IS Operations, Maintenance and Support Tutorial

4.1 Information Systems Operations Maintenance and Support

Hello and welcome to the fourth domain of the Certified Information Systems Auditor (CISA) (Pronounced as: ceesa) Course offered by Simplilearn. This domain will cover Information Systems Operations, Maintenance, and Support. Let us look at the objectives of this domain in the next screen. Objectives After completing this domain, you will be able to: •Understand service level management practices •List techniques for Monitoring Third Party Compliance •Detail Software Licensing and Inventory Practices •Detail capacity planning and monitoring •Discuss problem and incident management practices. •Discuss Business Impact Analysis (BIA) and Disaster Recovery Planning and testing Overview Information systems operations, maintenance and support practices are important to provide assurance to users as well as management that the expected level of service will be delivered. Service level expectations are derived from the organization’s business objectives. IT service delivery includes IS operations, IT services and management and the groups responsible for supporting them. Let us start with the first topic in this domain in the following screen.

4.2 Knowledge Statement 4.1

In this topic, we will learn about concepts under the first knowledge statement in this domain, KS 4.1 We will begin with service level management practices in the following screen. Service Level Management Practices The CISA candidate should have knowledge of service level management practices and the components within a service level agreement. Service level management ensures that IT services meet customer’s expectations and that service level agreements (SLAs) are continuously maintained and improved as needed. SLAs are generally separate documents from the contracts with external vendors. SLAs may also be created internally to assure the key process owners of the level of service that the IT organization has agreed to provide. Let us continue to understand service level management practices in the following screen. Service Level Management Practices (contd.) SLAs may include technical support elements such as expected response times; systems availability e.g., 08.00 to 18.00, Monday through Friday); help (or service) desk responses and escalation procedures and so on. Therefore SLAs specify the underlying operational specifics for agreed-upon services which, if measured and managed, will deliver the commitments that meet customer expectations. The main area of coverage is IT Service Management. We shall look at IT service management in the following few screens. IT Service Management IT Service Management (ITSM) comprises processes and procedures for efficient and effective delivery of IT services relative to business expectations to ensure. ITSM can be split into IT support services and IT delivery services. IT support services include; service desk (at times referred to as to technical support/helpdesk); incident management, problem management, configuration management change management (system and infrastructure change) and release management. IT delivery services include service-level management, IT financial management, Capacity management, IT service continuity management and availability management. IT Service Management (contd.) Although each of these management areas is a separate process by its own right, each process is highly interdependent with other processes. For instance repeated incidents undergoing incident management may require problem management to be initiated. Resolving the problem may require a change (change management process followed) in infrastructure (configuration item) which invokes the configuration management process. IT Service Management (contd.) By virtue of being a service organization, the success of the IS department is dependent upon satisfying users and adhering to targets set within the service level agreements. A Service Level Agreement commonly referred by the acronym SLA, is an agreement between the IT Organization (Internal IT department or external service provider) and the customer (the business). It details the service(s) to be provided (e.g. Email, ERP, Internet connectivity, internet website hosting etc.) IS service level agreements (SLA) assist in better management of IS services. IT Service Management (contd.) An SLA will have various targets that will include: availability, response time, financial performance such us ensuring costs are reduced and risk management through compliance with company’s policies. Others include keeping staff turnover at a particular number and overall improvement in efficiency and effectiveness. We shall look at tools that can be used in measuring effectiveness and efficiency of IS service management. Tools to Measure IS Efficiency and Effectiveness Exception reports are automated reports that identify all applications that did not successfully complete or otherwise malfunctioned. They may indicate Poor application design, Inadequate: operations instructions; operations support, operator training etc. System application logs can be generated from various systems and applications should be considered to identify all application problems. The size and complexity of these logs make it difficult to manually view them. There are various programs that have been developed to analyze and report on defined aspects/items. Let us look at other tools of measuring the efficiency and effectiveness of an IS. Tools to Measure IS Efficiency and Effectiveness (contd.) Operator problem reports are manual reports used by operators to log computer operations problems and their resolution - IS management should review operator actions to determine if they were appropriate and or whether additional operator training is required. Operator work schedules are reports maintained manually by IS management to assist in human resource planning. Proper staffing of operation support personnel will assure that service requirement of end users will be met. You will now attempt a question to test what you have learned so far.

4.4 Knowledge Statement 4.2

In this topic, we will learn about the concepts under knowledge statement 4.2. Let us begin this topic by looking at ways in which we can monitor third party compliance in the next screen. Techniques for Monitoring Third Party Compliance The CISA candidate should have knowledge of techniques for monitoring third party compliance with the organization’s internal controls. It is essential to know the latest approaches in contracting strategies, processes and contract management practices. Outsourcing IT can help reduce costs and/or complement an enterprise’s own expertise but may introduce additional risks The following slide lists the main areas covered in this knowledge statement. Main areas of coverage The key areas covered in this knowledge are: sourcing practices, IS Roles and responsibilities and reviewing Contractual Commitments. Note that these areas have already been covered in domain 2: Governance and management of IT. You will now attempt a question to test your understanding of this topic.

