Page 57 - Auditinf Electronic System
P. 57

3) Lack of standards
    distribution of responsibility in the DDP
    environment, standards for developing

    and documenting systems, choosing
    programming languages, acquiring
    hardware and software, may be
    unevenly applied or non-existent

                                  Controlling for risks:
1) Separation of Related duties is a must in any IT Governance settings
2) Having effective disaster recovery Plans (especially keeping backups):

▪ Disaster Recovery Planning: is a contingency planning of resuming normal

   information processing operations after the occurrence of a major interruption.
   Whether those in which the data center is physically available and those in
   which it is not.

A-the first type of contingency: those in which the data center is physically available
are power failure, random intrusions such as viruses, and deliberate intrusions such
as hacking incidents. The organization's physical facilities are sound, but immediate
action is required to keep normal processing going.
✓ the purchase of backup electrical generators: to mitigate Power failures, can be

   guarded against by These can be programmed to automatically begin running as

   soon as a dip in the level of electric current is detected. This is a widespread practice
   in settings such as hospitals where 24-hour system availability is crucial.
✓ Attacks such as viruses and denials-of-service call for a completely different
   response. The system must be brought down "gracefully" to halt the spread of the
   infection. The IT staff must be well trained in the nature of the latest virus threats
   to know how to isolate the damage and bring the system back to full operation.
B-The second type of contingency: is much more serious. those in which the data
center is NOT physically available, this type is caused by disasters such as floods,
fires, hurricanes, earthquakes, etc. An occurrence of this type necessitates the
existence of an alternate processing facility.
   ✓ The recovery center, like the offsite storage location for backup files, must be

       far enough away that it will likely be unaffected by the same natural disaster
       that forced the abandonment of the main facility. Usually, companies’ contract

       for backup facilities in another city.
   ✓ Once the determination is made that processing is no longer possible at the

       principal site, the backup files are retrieved from the secure storage location
       and taken to the recovery center.

58

                                                                                              57

‫جميع الحقوق محفوظة ـ الإعتداء على حق المؤلف بالنسخ أو الطباعة يعرض فاعله للمسائلة القانونية‬
   52   53   54   55   56   57   58   59   60   61   62