Page 733 - StudyBook.pdf
P. 733
Operational and Organizational Security: Policies and Disaster Recovery• Chapter 12 717
In addition to having people provide notification, administrators can configure
systems to automatically contact them. Some systems provide the ability to send
out alerts when certain events occur (e.g., a system shutdown).The system can send
an e-mail message to specific e-mail addresses, or send out messages to alphanu-
meric pagers. In some cases, administrators may become aware of a problem and
deal with it before any of the users on the network notice.
Providing contact information for general users of a network is another positive
component of a communicative environment. Users should have multiple methods
of contacting IT staff, so they can acquire help and notify them of problems they
are experiencing.This allows users to inform administrators of a seemingly minor
problem that could grow into a major one. For example, a user may complain of
specific symptoms his computer is experiencing that are indicative of a virus infes-
tation. Early warning through users can catch such problems at an initial stage,
before any real damage is done.
There are many possible methods for users to contact IT staff. Help desks are
commonplace in companies, providing a single phone extension that users can call
when they are experiencing problems.A designated e-mail address and voicemail
are other methods of enabling users to report problems. Methods of contacting a
help desk should be advertised internally, through memos, internal e-mail, or on
the corporate intranet.
Signatures on e-mails can be used to provide alternative methods of contacting
individual users.The signature is text or a graphic that is automatically added by
the user’s e-mail client software to each message sent by a person.The signature can
state the name of the sender, the company phone number, an extension, fax
number, business address, e-mail address, and the Uniform Resource Locator
(URL) of the public Web site, along with any other information a person specifies.
Not only is this useful for internal users who need to respond immediately, but also
for vendors and other people external to the company.
User Awareness
Users cannot be expected to follow rules if they are not aware of them.
Organizations sometimes make the mistake of imposing policies and procedures
while failing to provide effective methods of sharing that information.This has the
same effect as if the policies and procedures were never created.
User awareness involves taking steps to make users conscious of and responsive
to security issues, rules, and practices.To make users aware, administrators can use a
number of the communications methods previously mentioned. For example, poli-
www.syngress.com
