CSH4 Chapter 32 - Operations Security and Production Controls

	32.1		Introduction
	32.1.1		What Are Production Systems?
	32.1.2		What Are Operations?
	32.1.3		What Are Computer Programs?
	32.1.4		What Are Procedures?
	32.1.5		What Are Data Files?
	32.2		Operations Management
	32.2.1		Separation of Duties
	32.2.2		Security Officer or Security Administrator
	32.2.3		Limit Access to Operations Center
	32.2.3.1		Need, not status, determines access
	32.2.3.2		Basic methods of access control
	32.2.3.3		Log in and badge visitors
	32.2.3.4		Accompany visitors
	32.2.4		Change-control Procedures from the Operations Perspective
	32.2.4.1		Moving new versions of software into production
	32.4.1.6		Backout and recovery
	32.2.4.2		Using digital signatures to validate production programs
	32.2.5		Using Externally Supplied Software
	32.2.5.1		Verify digital signatures on source code if possible
	32.2.5.2		Compile from source when possible
	32.2.6		Quality Control versus Quality Assurance
	32.2.6.1		Service-level agreements
	32.2.6.2		Monitoring performance
	32.2.6.3		Monitoring resources
	32.2.6.4		Monitoring output quality
	32.3		Providing a Trusted Operating System
	32.3.1		Creating Known-Good Boot Medium
	32.3.2		Installing a New Version of the Operating System
	32.3.3		Patching the Operating System
	32.4		Protection of Data
	32.4.1		Access to Production Programs and Control Data
	32.4.1.1		Users
	32.4.1.2		Programming staff
	32.4.1.3		Operations staff
	32.4.2		Separating Production, Development, and Test Data
	32.4.3		Controlling User Access to Files and Databases
	32.5		Data Validation
	32.5.1		Edit Checks
	32.5.2		Check Digits and Log Files
	32.5.3		Handling External Data

Please report problems to the webmaster at: webmaster@removethis.rlgsc.com