412 Networking: A Beginner’s Guide d) The IT department member responsible for maintenance of the accounting system is responsible for reviewing change request forms, investigating methods of making changes, estimating effort hours or direct costs involved in making the proposed change, and proposing a test plan for the changes. The IT department member will then forward the request with the completed information to the Controller or CFO. e) The Controller or CFO is responsible for reviewing each change request form and approving it. The approved change request is then submitted to the IT project manager for the change. f) The IT project manager for the change informs the Controller or CFO and the requestor once the change and any associated testing are complete. g) The IT department is responsible for storing completed change request forms and making them available as appropriate to auditors. 4) DEFINITIONS a) Program change: A change in a program that makes up the system. Program changes can be vendor-supplied updates or fixes, or changes to programs developed and maintained by Generic. b) Emergency change: A change required to remediate a processing or reporting error within any part of the system, or to remediate an error that makes the system unavailable to users. c) Direct database change: A programmatic change to the data within the ac- counting system database. Direct database changes bypass controls within the accounting system. d) Server change: A change to the server computer’s hardware, operating system software, or backup software. 5) POLICIES a) All changes to any of the programs that make up the accounting system will be performed only within this document’s procedures. b) Direct database changes must be performed within this document’s procedures. c) Server changes must be performed within this document’s procedures, except for routine maintenance changes. Routine maintenance changes include application of patches for the operating system, review and saving of server operating system log files, performance of routine changes using the system’s built-in tools (such as adding a user or adjusting user permissions), and so forth. Routine changes and activities are described in IT-003. d) Emergency changes can be performed prior to documentation; however, emergency changes must be documented afterwards using the Accounting System Change Control form and signed off and stored. Documentation of emergency changes must be completed within 30 days of the emergency change. 413 Appendix: Understanding the Sarbanes-Oxley Act 6) PROCEDURES a) A user of the accounting system who desires a change to the system will com- plete a copy of form IT-FR-006. This form should be submitted electronically. (The IT department can also initiate change requests as appropriate.) i) The user should clearly describe the change desired. When appropriate, he or she should include mock-ups of the desired change. For example, when requesting a new report, the requestor should mock up how the report should look when done. ii) The requestor then forwards the IT-FR-006 form to the IT department member responsible for maintaining the accounting system. b) An IT department Project Manager will be designated. Typically, this will be the individual responsible for maintaining the accounting system. c) The IT Project Manager will review the change request and any attached examples or illustrations, and will analyze the requested change, including: i) Viability ii) Sources of appropriate existing data in the system iii) Capability of in-house personnel to perform the change or availability of external personnel to carry out the change iv) Impacts to integrity of system data or other system programs v) Impacts to system security vi) Impacts to disaster recovery procedures vii) Testing and acceptance procedure(s), including pseudocode when testing will be primarily programmatic viii) Estimating effort hours and/or direct costs to perform the change and testing ix) Estimating available schedule d) The IT Project Manager will then print the form and associated information, sign it, and forward to the Controller or CFO. e) The Controller or CFO is responsible for reviewing each change request form and approving it. The approved change request is returned to the IT Project Manager. f) The IT Project Manager will then initiate the change and will oversee the change through to completion, which includes testing and acceptance of the change as described in the IT-FR-006 form. The IT-FR-006 change form is then stored by the IT department along with any associated