Security Basics mailing list archives
Re: Procedures
From: <bucklerk () dsainc com>
Date: Tue, 9 Jan 2007 00:31:52 +1100
A few guidelines I always follow when writing procedures: Break the procedures into sections. For example, if you're writing a guide on how to lock down a box, break it down into sections such as "User Account Permissions", "Password Policy", "Folder Permissions", etc. Always include a table of contents for quick reference to each section of the procedures. This helps the user implement the procedures, as well as helps you maintain your document. Always include the date the procedures were updated on EVERY PAGE. Use footers to include, at a bare minimum, the Date updated, the page number, and what the document name is. Don't assume the user's knowledge level. If you want the user to go to add/remove programs, instruct them how to get there using the start menu. If you want the user to change their password, instruct them the specific steps on how to do this. What might seem simple and easy to you may not be the case for someone who is not as technically inclined. Proofread proofread proofread. Always triple check your documents for errors. Find a guinea pig. Pick out one of the users you may feel will have problems implementing the procedures and let them test the document in a controlled environment such as a Virtual PC or a test machine. Don't help them with the document, simply ask them to implement the instructions and note any difficulties they have. Review their notes and the machine, to see if your desired results were accomplished. Always include a cover sheet detailing the document name, your company, your name, and your contact information. Write a brief description of the intended audience and purpose of the document. This should be right after the table of contents as an introduction. Include a summary for each section of your document, describing what this section accomplished. No need to get too technical. Above all, try to make your document consistent in font, size, and format. A rule I always follow is to place the normal instructional text in Arial or Times New Roman, and place all commands etc. a user must type is Courier New to avoid any auto-format or font issues from causing the command to be mis-interpreted. Ken Buckler DSA --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect --------------------------------------------------------------------------- This message and its attachments may contain legally privileged or confidential information. It is intended solely for the named addressee. If you are not the addressee indicated in this message (or responsible for delivery of the message to the addressee), you may not copy or deliver this message or its attachments to anyone. Rather, you should permanently delete this message and its attachments and kindly notify the sender by reply e-mail. Any content of this message and its attachments which does not relate to the official business of the sending company must be taken not to have been sent or endorsed by that company or any of its related entities. No warranty is made that the e-mail or attachment(s) are free from computer virus or other defect. This message and its attachments may contain legally privileged or confidential information. It is intended solely for the named addressee. If you are not the addressee indicated in this message (or responsible for delivery of the message to the addressee), you may not copy or deliver this message or its attachments to anyone. Rather, you should permanently delete this message and its attachments and kindly notify the sender by reply e-mail. Any content of this message and its attachments which does not relate to the official business of the sending company must be taken not to have been sent or endorsed by that company or any of its related entities. No warranty is made that the e-mail or attachment(s) are free from computer virus or other defect.
--------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- Procedures security (Jan 05)
- Re: Procedures PCSC Information Services (Jan 08)
- Procedural Issues WALI (Jan 08)
- RE: Procedural Issues Vic N (Jan 09)
- RE: Procedural Issues WALI (Jan 09)
- RE: Procedural Issues security (Jan 09)
- RE: Procedural Issues Vic N (Jan 09)
- Re: Procedures PCSC Information Services (Jan 08)
- <Possible follow-ups>
- Re: Procedures bucklerk (Jan 08)
- Re: Procedures bucklerk (Jan 08)