Presentation is loading. Please wait.

Presentation is loading. Please wait.

Policy & Procedure IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Policy & Procedure IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong."— Presentation transcript:

1 Policy & Procedure IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong

2 2 Network Managers as Fire Fighters? Without a systematic process, you can spend your days chasing after problems Being reactive instead of proactive Wasting resources and time, patching holes instead of planning for growth and improved levels of service

3 3 The “Good Circle” Preventative management reduces unforeseen problems Reduced downtime means less effort needed to locate errors Less time spent searching for errors means more time available to do preventative management! Reduced Down Time Decrease in Error Search Preventative Management

4 4 How to be preventative? Establish policies and procedures to: –Prevent or minimise incorrect usage –Ensure maintenance of equipment –Provide smooth repair of problems when they arise –Get the most from your staff

5 5 Policy OED: –an organised and established system –Prudent, expedient, or advantageous procedure Websters: –a definite course or method of action selected from among alternatives and in light of given conditions to guide and determine present and future decisions –a high-level overall plan embracing the general goals and acceptable procedures

6 6 Policy Rules or guidelines – often inflexible –Sets a standard An organisation’s principles; –a commitment by which the organisation is held accountable Sets out the way things are done Creates a framework for the way work is done Represents the organisations POSITION or STANDPOINT on an issue

7 7 Policies Policy-making takes place under conditions of incomplete information and uncertainty Policies at three interrelated levels: –General frames used to interpret a situation and select a principal course of action –Organizing concepts within which a policy problem is addressed –Operational level concepts used to design specific policy measures

8 8 Policies Should be: –Written down –Approved by management –Checked by lawyers

9 9 Policy Documents Administrative service policies Rights and responsibilities of users Rights and responsibilities of sysadmins Guest account policy –Can you think of others?

10 10 EG: Acceptable Use Policy Account sharing Misuse of mail or WWW Pornography Defamation Industrial espionage Software installation or modification Software copying Misuse of network – file serving etc. A signature by the user that they have read, understood and agreed to the terms of the policy

11 11 UoW Polices A list of polices that govern the use of IT services at UoW can be found at –http://www.uow.edu.au/its/policies/

12 12 Broad scale policies Some issues have a larger scope than the local network group: –Handling security break-ins –Password selection criteria –Removals of logins for cause –Copyrighted material (MP3, DVD etc) –Software piracy

13 13 Procedure OED: –a set of instructions Websters –a traditional or established way of doing things

14 14 Procedure Guidelines –Sets a standard –Sets out HOW things are done –Can allow flexibility Details the preferred, recommended or required process for performing a given task A course of action developed to implement policy

15 15 Procedures Should be: –Publicized to staff – training etc. –Easy to understand –Accessible when needed -how do you know which one to use? –Available both in print and on-line –Constantly updated They need: –Open channels of communication, both vertical & horizontal –Trust and co-operation Open hard to get an “expert” to reveal their ‘secrets’

16 16 Procedures Good for regular, repetitive tasks Checklists to avoid errors or forgotten steps It’s faster to work from a recipe Changes are self-documenting Written procedures provide a measurable standard of correctness

17 17 Examples Common network tasks worth proceduralising –Adding a host –Adding a user –Localizing a machine –Setting up backups –Securing a new machine –Restarting a complex software application –Restarting/unjamming a printer –Upgrading the operating system –Emergency shutdowns –Software installation

18 18 Falling between the cracks Some problems sit between policy & procedure. Eg: –Who can have an account? –What to do when they leave?

19 19 Which to use? You must decide carefully which to use, policy, procedure or both. Policies –Stronger – but often inflexible –Must be carefully written Set and forget? –Enforceable? Procedures –Weaker –More flexible & adaptable Must be maintained –Can be built into staff training

Download ppt "Policy & Procedure IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong."

Similar presentations

Capacity Building for Repositories Dr. Helena Asamoah-Hassan University Librarian, KNUST, Kumasi, Ghana at BioMed Open Access Africa Conference held at.

Capacity Building for Repositories Dr. Helena Asamoah-Hassan University Librarian, KNUST, Kumasi, Ghana at BioMed Open Access Africa Conference held at.
System Development Life Cycle (SDLC)

System Development Life Cycle (SDLC)
 Email Management has become a multi-faceted complex task involving:  Storage Management  Content Management  Document Management  Quota Management.

 Management has become a multi-faceted complex task involving:  Storage Management  Content Management  Document Management  Quota Management.
Data Quality And Stewardship. PROVIDED BY THE IDAHO STATE DEPARTMENT OF EDUCATION.

Data Quality And Stewardship. PROVIDED BY THE IDAHO STATE DEPARTMENT OF EDUCATION.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Audit of IT Systems SARQA / DKG Scandinavian Conference, October 2002, Copenhagen Sue Gregory.

Audit of IT Systems SARQA / DKG Scandinavian Conference, October 2002, Copenhagen Sue Gregory.
Information Technology Control Day IV Afternoon Sessions.

Information Technology Control Day IV Afternoon Sessions.
Health and Safety - an update Ian Gillett Safety Director.

Health and Safety - an update Ian Gillett Safety Director.
Security Controls – What Works

Security Controls – What Works
CST 481/598 x.2.  Broad overview of policy material  What is a “process”  Tiers (not tears) Many thanks to Jeni Li.

CST 481/598 x.2.  Broad overview of policy material  What is a “process”  Tiers (not tears) Many thanks to Jeni Li.
Database Administration Chapter 8 12011 FOSTER School of Business Acctg. 420.

Database Administration Chapter FOSTER School of Business Acctg. 420.
INDUSTRIAL & SYSTEMS ENGINEERING

INDUSTRIAL & SYSTEMS ENGINEERING
R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.

R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.
ISO General Awareness Training

ISO General Awareness Training
IS112 – Chapter 1 Notes Computer Organization and Programming Professor Catherine Dwyer Fall 2004.

IS112 – Chapter 1 Notes Computer Organization and Programming Professor Catherine Dwyer Fall 2004.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
The Australian/New Zealand Standard on Risk Management

The Australian/New Zealand Standard on Risk Management
Mitun PatelMXP07U. Organisational structure Top management; this includes the organisation’s general manager and its executives Department managers; this.

Mitun PatelMXP07U. Organisational structure Top management; this includes the organisation’s general manager and its executives Department managers; this.
Purpose of the Standards

Purpose of the Standards
Session 3 – Information Security Policies

Session 3 – Information Security Policies

Similar presentations

Ads by Google