documentation. This page intentionally left blank 415 A access, 24. See also Client Access Licenses; Lightweight Directory Access Protocol; media access control sublayer; multistation access unit; permissions; remote access; wireless access point Apache web server, 363 CD-DVD, 380, 380–381, 381 floppy drive, 382, 382 modem, 130 Account Is Disabled, 257, 262 Account Is Trusted for Delegation, 262 accounting, 8, 390, 391 accounts payable (AP) process, 395–396, 400–401 Active Directory, 113, 114, 116–117, 248, 248, 300–301 administration account, 143, 144, 146 Apache web server, 363–364 client/server network, 23 administrator, 6–7. See also administration ADSL. See Asymmetric DSL Advanced Micro Devices (AMD), 179 AMD. See Advanced Micro Devices analog signal, 82 annual report, 392 antivirus software, 154–155 AP. See accounts payable process Apache HTTP Server Project, 360 Apache Software Foundation, 360 Apache web server, 360 administration of, 363–364 changing configuration of, 363–364 under Fedora Linux, 361, 363 installation of, 361–363 remote access to, 363 testing of, 362–363 web page publication with, 364 apachectl, 363 AppleTalk, 106, 107 application layer, 32 application-based firewall, 74 applications compatibility of, 202 by department, 213–214 monolithic, 122 network, 212–214 scaling, 218 sharing, 25 user-specific, 214 archive bit, 170 assigned permissions, 144 Asymmetric DSL (ADSL), 83, 85 Asynchronous Transfer Mode (ATM), 86 Index 416 Networking: A Beginner’s Guide ATM. See Asynchronous Transfer Mode attorneys, 393 attributes, 113, 118 audit, 8, 148 committee for, 391 by financial expert, 394 influence on, 392 oversight board for, 390 authentication, 118, 119, 137 automation, 5 B backbone, 68–69, 219 backbone switch, 34 back-door threats, 149, 152 backticks, 333 backup, 6, 113 client/server network, 22 in disaster recovery plan, 166–171, 397 hardware for, 168, 169 with peer-to-peer network, 22 redundancy in, 168 restoration from, 167–168 rotation strategy for, 169–172 schedule of, 171 server, 188–189, 194–195 in SOHO networking, 60 tapes, 195 types of, 170–171 before upgrading, 231 virtual machine, 388 backup domain controller (BDC), 115, 230 bandwidth, 15–16, 27 low, 304 measurement of, 127, 127 network, 212, 215 plain old telephone service, 84 remote access, 126–127 shared, 41–42 speed by, 220 Token Ring network, 46–47 barrel connectors, 52 Base, 43 base-8 numbering system, 14 base-10 numbering system, 12–13 baseband, 43 bash shell, 332, 333 Basic Rate Interface (BRI), 82 B-channels. See bearer channels BDC. See backup domain controller bearer channels (B-channels), 82 billions of bits per second (Gbps), 15 binary digit, 12 binary numbering system, 13–14 biometrics, 146 bits per second (bps), 15 block devices, 338, 339 BNC connector, 39, 40, 40, 52, 53 bonding, 132 boot loader, 315–316, 316 BorderManager, 135 bps. See bits per second brand loyalty, 200 breakout box, 75 BRI. See Basic Rate Interface bridges, 66 hub, 68 with media access control sublayer, 71, 72 broad traveler, 123 broadband, 43 building, 219 bus topology, 39, 39, 40–41, 54 byte, 12 bytes per second, 15 C cable plant, 36, 55 cable scanner, 57 cables breaks in, 56 Cat-5E, 35, 42, 47 Cat-6, 35 Category 3, 34–35, 42 Category 5, 34–35, 42 coaxial, 36, 48, 52, 53, 55, 56–57 contractor for, 54–55 crossover, 51 Ethernet, 49 fiber-optic, 48 installation of, 54 mapping out of, 57 network, 30 nonplenum, 53 patch, 49 plenum, 53 problems with, 55–57 RS-232C, 75 self-made, 51 shielded twisted-pair, 47, 48–49 for SOHO networking, 61 Token Ring network, 49 twisted-pair, 48, 48–50, 49, 51, 52 unshielded twisted-pair, 47, 48, 48–49 wiring of, 62 calculator, 14 CALs. See Client Access Licenses capacity planning, 217–218 Carrier Sense Multiple Access with Collision Detection (CSMA/CD), 46 cat command, 348 Cat-3. See Category 3 cable Cat-5. See Category 5 twisted-pair cable Cat-5E cable, 35, 42, 47 Cat-6 cable, 35 Category 3 (Cat-3) cable, 34–35, 42 Category 5 (Cat-5) twisted-pair cable, 34–35, 42 . remediate an error that makes the system unavailable to users. c) Direct database change: A programmatic change to the data within the ac- counting system database. Direct database changes bypass. completed change request forms and making them available as appropriate to auditors. 4) DEFINITIONS a) Program change: A change in a program that makes up the system. Program changes can be vendor-supplied. 23 administrator, 6–7. See also administration ADSL. See Asymmetric DSL Advanced Micro Devices (AMD), 179 AMD. See Advanced Micro Devices analog signal, 82 annual report, 392 antivirus software,