Listed in the Toolbar above are other areas of expertise/services provided by our staff
Below is a Discussion on Virus Protection and Prevention, and Prepaid Metering
|
|
| Emerging "Best Practices" for Virus Protection and Prevention
In the following the Consultants at Bill+Peak Consulting, Inc. have provided a discussion and recommendation for the development and implementation of a “Best Practice” policy and procedure regarding protecting your organization’s IT resources from computer viruses. This is provided as a guideline and representation of the emerging elements of “Best Practices” of IT organizations in the United States in the fall of 2001.
What we have provided on this Web Site is an excerpt of our much larger Best Practices document. We are pleased to share with you this document. Simply request it by clicking where indicated.
Suggested Elements of Policies and Program
Requirement #1: No User Intervention.
Anti-virus software must require little or no user intervention.
Systems fail if we make them too complex, or if one or more components is not reliable. We know that users do not always do what we want, when we want it. The perfect anti-virus software should not expect users to be perfect. It should work properly on its own.
Requirement #2: Transparent Operation.
Product operation must be transparent to the user, yet opaque to the virus.
Anti-virus products cannot interfere with the user's use of the machine, yet it must interfere with a virus's use of the machine. Products must put a minimum load on the machine: little memory required, fast loading, fast execution. Machines should not run in any obviously different way with the product than without it.
Requirement #3: Implement Policy with Software.
Anti-virus policy must be implemented with software, not user behavior. Software can implement your policy for you. Users cannot be counted on for consistent or timely behavior, no matter how motivated and trained they are. Nor can an organization afford to train and motivate users to the level where policies are automatically and perfectly always followed. Driver training does not stop speeders; radar does. Let software do your work and implement your policy.
Requirement #4: Enforcement required.
We must be assured that the chosen software is running. There is no point in paying for something that is not installed, or that has been de-installed.
Requirement #5: Automatic network installs and upgrades.
We cannot afford to go from machine to machine to install or upgrade any software. We've paid for the network, let's put it to work for us.
Requirement #6: Automatic Central Reporting.
Central reporting must be automatic. We cannot afford to wander the halls with survey forms, asking for users to complete questionnaires on what happened last month. We need instant, perfect notification, so that we can be involved in solving the problem, not merely reporting on it.
Requirement #7: Immediate Notification.
Immediate notification of the help team is necessary. The crew that will fight the fire may happen to be out on a house call when the alarm sounds. For many organizations, automatic paging is a requirement.
Requirement #8: Automatic Self-Repair.
Products must include ability to detect if they are infected, and ideally, to self-repair. The idea of running an infected product to check user machines is unacceptable. The idea of always "booting clean and running the product from a write-protected floppy" is not always practical as a general strategy.
Requirement #9: Modularity.
Products must be modular, so that different mixes can be tailored to threat, policy, environment, and user skill level. Extra components should be available for tightening defenses during time of infection in the organization.
Requirement #10: Multi-platform support required.
Products must work across the platforms found in our offices, not just DOS. If you run DOS, OS/2, Windows, Windows 95, NT, NetWare, and VINES, you need a product that will protect you on each of these platforms.
|
PrePaid Metering Programs
One of the many problems facing a utility manager in assessing if and how to use Prepaid Metering is the lack of guidance and direction as the Best Practices for this technology. This is being accomplished through the Pilot Studies that we are performing in conjunction with utilities across the country. Through these Pilot Studies we are working with utilities to assess the Prepaid Metering technologies and develop a portfolio of Best Practices that can provide guidance to utilities. The areas we are exploring for the development of Best Practices include:
1. Assessing its use in their mix of billing and customer services options,
2. Defining how best to install and integrate the technology in their accounting and financial systems,
3. How to best integrate within their customer service processes,
4. How to best develop fair and appropriate tariffs for this category of customer, and finally
5. How to best target customer groups, and market this product and service to these targeted customers.
As we develop these Best Practices during the course of these Pilot Studies they will be published through links to this web site and will be presented by the utility team members at appropriate industry group meetings.
If you are interested in exploring how to join in with these Pilot Studies please contact us at Bill+Peak Consulting.
|
|
|
