class 11

what are IT operations concerned with?

activities that protect the organization from ongoing threats to the integrity and availability of information systems

what do technology enabled controls do?

improve the integrity of data

what are some examples of processing integrity controls inputs

form design, data entry controls

what are 3 examples of data entry controls

field checks, completeness checks, closed loop verification

what are 3 examples of processing integrity controls processes

matching, cross footing balance test, zero balance test

what are some examples of processing integrity controls outputs

data reconciliation, data transmission controls

define differential backups

backs up data that has changed since the last full backup

define incremental backups

backs up data that has changed since the last partial backup

what are 4 key considerations for backups

regularly test removable media to ensure it is reliable, test automated back up schedules to ensure data is correct, evaluate the system environment to ensure all required systems are being backed up, ensure employees are familiar with procedures to restore backups

what is something that reduces the risk of IT hardware failure

maintaining proper environmental conditions

what are physical controls concerned with

the physical protection of people, equipment, and data

what are 3 categories of physical controls

preventative, detective, corrective

what are 3 things physical controls are associated with

physical access, environmental, disaster recovery/business continuity

what are 4 types of physical access and environmental controls

fire detection and suppression, power supply, HVAC, perimeter and interior intrusion prevention/detection

define business continuity planning

identifying potential impacts that threaten business functions to enable a response that guards stakeholders, reputation, and value creating activities

what is a business continuity plan

document describing how an organization will respond to an event to make sure business functions continue

define disaster recovery planning

process, policies, and procedures related to preparing for recovery and continuation of tech infrastructure

what is a disaster recovery plan

provides procedures to respond to a disaster, resume critical functions, minimize loss, and repair/replace data processing facilities

what are the 4 disaster recovery strategies

mirror site, hot site, warm site, cold site

define a mirror cite

an exact replica of the original data center including live production data

define a hot site

fully configured data center with complete hardware and software but no data

define a warm site

similar to a hot site but without expensive equipment

define a cold site

required physical space for a data center but no tech

what are the 3 key lessons from Junglas & Ives

keep data/data centers out of harms way, assume some people will not be available, leverage suppliers