Welcome Guest
Log In | Register )
You last visited December 9, 2016, 8:10 pm
All times shown are
Eastern Time (GMT-5:00)

critical data

Topic closed. 2 replies. Last post 12 years ago by ayenowitall.

Page 1 of 1
PrintE-mailLink

United States
Member #9879
December 26, 2004
8 Posts
Offline
Posted: December 27, 2004, 3:52 pm - IP Logged

ATTENTION PLEASE READ::


COMPUTER SECURITY

ITEM 1

During our review of application change management utilized by the Texas Lottery, we

noted the following weaknesses:

Ø


Although procedures exist relating to change management of applications, these are

neither formalized nor completely documented by management;

Ø


Programmers have the ability to migrate code directly into the production
environment;

Ø


Controls regarding the segregation of the logical development, test and production

environments are not completely effective and need improvement;

Ø


Emergency fixes are performed directly into the production environment without

subsequent controlled review;

Ø


Formal procedures that would detect an unauthorized migration into the production
environment do not exist; and

Ø


Management does not regularly or methodically review code changes moved into

production.

RISK 1

Strong change management policies and procedures help management ensure that only
requested, authorized, and tested changes are moved into the production processing

environment. The lack of formalized procedures increase the risk that managements

intentions and wishes related to production program changes are not known or followed.
In addition, without the strict and monitored segregation of development, test and

production environments, there is an increased risk that either an unauthorized user can

access the sensitive production applications or an unauthorized change can be introduced
into the production environment causing potential undesired dvents such as data loss or

sensitive data release.

RECOMMENDATION 1

The Texas Lottery should develop a strong change management methodology governing

all critical production applications. This methodology should, at a minimum, ensure a
segregation of the development, test, and production environments, and should enforce a

strict procedure for the migration of code into the production environment. This

methodology should also include provisions to detect unauthorized code attempting to be
migrated into the production environment as well as the periodic and methodical review by

management of the change management process. Finally, this methodology should also

contain provisions relating to the procedures and controls relating to emergency bug fixes.
    Avatar
    Maine
    United States
    Member #99
    January 27, 2002
    1014 Posts
    Offline
    Posted: December 27, 2004, 11:07 pm - IP Logged

    Where did that come from and what language is it? The terminology and meaning, therefore, mean nothing to a normal person like me? What are they talking about specifucally? Does this mean they. (someone), can play with the results of our lottery? Thanks. ALX

      ayenowitall's avatar - rod serling4.jpg

      United States
      Member #4416
      April 22, 2004
      1075 Posts
      Offline
      Posted: December 28, 2004, 4:23 am - IP Logged

      Quote: Originally posted by southwind on December 27, 2004




      (ad nauseum)





      Nice try. The only things missing are an ugly avatar and all those z's.

      aye'