DATA

PROCESSING
CENTER
ADMINISTRATION
A data processing center or data processing center (CPD) (in English: Data Center) is the space where the

resources necessary for processing an organization's information are concentrated.

It is also known as a computing center in Latin America and in Spain as a calculation center, data center,

data processing center or computing center.

https://es.wikipedia.org/wiki/Centro_de_procesamiento_de_data

A Data Processing Center (CPD) is the set of physical, logical, and human resources necessary for the

organization, execution, and control of a company's IT activities. Read more:

http://www.monografias.com/trabajos7/ceproc/ceproc.shtml#ixzz551z6qSwW
BASIC FUNCTIONS OF A CENTER

DATA PROCESSING
Exploitation of systems or applications: The exploitation or operation of a computer system or computer

application consists of the use and benefit of the developed system. It consists of forecasting dates for work

execution, general system operation, control and management of supports, system security, supervision of

work, etc.

Technical support for users: Support, both for users and for the system itself, involves selecting, installing

and maintaining the appropriate operating system, the design and control of the database structure, the

management of teleprocessing equipment, the study and evaluation of the needs and performance of the

system and, finally, direct assistance to users.

Management and administration of the Data Processing Center itself.

The management and administration functions of a Data Processing Center include supervision operations,

project planning and control, project security and control, general security of facilities and equipment,

financial management and management of human resources.

LEVELS OF PLANNING IN A CPD

□ Strategic planning
□ Resource Planning
□ Operational Planning
□ Personnel Planning
□ Physical Installation Planning
PHYSICAL LOCATION IN A CPD

□POSSIBLE LOCATIONS OF A CPD IN A

ORGANIZATIONAL STRUCTURE
WAYS OF OPERATING IN A CPD

□MAIN FUNCTIONS FOR OPERATING A CPD

CRITERIA FOR SELECTING SOFTWARE
CRITERIA FOR SELECTING HARDWARE
GENERAL CONSIDERATIONS FOR THE
ACQUISITION OF HARDWARE AND
SOFTWARE
BASIC MANUALS AND FORMS USED IN A CPD

1 . Organization and Functions Manual of the Area:

This manual describes the objectives and organizational structure of the center, clearly defining the

hierarchical levels, and also describes the different functions of the positions, this manual being a part of the

general manual of the institution.

2 .Hardware Manuals:
These indicate the configuration of the equipment we have installed, its benefits and limitations. They must

be under the custody of the persons who operate each piece of equipment and registered in the centralized

inventories at the Computing Center.

3 .Software Manuals:

These are the manuals for the different packages used in the institution. These must be in a safe place and

accessible to the staff who use them.

4 .Application Manual:

These are manuals that describe in detail the different steps carried out in the studies, development and

installation of a system. These manuals must be subdivided according to the use or operations carried out

by the different areas of the Center and the users. Among these, the following can be mentioned: Feasibility

Study, Analysis and Design.

5 .Operations Manual:
This defines the data recording designs, validation and consistency rules, coding, operating procedures to

follow for automated data processing, results forms and the number of copies made from backups on

magnetic media.

6 .User Manual:
This describes the instructions for filling out forms and source information, calculation instructions to be

performed and counts necessary for control. All these manuals must be constantly updated.
 CRITERIA FOR SELECTING SOFTWARE □
CONTINGENCY PLAN
Despite all safety measures, a disaster can (will) occur. In fact, security experts "subtly" state that a disaster

recovery plan must be defined "for when the system fails", not "in case the system fails" (1).

Therefore, it is necessary that the Contingency Plan includes a disaster recovery plan, which will aim to

restore the computing service quickly, efficiently and with the lowest possible cost and losses.

A Computer Security Contingency Plan consists of the steps that must be followed, after a disaster, to

recover, at least in part, the functional capacity of the system, although, and generally, they consist of

replacements of said systems.