4.6 Knowledge Statement 4.3

In this topic, we will learn about the concepts under knowledge statement 4.3. Let us begin by learning about the procedures used to manage scheduled and non-scheduled processes in the following screen. Managing Scheduled and Non-Scheduled Processes The CISA candidate should have knowledge of operations and end-user procedures for managing scheduled and non-scheduled processes. Operations management is critical in providing effective, efficient and appropriate technical solutions. The roles and responsibilities of operations management represent a high risk, not only to the day-to-day running of the IT organization, but to the protection of information assets both in the areas of restricting access to authorized people and the availability of IT. The main areas to be covered here are: information system operations, network infrastructure and implementation reviews and scheduling reviews We shall look at information system operations in the next screen. Information System Operations IT operations are processes and activities that support and manage the entire infrastructure, systems, applications and data focusing on day-to-day activities. Infrastructure operations management is responsible for accurate and efficient IS operations. The tasks of IT operations staff include: executing and monitoring scheduled jobs; facilitating timely backup of computer files; monitoring unauthorized access and use of sensitive data and monitoring and reviewing the extent of adherence to IT. Others include; the operations procedures as established by IS and business management, participating in test of disaster recovery plans (DRPs) and facilitating troubleshooting and incident handling. We will continue with information system operations in the following screen. Information System Operations (contd.) Procedures detailing instructions for operational tasks and procedures coupled with appropriate IS management oversight are necessary parts of IS control. This documentation should include: Procedures for: Operations; monitoring systems and applications; detecting systems and applications errors and problems; backup and recovery; handling IT problems and unresolved issues among other procedures. Let us look at job scheduling software in the next screen. Job Scheduling Scheduling is making operations automated without any attendance. The schedule includes the job that must be run, the sequence of the jobs that must be run, the sequence of job execution and the conditions that cause problem execution. Job should be scheduled according to SLA. High priority jobs should be given optimal resource availability while maintenance functions such as backup and system reorganization should if possible be performed during non-peak hours. Job Scheduling Software Job Scheduling Software is software used by installations that process large number of batch routines. It sets up daily work schedules and automatically determines which jobs to be submitted for processing. Advantages of job scheduling includes that information is set up only once ; reducing chance of error, job dependencies are defined so that if a job fails, subsequent jobs relying on its output will not be processed. In addition such software will ensure records are maintained of all job successes and failures and there is less reliance on operations. You will now attempt a question to test what you have learnt so far.

