Documentation Best Practices(Comptia Objective 4.1) Flashcards
What is an important thing to remember about Internal operating procedures?
- Organizations have different business objectives( Processes and procedures)
Different organizations will have different approaches to operational procedures such as?
- How to provide downtime notifications
- How to notify about facilities issues
Different organizations will have different approaches when it comes to Software upgrades and approach this by?
- Testing and using change control to help avoid downtime and system errors.
What is key thing to have when understanding the processes for organizations for things such as operational procedures, software upgrades etc is?
- Documentation is the key. Everyone can review and understand the policies in place with proper documentation.
What describes a network layout?
- Network topology diagrams. Maybe a logical diagram and can include physical rack locations.
What is a knowledge base/articles and what are the benefits of it?
- External sources for a knowledge base exist for issues with Microsoft and Cisco and provide a wealth of information for troubleshooting issues related to those systems
- However many organizations may also have internal documentation/ Institutional knowledge which is usually part of a help desk software.
- Knowledge bases help you find the solution quickly. Usually will have a searchable archive and will automatically search the helpdesk ticket database using keywords to help find any tickets that may have the same issue that the caller is calling in about.
What are some important factors of an Organizations Security policy/ Incident response?
- Documentation must be available( No questions)
- Documentation always changes and will need to be able to constantly update with new information as it comes to light.
- Documentation needs to have a process in place that everyone can follow and use the wiki model via an intranet page etc.
What is compliance in and out of the workplace? What is it’s purpose?
- Compliance can be defined as meeting the standards of laws, policies and regulations
- Has a healthy catalog of rules across many aspects of business and life. Many are industry specific or situational.
What are the consequences for not being in compliance?
- Penalties include fines, loss of employment and incarceration.
- You must know the scope of a regulation and whether or not the regulations rules apply internationally or regionally and that they meet the appropriate requirements
What is a type of regulation specific to finance?
- Sarbanes-Oxley Act (SOX)
The public company accounting reform and investor protection act of 2002.
What is an example of a Public Health care regulation?
- The Health Insurance Portability and Accountability Act(HIPAA). Provides extensive healthcare standards for storage, use and transmission of health care information. Often associated with patient records.
What is an example of a regulation for privacy from financial institutions?
- The Gramm-Leach-Blimey Act of 1999(GLBA)
Disclosure of privacy information from financial institutions.
What is the name for Rules and regulations specific to one companies assets?
- Acceptable Use Policies( AUP)
- Provides detailed documentation and may also be documented in the Rules of Behavior for the organization you work for.
- Covers many topics including internet use, telephones, computers, mobile devices etc.
- The intent of a AUP is to limit legal liability so in the event someone is dismissed, these are the well documented reasons why.
What are the elements of a Password Policy?
- Passwords should be complex and all passwords should expire and need to be changed every 30 days, 60 days or 90 days.
- Critical systems might change more frequently( Every 15 days or every week.
- The recovery process should not be trivial. Some organizations have a very formal process to reset a password.
What are some important things to consider about Account lockout and disablement?
- Too many bad passwords will cause a lockout( Security policy). This should be normal for most users.
- However this can cause big issues for service accounts as this can cause background applications to not be able to operate due to this lockout feature so in some instances you may wish to turn this off for services.
- If somebody leaves an organization then it is often a good idea to Disable that account. This is part of the normal change process. You don’t want to delete accounts(at least not initially) as then you won’t have any access to that users data.
