Powerpoint 2.5
Download
Report
Transcript Powerpoint 2.5
BSBIMN501A
QUEENSLAND INTERNATIONAL BUSINESS ACADEMY
2.5 Manage contingencies such as system failure or technical difficulties by
accessing technical specialist help as required.
Contingencies are any incidents, usually
adverse, that may occur at some time in the
future.
We can make plans or provisions for
contingencies so that, in the case of an
emergency or technical difficulty, there is the
least possible disruption to business
activities, functions and processes.
The objective of careful contingency planning is
to protect organisations from being caught
unawares with a time-consuming or costly
problem-instead they are prepared with an
appropriate response.
Contingencies, by nature, cannot always be
foreseen, but there are ways to identify
potential risks.
Identifying risks requires thinking up all the
likely scenarios for things that can go wrong
with an information or knowledge
management system.
Once we have identified the potential risks,
we must then analyse, treat and monitor
them.
This process involves:
identifying potential risks and how they could
happen
ascertaining the likelihood and severity of the
risks
comparing one risk to other potential risks and
giving it a priority
making plans to either tolerate, treat or eliminate
the risk.
Think of and activity that you have undertaken
in your everyday life (planning a trip taking out a
loan)
What risks were involved in the activity?
Did you have a contingency plan in place for those
risks?
Can you apply the previous process to your
contingencies?
Describe how you prepared for the potential risks or if
you didn’t prepare contingencies, how could you
have?
Any information or knowledge management system
comes with a number of technical risks because
even the best computer programmers cannot foresee
every possible state a system can enter.
Many incidents are caused by 'bugs' in the system, but
often it is human error that causes system failure or
difficulties.
Consequently, no matter how much a system has
been thoroughly and carefully tested, there is no
guarantee that it will run problem-free in the future.
Most hardware malfunctions occur with
computer hard disks.
Dust particles get caught between
spinning disks, magnetic coating on disk
surfaces becomes worn, or disks become
misaligned due to them being dropped or
jerked-these are all common causes of hard
disk failure.
Power failures can also cause faults in the
electrical circuitry as can overheating due to
cooling fans that are no longer functioning.
Some software functions are built into chips
in the hardware, which means that softwarerelated hardware problems can affect the
system's hardware components
Software malfunctions occur when there are
bugs in the computer program's coding.
The bugs can cause the computer software to
produce erroneous or unexpected results, or
they may trigger the program to operate in an
unintentional manner.
Some bugs are more critical to the software's
function than others, and often a system will go
'live' even though it still contains known bugs.
This occurs for a number of reasons:
the bug is considered non-critical and it is not
worth delaying implementation
repairing the bug would create more problems
than there are already
the expense incurred in repairing the bug would
not be justified
an updated version or a patch will be released in
the near future to repair the bug.
It is good to keep in mind that what appears
to be a software malfunction can sometimes
be an error in human operations.
In these cases, the problem lies in correct
user training.
When we talk about corrupt data, we refer to
data that cannot be read or used by the
software program that originally created it.
The most common causes for data to be
corrupted are hard disk failures, power
failures, and computer viruses.
A number of contingency measures can, and
should always be put in place to prevent the
causes of corrupt data; such as uninterrupted
power sources, robust and concealed cabling,
a clean, dust-free environment and virus
protection software.
Regular and multiple backups will minimise
the adverse impact in the event of data being
corrupted.
The security risks associated with information
or knowledge management systems can
include fraudulent transactions, data theft,
unauthorised program modifications and
vandalism; to viruses, Trojan horses, worms
and logic bombs.
Security risks involve crimes committed by
people who exist either internally or
externally to organisations.
Their motivations may be to make money,
access confidential information or, in the case
of many 'hackers', Simply to cause havoc for
the fun of an intellectual challenge
Clearly, there is no room for complacency when
it comes to security risks.
Contingency plans to reduce the risk of
expensive computer crimes should have top
priority in all organisations.
Plans should incorporate strict use of passwords
and continual monitoring with virus protection
software.
Data encryption is also a valuable strategy
against data theft-it makes data meaningless
to anyone who doesn't know the special
decoding process necessary to convert the
data back into a readable
form
Operating a computer may seem like a
harmless activity in terms of personal safety,
but there have been incidents whereby
complex computer systems have caused
injury and even death.
Systems developed for military defence,
transport and healthcare also have the
potential to cause tragic harm to humans.
Fortunately, most business-related information
or knowledge management systems don't carry
such catastrophic risks to humans.
However, it is nevertheless worth going through
the process of analysing safety risks such as the
impact that electrical faults, natural disasters
and even ergonomics may have on the health
and safety of system users.
Define the following security risks. You may
need to search the internet if you are
unfamiliar with any of the terms.
Virus
Worm
Trojan horse
Logic bomb
Trapdoor
A computer virus attaches itself to a program or file enabling
it to spread from one computer to another, leaving infections
as it travels. Like a human virus, a computer virus can range
in severity: some may cause only mildly annoying effects
while others can damage your hardware, software or files.
Almost all viruses are attached to an executable file, which
means the virus may exist on your computer but it actually
cannot infect your computer unless you run or open the
malicious program. It is important to note that a virus cannot
be spread without a human action, (such as running an
infected program) to keep it going. Because a virus is spread
by human action people will unknowingly continue the
spread of a computer virus by sharing infecting files or
sending emails with viruses as attachments in the email.
