Documentation Best Practices

Question 1

Internal operating procedures

Answer 1

• Organizations have different business objectives
• Processes and procedures
• Operational procedures
• Downtime notifications
• Facilities issues
• Software upgrades
• Testing, change control
• Documentation is the key
• Everyone can review and understand the policies

Question 2

Knowledge base and articles

Answer 2

• External sources
• Manufacturer knowledge base
• Internet communities
• Internal documentation
• Institutional knowledge
• Usually part of help desk software
• Find the solution quickly
• Searchable archive
• Automatic searches with helpdesk ticket keywords

Question 3

Network topology diagrams

Answer 3

• Describes the network layout
• May be a logical diagram
• Can include physical rack locations

Question 4

Incident response: Documentation

Answer 4

• Security policy
• An ongoing challenge
• Documentation must be available
• No questions
• Documentation always changes
• Constant updating
• Have a process in place
• Use the wiki model

Question 5

Compliance

Answer 5

• Meeting the standards of laws, policies, and
regulations

• A healthy catalog of rules
• Across many aspects of business and life
• Many are industry-specific or situational
• Penalties
• Fines
• Loss of employment
• Incarceration
• Scope
• Domestic and international requirements

Question 6

Regulatory

Answer 6

• Sarbanes-Oxley Act (SOX)
• The Public Company Accounting Reform and
Investor Protection Act of 2002

• The Health Insurance Portability and
Accountability Act (HIPAA)
• Extensive healthcare standards for storage, use, and
transmission of health care information

• The Gramm-Leach-Bliley Act of 1999 (GLBA)
• Disclosure of privacy information from
financial institutions

Question 7

Acceptable use policies (AUP)

Answer 7

• What is acceptable use of company assets?
• Detailed documentation
• May be documented in the Rules of Behavior

• Covers many topics
• Internet use, telephones, computers,
mobile devices, etc.

• Used by an organization to limit legal liability
• If someone is dismissed, these are
the well-documented reasons why

Question 8

Password policy

Answer 8

• Passwords should be complex, and
all passwords should expire
• Change every 30 days, 60 days, 90 days

• Critical systems might change more frequently
• Every 15 days or every week
• The recovery process should not be trivial!
• Some organizations have a very formal process

Question 9

Account lockout and disablement

Answer 9

• Too many bad passwords will cause a lockout
• This should be normal for most users
• This can cause big issues for service accounts
• You might want this
• Disable accounts
• Part of the normal change process
• You don’t want to delete accounts
• At least not initially

Question 10

Inventory managemen

Answer 10

• A record of every asset
• Routers, switches, cables, fiber modules, etc.
• Financial records, audits, depreciation
• Make/model, configuration, purchase date, etc.
• Tag the asset
• Barcode, RFID, visible tracking number