4.8 Knowledge Statement 4.4

In this topic, we will learn about the concepts under knowledge statement 4.4. Let us begin with technology concepts in the following screen. Slide 32: Technology Concepts A CISA candidate is expected to have knowledge of the technology concepts related to hardware and network components, system software and database management systems. The IS auditor must be familiar with the functionality of information system hardware and its network components. This includes understanding the importance of the physical part of IS/IT solutions that support the organizational objectives and goals as well as key control and risks involving system software. Although the CISA exam does not test technical knowledge of the working of individual components, an understanding of the risks associated with and possible control functions of each component is expected. An example of this is: knowledge of the risk that router access passwords may be shared but that, if properly programmed, passwords can make a major contribution to network resilience. The following screen lists the main areas of coverage in this knowledge statement. Slide 33: Main Areas of Coverage Main areas of coverage are: IS Network Infrastructure, Hardware Reviews, Network Infrastructure and Implementation Reviews, Operating systems, Utility Programs and Operating system reviews. Let us look at Enterprise Network Architectures, in the next screen. Slide 34: Enterprise Network Architectures Knowledge of Enterprise Network Architectures is important. This is because today’s networks are part of a large, centrally managed, internetworked architecture solution of high speed local and wide area computer network in an organization. Such networks might include: Network segments or blocks which may include web-based front-end applications servers (public or private); Application and database servers and Mainframe servers. Organizations may implement service-oriented architectures (SOA) with web software components, using Simple Object Access Protocol (SOAP) and Extensible Markup Language (XML). Within such an environment information is highly accessible and available anytime everywhere, and stored centrally. Let us learn about the internet and related terms, in our next slide. Slide 35: Internet and Related Terms A simple way to understand the internet is to look at what it is comprised of and some key terms used in relation to the internet. First, the internet is a vast global Network (NW). The global network is comprised of interconnected networks. The purpose of these interconnected networks is to exchange information. There are also routers to direct traffic within the networks. Routers use routing tables to direct traffic through the most efficient routes. Internet Service Providers (ISPs) enable Users to connect to Internet. Networks are connected via Leased lines, Integrated Services for Digital Networks (ISDN), Fibre, Satellite and Regional networks are connected through Network Access Points (NAP). No single person or organization runs the Internet – it can be said to be an electronic anarchy that uses TCP/IP protocol suite as the de facto standard. Let us look at the common terms in used in relation to the internet in the following screen. Slide 36: Internet and Related Terms (contd.) Common terms that you will come across in relation to the internet include: ISP, which stands for Internet Service Provider; NAP, Network access point that connects regional networks, Traffic concentration point that refers to a point of convergence for many ISPs. TELNET is a remote terminal control protocol. DNS stands for Domain Name Service that translates hostnames into IP addresses and vice versa. DNS servers offer the translation service. LAN or mainframes connected to the Internet providing full access to the Internet is referred to as a direct connection. Let us continue to look at common internet terms in the next screen. Slide 37: Internet and Related Terms (contd.) Online services allow users to tap the full power of the internet. Popular use of internet is to download or upload files this is enabled through the File transfer protocol (FTP). With anonymous FTP anyone can get access with user identification (ID) and password (PW) although this is considered risky. Simple Mail Transfer Protocol (SMTP) relates to or facilitates email exchange on the internet. Simple Network Management Protocol (SNMP) is a means to monitor and control network devices, manage configurations, performance and internet security. Let us now discuss the World Wide Web in the next screen. Slide 38: World Wide Web and Related Terms World Wide Web or WWW is a client server model, where the Client uses a browser (e.g. internet explorer) to access a web server that could be running on NT or UNIX operating system. The World Wide Web is the fastest growing and most innovative part of the Internet. Navigation of the WWW is done through typing URL of the site and use of hypertext links to jump to other sites. World Wide Web uses Hyper Text Markup Language (HTML) for web pages and Hypertext Transfer Protocol (HTTP) for web server/browser communication. Let us continue to look at common terms in relation to the World Wide Web in the following screen. Slide 39: World Wide Web and Related Terms (contd.) World Wide Web terms that you will come across include: Common Gateway Interface (CGI) scripts. This is an executable, machine independent software program that can be accessed by a web page to perform specific tasks. Cookies help a web page to remember preferences. A cookie is a message sent from a web server to a browser to identify users and prepare customized pages. Applets are downloaded from web servers to execute in browsers for example to generate input forms. In the following screen, we look at the client server model and its related terms. Slide 40: Client Server Model In a client server architecture, an application is split to run on different computers some on the client and some on the server. These tasks are mutually dependent. On the client side, the graphic user interface can be thin or thick. The server is usually a multi-user system such as mainframe, minicomputer or personal computer. Some of the server functions include: File, print, database communication, facsimile e.t.c Advantages if client server architecture includes: distributing work among computers and sharing of system and data resources. In the following screen, we will discuss different tiers of client server architectures and middleware. Slide 41: Client Server Architectures and Middleware A multi-tiered architecture can be used to show how tasks are shared among computers at the graphic user interface through business rules, and application logic and database levels. There are different client server architectures. These include: two tier, three tier and multi-tiered (More than two tiers). Let us look at 2-Tier architecture in the following screen. Slide 42: Client Server Architectures – Two-Tier Architecture In a two tier client server architecture there is a client i.e. graphic user interface and business rules which forms the front end and the database server, which forms the back end. Limitations of this architecture include: a fat client syndrome i.e. big complex programs requiring more memory and CPU and this architecture is not highly scalable i.e. problems arise when more users are added. Let us look at three-tiered architecture in the following screen. Slide 43: Client Server Architectures – Three-Tier Architecture In a three-tiered client server architecture the front end is represented by a graphic user interface while the back end is comprised of the application and database servers. Advantages of this architecture compare to a two tiered include: a thin client and its more scalable i.e. can support thousands of users. Let us discuss middleware in the following screen. Slide 44: Middleware Middleware manages interaction between the graphic user interface and servers by offering identification, security, authorisation and directory services. This, in turn, supports communication between clients and servers, load balancing, fail over, component management and queue management. In the next screen we cover uses of middleware. Slide 45: Middleware – Uses In the transaction processing monitors middleware used to handle and monitor database transactions mainly does load balancing. Middleware in Object request broker (ORB) technology enables use of shared, reusable, business objects in a distributed environment e.g. CORBA and Microsoft’s COM/DCOM. In a Remote Procedure Call (RPC) middleware is the protocol that enables client to execute a program on the remote computer (server). Lastly, in Messaging Servers middleware programs asynchronously prioritize; queue, process messages using dedicated servers. Let us look at risks and controls of middleware in the following screen. Slide 46: Middleware – Risks and Controls The major risk of middleware is loss of system integrity from multiple operating environments and lack of change control. However, controls that can be used to manage this include: testing systems adequately, managing modifications and versions. In the next screen, we move on to r computer hardware. Slide 47: Computer Hardware The diagram on the screen shows a broad classification of computer hardware components and the communication between the input, processing and output components of a computer. Input devices are used to capture data and information into the central processing unit of the computer. The