 FACTORS THAT COULD AFFECT BUILDING
SAFETY
The type of security measures that can be taken against environmental factors will depend on the types of

technology considered and where they will be used. The most appropriate security measures for technology

that is designed for travel or field use will be very different from those that are static and used in office

environments.
Environmental factors

• Fires. Fires are caused by improper use of fuels, faulty wireless installations, and improper storage and
transportation of hazardous substances.
Floods. IT IS THE INVASION OF WATER DUE TO EXCESS SURFACE RUNOFF OR ACCUMULATION ON FLAT LAND,
CAUSED BY A LACK OF DRAINAGE, WHETHER NATURAL OR ARTIFICIAL. THIS IS ONE OF THE MAJOR CAUSES OF
DISASTERS IN COMPUTER CENTERS.
• Earthquakes. These seismic phenomena can be so weak that only very sensitive instruments detect
them, or so intense that they cause the destruction of buildings and even the loss of human lives.
• Humidity. A separate heating, ventilation and air conditioning system must be provided, dedicated
exclusively to the computer room and the machine area.

Read more: http://www.monografias.com/trabajos16/seguridad-fisica/seguridad-fisica.shtml#ixzz552D5LwE1

Human factors
• Robberies. Computers are valuable corporate assets, and they are exposed, just as stock and even money
are exposed. Many companies invest millions of dollars in software and information files, to which they give less
protection than they give to a typewriter or a calculator, or in general to a physical asset.

• Acts of vandalism. In companies, there are disgruntled employees who may retaliate against equipment
and facilities.

• Acts of vandalism against the network system. Many of these acts are related to sabotage.
• Fraud. Every year millions of dollars are stolen from companies and, in many cases, computers have been
used for such purposes.
•Sabotage. It is the most feared danger in computer centers. Companies that have tried to implement high-
level security systems have found that protection against saboteurs is one of the toughest challenges; the
saboteur can be an employee or a person outside the company.

•Terrorism. A few years ago, this would have been a remote case, but with the war situation that the world is
facing, companies must increase their security measures, because the most famous companies in the world are a
very attractive target for terrorists.

Read more: http://www.monografias.com/trabajos16/seguridad-fisica/seguridad-

physics.shtml#ixzz552DUAutR
 The functions of the security area are distributed as follows:

FUNCTIONS ORGANIZATION

Security Supervisor Security Officer Security Auditor Security Analyst

Coordinator
Network Security
Risk analyst. X X X X X

Evaluation of Security X X
Services.

Evaluating Security Domain

X X
Solutions

Alarms, actions and reports

X X X

Protecting network
management systems.

X X
 Requirements and dangers for the
security.
Safety Features:

Integrity, Confidentiality,
Availability, Authenticity.

• Threat types: Modification, interception, disruption,

manufacturing.
 Integrity.
Information can only be modified by those who
are authorized and in a controlled manner.

Threat:
Modification: An unauthorized person gains access to the information and can
modify it.

Examples: changing values in a data file, modifying the content of a message

 Confidentiality:
The information must only be readable by
authorized persons.

Threat:
Interception: an unauthorized person (person,
program or computer) gains access to any part
of the information.

Examples: interventions of lines to capture data,

illegal copying of files or programs...
 Availability:
Information must be available when
needed.

Threat:
Interruption: if some part of the system or information is
rendered useless or destroyed.

Examples: destruction of a hardware element (a hard disk),

breaking of a communication line...
 Authenticity:
The user will be responsible for any changes
made to the information.

Threat:
Fabrication: If an unauthorized person inserts counterfeit objects into
the system.

Examples: adding records to a file...

 Threats to security and
solutions.
Threats. Solutions

Viruses, worms,
Trojans, backdoors, Antivirus.
ransomware, spear
phishing.
Intruders: Bugs, Firewall, anti-
Spyware spyware.

Email related: Spam, Hoax. -Anti-spam

-Software update.
 Virus.
Prevention is better than cure.

• What is it? • How does it work?

Software that is intended to alter the They replace files with others infected
operation of a computer, without the with their code. They can destroy
user's permission or knowledge. data stored on a computer.

They spread through software, they do not replicate themselves.

Worms.
• What is it? • How does it work?
A software that has the property It resides in memory and duplicates
of duplicating itself. They are itself. They cause problems on
installed in parts of the the network. Worms send copies
computer that are generally of themselves over the network
invisible to the user. between computers.

