Security Aspects of the Operation of Computer Facilities

After the application software has been developed and has satisfied acceptance tests, it forms part of the information system and the system enters the operational stage. During the operational stage, security must not be allowed to deteriorate, otherwise the effort expended in building controls into the application software will have been wasted. The work of the operations section is of major importance and must be reliable. A number of procedures can be used to complement the controls that are in and around the application software (IBM, 1976). The operational aspects which affect security include company policies relating to access to computing facilities; commitment and involvement of operations personnel; recovery planning; and maintenance of software and hardware. There are many other aspects of security that are conducive to secure operations. These include data security, physical security and contingency planning. These are described in other chapters, with which there is some inevitable overlap. The topics in this chapter are presented from the operations point of view.