing and getting certified for ISO27001.
Following are the key objectives of this presentation:
Provide an introduction to ISO27001 and changes in 2013 version
Discuss the implementation approach for an Information Security Management System (ISMS) framework
Familiarize the audience with some common challenges in implementation
CSI activities will require software tools to support the monitoring and reporting on IT services
These tools will be used for data gathering, monitoring, analysis, reporting for services and will also assist in determining the efficiency and effectiveness of IT service management processes.
Data center services including data center transformation, automation, hybrid and multi cloud services, backup and disaster recovery services and managed services. Learn more
https://www.lntsmartworld.com/
Want to learn how to improve your agency's Risk Management Framework (RMF), NIST 800-53 controls, FISMA, and DISA Security Technical Implementation Guides (STIGS) compliance? Are you interested in implementing, assessing, and monitoring agency security controls to better defend against cyberattacks? Want to continuously monitor agency networks, systems, and applications for compliance and have tools available to help automate remediation and improve reporting?
If you answered yes to one or all the above, look at this information-packed webinar. We reviewed each of the six steps of the Risk Management Framework process and demonstrated how available tools can be used to help meet security guidelines and objectives throughout the entire process. The discussion will include tools for:
• Network Configuration Management
• IT Asset Inventory
• DISA STIGS and NIST FISMA Compliance
• Patch Management
• Port Monitoring and Management
• Continuous Monitoring
• Reporting/Documentation in Support of Security Audits
Remote IT Infra - lower cost & higher efficiencyAbimanyu V
Why should your business consider remote IT infrastructure management services in 2014 ?
Your IT infrastructure costs you too much ?
Did you know, many companies revenue growth is limited by their IT infrastructure expenses ?
This short video should answer your pain areas.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
4. 4.2.1 Management of IS Operations
• IS management has the overall responsibility for all operations within the IS department
• Involves allocation of resources, adherence to standards, procedures, monitoring of IS operation
5.
6.
7. 4.2.2 IT Service Management (ITSM)
• ITSM – comprises of processes and procedures for efficient and effective delivery of IT services to
business
• Processes managed through SLA (Service Level Agreement)
8. Service Level
• An agreement between IT and the customer (end user)
• SLA details the services to be provided
• Service Level Management (SLM) is the process of defining, agreeing upon,
documenting and managing levels of service that are required and cost justified
• SLM is to maintain and improve customer satisfaction and to improve the services
delivered to the customer
• Tools to monitor the efficiency and effectiveness of services provided by IS
personnel
• Exception Reports
• System and Application logs
9. 4.2.3 Infrastructure Operations
• IT operations are processes and activities that support and manage the entire IT
infrastructure, systems, applications and data, focusing on day-to-day activities
10. Job Scheduling
• Job schedule is created that lists the jobs that must be run and order in which they
are run, including any dependencies
• Job scheduling software to be used to schedule tape backups and other
maintenance activities
• Sets up daily work schedules and automatically determines which jobs are to be
submitted to the system for processing
11. 4.2.4 Incident and Problem Management
• Incident Management is reactive and its objective is to respond and resolve issues as
quickly as possible
• Problem Management aims to resolve issues through the investigation and in-depth
analysis of a major incident, or several incidents of similar nature, in order to identify the
root cause
• Problem Management objective is to “reduce” the number and/or severity of incidents,
while incident management objective is to “return” the effected business process back to
normal as quickly as possible
14. 4.2.6 Change Management Process
• Used when changing hardware, upgrading to new releases of off-the-shelf
applications and configuring various network devices
• Often categorized into emergency changes, major changes, minor changes
15. 4.2.7 Release Management
• Process through which software is made available to users
• Consist of new or changed software required
16.