central processing unit comprises of: the arithmetic logic unit, registers and the main memory. The diagram also shows that the central processing unit is connected to the output devices through which processed data and information is communicated to the user. A secondary storage is also connected to the main computer central processing unit. Each of these components is explained further in the following screens. Slide 48: Computer Hardware and Architectures The central processing unit forms the processing components of a computer. There is an arithmetic logic unit which performs mathematical and logical operations, a control unit and internal memory used for processing transactions. Slide 49: Computer Hardware and Architectures (contd.) Input and output components pass transaction information to the computer and display or record the output generated by the computer. Computer peripherals such as the keyboard and mouse are input only devices whereas printers form output only devices. Other components of a computer include: Motherboard, Random Access Memory (RAM) and Read-OnlyMemory (ROM). Let us now look at types of computers in the following few screens. Slide 50: Types of Computer Computers can be categorized based on several criteria; mainly processing power, size and architecture. The different categories include: Supercomputers, High-end and midrange servers, Mainframe, Minicomputer, Personal Computer PCs (or Microcomputer), Notebook / laptop computers, Smart Phones and Personal Digital Assistants (PDAs). Supercomputers are very large and expensive computers with the highest processing speed, used for specialized purposes, use complex mathematical and or logical calculations (e.g. huge computing power is used to determine weather patterns such as probability of tsunami or earthquake occurring in a given location). High-end and midrange servers are multiprocessing computer systems capable of supporting thousands of simultaneous users. These computers differ from mainframes by virtue of being less expensive. The higher-end ones utilize UNIX (pronounce as: yunix) operating system (OS) and may be used as database servers, while the lower-end ones utilize windows OS and may be used as application print servers. Slide 51: Types of Computer (contd.) Mainframe computers are large, general purpose computers operating in a multi-user, multiprocessing environment and usually serves thousands of internal/external users. Minicomputers are used by mid-sized organizations and operate in a multi- user, multiprocessing environment. Slide 52: Types of Computers Personal Computer (PCs), also known as Microcomputers are small, inexpensive computers referred to as PCs or workstations and designed for individual users. They are inexpensive and use micro-processor technology. Notebooks/Laptop computers are light weight (under 10 pounds/ 5 Kgs) personal computers powered by normal AC connection or rechargeable battery back. They are preferred because of their portability. However, blocal area network by being portable they are vulnerable to theft or connectivity hijacked in a LAN, wireless connection etc. Slide 52: Types of Computers (contd.) Smart Phones and Personal Digital Assistants (PDAs) are small handheld digital devices (the size of a calculator) also known as palmtops used as a personal organizer and planners, telephone, fax, have networking capabilities, and can interface with personal computers and are used for field data collection, and for communication. They use pen-based stylus instead of keyboard. They can also be used as schedulers, phone/address book, to-do list, and for office automation (spreadsheets, text editor e.g. MS word). Some have handwriting recognition capability In the next screen, we will continue our discussion of computer hardware and architectures, and learn about peripheral devices. Slide 53: Computer Hardware and Architectures – Peripheral Devices Computer peripheral devices include: input / output devices; audio / video cards; CD ROMs (read-only memory); DVDs; tape drives; disk drives; printers; and modems. Slide 54: Computer Hardware and Architecture – Terminology Some commonly used computer terminologies include the following: Multi-tasking refers to running two or more tasks concurrently by allocating time slots/slices to each task. Multi-programming, on the other hand refers to running two or more programs concurrently. Multi-processing is another term used when two or more processors share memory and execute programs simultaneously. In Multi-user or time sharing environments, multiple users access and use computer and the operating system, simultaneously. Multi-threading is a process in which several sub-activities take place when a program is being executed. There are numerous computer hardware developments that have occurred over time, as we shall see in the next screen. Slide 55: Computer Hardware Developments Some of the developments in computer hardware include: memory cards/flash drives (pen drive), write once and read many (worm), memory cards (flash memory) and universal serial bus (USB) Memory Cards/Flash Drives (pen drive) are a combination of USB & memory card technology that is useful in storing information. However they pose very serious security risks to the stored data if they are lost or stolen and can be used to bypass bootable security checks. Large amounts of data and information can transferred to flash memory very fast. Write Once and Read Many (WORM) includes compact discs (CDs) like the ones used for music (up to 80 minutes), and for data files (700MB). Compact discs recordable / rewritable (CD-R / CD-RW) are technically not a WORM. Another example is digital video disc (DVD) that uses optical storage technology, with large capacity (Gigabytes). Let us look at other developments in the following screen. Slide 56: Computer Hardware Developments (contd.) Memory cards (flash memory) are alternative devices to store information. They are small, non-volatile, removable, and easy to erase & store data/information in and can be used with other peripherals like cameras, personal digital assistants. Universal Serial Bus (USB) is a serial bus standard that interfaces devices with a host. It was designed to allow connection of many peripherals to a single standardized interface sockets; and improve the plug and play capabilities by allowing hot swapping. In the next screen, we look at common enterprise backend devices. Slide 57: Common Enterprise Backend Devices Print servers which consolidate printing resources for cost-saving; File servers that manage organization-wide access to files and program; Application (program) servers that host applications and allow users are access to centralized programs and Web servers which provide information and services to internal (employees) or external (public) customers through web pages. A web server is accessed using a Universal Resource Locator (URL) e.g. It also utilizes DNS services. Proxy servers provide an intermediate link between users and resources, as opposed to direct access. Database server is a repository containing raw data and applications. Web servers process data for user consumption. Appliances are specialized devices like firewall, IDS, switches, routers, that could be used to support virtual private networks, load balancing etc. Now let us consider hardware risks in the next screen. Hardware Risks Computer hardware is exposed to the following risks: Data and media loss; loss of flash drives which may lead to unauthorised access to data; Corruption of data which can simply be caused by improper unplugging of USB drives. Viruses and other malicious software contained in infected documents and which can spread via flash disks. Malicious code include: key loggers to capture passwords for hackers. Data theft, where hackers, corporate spies, disgruntled employees may steal data. Use of social engineering to gain physical access to personal computers. Losses of confidentiality that may come as a result of losing a memory stick with confidential data. This may lead to legal liability. HIPAA requirements for health information. Let us look at controls to safeguard hardware in the following screen. Hardware Controls In order to safeguard computer hardware against these risks the following controls can be put in place: Encryption Fully covered in Domain 5, Educating security personnel to be aware of the risk in their environment. To Enforce the “lock desktop” policy; duration based on risk of environment. Update the antivirus policy and enforce mandatory scanning of USB flash drive. Granular Control Using Microsoft Active Directory group policy to implement controls; user awareness programs for culture/behavior change. Use only secure devices which have security integrated into devices when buying them. Include return information; include text file with contact details (excluding company name) to allow whoever collects the flash drive to return it to the owner. In the next screen we look at radio frequency identification commonly known as RFID. Radio frequency identification (RFID) RFID uses radio waves to identify tagged objects within a limited radius. It uses a tag which is a microchip to store information with the identification of the product and an antenna that transmits information to the radio frequency identification reader. There are two modes of powering the tags: active tags that are powered by own batteries, utilize higher frequencies, wider communication radius, have more data capacity, are re-usable but are more expensive and