Page 739 - StudyBook.pdf
P. 739
Operational and Organizational Security: Policies and Disaster Recovery• Chapter 12 723
IEEE is an organization that sets standards for computing and electronics indus-
tries, while IETF sets standards for the Internet. By establishing standards and
guidelines, everyone in a particular industry follows the same guidelines in the
products they create.
Even if your company isn’t in the business of developing software or hardware
products, using the standards and guidelines developed by such organizations can be
extremely useful. By reviewing the documents outlining standards, you can achieve
the same insight as those companies who develop the software and hardware used
by your business. For example,Transmission Control Protocol/Internet Protocol
(TCP/IP),Virtual Private Networks (VPNs), and numerous other elements of a
network are standards that have associated documents outlining how they function,
commands, utilities, and other aspects that are important in daily use as a network
administrator or IT professional.
Standards and guidelines are also another term used to describe the policies and
procedures used in an organization.A standard is a level of excellence that an orga-
nization expects its members to live up to. Standards may deal with such issues as
acceptable behavior, codes of ethics, or other topics of concern. Guidelines offer
instructions on how members can achieve these standards.
Standards are not limited to the conduct of employees, but also relate to the
network. Software and equipment are expected to live up to certain standards, and
when they fail to do so, performance and functionality may suffer. For example, if a
database program is expected to support 10,000 users, but bogs down when 5,000
users access it, it fails to achieve the standard initially set for it. Before imple-
menting a new system, it is important to document what standards are set for a
system, so that there is a clear understanding of what is expected between an orga-
nization and the vendor who sold it to them.This provides a level of protection for
an organization if the standard is not met and support is needed, or (in worse case
scenarios) legal action must be taken. Guidelines can also be used to provide
instructions on what actions should be taken when a problem occurs. Guidelines
dealing with systems and users should include certain attributes.Administrators
should title the document so that it reflects what the document deals with,
enabling anyone who opens the document to see if it applies to what they are
looking for. For example, if a user wanted to update the signature files for a server’s
antivirus program, seeing the title “Problems with Viruses” might make them think
this describes why viruses are bad.A title such as “Updating Antivirus Files” would
be clear to the reader, who would save time that would have been spent trying to
determine what the document is about.The document should also provide infor-
mation on symptoms, so the reader knows whether the procedure applies to a par-
www.syngress.com
