Security Policy Best Practices

We’re taking on a new client, and their standards requirements are a bit beyond anything we’ve ever encountered.

I just finished going through a nearly-600 line spreadsheet answering questions about our network’s physical and logical security controls. It also included questions about our in-place security policies and what was covered by them. Nothing in the questionnaire was a bad idea to have implemented, but the sum total was a bit overwhelming.

We do have a security policy; it’s covered in a page or so of the employee handbook. It’s implemented, as well, but beyond that, everything has been done according to a relatively “common sense” approach. To remedy this lack of standards, my boss and I are currently going through the SANS Institute’s “Security Policy Project”, and I’ve got to say, it’s more overwhelming than the original spreadsheet.

We’ve accumulated about 15 documents that we think apply to our situation, and we’re in the middle of revising them and customizing some of the technologies they cover to work for us. After they get drafted and approved, I get to implement them. I can’t wait.

The hardest part will be a change in mindset for the users. I can’t wait to see how the operations side responds to this. I suppose it’s the price you have to play for running with the big dogs, so to speak.

Which brings me to my question. Does your company have a codified security policy? Do you ever do spot checks, or audits? Do you abide by the policy?

As always, I have anonymous comments enabled, so feel free to comment as such if you are worried about revealing too much about your network.

Life After Windows?

This isn’t particularly related to systems administration, per say, but I think that the people who read this blog might be interested in it.

According to SDTimes, Microsoft is preparing for life after Windows, with an operating system called Midori.

When I first started reading the article, I was intrigued. Windows has been the prevalent operating system of home computers now for almost 15 years. Before Windows, there was DOS. That was a paradigm shift. I’m wondering how extreme the next jump will be. How far will Microsoft push the line?

I was sad when I got to this sentence:
One of Microsoft’s goals is to provide options for Midori applications to co-exist with and interoperate with existing Windows applications, as well as to provide a migration path.

Unfortunately, that requirement might stop them from doing anything terribly exciting. With a decade of legacy code to support, I don’t see how the change could be earth shattering.

I’m not a Microsoft hater. I don’t use Windows, and I don’t particularly like it much, but I respect what it has done for standardizing the personal computer industry, and I’m interested to see if Microsoft can push the bar, and really come up with something good. Time will tell.

Arranging your workspace

When you sit down at your desk, how is your comfort level? Do you have to shove piles of paper out of the way, or do you believe that a cluttered desk indicates a cluttered mind? Do you have enough room to work? Are your ergonomics in place to stop you from getting headaches, wrist injuries, and the like?

Ryan and I were talking the other day about how our desks were arranged. He was trying to fit a laptop on the same desk as his dual monitor setup, and it struck him that it was nearly impossible to search for how people arranged their desktops without getting screenshots of, well, desktops.

In the interest of sharing information, I present a rough diagram (created in OmniGraffle), for your enjoyment:

In the interest of professionalism, I have left off the trilobyte fossil, Michael Scott sticky-notes, and bobble head Knight Who Says Ni. I also forgot the aspirin, pepto bismol, tums, and multivitamins. Being a sysadmin is hard sometimes :-)

Depending on the number of projects I’m working on, my desk is pretty messy, but filing generally helps reduce clutter.

How are your desks arranged? Do you have a way of organizing that you like more than others? Throw pictures up on flickr and share!