• How to detect it?

Due to uncontrolled replication,
system resources are consumed
and the computer loses speed.
 us.

• What is it? • How does it work?

Software that under a harmless They do not spread the infection by
appearance runs hidden in the themselves: they need to receive
system and allows remote access to instructions from an individual to
the system by an unauthorized carry out their purpose.
user. They can run unknown programs when
starting the computer, create or
delete files automatically...
•How to detect it?
They are not visible to the user. Difficult
to detect and remove manually.
 Other viruses.
Backdoors. They encrypt files and ask for money to unlock the
Programming code sequence through which the information.
programmer can access a program. • Spear phishing
Attacking online bank accounts and other sites with
It can be used for malicious purposes and espionage.
passwords and sensitive information.
• Ransomware viruses.
Internet
> % 3
 Intruders.
In general: They access a computer from another
computer, to obtain confidential information, launch
attacks, etc...

Bugs, Security Holes: Intruders can use certain

programming errors to sneak into computers.
Spyware: software that covertly uses your Internet
connection to extract data and information about the
contents of your computer, p. visited, programs

SOLUTION: Software update. Anti-spyware.

 Email-related threats.

• Spam. Advertising, spam.

Solution: Anti-spam, filters,...

• Hoax. Hoaxes, stories that seek to move us.

Solution: Easy to detect. Badly written, registered in
Google.
 Antivirus.
• How to get an antivirus? • Functions:
Official website, paid. - Blockade. Prevents intrusion by
- Free: AVG Free... malicious external agents.
- Detection. Detect the presence of
viruses on your computer.
- Disinfection. Removes previously
detected viruses.
• Acts: on user demand or in real time
(automatically).
 Firewall.
• Controls access points and filters the data transmitted through them.

• Eliminates unauthorized access attempts.

• The user configures which programs are allowed

to access the network and which agents have
access to the computer.
 Some common misstatements
about security.
• My OS is not important for a cracker:
Infection methods are carried out by means of automatic programs, they do not distinguish
between important and unimportant.
• I am protected because I do not open files that I do not know:
There are more ways of contagion.
• Since I have antivirus I am protected:
Antiviruses are not capable of detecting all forms of infection.
• Since I have a Firewall I don't get infected:
There are many ways to become infected in a network. Some come directly from system
access (which a firewall protects against) and others from connections that are made
(which it does not protect me from).
Important safety measures.

- Use common sense when using the Internet.

- Have backup copies: Personal files and software.
- Use of more secure operating systems: Linux.
-Update antivirus.
-Use strong passwords.
- Do not provide private data via the Internet.
 Impact
Damage caused to an asset if a threat materializes due
to an existing vulnerability (e.g. data loss, damaged and inoperative
servers, etc.)

Public Threat
Administration Action or element that is harmful to an
asset
(e.g. virus, fire, phishing, etc.)

Protect

The Entity's information systems Assets Safeguard

Any element that has a value for Measures or controls that are put in place to
constitute an asset and are valuable to the extent
the Entity (eg. servers, data, prevent a threat from materializing
that they store corporate information.
software, people, etc.) (e.g. Antivirus, anti-fire system, etc.)

Vulnerability
Degree of exposure of an asset to
a specific threat (e.g. a PC without an antivirus,

a server room without

a fire-fighting system, poorly designed
software, etc.)

Risk
It is the result of multiplying the probability that
a threat materializes by the impact it could cause
(e.g. A virus with a high probability of infection but
which only displays a message on the screen has a low risk
)
CONTINGENCY PLAN IN CASE OF

FIRE
□What to do before a fire?
□What to do after a fire?
□What to do in all cases?
CONTINGENCY PLAN IN CASE OF

FLOOD

□What to do before a flood?

□What to do after a flood?
 INFORMATION SECURITY

ADVANTAGES AND
DISADVANTAGES
DEVELOP A CONTINGENCY PLAN FOR

INFORMATION SECURITY

□ What to do
□ What not to do
LET'S GET TO WORK