Within the systems support and security phase, IT personnel maintains, enhances, and protects the system1. Security controls safeguard the information system from external and internal threats. A well-constructed system has to be secure, scalable, reliable, and maintainable. Systems support and security implements vital protection as well as maintaining services for software, hardware, along with enterprise computing systems, corporate IT infrastructure, networks, and transaction processing systems. The system support and security group enforces and monitors the physical and the electronic security software, procedures, and hardware.
Managing systems support and security consists of three main concerns: user expectations, system performance, and security requirements1. Procedural security, commonly known as operational security, consists of managerial policies and controls that ensure secured operations. Procedural security represents how certain tasks are to be performed, such as large-scale data backups which occur on a daily basis to emails being stored. Procedural security also consists of safeguarding certain procedures which can be valuable to attackers. Procedural security should be supported by upper management and fully explained to all staff1. The organization most definitely should supply training to explain such procedures and supply reminders from time to time which will ensure security is a priority.
Each system should must condition for data backup as well as recovery. Backup relates to copying data at scheduled intervals, or continuously. Recovery refers to restoring data and restarting a system after it has been interrupted. An overall backup and recovery plan which prepares for potential disasters is referred to as disaster recovery plan. The backbone of a corporation data protection is a backup policy, which consists of detailed instructions and procedures. For a backup policy to be effective, it must explain in detail how a firm can continue business operations or survive a catastrophe. A backup policy needs to specify backup types, retention periods, and backup media.
Managing and accessing system security involves six separate but interrelated levels: physical security, network security, application security, file security, user security, and procedural security. Together, each form is linked together and act as a chain, and the system security is only as strong as the weakest link.
The first level of system security involves the physical environment, which includes IT resources and the individuals throughout the company and or business. It is imperative that special attention must be given to critical equipment located within operations centers, which house servers, network hardware, and other related operational equipment. Larger companies may dedicate a specific room in order to ensure the operations center is protected from any unwanted intrusions, while smaller companies may resort to utilizing an office or...