passive tags that draw power from the radio frequency identification reader radiation, it has basic information (2KB), utilizes lower frequencies, smaller communication radius, less data capacity, is not re-usable but it is less expensive. Let us look at the applications of RFID in the following screen. Radio Frequency Identifications – Applications Radio frequency identification can be used in the following areas: Asset management e.g. in the library because it does not require optical line of site; Tracking; Authenticity verification; matching i.e. two pairs that have to go together- avoid confusion later; in Process Control to initiate processes based on tag identifier; Access Control i.e. restricted areas and office doors access and Supply Chain Management (SCM) i.e. tracking from manufacture to retail. In the next two screens we will look at RFID risks and controls. Radio frequency identification– Risks & Controls Radio frequency identification risks Include: Business Process Risk where interference with radio frequency identification will result to interference with business processes; Business Intelligence Risk where a competitor can gain information from radio frequency identification and use it to harm the business; Privacy Risk where personally identifiable information can be compromised i.e. tagged items can be traced to an individual; Externality Risk where for example: an adversary gains unauthorized access to computers on an enterprise network through Internet Protocol (IP) via enabled RFID readers, if the readers are not designed and configured properly. Radio Frequency Identification – Risks and Controls To safeguard against these risks security controls that can be put in place include: Managementoversight for example by way of implementing policies; Operational controls for administrators and users e.g. physical controls and Technical e.g. using technology to monitor usage. In the next screen, we briefly look at hardware maintenance program. Hardware Maintenance Program Hardware must be routinely cleaned and serviced. There should be a maintenance schedule that coincides with vendor specifications. Maintenance requirements vary based on complexity and performance workloads. Maintenance program should document: Reputable service company for each component; maintenance schedule; Maintenance cost information; and history, planned and exceptional maintenance. IS management should monitor, document and justify deviations. Excessive maintenance costs are a risk indicator. There are several hardware monitoring practices and hardware auditing practices that can be put in place. Let us look at hardware monitoring practices in the following screen. Hardware Monitoring Practices These include Error reports that are used to record failures and corrective action taken; Availability reports that check for downtime that can be caused by: inadequate facilities, excessive maintenance, lack of preventive maintenance; Utilization reports (automated) that document utilization of machine and peripherals, for instance utilization of over 85% may indicate overcapacity while utilization of less than 95% may call for a review of resource, capacity and schedules; Asset management reports that include network inventory i.e. connected equipment such as personal computers, servers, routers and other devices. In the next screen, we will discuss hardware auditing. Hardware Auditing Auditing of Hardware covers: capacity management procedures that ensure continuous performance and whether performance management is objective; Performance evaluation procedures; Availability and utilization reviews; Change management controls such as: Approval, Planning, scheduling, communication, minimize impact on business, operator documentation and Hardware availability and utilization reporting . In the next screen we look at Information Systems Architecture and Software. Information Systems Architecture and Software Information Systems Architecture and Software components hierarchy, as shown in the first diagram is as follows: the application system that sits on top of software utilities and programs, which are above the nucleus that interfaces with hardware/firmware. Therefore between the user and the hardware information system architecture is defined to include: user, application, operating system and hardware interfacing in that order as is also shown in the second diagram. Operating Systems (OS) makes computing power conveniently available to clients i.e. utilities, applications, human users. The operating system manages computer resources including: Processors, Memory, Disks, Timers, I/O devices and Data The following screen offers a detailed look of operating system functions and parts. Operating System (OS) – Functions and Parts Functions of the operating system include: holding of programs that interface between the user, processor and application software, Provides the primary means of controlling the sharing and use of computer resources, Maintains the integrity of the system, Manages/controls execution of programs and Shields the user from the details of the hardware. Operating System Parts include: Kernel or nucleus and utility programs. In the next screen we look at the operating system nucleus and software, as we continue our discussion on the computer operating system. Operating System – Nucleus The operating system nucleus is a highly privileged/restricted area that runs in kernel mode/supervisory state and resides in the computer memory all the time. Other utilities are called in as needed. It performs the basic functions associated with the operating system which include: process management, input/output management, memory management and File management. In process management, the nucleus does: interrupt handling, Process creation/destruction, dispatching, process synchronization and inter-process communication. In input/output management the nucleus manages printers, KBs, disk drives, CD-ROMs and all other input/output devices connected to the computer. In memory management the nucleus does allocation and de allocation. File management which involves create, read, write, delete, open and close is also done in the nucleus. Let us look at OS facilities in the following screen. Operating System – Facilities Operating System Facilities include: User interface, Program execution management, File management i.e. create, delete, read, write, Resource scheduling between clients, input/output support that covers device independence, uniform interface, uniform naming, protection against unauthorized access, authentication, access control, monitoring, non-interference, accounting, error detection and recovery, concurrent processing and data sharing. Let us look at OS software in the following screen. Operating System Software Operating system software includes: access control, data communications, and database management system, program library management, tape and disk management, and network management, job scheduling and utility programs. Over the following few screens, we will understand operating system integrity. Operating System Integrity The objective of operating system integrity is to protect the operating system from interference and compromise and to protect applications from other applications. This involves the operating system protecting itself from deliberate and inadvertent modifications and ensuring privileged programs are not interfered with by user programs. For integrity, process isolation occurs to ensure that multiple processes are protected from each other e.g. writing into each other memory and that there is enforcement of least privilege. Operating System – Integrity (contd.) Supervisory state refers to the most privileged state with complete unrestricted access to all system resources i.e. memory, devices and privileged instructions and ability to bypass any security features in place. The kernel operates in this state. Some system utilities also operate in this state making them highly risky requiring strict control. Operating System – Integrity (contd.) User state is the most restricted and less privileged state. Users address their own restricted memory space. User state relies on code running on supervisory state to perform privileged functions. Applications run in this state. User state is critically dependent on: IS management’s authorization techniques employed to prevent non-privileged users from executing privileged instructions and on configuration of files/directories/registry for options and parameters. This must be controlled, configured and updated properly with latest patches to avoid compromise by perpetrators e.g. IBM390 SYS1.PARMLIB, Win Registry. Operating System – Integrity (contd.) Control features or parameters allow standard software to be customized to diverse environments and provide effective means of determining how controls are functioning within operating system. Control features should be appropriate to the organizations workload and control structure. Activity logging and reporting is the collection of specified pieces of information for purposes of analyzing system functions. Activity logging and reporting areas include: date file versions used for processing, accesses to sensitive data, utilities and service aid usage and database management system efficiency and security. Let us now look at access control software in the following screen. Access Control Software Access Control software developed for the computer must be compatible with its operating system. It is designed to prevent unauthorised