AUDITORA DE TECNOLOGA

DE INFORMACIN

Espinosa ngeles Juan Abdel

Hernndez Medina Adrin
Ramrez Antonio Alejandra

Chapter 4: Operations and

Maintenance and Support
of Information Systems

Content
Introduction
Quick Reference
Operations Information Systems
Hardware Information Systems
Software Architecture and Information Systems
Conclusions
References

Introduction
For 2011, ISACA has updated the
domains reducing them from 6 to 5.
Domain 4 now includes Disaster
Recovery from the old Domain 6.
This section has six areas that you
need to understand for the CISA
exam.

Information Systems
Operations
One of the management control
functions is to ensure that IS processing
can recover in a timely manner from
minor or major disruptions of operations.
Know what console logs are and why
they are important.

 Why is documentation important?

Why is change management important?
What is the major objective of library
software?

Management Operating
System

A Management Operating System

(often abbreviated "MOS") refers to
the
system
of
controls,
communication and activity used to
achieve organizational goals and
objectives. Most often the MOS exists
in a written form and is used to
communicate
to
relevant
stakeholders how an objective is
being met.

Example
A department manager has a goal of
maintaining morale. By developing an
MOS they can document the employee
meetings that will be conducted, the
employee Satisfaction surveys to be
administered and the report-outs to other
leaders.

IT Service Management
IT Service Management is a strategic approach to
designing, delivering, managing and improving
the way information technology (IT) is used within
an organization. The goal of IT Service
Management is to ensure that the right
processes, people and technology are in place so
that the organization can meet its business goals.
The term IT Service Management is often
associated with ITIL (Information Technology
Infrastructure Library), a framework that provides
best practices for aligning IT with business needs.
9

Infrastructure Operations

Rapidly changing business requirements

place complex burdens on existing IT
infrastructure and service delivery
capabilities.

10

We understand the key issues you

are facing.
Increasing demands are outstripping the capabilities of
the existing IT infrastructure.
Outdated IT processes are making it difficult to exploit
new technologies (e.g., cloud computing, virtualization)
Cost
pressures
require
relentless
focus
on
standardization, consolidation and optimizing service
delivery.
Rapidly evolving I&O strategies are driving new shared
services models and requirements.

11

Monitoring Resource
Usage
Computers resources are considered
limited commodity because the
company provides them to help meets
its overall goals. Althought many
employees would never dream of
placing all their long-distance phone
calls on a company phone.

12

Help Desk
Has the responsability of providing
technical support to organization and its
employees.
Is typically charged with identifying
problems, performe root cause analysis,
and tracking change management or
problem resolution.

13

Change Management
Process
The change management process is the
sequence of steps or activities that a change
management team or project leader would follow
to apply change management to a project or
change. Based on Prosci's research of the
most effective and commonly applied
change, they have created a change
management process that contains the
following three phases:

14

Phases:
Phase 1 - Preparing for change
(Preparation, assessment and strategy
development)
Phase 2 - Managing change (Detailed
planning and change management
implementation)
Phase 3 - Reinforcing change (Data
gathering, corrective action and
recognition)

15

Phase 1

16

Phase 2

17

Phase 3

18

Release Management
Computer software is authorized for
distribution via a release process. Software
is released from development and
authorized to be installed for production
use. Each vendor has their own release
schedule. Major release : A significant
change in the design or generation of
software is known as a major release.
Major releases tend to occur in the interval
of 12 to 24 months. Minor release or
update :
19

Updates are also known as minor releases. Their

purpose is to correct small problems after the
major release has been issued. Emergency
software fixes : These are known as program
patches, or hot fixes. Emergency fixes should be
tested prior to implementation. Every fix should
undergo a pretest, even if the test is informal.
Emergency software fixes may introduce new
problems that are unexpected. Every emergency
fix must undergo change control review to
determine the following: What to remediate
Whether the change should remain in use The
computer program is now a finished version
ready for final acceptance testing and user
training. The next step for implementation is to

20

Quality Assurance
In developing products and services, quality
assurance is any systematic process of checking
to see whether a product or service being
developed is meeting specified requirements.
Many companies have a separate department
devoted to quality assurance. A quality assurance
system is said to increase customer confidence
and a company's credibility, to improve work
processes and efficiency, and to enable a
company to better compete with others. Quality
assurance was initially introduced in World War II
when munitions were inspected and tested for
defects after they were made. Today's quality
assurance systems emphasize catching defects21

Hardware Information
Systems

Hardware platforms that make

business
systems
organizations
today

22

Hardware Information
Systems

The
hardware
components
of
computer systems include various
interdependent components that
perform specific functions

23

Type computers
Computers can be categorized on
several criteria, mainly used in its
processing
power,
size
and
architecture.

