Home  >  Fourth Edition  >  Chapter 32
Chapter 32 –  Operations Security and Production Controls
     Myles Walsh
     M. E. Kabay, PhD, CISSP

Chapter Contents:

   32.1    Introduction
   32.1.1    What Are Production Systems?
   32.1.2    What Are Operations?
   32.1.3    What Are Computer Programs?
   32.1.4    What Are Procedures?
   32.1.5    What Are Data Files?
   32.2    Operations Management
   32.2.1    Separation of Duties
   32.2.2    Security Officer or Security Administrator
   32.2.3    Limit Access to Operations Center    Need, not status, determines access    Basic methods of access control    Log in and badge visitors    Accompany visitors
   32.2.4    Change-control Procedures from the Operations Perspective    Moving new versions of software into production    Backout and recovery    Using digital signatures to validate production programs
   32.2.5    Using Externally Supplied Software    Verify digital signatures on source code if possible    Compile from source when possible
   32.2.6    Quality Control versus Quality Assurance    Service-level agreements    Monitoring performance    Monitoring resources    Monitoring output quality
   32.3    Providing a Trusted Operating System
   32.3.1    Creating Known-Good Boot Medium
   32.3.2    Installing a New Version of the Operating System
   32.3.3    Patching the Operating System
   32.4    Protection of Data
   32.4.1    Access to Production Programs and Control Data    Users    Programming staff    Operations staff
   32.4.2    Separating Production, Development, and Test Data
   32.4.3    Controlling User Access to Files and Databases
   32.5    Data Validation
   32.5.1    Edit Checks
   32.5.2    Check Digits and Log Files
   32.5.3    Handling External Data

Please report problems to the webmaster at:
copyright 2002-2006, Robert Gezelter, All Rights Reserved