IT Systems and Business Continuity Overview

Questions and Answers

Who should ideally have the ability to update data dictionaries?

Webmaster

Programmers

DBA (correct)

Operators

What is a primary tool used by a DBA in larger applications?

Web server

Database script

Database management system (DBMS) (correct)

Data dictionary

What should programmers and analysts not have access to?

Data files

Production programs

Data center operations (correct)

All of the above

What is the main responsibility of a webmaster?

Ensuring website content is displayed correctly (A)

What should operators ideally not have regarding their work tasks?

Access to documentation (B), Programmed knowledge (C)

Which of the following is a responsibility of help desk personnel?

Logging reported problems (D)

What type of problems do help desks typically resolve?

Minor problems (A)

What should operators be responsible for in a data center?

Day-to-day functioning of the data center (A)

What is the maximum numerical value for each element in a standard IPv4 address?

255 (A)

What protocol enables the assignment of IP addresses from a pool dynamically?

Dynamic Host Configuration Protocol (DHCP) (C)

What is the typical radius of a wireless hotspot created by Wi-Fi protocols?

300 feet (C)

Which of the following best describes the Bluetooth standard's operating range?

30 feet (C)

Which technology uses microwaves to create a city-wide hotspot?

WiMax (A)

What common application does Radio-Frequency Identification (RFID) technology support?

Inventory tracking (D)

What aspect of Wi-Fi technology helps avoid collisions inherent in Ethernet?

Searching for the best frequency (D)

What is a key characteristic of a personal area network (PAN) created by Bluetooth?

Operates within about 30 feet (D)

What is the primary reason for implementing segregation of duties in an IT environment?

It helps prevent significant control weaknesses. (A)

Which of the following roles is NOT typically involved in the segregation of duties within the IT environment?

Data Entry Operator (D)

What compensating control may be necessary if segregation of duties cannot be implemented?

Library controls and effective supervision (A)

Why should systems analysts not have access to data center operations?

It prevents potential conflicts of interest. (D)

Which of the following is a traditional function that should be segregated in an IT environment?

Input, output, and reconciliation of accounts (B)

Which task conducted by a computer poses a significant control risk if performed by the same individual?

Printing checks and recording disbursements (B)

What is the primary responsibility of a Database Administrator (DBA)?

To maintain and protect the integrity of the database. (A)

What effect does segregating test programs have in the IT environment?

It makes unauthorized changes in production programs more difficult to conceal. (B)

What is the primary purpose of purchasing backup electrical generators for data centers?

To ensure continuous operation during power failures (A)

What is the main action taken by IT staff when dealing with virus attacks?

Bringing the system down gracefully to contain damage (B)

In the event that the main facility becomes uninhabitable, what is the recommended action for organizations?

To contract for alternate processing facilities (C)

What must be guaranteed about the recovery center in terms of location?

It must be located far enough to avoid the same natural disaster (D)

What distinguishes a hot site from other types of recovery centers?

It is a fully operational facility available for immediate use (A)

What does the trade-off calculation for recovery center selection involve?

Evaluating the contract cost versus potential downtime costs (B)

Which of the following is NOT true regarding a hot site?

It is the least costly recovery option available (D)

Which response is critical for handling the aftermath of a denial-of-service attack?

Carefully shutting down the system to mitigate damage (A)

What is the primary function of an MRP system in manufacturing?

To generate a schedule of when inventory items are needed (B)

What must any contract for a hot site include?

Annual testing provision (C)

What key feature distinguishes MRP II from traditional MRP systems?

MRP II integrates all aspects of a manufacturing business (A)

What happens if parts are not in stock according to the MRP system?

A purchase order is automatically generated (C)

How does a warm site differ from a hot site?

Combines features of both hot and cold sites (D)

What is a characteristic of a cold site?

Requires installation of newly acquired equipment (A)

What does the Master Production Schedule (MPS) provide in the context of MRP and MRP II?

The anticipated manufacturing schedule for selected items (C)

What role do accurate data about inventory play in the MRP process?

They ensure effective application of MRP by determining costs and scheduling. (C)

What is the primary purpose of fault-tolerant computer systems?

To prevent downtime in mission-critical applications (A)

What technology allows for data delivery along multiple paths in fault-tolerant systems?

Redundant Array of Inexpensive Disks (RAID) (C)

How does traditional ERP differ from MRP and MRP II systems?

ERP allows subsystems to share data and coordinate activities. (A)

What is a key benefit of using an MRP system for auto manufacturers?

