Password lies with the group rather than with an individual, personal accountability is reduced, and individuals within the group may take less care in protecting the password.
Separate Test Libraries. Figure 5.13 illustrates an improvement on the shared password approach through the creation of separate password-controlled libraries (or directories) for each programmer. Under this concept, programs are copied into the programmer’s library for maintenance and testing. Direct access to the production SPL is limited to an authorized librarian who must approve all requests to modify, delete, and copy programs. Further, passwords to access programs can be changed regularly and disclosed only on a need-to-know basis.
A relatively cost-free enhancement to this control feature is the implementation of program naming convention. The name assigned a program clearly distinguishes it as being either a test or a production program. When a program is copied from the production SPL to the programmer’s library, it is given a temporary “test” name. When the program is returned to the SRL , it is renamed with its original production name. This technique greatly reduces the risk of accidentally running an untested version of a program in place of the production program.
Audit Trail and Management Reports. An important feature of SPL management software is the creation of reports that enhance management control and the audit function. The most useful of these are program modification reports, which describe in detail all program changes (addition and deletions) to each module. These reports should be part of the documentation file of each application to from an audit trail of program changes over the life of the application. During an audit, these reports can be reconciled against program maintenance requests to verify that only changes requested and authorized were actually implemented. For example, if a programmer attempted to use a legitimate action as an opportunity to commit program fraud, the unauthorized changes to the program code would be presented in the program modification repost. These reports can be produced as hard copy and on disk and can be governed by password control, thus limiting access to management and auditors.
Program Version Number. The SPLMS assigns a version automatically to each program stored on the SPL. When program are placed in the libraries (upon implementation),they are assigned a version number of 0. With each modification to the program, the version number is increased by 1. For increased, after five authorized maintenance changes, the production program will be designated version 05, as illustrated in Figure 5.14. This feature, when combined with audit trail reports, provides evidence for identifying unauthorized changes to program modules. An unauthorized change is signaled by a version number on the production load module that cannot be reconciled to the number of authorized changes. For example, if 10 changes were authorized but the production program shows version12, then one of two possibilities explain this discrepancy: (1) authorized changes occurred that are unsupported by documentation or (2) unauthorized changes were made to the program which incremented the version numbers
Controlling access to maintenance commands SPL management systems user powerful maintenance commands to alter or eliminate program passwords alter the program version number and temporarily a program without generating a record of the modification there are legitimate technical reasons why systems designers and administrators need these commands however if not controlled maintenance commands open the possibility of unrecorded and perhaps unauthorized program modification. Hence access to the maintenance commands themselves should be password-controlled and the authority to use them should be controlled by management or the security group