While researching this chapter, we talked to bigshots in the system administration world, in computer security, in the standards community, and in computer law. We were surprised that they all mentioned “signed, written policy” as being essential to a healthy organization.
Policies and procedures should be written down, approved by management, and checked by lawyers. It’s preferable that this preparation be completed before the documents need to be used to deal with a thorny problem. Several different policy documents should exist:
• Administrative service policies
• Rights and responsibilities of users
• Policies regarding sysadmins (users with special privileges)
• Guest account policy
Procedures in the form ...