1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOP's

Discussion in 'Computer Security' started by nugget, Apr 12, 2007.

  1. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    This should go in here as it's related to security (though rather loosley).

    SOP's!!

    Who's got them? Who uses them? Who implemented them?

    I've been tasked with starting to get our IT SOP's up and running (after our IT pro hasn't after almost a year). The problem is I don't really know where to start. How many and how in depth would I go etc?

    Anyone's advice much appreciated.
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  2. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    We don't allow Sexually Oriented Pictures (SOPs) on our network, nor do we allow our users to browse for them on the Internet.

    So you say that you are being tasked with implementing IT SOPs? Should be hilarious!!! Be sure to provide links when you're done with that! :biggrin

    (and... uh... the depth you go is entirely up to each individual's preference... :oops: )
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  3. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  4. Crito

    Crito Banned

    505
    14
    0
    As long as they can wake you up at 2AM to ask stupid questions most managers see no need for SOPs.

    "How do I restart the server?"
    You open the manual on startup and shutdown procedures and turn to page #2.
     
    Certifications: A few
    WIP: none
  5. supag33k

    supag33k Kilobyte Poster

    461
    19
    49
    Well most IT managers like to see agreed procedures for critical stuff.

    Also if something important breaks they want to know what contingency plans where already in place and during review after the problem is sorted thy will to know if the contingencies and response was adequate.

    Just all the standard DR and QOS stuff really....

    BTW - nuggett - arent you coming over to OZ [Perth] some stage soon??

    - Well have to go for an ale or a dozen...:rolleyes: :twisted:

    supa
     
    Certifications: MCSE (NT4/2000/2003/Messaging), MCDBA
    WIP: CCNA, MCTS SQL, Exchange & Security stuff
  6. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    Looks like the kindergarten opened early today.:biggrin

    Seriously though, when you're dealing with the FDA then it's a necessity to have them. If we were just a normal company then I think it would suffice to have just a few guidelines etc.



    I'll be flying out of here on the 14th July and landing on the 15th.:twisted:
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  7. Crito

    Crito Banned

    505
    14
    0
    I can't even get most places to separate production from development. So trying to put simple rules in place like "don't run ad-hoc queries on mission-critical OLTP servers" is really just a lesson in futility. Routine maintenance, downtime scheduling and change management procedures are seldom followed. And the solution to everything ends up being restart the service or reboot the server in the middle of the work day.

    It's a good thing they have all their business continuity and disaster recovery planning done though. Chances are they'll have an opportunity to use those plans. :eek:

    Personally, I'd rather avoid problems than have to constantly be putting out fires.
     
    Certifications: A few
    WIP: none
  8. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    Wow i cant imagine an environment like that any more Crito! :)
    sounds like you have your hands full! :D
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  9. supag33k

    supag33k Kilobyte Poster

    461
    19
    49
    Yep I know what you mean about kinder4garten..some of the noobs that you come across consulting can be like this...


    I'll add the July stuff to my Calendar...and I'll PM some contact details closer to the day...
     
    Certifications: MCSE (NT4/2000/2003/Messaging), MCDBA
    WIP: CCNA, MCTS SQL, Exchange & Security stuff
  10. Crito

    Crito Banned

    505
    14
    0
    Nope, when rebooting server in middle of day become SOP then they have their hands full, as I'm out the door. I don't get paid enough to take the rap for incompetent management.

    Take a guy with an undergraduate degree in basket weaving, give him an MBA, and all of a sudden he's qualified to be Director of IT. :rolleyes:
     
    Certifications: A few
    WIP: none
  11. supag33k

    supag33k Kilobyte Poster

    461
    19
    49
    Yep Crito I share your pain buddy...some newly minted folks/PHB's are too newly minted...rubber stamped would be a better description.

    And the ones minted via MBA especially so!

    Note that useless in the IT g33k dictionary is defined as someone who has an Arts, MBA or Marketing degree [snigger]

    ...runs and hides...
     
    Certifications: MCSE (NT4/2000/2003/Messaging), MCDBA
    WIP: CCNA, MCTS SQL, Exchange & Security stuff
  12. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    I'll keep in touch too.

    I found some policy templates at sans.org too. :biggrin
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  13. Crito

    Crito Banned

    505
    14
    0
    So policy might say we only use Cisco and downtime has to be approved. While the SOP would look something like:
    http://www.cisco.com/warp/public/78/IPCC_Start_Stop.html

    Seems like there's some confusion over the military version of SOP and the kind used for regulatory compliance. To be clear I'll refer to the IT kind of SOPs as "standing operating procedures" from now on (not "standard".)
     
    Certifications: A few
    WIP: none
  14. Crito

    Crito Banned

    505
    14
    0
    I've tried to find examples of someone else in IT using SOP the same way nugget does but can't. Here's another example of an SOP for the handling of electronic evidence:
    http://www.dbm.maryland.gov/dbm_pub...ty/response_and_recovery/evidencehandling.pdf

    FWIW I really do think (technically) it should be "standing" and not "standard" operating procedures, in this context anyway. Just seems like I've always heard the term misued that way in the past (like the state of Maryland does, above.)

    Anyway, good luck... I'm outta here.
     
    Certifications: A few
    WIP: none

Share This Page

Loading...