Information Technology Reference
In-Depth Information
Although local labor laws usually do not directly affect compliance or governance issues,
some countries strongly believe that people from other countries doing IT administration
can be a compliance issue. Consider the system administrator who is sitting in Orange,
New Jersey, and doing some administration on a server in Frankfurt, Germany. The system
administrator has no knowledge of the local labor laws or the European Union (EU) Data
Protection Directive and moves a virtual server across the company intranet as a scheduled
and approved change. That system administrator may have violated at least two EU man-
dates, inadvertently making her employer non compliant and subject to sanctions, fines, or
both.
Examples of regulations with specific IT audit requirements are SOX, j-SOX, c-SOX,
PCIDSS,theEUData Protection Directive, andSingapore MAS.Morethan150suchreg-
ulatory mandates can be found across the world. In addition, some global standards apply
to various governance scenarios, such as CobiT 5 and ISO/IEC 27001, 27002, and 27005.
IT governance and compliance are covered more fully in Volume 1 of this series ( Limon-
celli, Hogan & Chalup, forthcoming 2015 ) .
2.1.15 Debug Instrumentation
Software needs to generate logs that are useful when debugging. Such logs should be both
human-readable and machine-parseable. The kind of logging that is appropriate for debug-
ging differs from the kind of logging that is needed for auditing. A debug log usually re-
cords the parameters sent to and returned from any important function call. What constitu-
tes “important” varies.
Largesystemsshouldpermitdebugloggingtobeenabledonindividualmodules.Other-
wise, the volume of information can be overwhelming.
In some software methodologies, any logged information must be matched with docu-
mentation that indicates what the message means and how to use it. The message and the
documentation must be translated into all (human) languages supported by the system and
must be approved by marketing, product management, and legal personnel. Such a policy
is a fast path to ending any and all productivity through bureaucratic paralysis. Debugging
logs should be exempt from such rules because these messages are not visible to external
users. Every developer should feel empowered to add a debug logging statement for any
information he or she sees fit. The documentation on how to consume such information is
the source code itself, which should be available to operations personnel.
Previous Page
Next Page
The Practice of Cloud System Administration
Search WWH ::




Custom Search
Home