24

Processing devices common

enterprise
Print Servers
Servidores de archivo File servers
Servidores de (Programas) de aplicacin Servers
(Software) application
Servidores de la web Web Servers
Servidores proxy Proxies
Servidores de base de datos Database servers
Artifacts (specialized devices )

25

Artifacts (specialized
devices )
Firewall

Intrusion detection system (IDS)

Intrusion prevention system (IPS)

Routers

Virtual Private Networks (VPNs)

Load balancer
26

Universal Serial Bus (USB)

27

Memory Cards / Flash

drives

28

Risks
Viruses and
other malicious
programs

Data Theft

Loss of data and

storage media

Data corruption

Loss of
confidentiality

29

Security Checks

Encryption

Granular
control

Educate
staff
security

Impose the
policy of
"lock
desktop"

Antivirus
update
policy

Use only
safe
devices

Include
information
return

30

Radio Frequency
Identification (RFID)
Uses radio waves to identify objects
with tags within a limited radius. A
label (tag) comprises a microchip
and an antenna. The microchip
stores information along with an ID
to identify a product. The other part
of the label is the antenna, which
transmits information to the RFID
reader.
31

RFID applications
Asset Management

Tracing

Verifying authenticity

Comparison

Process control

Access control

Management of the supply chain (SCM)

32

Risk RFID
Risk of business processes
Risk business intelligence
Privacy Risk
Risk externality

33

RFID security control

Management
Operating
Technical

34

Hardware Maintenance
Program

Proper operation

Maintenance
Routinely clean

35

Hardware Monitoring
Procedures
Availability
reports

Reports
Hardware Error

ReUtilization
reports

Asset
management
reports

36

Capacity Management
CPU utilization
(SAN)

Using computer
storage

The use of
telecommunicati
ons and
bandwidth of LAN
and WAN

Using the
channel I / O

User Numbers

New technologies

New applications

SLA

37

Planning and monitoring

Development
Monitoring
Analysis
Tuning
Implementation
Modelling
Sizing applications
38

Software Architecture and

Computer
architecture
IS

S.O Applications
Kernel
Firmaware
Hardware

39

Software Architecture and

Operating
system
and
specific
IS
functions of Hardware and Software

40

Software Architecture and

Access
IS Control Software

The access control software is

designed to prevent unauthorized
access to data, access to use the
system functions and programs,
detect and prevent unauthorized
access to the computer resources
access.

41

Software Architecture and

Data
IS Communications Software

The data communication system

provides the interface to the
operating
system,
application
programs, system database, routing
systems telecommunications

42

Software Architecture and

Data
IS Base Management System

A DBMS helps organize, manage and

use data needed by application
programs and provides a facility to
create and maintain a well-organized
data.
It reduces data redundancy
It decrease access time
It establishes basic safety over
sensitive data
43

Software Architecture and

Database
structures
IS
Three types of database structure:
Hierarchical structure
Network structure
Relational structure

44

Software Architecture and

IS

Organization
database

of

hierarchical

45

Software Architecture and

IS
Organization
of a database of a
network

46

Software Architecture and

IS
Organization
of a relational database

47

Software Architecture and

IS Management Systems and
Disk
Tapes

48

Software Architecture and

IS Programs
Utility

49

Software Architecture and

IS
Software
Licensing
Currently
increasingly
critical
applications
are
under
the
supervision of the laws on copyright
related software, which must abide
by to avoid fines for copyright
violations.

50

Conclusions
El mantenimiento y operacin de

51

References
ISACA. (2012). Preparation Manual
CISA. ISACA
http://searchsoftwarequality.techtarg
et.com/definition/quality-assurance

52

Thanks!

53