Need IT Best Practice References

I'm a 19 year IT professional but now find myself in a situation (job) where IT is viewed low on the totem pole (I have no authority essentially) and my mid level supervisor(s) have had to sacrifice one particular best practice as playing cards for compromise with other managers - local admin rights on manager and in some cases, their assistant's computers.  These managers have successfully lobbied for the ability to have local admin rights - in most cases because they don't want to wait for the short amount of time it might take to submit a Help Desk ticket.  In another case, I think it was just a power play.  In few, if any cases, those who have lobbied for and received permission to get local admin, don't have enough of an appreciation for the ramifications.  In one case, the user is actually running his machine AS an admin.  Suffice to say his machine is all jacked up at this point.  (Maybe it's the Tom-Tom GPS client software he installed...).

Anyway, I'm about to mount a formal rebuttal to upper management in defense of said best practices and would like to solicit help in locating any specific references you can suggest in order to shore up my case.  

Points will likely be sub-divided - awarded on my own personal and subjective calls - and may be issued quickly if I receive particularly helpful assistance/feedback.  Comments also welcome as I plan to show this thread to my manager and others.  Thanks.
LTWadminAsked:
Who is Participating?
 
paul_mountcastleConnect With a Mentor Commented:
I'm like most admins who try to protect users from hurting themselves, as well as the rest of us. While I haven't found one definitive resource or "bible", for lack of a better term, I have found the following resources helpful when gathering information such as this to present to higher-ups for digestions and explanation.

Best practices for computer security
http://kb.iu.edu/data/akln.html

More articles and guides from IU:
http://informationsecurity.iu.edu/articles/

specifically:
Running with Scissors
http://informationsecurity.iu.edu/articles/Running_with_Scissors

Finally, Articles and Guides for System Administrators:
http://informationsecurity.iu.edu/articles/Articles_for_Sysadmins.shtml

While this is only a very small portion of what we can find, I will say that your best bet would be to gather information from the education IT admin and support community, as I believe their experiences cover the broadest range of environments and issues.

Hope that helps.
0
 
AmitIT ArchitectCommented:
Read Seven Habits from Stephen Covey.

https://www.stephencovey.com/7habits/7habits.php
0
 
notacomputergeekConnect With a Mentor Commented:
It's unfortunate that your company does not recognize IT as a strategic business partner, but that's another discussion.

Here's some useful information from the State of California:
http://www.cio.ca.gov/OIS/Government/risk/toolkit.asp

Ultimately, your specific issue is a security/vulnerability issue and the following document is a scorecard for how well your company handles information security and can also be used as a checklist of things to consider or begin developing your own company strategy. Not all may apply to your situation. (see "Assessment Tool for State Agencies" on the above webpage)

All states have developed strategies for Information Security, so check with your state to see what they have developed. In many states, the state Office of Finance may be a good place to start.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
LTWadminAuthor Commented:
notacomputergeek: thanks - your information is timely since I just read some similar information about state level requirements/standards.  
0
 
LTWadminAuthor Commented:
Paul thanks for your information as well...  May take me a while to mull through some of it...  notacomputergeek: back to your comment - yes it is unfortunate and another discussion indeed...
0
 
LTWadminAuthor Commented:
Thanks. For what ever reason the system is telling me I can't award more than 50 points total...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.