DS3.3:

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search

DS 3.3 Future Capacity and Performance

Control Objective:

Conduct performance and capacity forecasting of IT resources at regular intervals to minimize the risk of service disruptions due to insufficient capacity or performance degradation. Also identify excess capacity for possible redeployment. Identify workload trends and determine forecasts to be input to performance and capacity plans.

Applicability:

Sarbanes-Oxley
HIPAA
GLBA
PCI
FISMA
NIST SP 800-66
Ditscap
Control Exception
User Defined


Risk Association Control Activities:

1. ISO 17799 10.3 Minimizing the risk of systems failures.

Advance planning and preparation are required to ensure the availability of adequate capacity and resources to deliver the required system performance.

Projections of future capacity requirements should be made, to reduce the risk of system overload.

The operational requirements of new systems should be established, documented, and tested prior to their acceptance and use.


2. ISO 17799 10.3.1: The use of resources should be monitored, tuned, and projections made of future capacity requirements to ensure the required system performance.

Implementation guidance
For each new and ongoing activity, capacity requirements should be identified. System tuning and monitoring should be applied to ensure and, where necessary, improve the availability and efficiency of systems. Detective controls should be put in place to indicate problems in due time. Projections of future capacity requirements should take account of new business and system requirements and current and projected trends in the organization's information processing capabilities.

Particular attention needs to be paid to any resources with long procurement lead times or high costs; therefore managers should monitor the utilization of key system resources. They should identify trends in usage, particularly in relation to business applications or management information system tools.

Managers should use this information to identify and avoid potential bottlenecks and dependence on key personnel that might present a threat to system security or services, and plan appropriate action.


Implementation Guide:

Process Narrative
Insert a description of the process narration that is applicable to the existing control statement this narrative refers to.

Process Illustration
Insert a process diagram, flowchart or other visual representation here to illustrate the process narrative.

File:Someimage.jpg

Control Commentary
Insert a description of the control that is applicable to the existing control statement this commentary refers to.

Control Exception Commentary
Insert a description of the control exception that is applicable to the existing control statement this commentary refers to.

Evidence Archive Location
Insert Evidence Description Here.

Control Status and Auditors Commentary
Describe the condition of the applicable control and its effectiveness. Set the color icon to a redlock.jpg, yellowlock.jpg or greenlock.jpg.

File:Redlock.jpg

Remediation Plan
Insert remediation plan, applicability, or any information that indicates what needs to be done.

Supplemental Information: