|
|
|
In many data centers, some files do not change very often but have a great impact when they do. These include control files, history files, and payroll master files (files that can determine where money goes or what records are kept). Because these files change infrequently, they can escape the formal change control procedures that are usually applied to important production files. However, these are the very files that can be subject to covert changes and should be analyzed during a review. Ideally, each change to a file should have a change request associated with it. However, to test the data center’s change control procedures, you must have a way of detecting changes to the production files.
You can use several methods to detect file changes. You could keep a secure copy of the file and run a comparison program against the two files from time to time. However, some of these files are very large. Keeping two copies of each one means depleting your storage quickly. It might even be necessary to increase the number of disk drives at the data center or to expand the tape library just to hold those extra copies.
Alternatively, you could look at SMF records to see who was changing the file. Looking at SMF records also can take up so much time that it is impractical. SMF generates a large volume of records. If you are looking for an illegitimate update, and you do not know when it happened, the number of records that you must review gets excessive very quickly. The easiest way to detect file changes is to use the CA Auditor File Freezer option.
| Copyright © 2009 CA. All rights reserved. | Tell Technical Publications how we can improve this information |