To cover the following issues in relation to a client's IT operations the staff roles and functions typically found within IT operations the
|
|
|
- Solomon Cooper
- 5 years ago
- Views:
Transcription
1 BAB 5 IT OPERATION
2 OBJECTIVES
3 To cover the following issues in relation to a client's IT operations the staff roles and functions typically found within IT operations the importance of controls within the IT operations environment the identification of control weaknesses and the provision of recommendations to the client's management
4 Roles and responsibilities of IT operations
5 Computer operations are the logistic and infrastructure aspects of hardware I software Good computer operations ensure that the system are available at scheduled time, operate as expected and the results of the processing are produced on time A well run IT department will see that computer operations that are transparent to users, fully supporting them in the performance of their roles
6 Roles and responsibilities of IT operations
7 Capacity planning Performance monitoring to ensure computer system continue to perform estimating the space, computer hardware, software and connection infrastructure resources Monitoring day to day performance In terms of measures Initial program loading Booting up system Installing new software
8 Roles and responsibilities of IT operations
9 Media management Job scheduling Managing the media used / involved Disks, tapes, CD ROMS Enables the system to automatically run jobs at a predetermined time Process or sequence of job process Run overnight / background Periodically Back ups and disaster recovery ' ~,. Copy data/system file/applications to a second medium in case the first one fail Carried out on regular basis Ensure
10 Roles and responsibilities Of IT Operations Help desk & problem management maintenance Network Monitoring Day to day link between the users with IT problems & IT department Troubleshoots problem in related to IT Hardware > Software,L----_.~ ~ Computers are linked networked Ensure communication are maintained Approval level of network access l_-v~
11 Risk associated with poorly controlled computer operations
12
13 Risks
14 Applications problems and errors Loss of programs and data Delays and disruptions r Not run correctly Incorrect version Wrong confugration parameters Result from improper/ unauthorised used of system utilites It operation staffs may Wrong priorities given to jobs not know how to deal with processing problems / error reports
15 Higher risk from disaster Lack of back ups and contingency plan increases - risk of being unable to continue process after disaster Inadequate system capacity System unable to process in a timely manner due to overload J I ~ New transactions cannot be L- processed I posted into system due to lack of system capacity
16 Risks
17 SERVICE LEVEL AGREEMENT
18 IT departments to draw up and agree service level agreements part of a service contract where the level of service is formally defined Preferably specified in writing specify the levels of availability, serviceability, performance, operation, or other attributes of the service Structure and level of service specified depend on the working practices and requiremen Arahan Teknologi Maklumat (MAMPU)
19 SERVICE LEVEL AGREEMENT General provisions Definition of services Scope of agreement Signatories Date of next review Description of services Brief description of service Working hours Normal working hours Public holidays Weekend
20 SERVICE LEVEL AGREEMENT
21
22 Management review and supervision of IT operations
23 1. IT operations review periodic reviews of IT operations working practices and organisation 2. Separation of duties 3. Management monitoring operations staff should be supervised by management staff with system utilities should be supervised to ensure utilities are used for authorised purpose 4. Automated monitoring - automated logging and monitoring facilities within the system. Logging parameter To assist management in their detection of unauthorised activity, the client should develop a program or system to report 5. Need for trust
24 Management review and sup operations
25 1. IT operations review periodic reviews of IT operations 2. working organisation 3. Separation of duties 4. Management monitoring operations staff should be supervised by staff with system utilities should be super utilities are used for authorised purpose 4. Automated monitoring - automated logging and monitoring facilities' Logging parameter To assist management in their detection of ICT
26
27 Maintenance
28
29 ( Hardware) Regular maintenance to reduce risk of unexpected hardware failures Should minimise the unavailability by planning maintenance activities ( Infrastructure) Environmental equipment ( Software ) Modification of software product after delivery to improve performance and correct faults Upgrading software ( Network ) Concerning performing repairs and upgrades In-house or contracted out Internal maintenance capability Outsource
30 Operations documentation
31 Clear, concise and available F Coverage may include Handling of data and files v Scheduling instructions v Errors, system failures Contacts v Special runs v System restart and recovery procedures v Daily housekeeping and maintenance v ehelpdesk Jabatan Audit Negara
32
33
34 (I) PROBLEM MANAGEMENT r - The ability to add entry should not be restricted \ _I The ability to update entry should be restricted l - -- Must ensure that problem management mechanism is properly maintained I -- I. I Outstanding errors are adequately addressed and resolved National Audit Academy IT COmROLS: S23127
35 PROBLEM MANAGEMENT Operation of network deals with keeping the network up and running smoothly A range of controls required when client uses computer networks Network is adequately secured against unauthorised access Ensure appropriate controls to secure data in networks
36