Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Need IT Best Practice References

Posted on 2011-02-14
6
Medium Priority
?
365 Views
Last Modified: 2013-11-25
I'm a 19 year IT professional but now find myself in a situation (job) where IT is viewed low on the totem pole (I have no authority essentially) and my mid level supervisor(s) have had to sacrifice one particular best practice as playing cards for compromise with other managers - local admin rights on manager and in some cases, their assistant's computers.  These managers have successfully lobbied for the ability to have local admin rights - in most cases because they don't want to wait for the short amount of time it might take to submit a Help Desk ticket.  In another case, I think it was just a power play.  In few, if any cases, those who have lobbied for and received permission to get local admin, don't have enough of an appreciation for the ramifications.  In one case, the user is actually running his machine AS an admin.  Suffice to say his machine is all jacked up at this point.  (Maybe it's the Tom-Tom GPS client software he installed...).

Anyway, I'm about to mount a formal rebuttal to upper management in defense of said best practices and would like to solicit help in locating any specific references you can suggest in order to shore up my case.  

Points will likely be sub-divided - awarded on my own personal and subjective calls - and may be issued quickly if I receive particularly helpful assistance/feedback.  Comments also welcome as I plan to show this thread to my manager and others.  Thanks.
0
Comment
Question by:LTWadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 44

Expert Comment

by:Amit
ID: 34889027
Read Seven Habits from Stephen Covey.

https://www.stephencovey.com/7habits/7habits.php
0
 

Accepted Solution

by:
paul_mountcastle earned 75 total points
ID: 34889103
I'm like most admins who try to protect users from hurting themselves, as well as the rest of us. While I haven't found one definitive resource or "bible", for lack of a better term, I have found the following resources helpful when gathering information such as this to present to higher-ups for digestions and explanation.

Best practices for computer security
http://kb.iu.edu/data/akln.html

More articles and guides from IU:
http://informationsecurity.iu.edu/articles/

specifically:
Running with Scissors
http://informationsecurity.iu.edu/articles/Running_with_Scissors

Finally, Articles and Guides for System Administrators:
http://informationsecurity.iu.edu/articles/Articles_for_Sysadmins.shtml

While this is only a very small portion of what we can find, I will say that your best bet would be to gather information from the education IT admin and support community, as I believe their experiences cover the broadest range of environments and issues.

Hope that helps.
0
 
LVL 13

Assisted Solution

by:notacomputergeek
notacomputergeek earned 75 total points
ID: 34891290
It's unfortunate that your company does not recognize IT as a strategic business partner, but that's another discussion.

Here's some useful information from the State of California:
http://www.cio.ca.gov/OIS/Government/risk/toolkit.asp

Ultimately, your specific issue is a security/vulnerability issue and the following document is a scorecard for how well your company handles information security and can also be used as a checklist of things to consider or begin developing your own company strategy. Not all may apply to your situation. (see "Assessment Tool for State Agencies" on the above webpage)

All states have developed strategies for Information Security, so check with your state to see what they have developed. In many states, the state Office of Finance may be a good place to start.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:LTWadmin
ID: 34891700
notacomputergeek: thanks - your information is timely since I just read some similar information about state level requirements/standards.  
0
 

Author Comment

by:LTWadmin
ID: 34891749
Paul thanks for your information as well...  May take me a while to mull through some of it...  notacomputergeek: back to your comment - yes it is unfortunate and another discussion indeed...
0
 

Author Closing Comment

by:LTWadmin
ID: 34963217
Thanks. For what ever reason the system is telling me I can't award more than 50 points total...
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question