Best Practices Anyone?

LittleBITLittleBIT Member Posts: 320 ■■■■□□□□□□
Hello TE,

I am moving into a role that deals with Business intelligence and Best Practices.

Anyways, my job will primarily be finding best practices, both for internal use (Applying it against our company) and applying it against our clients (close ports, reset default router passwords, enforce password expiration, etc).

Does anyone have resources for this kind of stuff? Or would anyone like to post some 'best practices'?

Now comes the obvious - ownership of intellectual property.

I'm not asking for internal business stuff, but maybe some public stuff that should be common knowledge? Or common practice? Additional forums or books I should be aware of?

I'm trying to build a database from scratch that we don't have and are lacking and my helpdesk skillset will only take me so far. I have reached out to Server Admin's, but they seem to be less focused on it as it would probably increase their workload (rightfully so).

I'm having a hard time finding stuff that doesnt relate to ITIL or ITSM. Obviously those are business best practices, but what I'm looking for are best practices that should be utilized universally.

Any and all help is welcome, and I appreciate the help.
Kindly doing the needful


  • mikeybikesmikeybikes Member Posts: 86 ■■□□□□□□□□
    I'm not entirely sure what types of best practices you are looking for, however, you may want to check out "The Visible Ops Handbook."

    Our director recently handed it out to everyone in our department and we're going to have a department discussion on change management and practices. It certainly is an eye opener and has very practical "best" practices.
  • BlackBeretBlackBeret Member Posts: 684 ■■■■■□□□□□
    Best practices and intelligence activities are things that tend to come from time and experience. As far as books go there are unlimited topic areas and books on every thing imaginable. If there's something in particular that you're looking for trying focusing on one area at a time, i.e. Physical security - locking mechanisms, entrance logging, dumpster diving, etc. Or Vulnerabilities - social engineering, employee training, etc.
  • bryguybryguy Member Posts: 190
    The Security Technical Implementation Guides (STIGs) and the NSA Guides are the configuration standards for DOD IA and IA-enabled devices/systems. You can find them at STIGs Home

    You can also look at the NIST SP 800 series at NIST Computer Security Publications - By Topic for additional security related standards.
  • LittleBITLittleBIT Member Posts: 320 ■■■■□□□□□□
    I appreciate all the replies.

    Mikey, the Visible Ops book looks promising, I'm reading a few ITIL books right now, we are currently pushing to implement MoF instead of ITIL. I personally perfer ITIL.

    Black Beret, what I'm looking for is stuff like "Are PW's expiring every XX Days" or "Is the defualt admin on the router changed" or "Are backup drives being encrypted". There are like, 12 or so 'domains' that cover everything from "Networking" "Security" "Storage" "Disaster Recovery". I'm trying to populate them with stuff so we can 'check' it against a client to see if they are up to standards. I am diving deep into the security stuff, as that is a very hard area to cover. I did actually include physical security measures as well as software / workstation / server security.

    Bryguy, Those are awsome! Thanks for those. I browsed a bit and think this will be some good references or resources for me when I build up a security template. I appreciate this.

    Again, thanks for the help guys!
    Kindly doing the needful
Sign In or Register to comment.