Data Storage Media Handling
Data Storage Media Handling
Data Storage Media Handling
which is not supposed to be availafle to them undernormalcircumstances.Thus, the controls are byPassedand the system is hackedby them.
Careless or incorrectrestartingof a system afterabruptshutdownmay cause the state of transitionto be
unknownto a user. In some mailingsoftware,if a personcloses the browserwithout logging out' the next
Person can open the apflicationwithan authenticationof previouspersondirectly.
Hardwaremaintenanceactivities may be performedwhile productiolldata is on|inc, and the equiPment
undergoing maintenance is not isolated from the system before maintenance.For example, the Printer,
which is assigned to printfinancialinstrumentslike chequesand drafts, may have a stationaryof blank
Instrumentswith it. Printermaintenanceis done at this time.
OPeratormay performan unauthorisedaction for personalgains, and the system cannotdetecUstopsuch
transaction.This may lead to dataloss and modification.
OPerationsstaff may destroy hardwareand system datafor personalgains or other reasons. Data present
in the system may be lost or modified,thus affectingsystemprocessing in a negative manner.
Wrong version of an applicationmay beexecuted, if configurationmanagementprocesses arenot followed
correctly. If old sources and executablesarenotreplacedby new sources and executablesafterthe changes,
then the application may not be able to integratewith them.
Program may execute multiple instances using same transactionsagain & again, and may update the
database again and again. Transactionsonce completedmay not leave the queueand there is no controlto
protect transaction getting executedfor the second time.
Operatormay bypass installed controlsof working, andthe systemallows processing even afterbypassinI
of such controls without any notification.Controlsmay be disabled,or detective controlsmay be bypassec
and system allows them to be disabledas bypassed.
Supervision may not be adequateand people may hack partsof the System for personalbenefit or throng
negligent working patterns.The supervisor Waynot be able to detect and control these activities.
Due to incorrectly learned procedures, an operatorWay modify or delete muter mesor main databm
&om the system, and the system mayallow so withoutofferingany protectionof such infoation suc
u maining a bacp.
Scanned by CamScanner
Risk Analysis
145
Storage.media containing sensitive data may not get adequatephysical/logical protection becausethe
oPeratlonsstaff is not trained to doso. Securityproceduremaynot be effective or peoplehandling storage
media maynot be trained as awareof security procedures.
Output may be sentto the wrong individual/terminal by mistakeandsystem allows that- The terminal may
take an action basedon sucha transaction.This is a commonscenariofor printing of financial instruments
which areexpectedto be processedon securedprinters.If user changesthe printer destinationand system
allows such change,it may break the security establishedfor the purpose.
Improperly dennedoperating proceduresin post-processingtasks may result in loss of dataor outPut.
Proceduresmay not be capableor they am not followed properly.If mediaare not handleddiligently, they
may result into lossof data.
keepingactivities.Changes
are donein systemwithout properdocumentation.
Poor programdesignmay resultin critical datainitialisationto zero,or to some~
arbitraryvalue not expectedby the system.An errormayoccur whenthe programis modified to changea datavalue butonly
changes
it in one phasewhile chaugesin other phasesaremissed.
Programmay containroutinesnot compatiblewith their inteudedpurpose,which can disableor bypass
securityprotectionmechanism
preseutin the system.Theremay be someredundantcodeor somesystem
components
wherecontrolgoesby mistake.
Inadequatedocumeutation
or labelingmay result in wrong versionof programbeingmodified during
maintenance.
This may induceseveraldefectsiu an existingsystem.
Scanned by CamScanner
Operating system is the main Layeron which the Program sits' OPefating
system provides some servicesto applicationsbeingrun and communicateswith hardware Partsas Per If Stfuct'ons
coming from the application.
User jobs may be permitted to read/write outside assigned storage area due to problems associated with
oPerating systems. Data may be written on some extern&Lmedianot expected by the aPPlication.
inconsistency may be introduced info data because of simultaneous processing of same hie by multiPle
J'obs,. and system is not able to handle such concurrency. System selected may be wrong as technical
requirements of concurrency are not defined correctly
OPerating system design and implementation erfOfS may allow a user to disable controls present Of to
access all system information by bypassing the controls, and the system does not detect it.
Unauthorised modification to operating system such as hot fixes may allow a data-entry person to enter the
Program without authorisation, and/of modify the data entered into the system maliciously.
OPerating system crashes may expose valuable information about system (such as password lfStS Of
authorisation table) to a person who is not authorised to access such information.
