Page 732 - StudyBook.pdf
P. 732

716    Chapter 12 • Operational and Organizational Security: Policies and Disaster Recovery

             Communication


             Communication is important to educating users on different elements of a system,
             and allowing them to be able to contact you in case of problems. If no one can
             reach you, how will you know when problems occur? Similarly, if you do not have
             mechanisms in place to communicate with users, how will they have the informa-
             tion you want them to have. Communication is the key to understanding the issues
             users are facing when incidents occur, and getting information to the parties that
             need it.To deal with these issues and convey what an organization expects from
             users, administrators need to create a system that promotes and supports good
             communication.
                 The first step to creating good methods of communication is determining what
             methods are available.This differs from business to business, but multiple avenues of
             contacting people are always available.These may include:

                  ■   Internal or Internet e-mail

                  ■   Internal phone extensions, home phone numbers, and cell phone numbers
                  ■   Pagers
                  ■   Corporate intranets and public Web sites

                  ■   Internal mail (memoranda) and snail mail (public postal services)
                  ■   Public folders and directories containing documents that can be viewed by
                      users across the network

                  ■   Instant messaging, text messaging, Short Message Service (SMS), and live
                      chat

                 Once all of the methods available to communicate with users are identified, the
             administrator can decide which ones will be used and how.
                 Obviously, administrators will want to control the ways in which users can con-
             tact them.While you wouldn’t want to provide your personal contact information
             to everyone, home phone numbers, cell phone numbers, and pager numbers can be
             provided to certain people in an organization. For example, administrators could
             provide dispatchers, management, or certain departments with these numbers, so
             they can be contacted when major incidents occur (e.g., hacking attempts, server
             crashes, and so forth). Providing contact information for IT staff ensures that inci-
             dents will not remain unattended and possibly grow worse before the next sched-
             uled workday.





          www.syngress.com
   727   728   729   730   731   732   733   734   735   736   737