Helping the helpdesk help you
What happens when your helpdesk gets a call from a frantic staff member who’s positive his computer is being hacked by Government X this very second?
The IT helpdesk is the face, voice or automated greeting that most staff and/or customers get to deal with when calling for help*. Most IT helpdesk staff have run sheets or scripts to walk the caller through common problems or perform basic tests. With scripts and the frequency of typical requests, helpdesk staff can become very slick and effective making everyone lives easier. But what happens when a call comes through and it might be a security issue?
Here are some questions to pose to your organisation:
- Has there ever been any discussion between the helpdesk and security teams on what should be done if the call is security related?
- Is this scalable in time and work load to get every security related possible call routed to the security team answer?
- Should the IT helpdesk staff be provided scripts for basic security procedures other than “Tell them to touch nothing and you call me!”?
Each work place and environment has its own unique factors on how security related call are handled but let’s imagine the security team doesn’t want to field every call that may or may not be anything to do with a security issue. This is where a helpdesk team could, with guidance and coaching, be invaluable in saving time and effort to all parties.
A crucial first step is to define what the helpdesk should do and what they should definitely not do. This sets clear lines of demarcation, stopping any misunderstanding that can occur in the heat of the moment with someone attempting to do what they believe is the right thing and it ends up causing an awful mess.
On the “do” lists are:
- Get a clear description of the problem
- Provide standard details on the caller (username, computer details, IP address, location and so on)
- Record only the facts.
On the “should not do” lists are:
- Connect to the system to try and fix it themselves
- Offer advice on how to fix the problem
- Jump to unsupported conclusions
- Any other actions that may cause harm or impact.
From this point onwards both the security and helpdesk teams have some ground rules and can work together without causing problems.
Feel free to add any comments, thoughts or suggestions on your experiences, good or bad, on solving this problem.
Chris Mohan--- Internet Storm Center Handler on Duty
* Help – this covers actual questions on topics the IT helpdesk staff are trained in rather than those random questions such as why isn’t the fridge working. In case you were wondering, the correct answer was the fridge’s fuse had blown. Obvious really...
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago