Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Procedures

From: <bucklerk () dsainc com>
Date: Tue, 9 Jan 2007 00:31:52 +1100 
A few guidelines I always follow when writing procedures:

Break the procedures into sections.  For example, if you're writing a guide
on how to lock down a box, break it down into sections such as "User Account
Permissions", "Password Policy", "Folder Permissions", etc.

Always include a table of contents for quick reference to each section of
the procedures.  This helps the user implement the procedures, as well as
helps you maintain your document.

Always include the date the procedures were updated on EVERY PAGE.  Use
footers to include, at a bare minimum, the Date updated, the page number,
and what the document name is.

Don't assume the user's knowledge level.  If you want the user to go to
add/remove programs, instruct them how to get there using the start menu.
If you want the user to change their password, instruct them the specific
steps on how to do this.  What might seem simple and easy to you may not be
the case for someone who is not as technically inclined.

Proofread proofread proofread.  Always triple check your documents for
errors.

Find a guinea pig.  Pick out one of the users you may feel will have
problems implementing the procedures and let them test the document in a
controlled environment such as a Virtual PC or a test machine.  Don't help
them with the document, simply ask them to implement the instructions and
note any difficulties they have.
Review their notes and the machine, to see if your desired results were
accomplished.

Always include a cover sheet detailing the document name, your company, your
name, and your contact information.

Write a brief description of the intended audience and purpose of the
document.  This should be right after the table of contents as an
introduction.

Include a summary for each section of your document, describing what this
section accomplished.  No need to get too technical.

Above all, try to make your document consistent in font, size, and format.

A rule I always follow is to place the normal instructional text in Arial or
Times New Roman, and place all commands etc. a user must type is Courier New
to avoid any auto-format or font issues from causing the command to be
mis-interpreted.

Ken Buckler
DSA

---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------


This message and its attachments may contain legally privileged or
confidential information. It is intended solely for the named addressee. If
you are not the addressee indicated in this message (or responsible for
delivery of the message to the addressee), you may not copy or deliver this
message or its attachments to anyone. Rather, you should permanently delete
this message and its attachments and kindly notify the sender by reply
e-mail. Any content of this message and its attachments which does not
relate to the official business of the sending company must be taken not to
have been sent or endorsed by that company or any of its related entities.
No warranty is made that the e-mail or attachment(s) are free from computer
virus or other defect.


This message and its attachments may contain legally privileged or confidential information. It is intended solely for 
the named addressee. If you are not the addressee indicated in this message (or responsible for delivery of the message 
to the addressee), you may not copy or deliver this message or its attachments to anyone. Rather, you should 
permanently delete this message and its attachments and kindly notify the sender by reply e-mail. Any content of this 
message and its attachments which does not relate to the official business of the sending company must be taken not to 
have been sent or endorsed by that company or any of its related entities. No warranty is made that the e-mail or 
attachment(s) are free from computer virus or other defect.


---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: