Solved

Need IT Best Practice References

Posted on 2011-02-14
6
343 Views
Last Modified: 2013-11-25
I'm a 19 year IT professional but now find myself in a situation (job) where IT is viewed low on the totem pole (I have no authority essentially) and my mid level supervisor(s) have had to sacrifice one particular best practice as playing cards for compromise with other managers - local admin rights on manager and in some cases, their assistant's computers.  These managers have successfully lobbied for the ability to have local admin rights - in most cases because they don't want to wait for the short amount of time it might take to submit a Help Desk ticket.  In another case, I think it was just a power play.  In few, if any cases, those who have lobbied for and received permission to get local admin, don't have enough of an appreciation for the ramifications.  In one case, the user is actually running his machine AS an admin.  Suffice to say his machine is all jacked up at this point.  (Maybe it's the Tom-Tom GPS client software he installed...).

Anyway, I'm about to mount a formal rebuttal to upper management in defense of said best practices and would like to solicit help in locating any specific references you can suggest in order to shore up my case.  

Points will likely be sub-divided - awarded on my own personal and subjective calls - and may be issued quickly if I receive particularly helpful assistance/feedback.  Comments also welcome as I plan to show this thread to my manager and others.  Thanks.
0
Comment
Question by:LTWadmin
6 Comments
 
LVL 41

Expert Comment

by:Amit
ID: 34889027
Read Seven Habits from Stephen Covey.

https://www.stephencovey.com/7habits/7habits.php
0
 

Accepted Solution

by:
paul_mountcastle earned 25 total points
ID: 34889103
I'm like most admins who try to protect users from hurting themselves, as well as the rest of us. While I haven't found one definitive resource or "bible", for lack of a better term, I have found the following resources helpful when gathering information such as this to present to higher-ups for digestions and explanation.

Best practices for computer security
http://kb.iu.edu/data/akln.html

More articles and guides from IU:
http://informationsecurity.iu.edu/articles/

specifically:
Running with Scissors
http://informationsecurity.iu.edu/articles/Running_with_Scissors

Finally, Articles and Guides for System Administrators:
http://informationsecurity.iu.edu/articles/Articles_for_Sysadmins.shtml

While this is only a very small portion of what we can find, I will say that your best bet would be to gather information from the education IT admin and support community, as I believe their experiences cover the broadest range of environments and issues.

Hope that helps.
0
 
LVL 13

Assisted Solution

by:notacomputergeek
notacomputergeek earned 25 total points
ID: 34891290
It's unfortunate that your company does not recognize IT as a strategic business partner, but that's another discussion.

Here's some useful information from the State of California:
http://www.cio.ca.gov/OIS/Government/risk/toolkit.asp

Ultimately, your specific issue is a security/vulnerability issue and the following document is a scorecard for how well your company handles information security and can also be used as a checklist of things to consider or begin developing your own company strategy. Not all may apply to your situation. (see "Assessment Tool for State Agencies" on the above webpage)

All states have developed strategies for Information Security, so check with your state to see what they have developed. In many states, the state Office of Finance may be a good place to start.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:LTWadmin
ID: 34891700
notacomputergeek: thanks - your information is timely since I just read some similar information about state level requirements/standards.  
0
 

Author Comment

by:LTWadmin
ID: 34891749
Paul thanks for your information as well...  May take me a while to mull through some of it...  notacomputergeek: back to your comment - yes it is unfortunate and another discussion indeed...
0
 

Author Closing Comment

by:LTWadmin
ID: 34963217
Thanks. For what ever reason the system is telling me I can't award more than 50 points total...
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now