' Maintenance staff may bypass security controls designed and implemented in the system while peffofffling
maintenance activities. At such time, the system is vulnerable to esors Of intentionalacts. fhe system may
5.9.1\..NADEQU,_ATE5CHED.UL.EAND
BUD.GET
~ade(Zuate'scheduleandbudgetforproductdeveZopment
activitiesreferto manyaspectsof deveZopment
Pr9essalong-w~-cu""mer'
proces procuring
`software
fromoutsid .Someof theaspcts hisrisk.ar_
e
listed
below
--"- "' "''"'""` ' -"'
~
-' ' "'"".
.'
''-'-',...--~-.`.
.
Scanned by CamScanner
148
'~eVdlop
n-g-""-en__~~menon|
st tofn~~~-~~~
~ a~ut ~~
~d
and test the correct product whichis fit for use.
.-`--'
kof understandingof networkdiagramsrequiredfor use, and inabilityto convert effortsintoschedules
techvely OPtimisationof resourcesto get optimumscheduleandoptimisationof effortsmayi:ine.
'-)
Even If effort estimationand schedulingwork properly,yet there ay be a problemwith vailabill.tyof '
budget to Performall proposedactivitiesassociatedwith development,testingandre
"
"
ENTIFICATIONOF RISKS
has three components,viz. probabilityof_.failure_of
an applicationduring production,,ilppact of
such-failwe on the users,.andability to de-tthe occurrenceof a risk beforeor-duringits happDin
ro-bability of haPPeningof risk or impact of such risk is 0', then there is no existenceof"l`is"wen
detection ability can never be 0'. Risk cannotbe eliminatedcompletelyby any method of risk reductionbut its
Probability of happeninimpact on the user can be reduced by planningpreemptiveeffortsor risk-fighting
arrangements. Detection ability ofsoftwarecan be improvedby devisingvarious detectivecontrols as well as
training users to understand the symptomswhen risk is materialisingso that risk rating can be reduced.
msks to the final users in terms of these three componentsare identifiedin Failure Mode and Effect
Analysis (FlvfEA)' performed by the developers or experts with the help of customer or user. Outcome of
FMEA is used in developing a test plan for the softwareunder testing Risk analysis is also one way to indicate possible risks to the users so that they are aware and can take precautionswhile using the software. It
thus indicates accident prone zones' in the applicationuse.
Definitionof Risk
Anorganisation
mustdefineall possiblecausesof risksfacedby the usev while
usingsoftware.Similarly,theremustbe somearrangement
to definethepossiblerisksduringsoftwaredevelopmentandtestingactivities.Variousmethodsaresuggestedfordefiningrisksfor a softwareproducV
organisation.Few of themareas follows.
RiskRepoSitoly If anorganisationhaspreviousexperienceof similarsoftwaredevelopment
andusage,it
mayhavea repositoryof risksfacedby variousstakeholders
whiledeveloping
software,or risksfacedby the
userswhileusingthesoftware.Creatinga riskrepositoryforanorganisation
throughitsanalysisofhistorical
datais a very usefulway of riskidentification.
(It is said thathistoryrepeatsitselfagainand again) If one
has facedsome risk in the past,probabilityand impactcanbe assessedfromthe historicaldataavailable.
Customermayalso havea riskrepository,whichmay be sharedwiththedeveloflment
team.
Scanned by CamScanner
Brainstorming It is not necessary that all possible risks must have occurred in the past 90
that on
~eskeal~e o ae
them in the fttum' TyPically,'for some mission-critical applications,
nL
t~l~
risks, ~ `p~
~
a"dImflact.Brainstorming by experts/users can give a list of possible
TeamJudgmenf Judgment by the development/userteam about what can go wrong from the development
perspective or user Perspective can be used as a basis of finding probabilities and impact of the possible risks.
Users can derive the possible risks on the basis of analogy wi developers know`design and-develoflment
nsks' It may be possible that for every development or usage, experts r;lay not be available to help in risk
analysis. One may rely on team judgment in such case.
/nfuition Intuition/judgment by people working on the project, or the users who are or will be working on
it can add some risks to the list. This is purely on intuition/judgment of individuals, and there is no methodology available to capture it. Care must be taken that people should not become too innovative and identify
risks which have no feasibility
Measurementof Risk
Measuring babjljtyRisk
It may
tn of rik. It would be advantageousto definetheloss in termsof money value. Some risksmay not have
directmoneyvalue andpeoplemayprefertodefineimpactin termsof `high/medium/low'.If the organisation
has a risk repositoryavailable,measurementof impactbecomes easier.
The matrixin Table5.1 expressesrisksin termsof probabilityandimpactof such risk.
j
]
150
SOFTWARETEST/NG:PrincipleSe
Techniquesand Tools
'
H - M. L matrix
~Probability"""`.""`""`""..'-."'"""-"`""`
/mpad
~'
'-"'.Hjf{ih.'
