IS Operations, Business Resilience, Change Controls, and Disaster Recovery Plan

Flashcards reviewing IS operations, business resilience, and disaster recovery plans.

What does Systems Performance Management refer to?

The study of an entire system, including physical hardware and software.

What is the role of an Operating System (OS)?

Programs that interface between the user, processor, and applications software, acting as a scheduler and traffic controller.

What are some key steps in auditing operating system account management and password controls?

Review user account creation and deletion processes, evaluate file permissions, review system password strength, evaluate password controls like aging, and ensure accounts can be traced to specific employees.

What are some key steps in auditing network security and controls?

Execute a network vulnerability scan, review usage of trusted access via SSH keys, and ensure a legal warning banner is displayed upon system connection.

What are some key steps in auditing file security and controls?

Evaluate file permissions for critical files and directories, look for open directories without the sticky bit set, and ensure the chown command cannot be misused.

What are some key steps in auditing audit logs?

Review controls for preventing direct root logins, review su and sudo command logs, and evaluate the syslog to ensure adequate information capture.

How can software license violations be prevented?

Ensure a good software asset management process, centralize control/distribution/installation, and use workstations with disabled or locked-down disk drives and USB ports.

What are the steps in auditing software licensing?

Review listing of all software, obtain software contracts, scan the network for installed software, and compare agreements with installed software.

What key aspects of source code should IS auditors be aware of?

Who has access to source code, who can commit the code, alignment with change management, and backups of source code offsite.

What are the general network equipment audit steps for switches, routers, and firewalls?

Ensure controls for vulnerabilities, disable unnecessary services, review user account procedures, ensure timely account removal, ensure appropriate password controls, ensure current config backups, verify logging, and ensure secure storage.

What are the key switch controls to evaluate?

Avoid using VLAN 1, evaluate trunk auto-negotiation and VLAN use, disable unused ports, and verify thresholds on broadcast/multicast traffic.

What additional router controls should be implemented?

Disable inactive interfaces, configure the router to save core dumps, authenticate routing updates, and disable IP source routing and IP directed broadcasts.

What additional firewall controls should be implemented?

Deny all packets by default, filter inappropriate IP addresses, and evaluate firewall rule sets.

What are the key database auditing steps?

Verify vendor support, ensure patch installation, restrict OS access, restrict directory permissions, check for default credentials, verify database permission procedures, and implement data-at-rest encryption.

What are the steps in the formal change control process?

Request, authorize, test, and implement the change, then communicate it to users.

What are the main change control objectives?

Protect the production environment, ensure approval and documentation of changes, communicate changes, test and schedule changes, and convert data accurately.

What are potential change risks?

Interruption of business, bypassing of security controls, and drop in service quality.

What are the steps in patch management?

Be aware of available patches, determine appropriate patches, ensure correct install, document changes, backup systems, and test thoroughly.

What is release management?

A collection of authorized software changes, including enhancements and fixes.

What are the key steps in auditing change management?

Review change management policy, ensure documented change requests, ensure approval by the business owner, test in a non-production environment, ensure separation of duties, and conduct final production implementation checks.

What are IS operations?

Processes and activities that support and manage the IS infrastructure, systems, applications, and data, focusing on day-to-day activities.

What are the tasks of the IS operations staff?

Executing and monitoring scheduled jobs, facilitating timely backups, monitoring unauthorized access, participating in DRP tests, and monitoring resource performance.

What are the areas of focus for an IS Operations audit?

Observation of personnel, operator access controls, operator manuals, access to the library, content and location of offline storage, file handling procedures, and data entry controls.

What is the role of database management systems?

DBMS software aids in organizing, controlling, and using the data needed by application programs.

What are the main areas to review in a database audit?

Logical and physical schema, access time reports, database security controls, interfaces, backup/disaster recovery, and IT asset management.

What is business resilience?

An organization’s ability to adapt to disruptions and incidents, maintaining continuous operations and protecting assets.

What is Business Impact Analysis (BIA)?

BIA evaluates critical processes and determines time frames, priorities, resources, and interdependencies.

What are the approaches for performing a BIA?

Questionnaire, interview, and group discussion with relevant IT personnel.

What are the three main questions to consider during the BIA phase?

What are the different business processes, critical information resources, and critical recovery time periods?

What are the typical risk ranking classifications?

Critical, vital, sensitive, and non-sensitive.

What is a Business Continuity Plan (BCP)?

Business Continuity Planning is a proactive planning process that ensures critical services are delivered during a disruption.

What types of disasters does the BCP help an organization deal with?

Natural disasters, power disruptions, communication failures, cyber attacks.

What components should a BCP include?

Continuity of operations plan, DRP, and business resumption plan.

What tasks should BCP testing accomplish?

Verify completeness, evaluate personnel performance and coordination, measure backup site capacity, and measure overall performance.

What are the BCP test types?

Desk-based evaluation, preparedness test, and full operation test.

What are the auditor's tasks when auditing business continuity?

Understand BC strategy, review BIA findings, evaluate BCPs, evaluate cloud-based mechanisms, evaluate offsite storage, verify backup media arrangements, evaluate personnel response, and ensure manuals are easy to understand.

What are the key steps in reviewing the Business Continuity Plan?

Obtain BC documents, verify if the BCP supports the strategy, and evaluate procedures for BCP execution and updating.

What are the steps in reviewing the applications covered by the plan?

Review applications for their tolerance, identify critical applications, and ensure the secondary site has the correct software versions.

What are the steps in reviewing the business continuity teams?

Obtain team member lists, review backup facility agreements, verify contact information, and interview personnel about their responsibilities.

What do Disaster Recovery Plans (DRP) ensure?

DRP ensure cost-effective controls are in place to prevent IT disruptions and to recover IT capacity.

What are the Recovery Point Objective (RPO) and Recovery Time Objective (RTO)?

Amount of acceptable data loss in case of disruption and acceptable downtime in case of disruption.

What recovery strategies are used for short RTO and RPO?

Data mirroring, hot site, real-time replication, and redundant equipment.

What factors determine the selection of a recovery strategy?

Criticality of the business process, cost, recovery time, and security.

What are some of the alternate recovery sites?

Mirrored site, hot site, warm site, cold site, reciprocal agreement, and outsourcing.

What are the components of an IT DRP?

Procedures for declaring a disaster, criteria for plan activation, linkage with BC plans, responsibilities, recovery teams, contact lists, recovery procedures, and resource definitions.

What teams are included in the organization and assignment of responsibilities?

Incident Response Team, Emergency Action Team, Information Security Team, etc.

What are the types of disaster recovery tests?

Checklist review, structured walk-through, simulation test, parallel test, and full interruption test.

What are the key DR test metrics?

Time, data, amount of work performed, the number of systems recovered, and accuracy of data entry.