RANGKUMAN KELOMPOK 8
INFORMATION SYSTEM OPERATIONS
Adalah salah satu domain dalam sertifikasi CISA yaitu domain
4.
— Dalam
domain ini juga mencakup pemeliharaan dan dukungan sistem informasi serta
pemulihan sistem informasi pasca bencana dan tujuan nya memberikan jaminan bahwa proses operasi sistem informasi,
pemeliharaan dan dukungan sistem informasi memenuhi strategi dan tujuan organisasi .
Hal penting untuk diperhatikan dalam proses system informasi
adalah
·
fungsi dari pengendalian manajemen adalah
untuk memastikan bahwa proses sistem informasi dapat memulihkan operasional
organisasi dari gangguan secara tepat waktu.
·
Pemahaman
terhadap log proses sistem informasi, berkaitan dengan poin diatas.
·
Dokumentasi
dalam proses sistem informasi penting dalam pemulihan operasional organisasi
atas gangguan yang terjadi.
Domain 4 ( Task statements and Knowledge Statements) :
Domain
4—Task Statements:
4.1 Conduct periodic reviews of information systems to
determine whether they continue to meet the organization’s objectives.
4.2 Evaluate service level management practices to determine whether the level of service from internal and external service providers is defined and managed.
4.3 Evaluate third party management practices to determine whether the levels of controls expected by the organization are being adhered to by the provider.
4.4 Evaluate operations and end-user procedures to determine whether scheduled and non-scheduled processes are managed to completion.
4.5 Evaluate the process of information systems maintenance to determine whether they are controlled effectively and continue to support the organization’s objectives.
4.6 Evaluate data administration practices to determine the integrity and optimization of databases.
4.7 Evaluate the use of capacity and performance monitoring tools and techniques to determine whether IT services meet the organization’s objectives.
4.8 Evaluate problem and incident management practices to determine whether incidents, problems or errors are recorded, analyzed and resolved in a timely manner.
4.9 Evaluate change, configuration and release management practices to determine whether scheduled and non-scheduled changes made to the organization’s production environment are adequately controlled and documented.
4.10 Evaluate the adequacy of backup and restore provisions to determine the availability of information required to resume processing.
4.11 Evaluate the organization’s disaster recovery plan to determine whether it enables the recovery of IT processing capabilities in the event of a disaster.
4.2 Evaluate service level management practices to determine whether the level of service from internal and external service providers is defined and managed.
4.3 Evaluate third party management practices to determine whether the levels of controls expected by the organization are being adhered to by the provider.
4.4 Evaluate operations and end-user procedures to determine whether scheduled and non-scheduled processes are managed to completion.
4.5 Evaluate the process of information systems maintenance to determine whether they are controlled effectively and continue to support the organization’s objectives.
4.6 Evaluate data administration practices to determine the integrity and optimization of databases.
4.7 Evaluate the use of capacity and performance monitoring tools and techniques to determine whether IT services meet the organization’s objectives.
4.8 Evaluate problem and incident management practices to determine whether incidents, problems or errors are recorded, analyzed and resolved in a timely manner.
4.9 Evaluate change, configuration and release management practices to determine whether scheduled and non-scheduled changes made to the organization’s production environment are adequately controlled and documented.
4.10 Evaluate the adequacy of backup and restore provisions to determine the availability of information required to resume processing.
4.11 Evaluate the organization’s disaster recovery plan to determine whether it enables the recovery of IT processing capabilities in the event of a disaster.
Domain
4—Knowledge Statements:
4.1 Knowledge of service level management practices and the
components within a service level agreement
4.2 Knowledge of techniques for monitoring third party compliance with the organization’s internal controls
4.3 Knowledge of operations and end-user procedures for managing scheduled and non-scheduled processes
4.4 Knowledge of the technology concepts related to hardware and network components, system software and database management systems
4.5 Knowledge of control techniques that ensure the integrity of system interfaces
4.6 Knowledge of software licensing and inventory practices
4.7 Knowledge of system resiliency tools and techniques (e.g., fault tolerant hardware, elimination of single point of failure, clustering)
4.8 Knowledge of database administration practices
4.9 Knowledge of capacity planning and related monitoring tools and techniques
4.10 Knowledge of systems performance monitoring processes, tools and techniques (e.g., network analyzers, system utilization reports, load balancing)
4.11 Knowledge of problem and incident management practices (e.g., help desk, escalation procedures, tracking)
4.12 Knowledge of processes, for managing scheduled and non-scheduled changes to the production systems and/or infrastructure including change, configuration, release and patch management practices
4.13 Knowledge of data backup, storage, maintenance, retention and restoration practices
4.14 Knowledge of regulatory, legal, contractual and insurance issues related to disaster recovery
4.15 Knowledge of business impact analysis (BIA) related to disaster recovery planning
4.16 Knowledge of the development and maintenance of disaster recovery plans
4.17 Knowledge of types of alternate processing sites and methods used to monitor the contractual agreements (e.g., hot sites, warm sites, cold sites)
4.18 Knowledge of processes used to invoke the disaster recovery plans
4.19 Knowledge of disaster recovery testing methods
4.2 Knowledge of techniques for monitoring third party compliance with the organization’s internal controls
4.3 Knowledge of operations and end-user procedures for managing scheduled and non-scheduled processes
4.4 Knowledge of the technology concepts related to hardware and network components, system software and database management systems
4.5 Knowledge of control techniques that ensure the integrity of system interfaces
4.6 Knowledge of software licensing and inventory practices
4.7 Knowledge of system resiliency tools and techniques (e.g., fault tolerant hardware, elimination of single point of failure, clustering)
4.8 Knowledge of database administration practices
4.9 Knowledge of capacity planning and related monitoring tools and techniques
4.10 Knowledge of systems performance monitoring processes, tools and techniques (e.g., network analyzers, system utilization reports, load balancing)
4.11 Knowledge of problem and incident management practices (e.g., help desk, escalation procedures, tracking)
4.12 Knowledge of processes, for managing scheduled and non-scheduled changes to the production systems and/or infrastructure including change, configuration, release and patch management practices
4.13 Knowledge of data backup, storage, maintenance, retention and restoration practices
4.14 Knowledge of regulatory, legal, contractual and insurance issues related to disaster recovery
4.15 Knowledge of business impact analysis (BIA) related to disaster recovery planning
4.16 Knowledge of the development and maintenance of disaster recovery plans
4.17 Knowledge of types of alternate processing sites and methods used to monitor the contractual agreements (e.g., hot sites, warm sites, cold sites)
4.18 Knowledge of processes used to invoke the disaster recovery plans
4.19 Knowledge of disaster recovery testing methods
Tidak ada komentar:
Posting Komentar