Data Processing ICQ
Last Modified Sunday, 20-Oct-1996 22:45:23 PDT
Operating Environment
- Is the departmental accounting system a microcomputer based system?
- Does the department have IBM PC’s, compatible or clones?
- Does the department have Macintosh or Apple computers?
- How many micro computers does the department have?
- Does the department have a LAN? If yes, what type?
- Are the department micro computers or LAN connected to any other systems via modem or other communication devices?
- What software does the department use for:
- Word processing?
- Spreadsheets?
- Database?
- Accounting?
- Access Control?
- Other?
- Are there any applications which have been developed by departmental personnel?
- What systems are internally developed?
Purchased Software
- Are original copies of software in a safe or otherwise protected?
- Does the department comply with software vendors’ agreements regarding the number of computers where the software may be used?
- Has the department registered its commercial software?
- Is the software registered in the department’s rather than an individuals name?
- For department administrative computers, is shareware from electronic bulletin boards or computer user groups used?
Purchased and Internally Developed Software
- Are computer users aware of how computer viruses can be distributed?
- Does the department have policy on the installation of personal software on department computers?
- Is the master copy of the application secured for future use if the working copies are written over?
- Does basic documentation (program logic, database structure, macros, required input, and expected output) exist for the application?
- If the application needs to be modified, can departmental personnel make the required changes?
- Do at least two individuals know how to use each application?
- Is there a single "key" person whose departure from the department could jeopardize the continuing use of the application?
- Is there written documentation for departmental spreadsheets?
- Would accidental or intentional changes to the application program code be detected?
- Do internally developed programs have audit and security provisions, program specifications, program code documentation and a user’s manual?
Backup, Recovery and Contingency Planning
- Are back computer files created at appropriate time intervals so that damaged or lost files can be easily reconstructed?
- Are at least 3 generations (grandparent, parent, and child) of backup computer files created and stored in a secure location?
- Are system files and templates backed up periodically as well as date files?
- Are the backup files secured from accidental or purposeful damage and/or unauthorized examination?
- If the department has a "key" computer and/or computer system, have contingency plans been made for emergency situations including hard disk “crashes” and central processing unit (CPU) failures?
- Has a supply of forms and system documentation been stored at an alternate location is case of natural disaster?
Sensitive Data/Confidential Files
- Are floppy disks containing confidential files kept in a locked cabinet?
- If confidential files (personnel records, confidential correspondence, student records, etc.) are maintained on a hard disk, is access to the computer restricted:
- to authorized personnel?
- by security software?
- by physical barriers?
- If confidential files are maintained on a network server:
- is access restricted by passwords?
- is the network accessible via modems from "outside" or public computers?
- Have password management guidelines been disseminated to employees?
Hardware
- Have Equipment Modification forms been obtained for all departmental computers used off-campus?
- Are add-in boards to computers cataloged?
- Are computers adequately secured from theft?
- Are administrative offices, faculty offices, and research and teaching laboratories locked during lunch hours or when unattended?
- Are computers protected with power filters or surge protectors?
[ Home Page ]
[ What's New? ]
[ Auditing ]
[ Security ]
[ Technologies ]
[ Control ]
For comments or problems, please e-mail
Slemo Warigon lonestar@rain.org
or call (805) 893-3817.
Copyright © 1996 The WariNet Haven