17. 4.2.8 Quality Assurance
• QA personnel verify that system changes are authorized, tested and implemented
in a controlled manner prior to being introduced into the production environment
18. 4.2.9 Information Security Management
• Includes various security processes to protect the information assets
• Should be integrated in all IT operation processes
19. 4.2.10 Media Sanitization
• Establishes the controls, techniques and processes necessary to preserve the
confidentiality of sensitive information stored on media to be reused, transported,
or discarded
• “Sanitization” involved the eradication of information recorded on storage media
to the extent of providing reasonable assurance that residual content cannot be
salvaged or restored
20. 4.3 Information Systems Hardware
• Key audit considerations such as capacity management, system monitoring,
maintenance of hardware
23. Risks & Security Control
• Viruses and other malicious software
• Data Theft
• Data and Media Loss
• Corruption of Data
• Loss of Confidentiality
• Encryption
• Granular Control
• Educate Security Personnel
• Enforce the “Lock Desktop” policy
• Update the antivirus policy
24. Radio Frequency Identification (RFID)
• RFID uses radio waves to identify “tagged” objects within a limited radius
• “Tag” consists of a microchip and an antenna
• “Microchip” stores information along with an ID to identify a product
• The other part of the “tag” is the “antenna” which transmits the information to
the RFID reader
RFID Applications:
• Asset Management
• Tracking
• Supply Chain Management (SCM)
25. Risks & Security Control
• Business Process Risk
• Business Intelligence Risk
• Privacy Risk
• Management
• Operational
• Technical
28. 4.3.4 Capacity Management
• Planning and monitoring of computing and network resources to ensure that the available
resources are used effectively and efficiently
29. 4.4 IS Architecture and Software
• A collection of computer programs used in the design, processing and control of all computer
applications used to operate and maintain the computer system
• Comprised of system utilities and programs, the system software ensures the integrity of the
system
• Access control software
• Data communications software
• Database management software
• Program library management systems
• Tape and disk management systems
• Network management software
• Job scheduling software
• Utility programs
30. 4.4.1 Operating Systems
• OS contains programs that interface between the user, processor and application software
• Provides the primary means of managing the sharing and use of computer resources such
as processors, real memory, and I/O devices
34. 4.4.5 Database Management System
• DMBS aids in organizing, controlling and using the data needed by application programs
• Primary functions include reduced data redundancy, decreased access time and basic
security over sensitive data
35.
36. 4.4.6Tape and Disk Management Systems (DMS)
• A specialized system software that tracks and lists tape/disk resources needed for data
center processing
• A TMS/DMS minimizes computer operator time and errors caused by locating improper
files
• Systems include the data set name and specific tape reel or disk drive location, creation
date, effective date, retention period, expiration date and contents information
39. 4.4.9 Digital Rights Management (DRM)
• DRM refers to access control technologies that can be used by hardware
manufacturers, publishers, copyright holders and individuals to impose limitations
on the usage of digital content and devices
• Used by companies like Sony, Apple Inc., Microsoft, BBC
43. 4.5.3 Network Services
• Functional features made possible by appropriate OS
applications
• Allow orderly utilization of the resources on the network
45. 4.5.5 OSI Architecture
• OSI (Open Systems Interconnection), benchmark standard for network architecture
• Composed of 7 layers, each layer specifying particular specialized tasks or functions
• Objective of OSI model is to provide a protocol suite used to develop data-networking protocols
and other standards to facilitate multivendor interoperability
46.
47. 4.6 Auditing Infrastructure and Operations
• IS auditor to perform audits and specific reviews of hardware, OS, databases, networks, IS
operations and problem management reporting
55. 4.7 Disaster Recovery Planning (DRP)
• Establish to manage availability and restore critical processes/IT services in the
event of interruption
• Importance and urgency of the business processes and IT services is defined
through performing a BIA and assigning RTO, RPO
• Ultimate goal is to respond to incidents that may impact people and the ability of
operations to deliver goods and services
56. 4.7.1 RPO, RTO
Recovery Point Objective (RPO):
• Determined based on acceptable data loss in case of disruption of operations
• Indicates the earliest point in time in which it is acceptable to recover the data
Recovery Time Objective (RTO):
• Determined based on acceptable downtime in case of a disruption of operations
• Indicates the earliest point in time at which the business operations must resume after disaster
57.
58. 4.7.2 Recovery Strategies
• A recovery strategy identifies the best way to recover a system in case of interruption, including
disaster, and provides guidance based on which detailed recovery procedures can be developed
63. 4.7.6 Backup and Restoration
• To ensure that the critical activities of an organization are not interrupted in the event of a disaster,
secondary and storage media are used to store software application files and associated data for
backup purposes
Offsite Library Controls
66. Self-Assessment Questions
1. Which of the following provides the BEST method for determining
the level of performance provided by similar information processing
facility environments?
a) User satisfaction
b) Goal accomplishment
c) Benchmarking
d) Capacity and growth planning
67. Self-Assessment Questions
2. For mission critical systems with a low tolerance to interruption and
a high cost of recovery, the IS auditor would, in principle,
recommend the use of which of the following recovery options?
a) Mobile site
b) Warm site
c) Cold site
d) Hot site
68. Self-Assessment Questions
3. The key objective of capacity planning procedures is to ensure that:
a) Available resources are fully utilized
b) New resources will be added for new applications in a timely manner
c) Available resources are used efficiently and effectively
d) Utilization of resources does not drop below 85 percent
69. Self-Assessment Questions
4. An IS auditor should be involved in:
a) Observing tests of the DRP
b) Developing the DRP
c) Maintaining the DRP
d) Reviewing the DR requirements of supplier contracts
70. Answers
1. c) Benchmarking
2. d) Hot site
3. c) Available resources are used efficiently and effectively
4. a) Observing tests of the disaster recovery plan