Solved

Lack of formal documented policies

Posted on 2013-02-06
4
230 Views
Last Modified: 2013-03-14
What is the risk of not documenting formal procedures for basic systems administration? I have a systems admin who says the amount of day-to-day tasks they’d need to document would be never ending. But our external auditors for example made a recommendation that, per quarter, “a quarterly assessment should take place to verify that members of privileged security groups (such as domain admins) still have a valid business need”, which is fair enough, and a good idea to do.

But they say unless the procedure is documented it’s not an effective process? Why so? If an admin does do these checks whether or not the process to do so is documented somewhere, if the work is being done, what’s the risk? Why is the documentation so vital? Or is it? There are other issues, such as backup restore testing, i.e. test a restore once per quarter, change control procedures etc etc. Many of these tasks will be being done but the process to do them is not always documented. But without documenting it, but still physically doing the work, what is the issue.
0
Comment
Question by:pma111
4 Comments
 
LVL 10

Accepted Solution

by:
Pramod Ubhe earned 167 total points
ID: 38858851
documentation makes your organization process dependent instead of person dependent.

We have a security group created let's say Group 1 which has access to modify members of privileged groups like domain admin or ent. admin and whenever there is a need of any admin to member of domain admin or ent. admin someone from Group1 grants the access to complete the work. In this way you follow the process and there is no work stoppage as well.
0
 
LVL 23

Assisted Solution

by:Nagendra Pratap Singh
Nagendra Pratap Singh earned 167 total points
ID: 38859074
Documentation stops cowboy admins.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 166 total points
ID: 38859207
Documentation may not really stop cowboy admins.  Procedure enforce does that.  What are procedures, documentation on how do do things.

One of the biggest things documentation does is prevents the re-invention of the wheel.  Especially when the only person that has been doing a job for the last 5, 10, 15, 20 years comes in and says:

      I just won the lottery, I quit!!!!  Now go figure out what I've been doing for the last X years.
0
 
LVL 3

Author Comment

by:pma111
ID: 38859249
To what extent though do you document. Say for general day-to-day management and administration of database and file servers, what specific procedures do you document? I know this is the classic "it depends on your company" but surely there are some common ones per every IT shop?
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now