Key Functional areas of IT Systems Administration
Service Monitoring and Control
 |
| IT Advisory Management Diagram - Outsourced IT Management Services |
Service Monitoring and Control monitors the various aspects of system performance to ensure that service level agreements are being met. One security component that frequently affects performance is auditing. Administrators in charge of monitoring systems performance must assist the security manager in generating a security audit log. They must also be familiar with the performance cost associated with generating the security audit log, so that ongoing planning properly accounts for this feature.
Job Scheduling
Job scheduling deals with assigning batch processing tasks at different times throughout the day (or night) such that use of system resources are maximised, but business and system function are not compromised. It is important that any security-related jobs be appropriately scheduled and executed, and that problems with and results of security jobs are promptly communicated to the security team. Examples of security batch jobs might include a script that validates that active users on a system are still valid employees in the personnel database, or a script that compares audit logs between the operating system and the database to ensure that things like logon and logoff times correspond.
Depending on the environment and the schedule, security tasks may need to be scheduled and consistently executed at certain times of the day/week/month to ensure that only authorised users are active in a system. Such tasks often provide users with warnings prior to the end of their authorisation period, and then finally log them off a system if they remain active. These jobs may be critical to insuring the integrity of the data in some environments where, for example, the balancing of financial figures is essential at the end of the business day. The execution of such jobs must be coordinated carefully within the IT environment as well as with business management, then monitored for successful execution prior to starting the next phase of system operation.
Network Administration
Network administration deals with the maintenance of the physical components that make up the organisation's network, such as servers, routers, switches, firewalls, and so forth. An improperly set up or inadequately physically protected network can be a tremendous security risk. Network administrators must ensure proper physical security of network components to prevent unauthorised access. Network administrators must also be familiar with proper firewall configuration and maintenance.
Directory Services Administration
Directory services contain all user and system profiles. Directory services administration deals with properly configuring and modifying object profiles to optimise functionality and security in a system. It is extremely important that directory services administrators are familiar with the organisation's security requirements, as they are the ones that manage the area where security information is stored and maintained.
Print and Output Management
Print and output management deals with all data that is printed or compiled into reports which are distributed to various members of the organisation. The print and output management team must ensure that any sensitive printed material is properly secured (for example, quickly removed from the printers, not left out where anyone can view the material, and so forth), and that reports in electronic format are protected either with encryption or some access control mechanism, so that only authorised users can view that information.
Storage Management
Storage management deals with on-site and off-site data storage for the purposes of data restoration and historical archiving. Storage management has a strong security component in that it is often a requirement that sensitive data (for example, cost or revenue information) be kept in storage the longest time (for example, for auditing purposes). The storage management team must ensure that the physical security of backups and archives is sound. As encryption technologies improve and become more ubiquitous, physical security only be required to ensure that backup media are not damaged. However as most backups are not encrypted, physical security of the backup media must also ensure that there is no unauthorised access to those archives. The storage management team must also ensure proper purging of backup media once the data is no longer needed. The backup media must either be overwritten methodically enough times to ensure that no one can obtain any of the original data (in which case the medium can be reused), or, in the case of sensitive data, the backup medium should be destroyed (for example, by degaussing or dipping in acid) so that it cannot be used or read.
Configuration Management
There is a strong security component to configuration management. Configuration management deals with keeping track of the hardware owned by an organisation and the versions of internal software that are used. Administrators should be aware of and in full control of the versions of the operating system, database management system, and all applications are running on network machines. Poor configuration management could facilitate the introduction of malicious code into an operating system(s) or into an application.
Availability Management
Availability management deals with overall system availability versus downtime. Since most organisations today are virtually paralysed when a system is down, it is extremely important that administrators properly configure and monitor a system to maximise uptime and mean time between critical failures. Availability management also has a strong security component, in that an increasingly popular outsider security attack is the denial of service attack. A denial of service attack attempts to bring system availability down to zero for as long as possible.