High
Hig.'h:
Medium
High `
Low
High
"
- '
Medium
High
Medium
"'
Low
Medium
Low
Medium
Low
5.12.3 BYPASSING/AVOIDINGRISK
Bypassing/avoiding
risk involvessteeringclearofany particulareventleadingto the risk, by changingthe path
opproach which is responsiblefor inducingrisk. This can be one of the outputsof risk managementdecision._
cannea oy lamcanner
where cither risk is uncontrollable or risk control is economically not viable. If software imPlementation is a
~isIn_anagement may decide to continue the existing manual operations.
4 RISK PREVENTION
Preventing risk can be useful only if probability of failure due to risk is signi6cant. When the Probability of
failure is very high, it represents a potentially harmful event. By preventing the occurrence of such an event,
the Probability of failure can be reduced to an acceptable level. prevention works better than cure' may also
be used when there is no possibility of reducing impact, if the risk materialises.
5.12 7 CONTINGENCYPLAN
Contingencyplanningis required
to knowwhatoneneedsto dowhentheriskmaterialises.
Afterplanning
to
reducetheprobabilityof a riskthrough
preventiveactions,andtoreduceitsimpactthrough
mitigation,
it can
be possiblethattheriskbecomesa reality.Onemusthavea runaway'planin ordertomanagetheriskwhen
itemes
realityThis maybe a damage-control
mechanism.
TYPESOFACTIONSFORRISKCONTROL
MANAGEMENT
Whenan organisationdecidesto controlthe risks-eitherprobability
or impactor both-or triesto imProvc
detectionability,then it appliesdifferentmeasures.msk reductionmeasuresarecalledas controls.Control
are of two maintypes dependinguponthewaytheyare aPfllied'
Thesemay`beappliedmanuallyorthroughthehardware/software
devisedforfflePurfiose'
Manag.emenf
coll_
troldefinesthe~licies andstrategies
of doingthings,in orderto avoidrisks,orto reducetheir~mct wmlI
theymaterialise.Managementcontrolsset thefoundation
on whichapplication
controlmaywork`(ienerau
managementcontrolsare preventivein nature.'
Scanned by CamScanner
hysiAPc1~
tieOmsnDCOntf
ol APPlicationcontrols are exercisedby the hardwarclsoHwareor by somc
thundee
wor inc ~~~~ee
yb
~ ae tn
os'somThue a~
thoua
~ o re
erallyar
ae
le~ drd~o
e,m
nag am
~ect \/Ce~
(such as code of conduct, policies and procedur' s) serve the purposof preventive contr The preventive
controls must follow Poka Yoke' methodology so that risks maynot occur in the first place,
CommonTypesof PreventiveControls
*
*
*
Authorisation before entering data into the system can reducethe probability of wrong data entry.
Data entry in the system with validations applied at the level of data entry.
Input validation using some automated or manual check to prevent errors.
Pre-numbered forms are used in excise and sales tax invoices,so that there is control over outputs.
Error messaging of preventive type which preventsanything wrong from being entered into the system.
Tool tips. Some applications provide a facility that when the cursor hovers over a particular control,
tool tips are displayed For example, if a cursor hovers over the first icon in the tool bar of a Word
document, a tool tip appears which says Nw Blank Document'. Tool tip' is a common terminology used
by developers and testers.
Poka Yoke Poka yoke is termed as positive con6rmation' or `fail-proof arrangement' where no risk will
be permiued to hit the common users. Poka yoke means making an arrangement so that nothing can fail. It is
supposed to give consistent results and does not have human-error factor.
wntrols whichindicatethatsomethingunnatural
is happeningandthus,thereis a needforthe personlentity
responsible,to takeactionsto controlthe damagehappeningdueto materialisation
of therisk are indicative
controls.A simpleerrormessage,`thefile deletedfromtherecyclingbin will not be availablein future',is a
kindof indicativecontrol.
CommonTypesof lndicOt,"ve/Detedive
ContrOl
. Datatransmissioncontrolwheredatasend from one placeto anotheris talliedto find if somethinghas
beenlost/gainedduringthetransmission.
. Control/hash
totalsareusedto comparethetotalsof transactions
takingpartin processing.
Errormessagingof detectivetypewheresomethingwrongis indicated.
. Reactive/Corrective
Control Reactivecontrolsreactto the adversesituationdueto happeningof
a riskto controlthe damage.The fuseinstalledin anelectricalapplicationblows off when voltagefluctuates
to save the equipments;thisis a kindof reactivecontrol.Reactivecontrolmay work in conjunctionwith
indicativecontrolwhereindicativecontrolgives a thresholdto activatereactivecontrol.Reactivecontrols
'areof twotypes,namely,