Scottie,Thanks mucho for the reply on my "best" practices querstion! Evern though my main question is about groupr polices, I think this clears up what I suspected after some smart researching I did on wickypediar! However one thing did prick my ears up a bit when I read it because it may mean I am not doing something "best"...
So if I can run this old chestnut by you again...You said one good example for disaster recovery would be to test backups and keep documentations... That being said, what if:
a. I don't keep backups because they are too hard to deal with and only introduce discovery problems when certain goverment bodies who oversee my industry come-a-knockin (like a certain fed chairman that shall remain nameless to keep me blameless!! if you catch my wind LOSLSL)
b. as i said if I document everthing then that means my job becomes less important to the bank and that could open the door up to fire me!!! i got two kids and a wife to feeder!
So is there a way that i can still call that I am doing "best practices" to the auditors??? I need some spin here!!! (maybe I can call this "adequate" practices maybe?)
Let me know as soon as possible!! and I have a burrito in the cooker on this and if I leave it in for too long it's gonna spurt beans and beeff all over my face and lap and chest!!!
THANKS, BUDDY! P.S... My bloglog beckons your attention!!! <http://www.bilano.biz/>PS.S.S: I am still looking for those SAS-70s... Anywhere that I can use PayPail would be great because my corporate fcard got stolen (which reminds me i should call HR and get that fixied up someday)
-- Mr. Billy B. Bilano, MSCE, CCNA, CISSP, and now QISP <http://www.bilano.biz/> Expert Sysadmin Since 2003! 'C:\WINDOWS, C:\WINDOWS\GO, C:\PC\CRAWL' -- RMS Scott Klassen wrote:
Best Practices aren't something that you decide and then get certified. They are generally proscribed by the vendor (manufacturer) of a specific product, be it hardware or software. Best Practice would be the generally accepted way of doing/configuring something to achieve a certain goal. The goal would be an important point, as the settings could be different depending on what your trying to do. An example of this would be if you were configuring something for pure usability, which would most likely be very different than configuring that same thing for pure security. There are also some Best Practices that operate at a higher level than any specific product, which fall under the category of common sense. Two good examples of this for disaster recovery would be to regularly test backups and to document everything. Scott Klassen -----Original Message----- From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Billy B. Bilano Sent: Monday, January 14, 2008 11:27 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] PLS help with grouped policies for my audit!!! Hey dudes!also they said i need to have some practices that have been declared "best". Where can I submit them off for review so they are certified? they wont tell me and that kid that works for me started laughing and resigned (all the more vacation time for me LOLOLSL!!!!).thanks dudesss!!!OH... And does ANYBODY know where I can get some SAS-70's wholesale??? I've been lookin on that Googler thing and can't find it! and YES I have checked eBay thank you very much!!P.S. Check out my bloglog!!! <http://www.bilano.biz>
*********************** You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at http://www.freelists.org/archives/gptalk/ ************************