Re: Site Book Template

[Dexter Caldwell <Dexter.Caldwell () FURMAN EDU>]

Yes, I'd add executive emergency contacts for the organization and your IT
groups.  When you need resources approved to reocver from disaster, your
need to know how to get critical decisions made quickly and resources
approved in a timely fashion.  

Dexter Calwell

The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU> writes:
> Hi,
>
> � 
>
> We are looking to develop a site book template.�  It would be a
> documentation book with configuration and restoral information needed in
> order to support or restore a service.�  System and application
> administrators would be required to maintain this document.�  I’m
> wondering if anyone has any examples of a site book template that they
> would be willing to share?�  Currently, our draft version includes
> sections on:
>
> � 
>
> General:
>
> � 
>
> -� � � � � � � � � � � � �  Support contacts (i.e. application business
> owner, application technical administrator, vendor phone numbers and
> contract numbers)
>
> -� � � � � � � � � � � � �  Documentation and diagram of the
> architecture, including interconnections (data inflows and outflows)
>
> - � � � � � � � � � � � �  Software inventory and versions
>
> � 
>
> Procedures:
>
> � 
>
> -� � � � � � � � � � � � �  Standard operating procedures (including
> monitoring, alarming, logging, backups, data retention, accounts and
> authorizations)
>
> - � � � � � � � � � � � �  Test procedures (including areas within
> standard operating procedures)
>
> -� � � � � � � � � � � � �  Disaster recovery procedures (i.e. emergency
> access, service/application/data restoral)
>
> � 
>
> Configurations:
>
> � 
>
> -� � � � � � � � � � � � �  Configurations
>
> -� � � � � � � � � � � � �  Notable changes or customizations to base
> configurations
>
> -� � � � � � � � � � � � �  
>
> � 
>
> Compliance:
>
> � 
>
> -� � � � � � � � � � � � �  Security checklists (compliance with security
> standards)
>
> -� � � � � � � � � � � � �  Identification of sensitive information and
> transactions
>
> � 
>
> Does anyone have any suggestions on other items to include in the
> template?
>
> � 
>
> Thanks,
>
> Paul
>
> � 
>
> Paul Lepkowski, CISSP, GIAC-GPEN
>
> RIT Information Security Office
>
> Enterprise Information Security Lead Engineer
>
> Staff Council Representative
>
> � 
>
> Rochester Institute of Technology
>
> Ross 10-A200
>
> 151 Lomb Memorial Drive
>
> Rochester, NY 14623
>
> (585) 475-6972
>
> [ mailto:paul.lepkowski () rit edu ]paul.lepkowski () rit edu
>
> � 
>
> CONFIDENTIALITY NOTE: The information transmitted, including attachments,
> is intended only for the person(s) or entity to which it is addressed and
> may contain confidential and/or privileged material. Any review,
> retransmission, dissemination or other use of, or taking of any action in
> reliance upon this information by persons or entities other than the
> intended recipient is prohibited. If you received this in error, please
> contact the sender and destroy any copies of this information.
>
> �