access to data, use of system functions/programs; and updates or changes to data. The software is designed to detect and prevent unauthorised computer access. Data communication software is used to transmit data from one point to another. Also used for conversion e.g. of codes such as ASCII, EBCDIC and Unicode. Components of communication software include: sender and receiver, message/information to be communicated and the medium or channel. Let us continue looking at access control software in the following screen. Access Control Software (contd.) System components include: Transmitter (Source), Receiver (Sink) and Transmission path (Channel/Line). It also includes local area networks (LANs) and wide area networks (WANs) Applications here include: electronic funds transfer (EFT) systems, electronic data interchange (EDI), office information systems like electronic message systems (Bulletin Board etc), interfaces with operating system, application programs, database management systems, Tele-communication systems and network control systems. In the next screen we will take a look at telecommunication links. Telecommunication Links Telecommunication links or lines for networks can be either analog or digital. They are classified in several ways, according to the type of provider or the type of technology. They can be divided into: dedicated circuit (also known as leased lines) or switched circuit. Let us discuss circuit switching and packet switching in the following screen. Telecommunication Links (contd.) Circuit switching mechanism is typically used over the telephone network (plain old telephone service [POTS] i.e. integrated services digital network [ISDN]). Switched circuits allow data connections that can be initiated when needed and terminated when communication is complete. This works much like a normal telephone line works for voice communication. ISDN is a good example of circuit switching. Packet switching is a technology in which users share common carrier resources. Packet switching allows the carrier to make more efficient use of its infrastructure and the cost to the customer is generally much lower than with leased lines. The next screen covers baseband and broadband telecommunication links. Baseband and Broadband Networks In Baseband networks the signals are directly injected on the communication link so that one single channel is available on that link for transmitting signals. As a result, the entire capacity of the communication channel is used to transmit one data signal and communication can move in only one direction at a time (half-duplex communication). In a broadband network different carrier frequencies, defined within the available band, can carry analog signals, such as those generated by image processors or a data modem, as if they were placed on separate baseband channels. Interference is avoided by separating adjacent carrier frequencies with a gap that depends on the band requirements of the carried signals. The condition when simultaneous data or control transmission/reception takes place between two stations is called a full-duplex connection. Let us now turn to the different types of networks in the next screen. Types of Networks Personal area networks (PANs) is a microcomputer network used for communications in telephones, PDAs, printers, cameras, scanners, among other computer devices being used by an individual person. Local area networks (LANs) are computer networks that cover a limited area such as a home, office or campus. Wide Area Networks (WANs) are computer networks that cover a broad area such as a city, region, nation or an international link. The Internet is an example (the largest example) of a WAN. Metropolitan Area Networks (MANs) are WANs that are limited to a city or region; usually, MANs are characterized by higher data transfer rates than WANs Storage area networks (SANs) are a variation of LANs and are dedicated to connecting storage devices to servers and other computing devices. SANs centralize the process for the storage and administration of data. In the next screen, we will look at wireless networks, which are also a type of network. Wireless Networks Wireless technologies, enable one or more devices to communicate without physical connections, that is, without requiring network or peripheral cabling. The technology in wireless networks uses radio frequency transmissions/electromagnetic signals through free space as the means for transmitting data, whereas wired technologies use electrical signals through cables. Wireless networks serve as the transport mechanism between devices, and among devices and the traditional wired networks. Wireless networks are many and diverse but are frequently categorized into four groups based on their coverage range. These are: wide area networks, local area networks, wireless personal networks and wireless adhoc networks. The following screen lists the risks of a wireless network. Wireless Networks – Risks Risks of wireless networks include: interception of sensitive information, loss or theft of devices, misuse of devices, loss of data contained in the devices, distractions caused by the devices and possible health effects of device usage. In the next screen we look at types of wireless networks. Wireless Networks Types Wireless Wide Area Network (WWAN). This is the process of linking different networks over a large geographical area to allow wider IT resource sharing and connectivity. Wireless wide area networks are connected via radio, satellite and mobile phone technologies. Wireless wide area network, using radio, satellite and mobile phone technologies, can complement and compete with more traditional systems of cable-based networking. IEEE 802.11’s Wired Equivalent Privacy encryption uses symmetric, private keys, which means the end user's radio-based network interface card (NIC) and access point must have the same key. This leads to difficulties periodically involved with distributing new keys to each network interface card. With static keys, several hacking tools easily break through the relatively weak WEP encryption mechanisms. Wireless networks types continues in the next screen. Wireless Network Types (contd.) Wi-Fi Protected Access (WPA/WPA2) is newer security protocols that utilize public key cryptography techniques to provide effective authentication and encryption between users and access points. Wireless Personal Area Networks (WPANs) are short-range wireless networks that connect wireless devices to one another. The most dominant form of WPAN technology is Bluetooth. Bluetooth links wireless devices at very short distances. The oldest way to connect devices in a WPAN fashion is using infra red (IR) communications. Wireless networks types continues in the next screen. Wireless Network Types (contd.) Ad hoc networks are networks designed to dynamically connect remote devices such as cell phones, laptops and PDAs. These networks are termed ad hoc because of their shifting network topologies. Whereas WLANs or WPANs use a fixed network infrastructure, ad hoc networks maintain random network configurations, relying on a system of mobile routers connected by wireless links to enable devices to communicate. Wireless Application Protocol (WAP) is a multi-layered protocol and related technologies that bring Internet content to wireless mobile devices such as personal digital assistants (PDAs) and cell phones. The next screen discusses virtual private networks. Virtual Private Networks A Virtual private network (VPN) extends the corporate network securely via encrypted packets sent out via virtual connections over the public Internet to distant offices, home workers, salespeople and business partners. Virtual private network allows network managers to cost-efficiently increase the span of the corporate network. They also allow remote network users to securely and easily access their corporate enterprise; corporations to securely communicate with business partners; supply chain management to be efficient and effective and service providers to grow their businesses by providing substantial incremental bandwidth with value-added services. The following screen lists VPN types. Virtual Private Networks – Types The different types of virtual private networks include: Remote-access VPN which is used to connect telecommuters and mobile users to the enterprise WAN in a secure manner; Intranet VPN - Used to connect branch offices within an enterprise WAN and Extranet VPN - Used to give business partners limited access to each other’s' corporate network. In the next screen, let us look at network components. Network Components Network Components include: Network hosts, transmission media, network infrastructure components and network software. Network hosts includes servers, PCs, printers. Transmission media includes: fibre, coaxial cable, and copper (UTP) cable, among others. Network infrastructure components whose significant network components include: servers, routers, switches, hubs, modems, and wireless devices and Network software that provide the rules for exchange and control of data and process of communication across the different components from end to end. The following screen lists network services. Network Services Some network services include: file sharing, email services, print services, remote access services or terminal emulation, Directory services, network management, Dynamic Host Configuration Protocol (DHCP) and Domain Name Service (DNS). You will now attempt a question to test what you have learned so far.