It provides a comprehensive list of parts and components required. (C)

What is the typical recovery time for a warm site?

From 2 days to 2 weeks (C)

Which aspect of production does the MRP system not directly manage?

Employee work schedules for team members (C)

What is a disadvantage of using a cold site for disaster recovery?

It can require weeks or months to procure replacement equipment (A)

What is one major risk associated with reliance on cold sites?

Delays in the recovery process (D)

Flashcards

Segregation of IT duties

Separating IT tasks (e.g., analysis, programming, operations) among different individuals to prevent fraud and error.

IT control weakness

A situation where one person performs both input and output tasks, leading to increased risk of errors or fraud.

Systems Analyst

IT professional who designs and analyzes new computer information systems.

Data Center Access

Restriction of access to data center operations, production programs, and data files for systems analysts to prevent unauthorized changes.

Database Administrator (DBA)

Person responsible for the overall database and controls to maintain integrity.

Compensating Controls

Additional controls used to mitigate risks where basic segregation is not possible.

Library Controls

Processes used to control and manage IT programs and assets, especially those used for testing.

Segregation of duties in IT

A crucial measure to prevent unauthorized access to IT systems and resources.

DBA Responsibilities

The DBA (Database Administrator) has the sole responsibility for updating data dictionaries, ensuring data integrity and security.

DBA in Small vs. Large Systems

In smaller systems, the DBA might manage some DBMS functions. However, in larger systems, the DBA uses a DBMS as their primary tool.

Programmer's Role

Programmers design, develop, test, and document programs based on analyst specifications, but they have no access to the data center or production data.

Webmaster Responsibilities

The webmaster manages website content and works with programmers and network technicians to ensure site availability and display.

Operator's Role

Operators are responsible for the day-to-day operation of the data center, including loading data and running equipment. They should not have access to programming or systems design.

Help Desk Responsibilities

Help desks handle logged problems, resolve minor issues, and escalate complex issues to technical support.

IT Control Weakness Example

Allowing programmers to modify both programs and data files creates a risk of unauthorized changes and data manipulation.

Operator Access Restrictions

Operators should have limited access to documentation and programming knowledge to prevent them from making unauthorized changes to systems.

MRP System

A system that plans and manages materials needed for production based on demand forecasts and schedules production accordingly.

MRP System Role

To automatically generate purchase orders for parts, considering lead times, to ensure timely delivery and avoid production delays.

MRP II

An advanced version of MRP that integrates all aspects of a manufacturing business, including production, sales, inventory, scheduling, and finances.

Master Production Schedule (MPS)

A statement outlining the anticipated production schedule for specific items over specific periods.

MRP and MPS

The master production schedule (MPS) is used in MRP II, and MRP is a component within that system.

Traditional ERP System

A system where different subsystems share data and coordinate activities to streamline operations.

ERP System Benefits

It allows marketing to quickly verify inventory availability and notify shipping to process orders efficiently.

ERP System Response to Insufficient Inventory

When inventory is insufficient, the ERP system automatically notifies production to increase output and adjusts production schedules accordingly.

IP Address Structure

An IP address consists of four decimal-separated numbers, each ranging from 0 to 255. For example: 128.67.111.25.

Dynamic Host Configuration Protocol (DHCP)

DHCP allows for flexible and efficient use of IP addresses by assigning addresses dynamically to devices as they connect to a network.

Wi-Fi Hotspot

A wireless network area, typically around a router, where devices can connect using Wi-Fi.

Wi-Fi Frequency Hopping

Wi-Fi avoids collisions by constantly searching for the best frequency within its range, ensuring smooth communication.

Bluetooth PAN

A network of devices, typically within a small range (about 30 feet), for a single user, enabled by the Bluetooth standard.

WiMax City Hotspot

WiMax uses microwaves to create a large wireless network covering an entire city, acting as a 'hotspot' for many devices.

RFID Technology

RFID uses a microchip with an antenna to store and transmit data about a product, pet, vehicle, etc.

RFID Applications

RFID has various applications, including inventory tracking, lost pet recovery, and tollbooth collection.

Data Center Contingencies

Plans to ensure continuous operation of IT systems even when disruptions occur, like power outages or attacks.

Backup Generators

Emergency power sources that automatically activate during power failures, ensuring continuous operation.

Virus and Denial-of-Service Attacks

Cybersecurity threats requiring a controlled shutdown to prevent infection spread, followed by system recovery.

Alternate Processing Facility

A backup location for IT operations in case of disaster, ensuring continuity of business.

Recovery Center

A physical location for restoring IT operations in case of disaster, usually in a different city.

