Policy & Procedure IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Slides:



Advertisements
Similar presentations
Capacity Building for Repositories Dr. Helena Asamoah-Hassan University Librarian, KNUST, Kumasi, Ghana at BioMed Open Access Africa Conference held at.
Advertisements

System Development Life Cycle (SDLC)
 Management has become a multi-faceted complex task involving:  Storage Management  Content Management  Document Management  Quota Management.
Data Quality And Stewardship. PROVIDED BY THE IDAHO STATE DEPARTMENT OF EDUCATION.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Audit of IT Systems SARQA / DKG Scandinavian Conference, October 2002, Copenhagen Sue Gregory.
Information Technology Control Day IV Afternoon Sessions.
Health and Safety - an update Ian Gillett Safety Director.
Security Controls – What Works
CST 481/598 x.2.  Broad overview of policy material  What is a “process”  Tiers (not tears) Many thanks to Jeni Li.
Database Administration Chapter FOSTER School of Business Acctg. 420.
INDUSTRIAL & SYSTEMS ENGINEERING
R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.
ISO General Awareness Training
IS112 – Chapter 1 Notes Computer Organization and Programming Professor Catherine Dwyer Fall 2004.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
The Australian/New Zealand Standard on Risk Management
Mitun PatelMXP07U. Organisational structure Top management; this includes the organisation’s general manager and its executives Department managers; this.
Purpose of the Standards
Session 3 – Information Security Policies
Managing a computerised PO Operating environment 1.
5.2 Personnel Use competent staff Supervise as necessary
Network security policy: best practices
TC176/IAF ISO 9001:2000 Auditing Practices Group.
Incident Response Updated 03/20/2015
1 CHCOHS312A Follow safety procedures for direct care work.
1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.
ISO Quality management International Organization for Standardization International Organization for Standardization It addresses various aspects.
1 DATABASE TECHNOLOGIES BUS Abdou Illia, Fall 2007 (Week 3, Tuesday 9/4/2007)
Term 2, 2011 Week 3. CONTENTS The physical design of a network Network diagrams People who develop and support networks Developing a network Supporting.
Managing Computerised Offices Operating environment
Data Administration & Database Administration
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Chapter 16 Designing Effective Output. E – 2 Before H000 Produce Hardware Investment Report HI000 Produce Hardware Investment Lines H100 Read Hardware.
Project Management Methodology Project Closing. Project closing stage Must be performed for all projects, successfully completed or shut off by management.
Royal Latin School. Spec Coverage: a) Explain the advantages of networking stand-alone computers into a local area network e) Describe the differences.
DR. J.ARUL SURESH DEPARTMENT OF COMMERCE LOYOLA COLLEGE,C HENNAI.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
A Level ICT Unit Implementing CBIS’s. Support Installing a new system is disruptive and the support program will need to be planned well in advance.
I.Information Building & Retrieval Learning Objectives: the process of Information building the responsibilities and interaction of each data managing.
D1.HGE.CL7.01 D1.HGA.CL6.08 Slide 1. Introduction Design, prepare and present reports  Classroom schedule  Trainer contact details  Assessments  Resources:
1 User Policy (slides from Michael Ee and Julia Gideon)
Environmental Management System Definitions
Object-Oriented Software Engineering Practical Software Development using UML and Java Chapter 1: Software and Software Engineering.
- Ahmad Al-Ghoul Data design. 2 learning Objectives Explain data design concepts and data structures Explain data design concepts and data structures.
Appendix C: Designing an Operations Framework to Manage Security.
Professional Writing College of Public and Community Service University of Massachusetts Boston ©2010 William Holmes 1.
Systems Analysis and Design in a Changing World, Fourth Edition
1 CS 501 Spring 2002 CS 501: Software Engineering Lecture 24 Delivering the System.
RSSO refresher meeting J. Pedersen M. Tavlet, T. Otto.
Data Management Seminar, 8-11th July 2008, Hamburg 1 ICCS 2009 – On-line Data Collection in the Main Survey.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Communications & Networks National 4 & 5 Computing Science.
CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.
Database Administration Basics. Basic Concepts and Definitions  Data Facts that can be recorded and stored  Metadata Data that describes properties.
Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.
Configuration Management By Abokor and Alireza. The Overview of Configuration Management  Network Configuration is a process of organising and maintaining.
TC176/IAF ISO 9001:2000 Auditing Practices Group.
Project Management Methodology Project Closing. Project closing stage Must be performed for all projects, successfully completed or shut off by management.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Security Methods and Practice Principles of Information Security, Fourth Edition CET4884 Planning for Security Ch5 Part I.
Welcome to the ICT Department Unit 3_5 Security Policies.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
July 7, System and Network Administration: Introduction Abdul Wahid.
Advanced Software Engineering Dr. Cheng
Chapter 1 The Systems Development Environment
Chapter 1 The Systems Development Environment
Figure 11-5: Control Principles
DEPLOYING SECURITY CONFIGURATION
Chapter 1 The Systems Development Environment
Presentation transcript:

Policy & Procedure IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong

2 Network Managers as Fire Fighters? Without a systematic process, you can spend your days chasing after problems Being reactive instead of proactive Wasting resources and time, patching holes instead of planning for growth and improved levels of service

3 The “Good Circle” Preventative management reduces unforeseen problems Reduced downtime means less effort needed to locate errors Less time spent searching for errors means more time available to do preventative management! Reduced Down Time Decrease in Error Search Preventative Management

4 How to be preventative? Establish policies and procedures to: –Prevent or minimise incorrect usage –Ensure maintenance of equipment –Provide smooth repair of problems when they arise –Get the most from your staff

5 Policy OED: –an organised and established system –Prudent, expedient, or advantageous procedure Websters: –a definite course or method of action selected from among alternatives and in light of given conditions to guide and determine present and future decisions –a high-level overall plan embracing the general goals and acceptable procedures

6 Policy Rules or guidelines – often inflexible –Sets a standard An organisation’s principles; –a commitment by which the organisation is held accountable Sets out the way things are done Creates a framework for the way work is done Represents the organisations POSITION or STANDPOINT on an issue

7 Policies Policy-making takes place under conditions of incomplete information and uncertainty Policies at three interrelated levels: –General frames used to interpret a situation and select a principal course of action –Organizing concepts within which a policy problem is addressed –Operational level concepts used to design specific policy measures

8 Policies Should be: –Written down –Approved by management –Checked by lawyers

9 Policy Documents Administrative service policies Rights and responsibilities of users Rights and responsibilities of sysadmins Guest account policy –Can you think of others?

10 EG: Acceptable Use Policy Account sharing Misuse of mail or WWW Pornography Defamation Industrial espionage Software installation or modification Software copying Misuse of network – file serving etc. A signature by the user that they have read, understood and agreed to the terms of the policy

11 UoW Polices A list of polices that govern the use of IT services at UoW can be found at –

12 Broad scale policies Some issues have a larger scope than the local network group: –Handling security break-ins –Password selection criteria –Removals of logins for cause –Copyrighted material (MP3, DVD etc) –Software piracy

13 Procedure OED: –a set of instructions Websters –a traditional or established way of doing things

14 Procedure Guidelines –Sets a standard –Sets out HOW things are done –Can allow flexibility Details the preferred, recommended or required process for performing a given task A course of action developed to implement policy

15 Procedures Should be: –Publicized to staff – training etc. –Easy to understand –Accessible when needed -how do you know which one to use? –Available both in print and on-line –Constantly updated They need: –Open channels of communication, both vertical & horizontal –Trust and co-operation Open hard to get an “expert” to reveal their ‘secrets’

16 Procedures Good for regular, repetitive tasks Checklists to avoid errors or forgotten steps It’s faster to work from a recipe Changes are self-documenting Written procedures provide a measurable standard of correctness

17 Examples Common network tasks worth proceduralising –Adding a host –Adding a user –Localizing a machine –Setting up backups –Securing a new machine –Restarting a complex software application –Restarting/unjamming a printer –Upgrading the operating system –Emergency shutdowns –Software installation

18 Falling between the cracks Some problems sit between policy & procedure. Eg: –Who can have an account? –What to do when they leave?

19 Which to use? You must decide carefully which to use, policy, procedure or both. Policies –Stronger – but often inflexible –Must be carefully written Set and forget? –Enforceable? Procedures –Weaker –More flexible & adaptable Must be maintained –Can be built into staff training

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.