Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Discussions
Off Topic
Best Practices Anyone?
LittleBIT
Hello TE,
I am moving into a role that deals with Business intelligence and Best Practices.
Anyways, my job will primarily be finding best practices, both for internal use (Applying it against our company) and applying it against our clients (close ports, reset default router passwords, enforce password expiration, etc).
Does anyone have resources for this kind of stuff? Or would anyone like to post some 'best practices'?
Now comes the obvious - ownership of intellectual property.
I'm not asking for internal business stuff, but maybe some public stuff that should be common knowledge? Or common practice? Additional forums or books I should be aware of?
I'm trying to build a database from scratch that we don't have and are lacking and my helpdesk skillset will only take me so far. I have reached out to Server Admin's, but they seem to be less focused on it as it would probably increase their workload (rightfully so).
I'm having a hard time finding stuff that doesnt relate to ITIL or ITSM. Obviously those are business best practices, but what I'm looking for are best practices that should be utilized universally.
Any and all help is welcome, and I appreciate the help.
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
mikeybikes
I'm not entirely sure what types of best practices you are looking for, however, you may want to check out "
The Visible Ops Handbook
."
Our director recently handed it out to everyone in our department and we're going to have a department discussion on change management and practices. It certainly is an eye opener and has very practical "best" practices.
BlackBeret
Best practices and intelligence activities are things that tend to come from time and experience. As far as books go there are unlimited topic areas and books on every thing imaginable. If there's something in particular that you're looking for trying focusing on one area at a time, i.e. Physical security - locking mechanisms, entrance logging, dumpster diving, etc. Or Vulnerabilities - social engineering, employee training, etc.
bryguy
The Security Technical Implementation Guides (STIGs) and the NSA Guides are the configuration standards for DOD IA and IA-enabled devices/systems. You can find them at
STIGs Home
You can also look at the NIST SP 800 series at
NIST Computer Security Publications - By Topic
for additional security related standards.
LittleBIT
I appreciate all the replies.
Mikey, the Visible Ops book looks promising, I'm reading a few ITIL books right now, we are currently pushing to implement MoF instead of ITIL. I personally perfer ITIL.
Black Beret, what I'm looking for is stuff like "Are PW's expiring every XX Days" or "Is the defualt admin on the router changed" or "Are backup drives being encrypted". There are like, 12 or so 'domains' that cover everything from "Networking" "Security" "Storage" "Disaster Recovery". I'm trying to populate them with stuff so we can 'check' it against a client to see if they are up to standards. I am diving deep into the security stuff, as that is a very hard area to cover. I did actually include physical security measures as well as software / workstation / server security.
Bryguy, Those are awsome! Thanks for those. I browsed a bit and think this will be some good references or resources for me when I build up a security template. I appreciate this.
Again, thanks for the help guys!
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
