Operating a Computer Environment in a Secured and Standard Approach

1. The Importance of Security within
the Computer Environment

2. Objectives
• Identify and explain standard operating
procedures of a computer centre.
• Explain the need for computer room security.
• Identify and describe computer systems auditing.
• Explain prevailing safety regulations in computer
centre.
• Describe methods of preventing hazards (fire,
flooding, sabotage, etc) .

3. What is Standard Operation Procedure
An SOP is a procedure specific to your operation
that describes the activities necessary to complete
tasks in accordance with industry regulations,
provincial laws or even just your own standards for
running your business. Any document that is a
“how to” falls into the category of procedures. In a
manufacturing environment, the most obvious
example of an SOP is the step by step production
line procedures used to make products as well
train staff.

4. Standard Operating Procedures of a
Computer Centre
The following are the standards procedure in operating a
computer centre:
Change Control: in addition to defining the formal
change control process include a roster of change control
and forms for change requests, plans and logs.
Facilities: Injury prevention program information,
documentation regarding power and cooling emergency
shut off processes; fire suppression system information;
unsafe condition reporting forms; new employee safety
training information, logs and attendance records; illness
or injury reporting forms; and visitor policies

5. SOPs of a Computer Centre
• Human Resources: Include policies regarding
technology training, as well as acceptable use policies,
working hours and shift schedules, workplace violence
policies, employee emergency contact update forms,
vacation schedules and anti-harassment and
discrimination policies.
• Security: This a critical area. An IT organization should
implement policies regarding third-party or customer
system access, security violations, auditing,
classification of sensitive resources, confidentiality,
physical security, passwords, information control,
encryption and system access controls

6. SOPs of Computer Centre
• Templates: Providing templates for regularly used
documentation types makes it easier to accurately
capture the data you need in a format familiar to your
staff. Templates to consider include policies,
processes, logs, user guides and test/report forms.
• Crisis Management: Having a crisis response scripted
out in a advance goes a long way toward reducing the
stress of a bad situation. Consider including crisis
management documentation around definitions; a
roster of crisis response team members; crisis
planning; an escalation and notification matrix; a crisis
checklist; guidelines for communications; situation
update forms, policies and processes; and post-mortem
processes and policies.

7. SOPs of Computer Centre
• Deployment: Repeatable processes are the key to
speedy and successful workload deployments. Staff
should be provided with activation checklists,
installation procedures, deployment plans, location of
server baseline loads or images, revision history of past
loads or images and activation testing processes.
• Materials Management: Controlling your inventory of
IT equipment pays off. Consider including these items
in your organization's document library: policies
governing requesting, ordering, receiving and use of
equipment testing; procedures for handling storing,
inventorying, and security hardware and software; and
forms for requesting and borrowing hardware for
testing.

8. SOPs of Computer Centre
• Internal Communications: Interactions with other
divisions and departments within your organization
may be straightforward, but it is almost always helpful
to provide a contact list of all employees in each
department with their work phone numbers and email
addresses.
• Engineering Standards: Testing, reviewing and
implementing new technology in the computer center
is important for every organization. The following
should be added to organization's SOP manuals: new
technology request forms, technology evaluation
forms and reports, descriptions of standards, testing
processes, standards review and change processes and
test equipment policies.

9. Need for Computer Room Security
The vulnerability of business critical information systems and the data they
contain within the Computer Room make the site a high value asset which
requires a high degree of protection. A range of security measures are
therefore in place to protect employees, information and physical assets,
along with the reputation of the organization and interested third parties
with equipment in the Computer Room.
There usually policies for the computer room use such as the once stated
below:
• Hours of Operation
• Available Facilities
• Equipment Delivery
• Environmental Restrictions and Considerations
• Control of Equipment and Spares
• Console equipment (monitor, keyboard and mouse)
• Prohibited Items

10. Computer Systems Auditing.
• Computer Systems Auditing also known as IT Audit or
EDP Audit is an examination of the management
controls within Information technology (IT)
infrastructure.
• The evaluation of obtained evidence determines if the
information systems are safeguarding assets,
maintaining data integrity, and operating effectively to
achieve the organization's goals or objectives
• CSA include but not limited to efficiency and security
protocols, development processes, and IT governance
or oversight.

11. Types of Computer Systems Auditing
Various authorities have created differing taxonomies to distinguish the
various types of IT audits. Goodman & Lawless state that there are three
specific systematic approaches to carry out an IT audit:
•Technological innovation process audit. This audit constructs a risk profile
for existing and new projects. The audit will assess the length and depth of
the company's experience in its chosen technologies, as well as its presence
in relevant markets, the organization of each project, and the structure of the
portion of the industry that deals with this project or product, organization
and industry structure.
•Innovative comparison audit. This audit is an analysis of the innovative
abilities of the company being audited, in comparison to its competitors. This
requires examination of company's research and development facilities, as
well as its track record in actually producing new products.
•Technological position audit: This audit reviews the technologies that the
business currently has and that it needs to add. Technologies are
characterized as being either "base", "key", "pacing" or "emerging".

12. Steps for Computer Auditing
The following are basic steps in performing the
Computer Audit Process:
•Planning
•Studying and Evaluating Controls
•Testing and Evaluating Controls
•Reporting
•Follow-up

13. Prevailing Safety Regulations in
Computer Centre.
• Use only computer resources that are authorized.
• Sharing of computer accounts is not allowed.
• Users must not attempt making unauthorized
connections to, breaking into, or adversely affecting
the performance of other systems on the network,
irrespective of whether these systems are owned by
the Institute or not
Abide by all applicable copyright laws and licenses.
• Users must not intrude on the legitimate or convenient
use of computer resources by others.
• When sending personal messages to other users,
always identify yourself as the sender.
• Unauthorized commercial use is prohibited.

14. Methods of Preventing Hazards
For the most part, these methods consist of the following
elements, performed, more or less, in the following
order.
•Identify, characterize threats
•Assess the vulnerability of critical assets to specific
threats
•Determine the risk (i.e. the expected likelihood and
consequences of specific types of attacks on specific
assets)
•Identify ways to reduce those risks
•Prioritize risk reduction measures based on a strategy