Hot Site

A fully functional ready-to-use backup data center, minimizing downtime.

Hot Site Costs

The most expensive but least risky backup data center solution.

Trade-off for Recovery Centers

Organizations weigh the cost of contracting a backup facility against the cost of downtime due to disaster.

Hot Site Testing

A process that simulates a disaster by loading backup data onto a hot site's equipment and measuring the time it takes to resume normal processing.

Warm Site

A backup facility with some resources available but requiring configuration and setup for the production system. It offers a quicker recovery time than a cold site but not as fast as a hot site.

Fault Tolerance

A technology that ensures continuous operation in case of a hardware failure by using redundant components and software with backup power supply.

RAID (Redundant Array of Inexpensive Disks)

A technology that allows for data delivery along multiple paths, ensuring data availability even if one hard drive fails. Multiple drives work together, providing redundancy.

Fault-Tolerant Computer Systems

Computer systems designed with redundancy and backup power supply to minimize downtime, ensuring critical operations are uninterrupted.

Mission-Critical Applications

Applications absolutely essential to an organization's operations, requiring constant availability and zero downtime. These systems cannot afford interruptions.

Study Notes

IT Systems and Business Continuity

• This study unit covers 15% to 25% of Part 3 of the CIA exam.
• It's tested at an awareness level.
• The syllabus section covers Security, Application Development, System Infrastructure, Functional areas of IT operations, ERP, data communications, software licensing, mainframe, operating systems, web infrastructure and business continuity.

Functional Areas of IT Operations

• Segregation of duties is important in IT operations.
• Clear separation of roles like systems analyst, programmer, operator, file librarian, and others, with supervision.
• Mainframes had specialized roles in the past, but roles have become blurred with decentralization.
• Maintaining proper segregation is vital, even in modern IT environments due to the blurring and disappearance of many traditional job roles.
• This is a critical control, as it helps prevent fraud, error, and inefficient operations.

Enterprise-Wide Resource Planning (ERP)

• ERP is a current system for managing organization resources, integrating enterprise-wide systems across the organization.
• It connects various functional subsystems (human resources, finance, production, marketing, distribution, purchasing, etc.) and links the organization to suppliers and customers.
• ERP improves demand analysis, just-in-time inventory management, and flexible responses to supply and demand changes.
• ERP systems are complex and costly, mostly used by the largest enterprises; however, mid-size organizations are increasingly buying them to implement best practices.
• ERP often necessitates re-engineering of business processes to realize its benefits and ensure standards and practices align with the software itself.

Web Infrastructure

• The Internet is a global network of interconnected networks, originally developed by ARPA in 1969.
• The Internet facilitates inexpensive communication and information transfer among computers.
• Most Internet access points go through Internet Service Providers (ISPs).
• Internet topology resembles a complex network rather than a simple spine-like structure.
• Internet communications use servers, clients, and the TCP/IP protocol suite.

IT System Communications

• Systems software manages computer resources.
• Operating systems are the fundamental system software, acting as the interface between users, applications, and computer hardware.
• Utilities perform basic data maintenance tasks (sorting, merging, copying, deleting).
• Networks consist of hardware devices and communication mediums.
• Client devices (e.g., computers, phones) connect to networks using network interface cards (NICs).
• Protocols govern communication between devices in a network.
• Local Area Networks (LANs) connect devices within a single location.
• Client-server arrangements in LANs, where devices (clients) request services from a central server, is more efficient than the peer-to-peer arrangement.
• Wide Area Networks(WANs) connect devices across multiple locations.
• Packet Switching and Circuit Switching are communication protocols to facilitate data transfer.
• Different networking protocols exist for diverse functions like VoIP (voice communications over the internet).

Contingency Planning

• Contingency planning is critical to resuming operations after disruptions.
• Disaster recovery is the process to restore operations in the event of major disruptions (e.g., power failure or natural disaster).
• Business continuity involves the continuation of operations using alternate methods during disruptions.
• Contingency plans should include procedures, vendors, and systems considerations for disaster recovery.
• Backup files and offsite data rotation are critical to recover data in case of data center disruption or natural disaster.
• Recovery center types include hot sites (fully operational, immediately available), warm sites (partially operational), and cold sites (minimal equipment).

Description

This quiz tests your knowledge on IT systems and business continuity, covering essential topics from the CIA exam Part 3. Key areas include security, application development, ERP, and the significance of segregation of duties in IT operations. Assess your understanding of how these concepts interrelate and impact overall IT governance.