4.10 Knowledge Statement 4.5

In this topic, we will learn about the concepts under knowledge statement 4.5. Let us begin by looking at control techniques to ensure integrity of system interfaces in the following systems. Control Techniques for Interface Integrity This new topic covers the knowledge of control techniques that ensure the integrity of system interfaces. System interfaces including middleware, application program interfaces (APIs), and other similar software, present special risks because they may not be subject to the same security and control rigor that is found in large-scale application systems. Management should therefore ensure that systems are properly tested and approved, modifications are adequately authorized and implemented, and appropriate version control procedures are followed. As an IS auditor you Auditor need to understand how these system interfaces are controlled and secured. The main area of coverage here is the application of the open systems interconnection or OSI model in Network Architecture which we shall look at in the next screen. Open Systems Interconnection Model Open Systems Interconnection or OSI Model is a common standard for open system interconnection using a layered set of protocols. The objective is to provide: a set of open system standards for equipment manufacturers and a benchmark to compare different communication systems. The model defines a seven layer hierarchical architecture that logically partitions functions required to support system to system communication, as shown in the diagram. Let us continue to understand the OSI model in the following screen. Open Systems Interconnection Model (contd.) Each layer on the sender side provides information to its peer layer on the receiving side. Data transversal process includes: data travelling down through layers at the sender end, protocol control information (headers, trailers) used as an envelope at each layer, data travelling up through layers at the receiving end and protocol control information removed as data travels up. The next screen shows a table that gives summarizes functions of each layer in the OSI model. ? OSI Model – Summary Functions The first layer in the OSI model is the physical layer. This layer establishes, maintains and deactivates the physical link. Synchronization, bit control, flow control, encryption/decryption and MAC protocols are done in the second data link layer. The network layer is the third layer where routing, switching, traffic monitoring, addressing and delivery of packets to programs and network hosts occur. The transport layer which is a fourth layer provides end to end data recovery, flow control, segmenting and sequencing. The fifth layer, session layer, simply establishes and terminates sessions. Formatting, text compression and encryption happens in the sixth layer of communication. Seventh is the application layer which provides and interface to the network and also provides facilities to communicate with the network. You will now attempt a question to test what you have learned so far.

4.12 Knowledge Statement 4.6

In this topic, we will learn about the concepts under the knowledge statement 4.6. We will begin with software licensing and inventory practices in the following screen. Software Licensing and Inventory Practices In this section we shall look at knowledge of software licensing and the various inventory practices. Software licensing should be subject to controls to ensure that the number of copies in circulation within an organization does not exceed the number purchased. The main area of coverage is monitoring use of resources in software licensing. The information systems auditor should be aware that the use of unlicensed software, also known as piracy, is regarded as unlawful throughout the world, although specific legislation may not be in force in every country. He should also understand the different methods of software licensing (per seat, concurrent users, enterprise licenses, etc.) and the ways in which automated tools can be utilized to inventory the number of software products in use and to prevent and detect the use of unlicensed software. In the next screen we look at software (SW) licensing issues and licensing types. Software Licensing Issues The main issue that arises with software licensing is possibility of copyright infringements leading to penalties and/or public embarrassment. The following measures can be put in place to safeguard against infringement of software licenses: relevant policies and procedures together with relevant personnel policies on copyrights, maintaining a list of software used and licensed which should be periodically compared with software in the servers. Other specific practices that prevent software licensing violations include: centralized control and automatic distribution, disabling ability of users to install software, use of diskless workstations with access to server software, access which should be provided through metered software, regular scanning of personal computers for unauthorized software and use of site licensing agreement with vendors. The following screen lists the types of software license. License Types License types include: software license on individual machine, personal computer site licensing agreements which are: based on a number of users who access the network and prevents illegal duplication of software on personal computers, concurrent license agreement that limits costs by way of metering software limits numbers. The next user gets message “waiting for licensing”. Concurrent licensing agreements also limit number of users who can access the software on the network at a time and helps the network administrator to determine need for additional concurrent licenses. Let us now look at digital rights management in the next screen. Digital Rights Management (DRM) Digital Rights Management (DRM) refers to access control technologies that can be used by hardware manufacturers, publisher’s copyright holders to impose limitations on the usage of digital content and devices. The digital revolution that has empowered consumers to use digital content in new and innovative ways has also made it nearly impossible for copyright holders to control the distribution of their property. The digital rights management removes usage control from the person in possession of digital content and puts it in the hands of a computer program. It can also refer to restrictions associated with specific instances of digital works or devices. Some companies that make use of digital rights management are: Sony, Apple Inc., Microsoft, British Broadcasting Corporation, among others. Let us continue our discussion on DRM in the following screen. Digital Rights Management (contd.) Previous strategies of enforcing the protection by law of digital content was policing the internet to catch those infringing the digital content rights. However, this is difficult, expensive, and is an after-the-fact strategy. Digital rights management technology is meant to ensure that the content is not stolen in the first place. You will now attempt a question to test what you have learned so far.

