- Email: [email protected]
Contingency planning
- 14 While subjective, the suggestions as to the fourteen characteristics to be evaluated and the related factor values assigned each are the result of extensive experience and refinement based on a variety of actual applications. However, additions or deletions of characteristics and/or modification of factor values to meet the unique characteristics of particular environments are not to be ruled out.
SpeciaZist staff not required
Since the characteristics given consideration are largely objective and discreet in nature and the factor values or weights assigned are pre=tp the procedure can be applied by available personnel rather than requiring uniquely qualified individuals. The basic simplicity of the technique also tends to minimise the likelihood of error in the computations required. As is apparent the approach can easily be programmed to run on even the smallest computer with output in the form both of individual scoring sheets (Figure 1) and a ranking presentation format (Figure 2) - a step which would allow rapid revision of new listings as projects are added or deleted. Finally, the legislative history of the Foreign Corrupt Practices Act clearly shows that assessing compliance with the Act's internal Should a control standard is to be based on cost/benefit criteria. record of such cost/benefit analysis be desired, an evaluation of the degree of risk such as by the technique set forth in this paper would be appropriate for inclusion as a part of such documentation. Jerry FitzGerald, Ph.D, CDP, CISA, is the principal in Jerry FitzGerald Associates, a management consulting firm located in Redwood City, California. Dr FitzGerald is the author of a number of books and articles on systems analysis, computer security, audit, control, and data communications - areas in which he has extensive international experience and in which his firm consults and conducts seminars. Ray Roberts, Ph.D, CPA, is on the faculty of the College of Business and Economics, University of Nevada, Las Vegas. Designing Controls into Computerised Systems is available at US$16.95 postage prepaid from Jerry FitzGerald & Associates, 506 Barkentine Lane, Redwood City, CA 94065, USA.
CONTINGENCY PLANNING
One of the most thorny decisions for computer users is the level of contingency planning and back-up that is necessary to ensure the continuity and integrity of their operations. Some users have overlooked the problem on the basis that the solution is too difficult, too expensive or can be deferred until tomorrow (or to the day after the disaster strikes). Others have made efforts and may have overplanned, with the result that plans are not maintained and are unavailable when needed. The balance between no planning and overplanning is a fine one and, until recently, there has been little practical value to guide the prudent and interested user. Last month Bob Campbell, a member of the Bulletin's Editorial Board, was in London to address a meeting of Chartered A staff reporter went along to cover this meeting Accountants. expecting something to emerge of interest to our readers. He was not disappointed for Bob, in the middle of his presentation,
Volume 4 Number 3
0 Elsevier
International
Bulletins
- 15 -
AIM/SAFE
casually asked whether European users would be interested in a contingency planning methodology he has developed called AIM/SAFE. For the next five hours - a measure of the interest aroused - the meeting was locked into discussing what must be the most useful technique and step-by-step method for developing contingency plans available. The method (similar to a programmed learning text) starts from the very beginning and leads the user, whatever his system or needs, to a fully documented, tested and operational contingency plan. This is done for an average cost of US$lS 000 plus a day or two or Mr Campbell's consulting time. Full details of this approach can be obtained from Bob Campbell, President, Advanced Information Management Inc, 1988 Opitz Boulevard, Woodbridge, Virginia 22191, USA; Tel: 703 643 1002.
HARD ON THE HEELS,, ,
The item on data encryption devices in the December issue of the Bulletin has already provoked a few responses including, not surprisingly, a rash of press releases and product information One such announcement came from Prime sheets from manufacturers. Factors concerning the addition of 'in place' or FIELD mode encryption to its file oriented software encryption system PSYPHER. This development allows the user to encrypt particular fields within file records while leaving the remainder of the record unaltered. As the encryption is a byte-for-byte replacement of the user defined fields the file structure is unaltered. The benefits of this could be significant and include possible reductions in runtime overheads for encryption, and the elimination of the need for test data generators in programme development. For more information on PSYPHER and its FIELD mode option contact: Michael Schwartz, Prime Factors, 6529 Telegraph Ave, Oakland, CA 94509, USA.
PUBLICATION REV1 EW
"The centralisation of the controls of a firm's activities into one computer system, with the authority to run facilities vested in a handful of personnel, must inevitably result in an increase of the firm's vulnerability, especially if senior management who have no computer knowledge or training relinquish their responsibility on the grounds of ignorance." This statement comes from one of the most recent additions to the ranks of books on computer security, J R Talbot's Management Guide to Computer Security. And as can be guessed this book is aimed at those managers who do not wish to relinquish their responsibility, and would like to ensure that all suitable precautions have been taken to protect their computer installation. Talbot stresses throughout the text that a detailed knowledge of computer technology is not required to initiate and direct a computer security programme. He suggests that, rather than delegating the responsibility to the DP manager, senior management should take the time and effort to become involved, either through assuming overall responsibility or through the formation of a team with a senior manager (non-DP) as chairman.
