Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 371
  • Last Modified:

Need IT Best Practice References

I'm a 19 year IT professional but now find myself in a situation (job) where IT is viewed low on the totem pole (I have no authority essentially) and my mid level supervisor(s) have had to sacrifice one particular best practice as playing cards for compromise with other managers - local admin rights on manager and in some cases, their assistant's computers.  These managers have successfully lobbied for the ability to have local admin rights - in most cases because they don't want to wait for the short amount of time it might take to submit a Help Desk ticket.  In another case, I think it was just a power play.  In few, if any cases, those who have lobbied for and received permission to get local admin, don't have enough of an appreciation for the ramifications.  In one case, the user is actually running his machine AS an admin.  Suffice to say his machine is all jacked up at this point.  (Maybe it's the Tom-Tom GPS client software he installed...).

Anyway, I'm about to mount a formal rebuttal to upper management in defense of said best practices and would like to solicit help in locating any specific references you can suggest in order to shore up my case.  

Points will likely be sub-divided - awarded on my own personal and subjective calls - and may be issued quickly if I receive particularly helpful assistance/feedback.  Comments also welcome as I plan to show this thread to my manager and others.  Thanks.
0
LTWadmin
Asked:
LTWadmin
2 Solutions
 
AmitIT ArchitectCommented:
Read Seven Habits from Stephen Covey.

https://www.stephencovey.com/7habits/7habits.php
0
 
paul_mountcastleCommented:
I'm like most admins who try to protect users from hurting themselves, as well as the rest of us. While I haven't found one definitive resource or "bible", for lack of a better term, I have found the following resources helpful when gathering information such as this to present to higher-ups for digestions and explanation.

Best practices for computer security
http://kb.iu.edu/data/akln.html

More articles and guides from IU:
http://informationsecurity.iu.edu/articles/

specifically:
Running with Scissors
http://informationsecurity.iu.edu/articles/Running_with_Scissors

Finally, Articles and Guides for System Administrators:
http://informationsecurity.iu.edu/articles/Articles_for_Sysadmins.shtml

While this is only a very small portion of what we can find, I will say that your best bet would be to gather information from the education IT admin and support community, as I believe their experiences cover the broadest range of environments and issues.

Hope that helps.
0
 
notacomputergeekCommented:
It's unfortunate that your company does not recognize IT as a strategic business partner, but that's another discussion.

Here's some useful information from the State of California:
http://www.cio.ca.gov/OIS/Government/risk/toolkit.asp

Ultimately, your specific issue is a security/vulnerability issue and the following document is a scorecard for how well your company handles information security and can also be used as a checklist of things to consider or begin developing your own company strategy. Not all may apply to your situation. (see "Assessment Tool for State Agencies" on the above webpage)

All states have developed strategies for Information Security, so check with your state to see what they have developed. In many states, the state Office of Finance may be a good place to start.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LTWadminAuthor Commented:
notacomputergeek: thanks - your information is timely since I just read some similar information about state level requirements/standards.  
0
 
LTWadminAuthor Commented:
Paul thanks for your information as well...  May take me a while to mull through some of it...  notacomputergeek: back to your comment - yes it is unfortunate and another discussion indeed...
0
 
LTWadminAuthor Commented:
Thanks. For what ever reason the system is telling me I can't award more than 50 points total...
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now