4.14 Knowledge Statement 4.7

In this topic, we will understand the concepts under knowledge statement 4.7. Let us look at system resiliency tools and techniques in the following screen. System Resiliency Tools and Techniques As a CISA candidate, you are expected to have knowledge of system resiliency tools and techniques. These include fault tolerant hardware, elimination of single point of failure and clustering. System resiliency tools and techniques are important to ensure uninterrupted service. The main area of coverage here is system resiliency tools and techniques. An information systems auditor should be able to identify potential single points of failure within a process and understand related tools and techniques such as high availability, load balancing and clustering solutions-utilized to improve system resiliency. In the next screen, we take a closer look at clustering. Clustering Clustering is an application disaster recovery method that offers fail over and replication capabilities. The objective is to recover or restore as soon as possible. A cluster which is software (agent) is installed on every server (node). The management software - permits control of and tuning of cluster behavior. Types of application clusters include: In an active-passive cluster, an application runs on only one (active) node. The other (passive) node is only used if applications fail on the (active) node. Agents monitor protected applications and Restart it on the remaining nodes. Let us continue to look at clustering in the following screen. Clustering (contd.) In an active-active cluster application runs on all nodes and has increased network latency issues. The cluster agent ensure load balancing across the nodes i.e. scalability. Incomplete transactions run in other node but Users do not notice and it normally requires that both nodes share same data. Combinations of these are used to ensure uptime. That is software and hardware failure (active-active) and site failure (passive-active). Metro-clusters are application clusters that span one city whereas Geo-clusters span cities, countries or even continents. You will now attempt a question to test what you’ve learned so far.

4.16 Knowledge Statement 4.8

In this topic, we will learn about the concepts in knowledge statement, 4.8 Let us discuss Database Administration Practices in the following screens Database Administration Practices It is important for an Information systems auditor to have knowledge of database administration practices. More specifically, you should understand the concepts of database design, database administration, relationships between database objects, potential problems in transaction processing and security issues associated with database management systems, especially when auditing such systems. The roles and responsibilities of key management, such as those of the database administrator (DBA), should also be understood, as well as the control practices associated with those roles and responsibilities and the technology managed by key personnel. Main areas covered here are: ?Database Management System ?Database Reviews In the next screen we will discuss Data Management & Database Management System (DBMS) Data Management & Database Management System (DBMS) Data management capabilities are enabled by system software components that enact and support the definition, storage, sharing and processing of user data, and deal with file management capabilities. File organization partitions user and system data are into manageable units, called data files. Examples of data file organizations include: sequential file organization where one record is processed after another and direct random access where records are addressed individually, based on a key and not related to the data (E.g. a record). Database Management Systems provide a facility and create and maintain a well-organized Database (DB). Let us continue discussing about Data Management & Database Management System (DBMS) in the next screen Data Management & Database Management System (DBMS) (contd.) This system enables: decreased access time, reduced data redundancy and offers security over data (record, field, transaction). Advantages of data management and database management systems include: data independence, ease of support and flexibility, transaction processing efficiency, reduction of data redundancy, maximized data consistency, minimized maintenance cost through sharing, enforces data/programming standards, enforced data security, stored data integrity checks and use of SQL/application generators. In the next screen we will discuss Database Management Systems Architecture Database Management Systems Architecture In Database Management Systems, metadata are data elements required to define a database and can also be termed as “data about data”. Database Management Systems architecture include: conceptual schema which is the logical database design, external schema or user view and internal schema, which is the physical implementation. The diagram shows that an internal schema is comprised of data structures, which are B+ trees, hash tables, files and records. Objects and relations form the conceptual schema, while the external schema comprises of interfaces, functional application programming interfaces (APIs) and views. In the next screen, we will discuss Database Management Systems-Data Dictionary/Directory Systems. Database Management Systems-Data Dictionary/Directory Systems Data Dictionary identifies the data elements (fields), their characteristics and use. Active Data Dictionaries (DDs) require entries for all data elements and assist in validation, print formats, etc. whereas passive Data Dictionaries are only a repository for viewing and printing. Functional capabilities include: Data definition language processor which allows Database Administrator (DBA) to create and modify data definition, Validation of definition, for integrity of metadata, enables unauthorized access or manipulation of metadata and interrogation and reporting facilities that allow Database Administrator to enquire on data definition. Let us continue discussing about Database Management Systems-Data Dictionary/Directory Systems Database Management Systems-Data Dictionary/Directory Systems (contd.) Data Dictionaries/ Directory Systems offers benefits such as: enable use by several database management systems, enhances documentation, enables use of common validation criteria, and facilitates programming by reducing need for data definition and standardizing programming methods. In the few next screens we will discuss Database Structure Database Structure We look at hierarchical, network and relational database structures. Hierarchical Database structure is characterized by a parent child relationship with many children and one parent, as shown in the diagram. This structure is easy to implement, modify, and search. It also allows data redundancy and relates to application. A network database is flexible. It has many parents, many children relationships. This structure is complex and difficult to comprehend or modify. It relates to applications. Database Structure (contd.) A Relational Database uses a simplified data model based on the set theory and relational calculations. A relational database allows the definition of data structures, storage retrieval operations and integrity constraints. Data and relationships among these data are organized in tables. A table is a collection of rows, also known as tuples, and each tuple in a table contains the same columns. Database Structure (contd.) Columns, called domains or attributes, correspond to fields. Tuples are equal to records in a conventional file structure. Key feature is normalization that reduces redundancy and offers security features that interface with operating system access controls. A Relational database is said to have referential integrity when a foreign key can only have a null value or a value linking to the other table, as shown in the diagram. In the next screen we will learn about Database Controls and Database Reviews Database Controls and Database Reviews Database Controls are necessary to ensure integrity and availability of the database. They include: definition standards and compliance, backup and recovery, access control over data items and tables, c

Find our CISA®- Certified Information Systems Auditor Online Classroom training classes in top cities:

Name Date Place
CISA®- Certified Information Systems Auditor 8 May -30 May 2021, Weekend batch Your City View Details
CISA®- Certified Information Systems Auditor 11 Jun -3 Jul 2021, Weekdays batch Seattle View Details
  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Work Email*
Phone Number*
Job Title*