LIA Large Installation Administration Thursday, March 2, 2017
Today Chapter 9-10,12 Documentation Disaster Recovery Ethics
9. Documentation Documentation standard Naming Unique document ID's Templates Footers Checklists Diagrams
Technical documents distribution Active distribution Notification of Updates Status Repositories CMS Wiki's
Documentation maintenance Up to date Clear responsibility Document owners Empower documentation users Dynamic documentation Audit trail Link instead of copy Expiry Date
Types of documents Process Documents User Documents Planning/Analysis/Requirements Specifications Progress/Maintenance Introductory manuals System Installation /Maintenance Reference Research/Consultancy documents
Further reading http://en.wikiversity.org/wiki/technical_writing
Writing technical documents Clear target user Jargon Abbreviations Language Use tech savvy translators Minimize disclaimers usage guides
Refrigerator manual
10. Disaster Recovery and Data Integrity What Is a Disaster? Risk Analysis. Legal Obligations. Damage Limitation. Preparation. Data Integrity.
Risk
Risk in Information Security the probability that there is a threat the probability that there are any vulnerabilities the potential impact.
What happened?
Disaster Recovery and Data Integrity The Icing. Redundant Site. Security Disasters. Media Relations.
Disaster Recovery and Data Integrity The Icing. Redundant Site. Security Disasters. Media Relations.
Ethics
Ethics Can you take an old laptop home
Ethics Can you look in a users mailbox
Ethics Can your company buy computers from your brother in law?
Ethics Can a teacher wear a Pirate Bay shirt
BOFH It's backup day today so I'm pissed off. Being the BOFH, however, does have it's advantages. I reassign null to be the tape device - it's so much more economical on my time as I don't have to keep getting up to change tapes every 5 minutes. And it speeds up backups too, so it can't be all bad can it? Of course not.
Ethics
BOFH By Simon Travaglia BOFH PFY LUSER http://bofh.ntk.net Fun but
IEEE code of ethics We, the members of the IEEE, in recognition of the importance of our technologies in affecting the quality of life throughout the world, and in accepting a personal obligation to our profession, its members and the communities we serve, do hereby commit ourselves to the highest ethical and professional conduct and agree: http://www.ieee.org/about/corporate/governance/p7-8.html http://www.ieee.org/about/ethics.html
King Universal code for Scientists Act with skill and care in all scientific work. Maintain up to date skills and assist their development in others. Take steps to prevent corrupt practices and professional misconduct. Declare conflicts of interest. Be alert to the ways in which research derives from and affects the work of other people, and respect the rights and reputations of others. Ensure that your work is lawful and justified. Minimize and justify any adverse effect your work may have on people, animals and the natural environment. Seek to discuss the issues that science raises for society. Listen to the aspirations and concerns of others. Do not knowingly mislead, or allow others to be misled, about scientific matters. Present and review scientific evidence, theory or interpretation honestly and accurately.
ACM code of Ethics Commitment to ethical professional conduct is expected of every member (voting members, associate members, and student members) of the Association for Computing Machinery (ACM).This Code, consisting of 24 imperatives formulated as statements of personal responsibility, identifies the elements of such a commitment. It contains many, but not all, issues professionals are likely to face.. http://www.acm.org/about/code-of-ethics Adopted by ACM Council 10/16/92.
USENIX/LOPSA code of ethics
Professionalism I will maintain professional conduct in the workplace, and will not allow personal feelings or beliefs to cause me to treat people unfairly or unprofessionally.
Personal Integrity I will be honest in my professional dealings, and forthcoming about my competence and the impact of my mistakes. I will seek assistance from others when required. I will avoid conflicts of interest and biases whenever possible. When my advice is sought, if I have a conflict of interest or bias, I will declare it if appropriate, and recuse myself if necessary.
Privacy I will access private information on computer systems only when it is necessary in the course of my technical duties. I will maintain and protect the confidentiality of any information to which I may have access regardless of the method by which I came into knowledge of it.
Laws and Policies I will educate myself and others on relevant laws, regulations and policies regarding the performance of my duties.
Communication I will communicate with management, users and colleagues about computer matters of mutual interest. I will strive to listen to and understand the needs of all parties.
System Integrity I will strive to ensure the necessary integrity, reliability, and availability of the systems for which I am responsible. I will design and maintain each system in a manner to support the purpose of the system to the organization.
Education I will continue to update and enhance my technical knowledge and other work-related skills. I will share my knowledge and experience with others.
Responsibility to Computing Community I will cooperate with the larger computing community to maintain the integrity of network and computing resources.
Social Responsibility As an informed professional, I will encourage the writing and adoption of relevant policies and laws consistent with these ethical principles.
Ethical Responsibility I will strive to build and maintain a safe, healthy, and productive workplace. I will do my best to make decisions consistent with the safety, privacy, and well-being of my community and the public, and to disclose promptly factors that might pose unexamined risks or dangers. I will accept and offer honest criticism of technical work as appropriate and will credit properly the contributions of others. I will lead by example, maintaining a high ethical standard and degree of professionalism in the performance of all my duties. I will support colleagues and co-workers in following this code of ethics.
Ethics The Basics. Informed Consent. Professional Code of Conduct. Network/Computer User Code of Conduct. Privileged Access Code of Conduct. Copyright Adherence. Working with Law Enforcement.
Ethics of Counterterrorism Handling ethical problems in counterterrorism An inventory of methods to support ethical decisionmaking http://www.rand.org/pubs/research_reports/rr251.html
Responsible Disclosure NCSC.nl Use GPG encrypted mail Don't do more than necessary Agree on publication Agree on liability
Code of conduct for users Will it be read? Explain Positive style Make an abstract
The Icing Setting Expectations on Privacy and Monitoring Being Told to Do Something Illegal/Unethical Verify request Check legality Decide on action Report to relevant authority/ombudsperson Whistleblowing
Change Management and Revision Control. Technical Issues Revision control covered in ESA Process and Documentation Lower the oops factor Small changes have big impact Scheduling Aggregate Not on Fridays Communications Structure Major and minor updates Quiet Times lest impact Regular times Users need to know More on this in ITIL
The Icing. Automated Front-Ends Change Management Meetings. Streamline the Process. Conclusion.