General discussion

  • Creator
    Topic
  • #2080057

    Policies and Procedures

    Locked

    by jclassen ·

    I have recently accepted the position of Network Administrator for a small company of 35 users. We have NT 4.0 file server (no domain) with log in thru Win 95/98, Linux for email and Unix for internet, but no policies or procedures of any kind exist. I feel it’s important that something be set in place to maintain the security and veracity of the system, especially when it comes to Network administration, upgrading of equipment, software/hardware acquisition, internet/email monitoring , reportsetc. Can anyone point me in a direction that will be helpful?

All Comments

  • Author
    Replies
    • #3901939

      Policies and Procedures

      by tmcclure ·

      In reply to Policies and Procedures

      I have not found much out there to help. There are some books, but they seem to be out of date. They reference main frame issues.

      I ended up writting my own. And after 3 years I’m still not done. Here are some issues you should cover:

      Security
      Software licensing
      Harware/Software standards
      User do’s and don’ts
      Anti-Virus policy
      E-Mail

      If you would like I will E-Mail you some copies to review.

    • #3901874

      Policies and Procedures

      by mdwalter ·

      In reply to Policies and Procedures

      I would recommend speaking with a management consulting company, such as The Gartner Group, GIGA, or Net Reference. They can provide you with an analysis of industry best practices, and help you integrate some policies into your specific organization (for a fee, of course 8-).

    • #3900334

      Policies and Procedures

      by darlap ·

      In reply to Policies and Procedures

      I recently purchased through Barnes & Noble a book called Information Systems Policies and Pricedures Manual and it has become very handly. It assists you in the table of contents and information on how to start it. The book was written by George Jenkins.

    • #3900315

      Policies and Procedures

      by leblancd ·

      In reply to Policies and Procedures

      There is an actual RFC (Request for Comments) reguarding this issue.
      You can request a copy from the following address:
      RFC-SERVER@ISI.EDU
      .Internet Site Security Handbook
      – 1st Line of TEXT = Retrieve: RFC
      – 2nd Line of TEXT = Doc-ID: RFC1244
      – for help – 1st line of TEXT = Help: Help – don’t send a second line

      You will get a 6 part reply in the form of the Site Security Handbook.
      Its pretty extensive, and quite helpful. In any case, its a good starting point.

    • #3897374

      Policies and Procedures

      by tim.both ·

      In reply to Policies and Procedures

      I have found a series of books from Prentice Hall Publishing called “Information Systems Policies and Procedures Manual” They send out supplement publications to keep up to date. They cover a wide range of topics.

    • #3897264

      Policies and Procedures

      by kd_morand ·

      In reply to Policies and Procedures

      This is a situation crying for the long under-rated partnership of training and quality assurance.

      It’s a small company, but that should make it easier to talk to management about your security and administration concerns. If your budget permits, run a needs assessment on your own department, but – be careful to not appear to want users to avoid doing some things – just to lighten your load. Make sure each issue represents a real benefit to the users and the company.

      Present the findings to management or QA, if they exist. If not, management will most likely give you the authority to “publish” the protocol as policy. Be prepared to field some short training sessions, in groups if necessary, to address users’ responses or questions.

    • #3898520

      Policies and Procedures

      by gangstalove ·

      In reply to Policies and Procedures

      The thing to recognize is that this will be a process where you will achieve milestones, but will never end. The first thing you should do is get a book, such as IS Survival Guide, by Bob Wilson, to lay out the basics for you on topics such as change management, security management, and managing your manager. At the same time, you should be meeting with the department heads at your company to assess their business requirements. You should look for network related organizations in your area, andtry to get advice/mentoring from some of the more senior members. Chop this huge task up into smaller tasks. This makes it easier to mark your progress. The most important thing is to gather information and come up with the solutions that are best for your particular company. A boilerplate plan devised by someone else may work, but you will not get the results that you should.

    • #3893208

      Policies and Procedures

      by mwb ·

      In reply to Policies and Procedures

      I would take a more hands-on approach:
      1. Visit another network and see how they do it. If you don’t know anyone, call up a training outfit and get a tour of their facility. They usually have a lot of good policies in place.
      2. Start w/network security. Go to your local Barnes & Noble and thumb through “Hacking Exposed”. It is a multiplatform book written for managers that teaches you what every high-school hacker knows about your system.
      3. Don’t skimp on equipment. I buy good Compaq servers and then I can get used parts for years that just wont die.
      4. Most important – GET MANAGEMENT BUY-IN. No policy will ever work if you don’t.
      5. Use common sense – have fun!

    • #3743875

      Policies and Procedures

      by jclassen ·

      In reply to Policies and Procedures

      This question was closed by the author

Viewing 8 reply threads