A worm is similar to a virus by design and is considered to be a sub-class of a
virus. Worms spread from computer to computer, but unlike a virus, it has the
capability to travel without any human action. A worm takes advantage of file or
information transport features on your system, which is what allows it to travel
unaided.
The biggest danger with a worm is its capability to replicate itself on your system,
so rather than your computer sending out a single worm, it could send out
hundreds or thousands of copies of itself, creating a huge devastating effect. One
example would be for a worm to send a copy of itself to everyone listed in your email address book. Then, the worm replicates and sends itself out to everyone
listed in each of the receiver's address book, and the manifest continues on down
the line.
Due to the copying nature of a worm and its capability to travel across networks
the end result in most cases is that the worm consumes too much system
memory (or network bandwidth), causing Web servers , network servers and
individual computers to stop responding. In recent worm attacks such as the
much-talked-about Blaster Worm, the worm has been designed to tunnel into
your system and allow malicious users to control your computer remotely.
A Trojan Horse is full of as much trickery as the mythological
Trojan Horse it was named after. The Trojan Horse, at first glance
will appear to be useful software but will actually do damage once
installed or run on your computer. Those on the receiving end of a
Trojan Horse are usually tricked into opening them because they
appear to be receiving legitimate software or files from a
legitimate source. When a Trojan is activated on your computer,
the results can vary. Some Trojans are designed to be more
annoying than malicious (like changing your desktop, adding silly
active desktop icons) or they can cause serious damage by
deleting files and destroying information on your system. Trojans
are also known to create a backdoor on your computer that gives
malicious users access to your system, possibly allowing
confidential or personal information to be compromised. Unlike
viruses and worms, Trojans do not reproduce by infecting other
files nor do they self-replicate.
In a computer program, a logic bomb is
programming code, inserted surreptitiously or
intentionally, that is designed to execute (or
"explode") under circumstances such as the
lapse of a certain amount of time or the failure
of a program user to respond to a program
command. It is in effect a delayed-action
computer virus or Trojan horse. A logic bomb,
when "exploded," may be designed to display or
print a false message, delete or corrupt data, or
have other undesirable effects.
Trap doors, also referred to as backdoors, are
bits of code embedded in programs by the
programmer(s) to quickly gain access at a later
time, often during the testing or debugging
phase. If an unscrupulous programmer
purposely leaves this code in or simply forgets to
remove it, a potential security hole is
introduced. Hackers often plant a backdoor on
previously compromised systems to gain later
access. Trap doors can be almost impossible to
remove in a reliable manner. Often, reformatting
the system is the only sure way
Technical specialists are workers who are
either internal or external to the organisation
and who have been given the responsibility of
dealing with issues that arise with the
information or knowledge management
system.
Having specialists available with the right
technical skills is integral to contingency
planning.
A team of technical specialists should be able
to answer the following questions:
Are the risks interrelated?
Who is affected by the risk?
Who will ensure the risks are managed?
How an organisation puts its team of
technical specialists together will differ from
one organisation to another, depending on its
needs, size and type of business.
A list of different kinds of technical
specialists is provided below to give an
overview of who may be available to consult
should the need arise
A chief information officer (CIO) is head of all aspects
of information technology within the organisation.
In most cases, the CIO plays a central role in analysing
and modifying business processes, developing
knowledge sources, reshaping technological
infrastructures, and identifying strategic business
directions.
CIOs possess a good balance of business acumen,
project management skills and knowledge of
information technology.
Sometimes software is bought 'off-the-shelf'
and, at other times, it is custom-built by
specialists who exist either internally or
externally to the organisation.
More often than not, complex information or
knowledge management systems are tailored
for the organisation using a combination of
both off-the-shelf and custom-built software
When you encounter software-related technical
difficulties, you might need to consult with the
software programmers who have written the
program's coding.
This group of workers design, write and test the
system's programs and database.
They will also write technical documentation
related to the software program
Systems managers take care of hardware
installations and configurations.
They are also responsible for making sure
that users operate the system correctly.
Technical writers are responsible for writing
the user documentation and training guides
for the system.
Database administrators are in charge of how
items are entered into the database.
They monitor its performance and data
quality.
Information technology support personnel
provide assistance to workers who operate the
information or knowledge management system.
The information technology user support team
may encompass database administrators,
systems managers, systems programmers and
technical writers.
User support specialists can also be found at the
organisation's help desk
Computer systems can have an in-built design
that minimises the operational impact of system
failures.
This type of design is referred to as faulttolerance, fail-safe design or graceful
degradation.
It allows the system, in the event of failure or
malfunction, to continue its operations with
decreased quality or capacity.
Usually, the amount of decrease in operational quality
is in proportion to the degree of failure in the system
Fault tolerant systems either correct a problem at the
time it occurs and 'roll forward' from there, or they
'roll back' to a state when the system was functioning
properly to detect the problem and then
correct it.
Both roll-forward and roll-back mechanisms can be
built into the same system to deal with
different types of errors.
In groups, each member shares a positive
experience that they have had when
accessing technical assistance.
Next share an incident when things didn't
work out so well.
What made that experience negative?
From a business perspective, what went wrong
and why?