Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Procedures

From: bucklerk () dsainc com
Date: 5 Jan 2007 20:02:45 -0000
A few guidelines I always follow when writing procedures:

Break the procedures into sections.  For example, if you're writing a guide on how to lock down a box, break it down 
into sections such as "User Account Permissions", "Password Policy", "Folder Permissions", etc.

Always include a table of contents for quick reference to each section of the procedures.  This helps the user 
implement the procedures, as well as helps you maintain your document.

Always include the date the procedures were updated on EVERY PAGE.  Use footers to include, at a bare minimum, the Date 
updated, the page number, and what the document name is.

Don't assume the user's knowledge level.  If you want the user to go to add/remove programs, instruct them how to get 
there using the start menu.  If you want the user to change their password, instruct them the specific steps on how to 
do this.  What might seem simple and easy to you may not be the case for someone who is not as technically inclined.

Proofread proofread proofread.  Always triple check your documents for errors.

Find a guinea pig.  Pick out one of the users you may feel will have problems implementing the procedures and let them 
test the document in a controlled environment such as a Virtual PC or a test machine.  Don't help them with the 
document, simply ask them to implement the instructions and note any difficulties they have.
Review their notes and the machine, to see if your desired results were accomplished.

Always include a cover sheet detailing the document name, your company, your name, and your contact information.

Write a brief description of the intended audience and purpose of the document.  This should be right after the table 
of contents as an introduction.

Include a summary for each section of your document, describing what this section accomplished.  No need to get too 
technical.

Above all, try to make your document consistent in font, size, and format.

A rule I always follow is to place the normal instructional text in Arial or Times New Roman, and place all commands 
etc. a user must type is Courier New to avoid any auto-format or font issues from causing the command to be 
mis-interpreted.

Ken Buckler
DSA

---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: