722    Chapter 12 • Operational and Organizational Security: Policies and Disaster Recovery

             Documentation


             Nothing is more powerful or enduring than the written word. Documented proce-
             dures may make the difference between resolving a crisis quickly or not at all; poli-
             cies relate the expectations of a company, and proper records in computer forensics
             can determine whether a person is convicted of a crime.The documents created in
             an organization can be referred to and built upon for years after they were initially
             created.
                 Documentation should be clear and concise, so that anyone reading it can
             follow it without confusion. Even if a document was written as personal reference
             material, others may review it when a user is on vacation, out sick, or after they
             have left an organization.This is why it is important that every job and procedure
             be documented, so that if a person leaves a particular job or is unable to perform
             those duties, necessary tasks are not left undone.
                 As discussed earlier in this chapter, and further discussed in the following sec-
             tions, there are many different types of documents that may be needed by an orga-
             nization.When creating various documents, it is important that administrators
             ensure that those needed by certain individuals are accessible to them. If they
             cannot access them, it defeats the purpose of creating them.
                 When creating documentation, there are a variety of programs that can be
             used. Microsoft Word or other word processing packages can be used to create tex-
             tual documents with graphics, which can be printed and used as manuals or hand-
             outs. Microsoft PowerPoint can be used to create slideshow presentations, which
             can be made available to users over a network or corporate intranet, allowing them
             to view the presentation from their workstations. Microsoft Visio is a program that
             can be used to generate detailed diagrams and flowcharts. By using such applica-
             tions to create documentation, administrators can create easy-to-follow information
             that users can use for on-the-job education and reference.

             Standards and Guidelines

             Standards are also used to describe the established rules and practices that are
             agreed upon by consensus.These may be set by legislation or by organizations in a
             specific field, such as:

                  ■   Institute of Electrical and Electronics Engineers (IEEE) (www.ieee.org)
                  ■   Internet Engineering Task Force (IETF) (www.ietf.org).






          www.syngress.com