Posted by: Robert Davis
Central Processing Unit, Configuration Management, Control Techniques, IAP, ICT, Information Communication Technology, Information Security, Information Security Infrastructure Management, Infrastructure Management, IT Configuration, IT Controls, IT Infrastructure, IT Security Infrastructure, Logical Security, Operational Level Agreement, OS, Risk Management, Risk Mitigation
Technically, the user program subroutine integration process is known as linkage editing. Linkage editing poses two risks: the unauthorized use of subroutines and the unauthorized suppression of subroutines that should accept utilization. In the first case, an application program might utilize a job control (script) statement requesting the services of an unauthorized subroutine that performs an illegal task. In the second case, the program might use a script statement that suppresses the services of a required subroutine. Consequently, policies and procedures should be implemented to ensure:
- error messages are displayed or other action taken when reference is made to unauthorized subroutines, or when external references are unsolved
- the operating system maintains a log of program usage
- the linkage editor of the operating system maintains a processing history of each program, including control statements utilized
Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.
Dictionary.com Unabridged (v 1.1). rev. ed. New York, NY: Random House. http://dictionary.reference.com/browse/linkage editor (accessed: August 30, 2008).
Lyon, Lockwood and Kenniston W. Lord. CDP Review Manual: Covering the ICCP, CDP, CSP, and CCP Examinations, 5th ed. New York, NY: Van Nostrand Reinhold, 1991. 130-2
Minasi, Mark. Complete PC Upgrade and Maintenance Guide, 8th ed. San Francisco, CA: SYBEX, 1997. 263-4
Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 239
Silbershatz, Abraham and Peter B. Galvin. Operating System Concepts, 4th ed. Gainesville, FL: Addison-Wesley, 1995. 49-50
“View Part I of the Essential Operating System Protection Mechanisms series here”
Post Note: “Essential Operating System Protection Mechanisms – Part V” was originally published through Suite101.com under the title “Essential Operating System Protection Mechanisms”