Volume 4 Number 3
0 Elsevier
International
Bulletins.
SpeciaZist staff not required
Since the characteristics given consideration are largely objective and discreet in nature and the factor values or weights assigned are pre=tp the procedure can be applied by available personnel rather than requiring uniquely qualified individuals. The basic simplicity of the technique also tends to minimise the likelihood of error in the computations required. As is apparent the approach can easily be programmed to run on even the smallest computer with output in the form both of individual scoring sheets (Figure 1) and a ranking presentation format (Figure 2) - a step which would allow rapid revision of new listings as projects are added or deleted. Finally, the legislative history of the Foreign Corrupt Practices Act clearly shows that assessing compliance with the Act's internal Should a control standard is to be based on cost/benefit criteria. record of such cost/benefit analysis be desired, an evaluation of the degree of risk such as by the technique set forth in this paper would be appropriate for inclusion as a part of such documentation. Jerry FitzGerald, Ph.D, CDP, CISA, is the principal in Jerry FitzGerald Associates, a management consulting firm located in Redwood City, California. Dr FitzGerald is the author of a number of books and articles on systems analysis, computer security, audit, control, and data communications - areas in which he has extensive international experience and in which his firm consults and conducts seminars. Ray Roberts, Ph.D, CPA, is on the faculty of the College of Business and Economics, University of Nevada, Las Vegas. Designing Controls into Computerised Systems is available at US$16.95 postage prepaid from Jerry FitzGerald & Associates, 506 Barkentine Lane, Redwood City, CA 94065, USA.
CONTINGENCY PLANNING
One of the most thorny decisions for computer users is the level of contingency planning and back-up that is necessary to ensure the continuity and integrity of their operations. Some users have overlooked the problem on the basis that the solution is too difficult, too expensive or can be deferred until tomorrow (or to the day after the disaster strikes). Others have made efforts and may have overplanned, with the result that plans are not maintained and are unavailable when needed. The balance between no planning and overplanning is a fine one and, until recently, there has been little practical value to guide the prudent and interested user. Last month Bob Campbell, a member of the Bulletin's Editorial Board, was in London to address a meeting of Chartered A staff reporter went along to cover this meeting Accountants. expecting something to emerge of interest to our readers. He was not disappointed for Bob, in the middle of his presentation,
Volume 4 Number 3
0 Elsevier
International
Bulletins
- 15 -
AIM/SAFE
casually asked whether European users would be interested in a contingency planning methodology he has developed called AIM/SAFE. For the next five hours - a measure of the interest aroused - the meeting was locked into discussing what must be the most useful technique and step-by-step method for developing contingency plans available. The method (similar to a programmed learning text) starts from the very beginning and leads the user, whatever his system or needs, to a fully documented, tested and operational contingency plan. This is done for an average cost of US$lS 000 plus a day or two or Mr Campbell's consulting time. Full details of this approach can be obtained from Bob Campbell, President, Advanced Information Management Inc, 1988 Opitz Boulevard, Woodbridge, Virginia 22191, USA; Tel: 703 643 1002.
HARD ON THE HEELS,, ,
The item on data encryption devices in the December issue of the Bulletin has already provoked a few responses including, not surprisingly, a rash of press releases and product information One such announcement came from Prime sheets from manufacturers. Factors concerning the addition of 'in place' or FIELD mode encryption to its file oriented software encryption system PSYPHER. This development allows the user to encrypt particular fields within file records while leaving the remainder of the record unaltered. As the encryption is a byte-for-byte replacement of the user defined fields the file structure is unaltered. The benefits of this could be significant and include possible reductions in runtime overheads for encryption, and the elimination of the need for test data generators in programme development. For more information on PSYPHER and its FIELD mode option contact: Michael Schwartz, Prime Factors, 6529 Telegraph Ave, Oakland, CA 94509, USA.
PUBLICATION REV1 EW
"The centralisation of the controls of a firm's activities into one computer system, with the authority to run facilities vested in a handful of personnel, must inevitably result in an increase of the firm's vulnerability, especially if senior management who have no computer knowledge or training relinquish their responsibility on the grounds of ignorance." This statement comes from one of the most recent additions to the ranks of books on computer security, J R Talbot's Management Guide to Computer Security. And as can be guessed this book is aimed at those managers who do not wish to relinquish their responsibility, and would like to ensure that all suitable precautions have been taken to protect their computer installation. Talbot stresses throughout the text that a detailed knowledge of computer technology is not required to initiate and direct a computer security programme. He suggests that, rather than delegating the responsibility to the DP manager, senior management should take the time and effort to become involved, either through assuming overall responsibility or through the formation of a team with a senior manager (non-DP) as chairman.
Volume 4 Number 3
0 Elsevier
International
Bulletins.