Capacity Management
Capacity management deals with planning for additional resources as current system resource use increases and begins to near the point of full capacity. Capacity management therefore ties directly to monitoring and measurement, as well as to availability management. Security affects capacity management in the same way, by affecting the amount of system resources required to generate the security audit log. The audit log grows larger as additional servers, databases, applications, and users are added to an enterprise system. If the enterprise begins to store and use data that is more sensitive than data previously stored and used in a system, it may have to turn on even more auditing features to make sure that data is adequately protected. This, in turn, requires greater capacity for the security audit logs. It should be noted that systems dealing with highly sensitive information are often programmed to shut down if the audit log gets filled to capacity. The capacity management team needs to be aware of this condition and help ensure that this situation does not occur.
Release Management
Release management deals with all aspects of the decision to upgrade some or all system software, including operating system, database management system, and all applications. Release management is closely associated with configuration management. Security is an important concern when doing any type of upgrade. Release management ensures that the existing security infrastructure is maintained. Improvement is ideal, but no upgrade should ever be implemented if it degrades system security. Be sure to understand the implications that the proposed upgrades have on security up front. Also, be sure to test upgrades in a development environment.
Change Management
Change management deals with the coordination of any change that occurs within the organisation, including software upgrades, entire system overhauls, organisational or personnel changes, business changes, and so forth. It is the responsibility of the change management team to ensure that all affected parties are involved in the change process. Frequently, one or more security council members should be involved. It is extremely important that security experts are aware of changes within the organisation.
Problem Management
Problem management deals with any network problem that affects a number of system users. Often, the help desk staff discovers problems when a number of people call in with the same complaint. Problem management can have a big security component. If, for example, the problem happens to be that the network is down or unusually slow, a denial of service attack should be considered as a possible cause. In such a case, the security team should be involved in fixing the problem. Security personnel should be involved if there is any question that a problem is being caused by a security feature (or inadequate security), or if the fix to the problem might affect security.
Service Desk
When users have trouble with the system, their first (and sometimes only) line of support is from the service desk. One of the most common problems users have is that of locking themselves out of their accounts or forgetting their passwords. Service desk personnel must be very clear on what they can and cannot do to help users with password problems. Service desk personnel must also be very familiar with the good password guidelines, as well as other user security policies.
Service Continuity Management
Service Continuity Management deals with automatically changing to an alternate server when a server goes down temporarily, and then transferring back to the main server when it becomes available again. The key security component in this process is that all security information (such as user access rights, audit log configurations) and processes (such as the generation of an audit log) must be maintained on the alternate system in the same condition that they are normally maintained on the original system. Also, security audit logs should be protected from deletion when a server suddenly goes down.
Workforce Management
Workforce management deals with all aspects of employee management, from determining what kinds of skills are needed to perform certain tasks, to determining how many people are required for a particular role, to hiring and managing people to do the job. Workforce management ties into security in two ways: performing background checks when employees are hired, and performing on-going performance checks. The workforce management team must ensure that proper background checks are performed before allowing the employee entrance into company facilities or access to the organisation's computer systems. Secondly, disgruntled employees are more likely to attempt to do damage to the organisation's resources or data.
Employee turnover must also be carefully managed. As employees move from one role to the next, their security access may need to be adjusted to properly reflect their new areas of responsibility. Employees who leave the organisation should have their access disabled after their last day. For these reasons, the security team needs to work closely with organisational management at all levels to coordinate their activity.
Turnover in the IT team itself may pose some additional risk. If individuals leave a company and have access to multiple systems, numerous passwords may need to be reset, and personal logon information must be disabled.
Financial Management
Financial management deals with the analysis and management of the cost of running a network, data centre, or system. This includes the cost of hardware, training, administrator time, CPU time, new software upgrades, and so forth. Frequently, security is either left entirely out of the cost picture, or an inadequate assessment of the cost of security is made, and thus the allotted security budget is insufficient. It is extremely important that a thorough risk analysis be conducted before annual budgets are determined, so that it is clearly understood how much budget is required to properly implement security.