Systems Engineers are required by the organization to bring all the technical elements of a project together. The Systems Engineer must be able to envision the project big picture and understand how each piece of the project integrates with the other pieces. The Systems Engineer position is different from the Project Manager in that the Systems Engineer is more technical and less managerial than the Project Manager. The Project Manager coordinates team members and makes sure the project is on track and on schedule. The Systems Engineer provides guidance and design to help the major and various technical aspects integrate together.
Systems engineers are required for projects that involve various technical disciplines including networking, telecommunications, server administration, computer security, and programming. The Systems Engineer should have skills in all these areas. Should have knowledge about redundant technologies, disaster recovery, and business continuity.
Policies Affecting the Systems Engineer Position
Must Take Specific action
** Password Policy - Needs to know what capabilities applications and systems should provide related to the password policy such as account reset, password complexity requirements, maximum password age, and password reset functionality.
** Privacy and Confidentiality Policy - Must understand the needs for encryption under various circumstances and the requirements.
** Internet Connection Policy - Must enforce the policy when new capabilities are added. Users are only allowed to connect to the internet using specific methods.
** Approved Application Policy - Must advise and enforce so applications are not installed on servers or workstations unless previously approved. Advise project manager to be sure the project schedule allows new applications to be evaluated.
** Wireless Communication Policy - Any use of wireless on projects must use approved technologies for security reasons.
** Network Documentation Policy - Must be sure new projects that require changes to networking or additions to networking are documented according to this policy. The System Engineer will need to use the network documentation to support some projects but normally in a read only capability.
** Internet DMZ Equipment Policy - Defines standards and configuration requirements for networking equipment used in the DMZ.
** Router Security Policy - Defines router and switch requirements, configurations, and documentation required.
** IT Equipment Purchase and Failure Prevention Policy - Provides guidelines for purchasing equipment used in critical infrastucture. The Systems Engineer must advise the Project Manager about these requirements.
** Authentication Mechanism Policy - Requires authentication mechanisms on all electronic devices with computer data (not including entertainment audio or video). The System Engineer must be sure equipment being purchased meets this policy.
** Computer Center Operations Policy - Provides the requirements for the computer center. The System Engineer should be familiar with this policy and advise team members about the capabilities of the computer center along with the requirements to place equipment into the facility.
** System Availability Policy - This policy is used to ensure that the support for the systems supporting the business will meet the business needs. The System Engineer must advise the project team in this area.
** Server Setup and Configuration Policy - Must be sure systems are designed with required redundancy and capacity to meet the business need. The systems engineer should work with clients to project future capacity needs.
** Data Classification Policy - Must be sure the system adequately protects the data using various means including encryption both for storage and transmission depending upon the needs of the data.
** Information Sensitivity Policy - When business systems or processes are set up the systems engineer must ensure that the mechanisms used to protect the data are adequate for the needs of the data. For example effective storage and transmission encryption protocols must be used to secure sensitive data.
** Encryption Policy - The systems engineer must ensure that projects and business processes use approved encryption protocols appropriately.
** Disaster Recovery Policy - The systems engineer must be sure there is a disaster recovery policy covering all critical business systems and projects.
** Software Standards Policy - The systems engineer must be sure the SDLC methodology is followed and software standards and testing requirements are adhered to. The systems engineer must ensure the software and system are designed and documented in a way to keep it maintainable.
** Business Continuity Policy - The systems engineer must be sure business continuity is considered for the project and is effective.
** Development Life Cycle Policy - The systems engineer must use the development life cycle methodology to implement the project.
** Preventative Maintenance Policy - Preventative maintenance must be considered during project planning and implementation.
** Technology Planning Policy - The systems engineer should be sure projects and business processes are documented and added to the information architecture model. The systems engineer must be sure their project adheres to the established technology plan.
** Service Level Policy - When service level agreements are required to support projects or business processes, the systems engineer must be sure the service level agreement protects the organization and properly supports the business process.
** Service Reliability and Continuity Policy - Projects must comply with this policy in a similar manner as the business continuity policy.
Must be Aware
* Perimeter Security Policy - The System Engineer should be familiar with this policy since it specifies network structure, traffic flow policy, and change processes.
Computer Training Policy - Systems engineers should be aware of computer training opportunities and skills that will improve their performance. They should request additional training where appropriate and their supervisor should also recommend training.
Asset Control Policy - Requires assets to be tracked by location in a database. Must advise the project manager about the requirements of this policy when projects require assets to be moved.
* Server Documentation Policy - The Systems Engineer must be aware and advise the Project Manager about the requirements for documenting servers as they are placed in service. This may even be the job of the Systems Engineer depending upon the organization.
* Computer and Printer Naming Policy - The Systems Engineer must be familiar with the proper naming conventions for equipment and advise the Project Manager and administrators who stand up systems.
* IP Address Assignment Policy - Prevents use of unauthorized devices and prevents network address conflicts. The Systems Engineer must advise team members of this policy as mobile devices are used or IP addresses are assigned.
* IT Steering Committee Policy - The systems engineer must be aware of the organizational security plan and be sure projects follow it.
* Insurance Purchase Policy - The systems engineer must be aware of the need to purchase insurance depending on organizational directives when project risk exceeds a set limit and inform management when those conditions exist.
* Segregation of Duties Policy - The systems engineer must be sure projects and the management of servers and business processes adhere to this policy.
* Auditing Policy - The project will be audited at an early phase to be sure the proper controls are designed into the project. The project will be audited to be sure it meets security standards, coding practices, operational requirements, disaster recovery, and internal controls.
* Acquisition and Maintenance Policy - The systems engineer must be sure the projects follow the acquisition and management framework which includes patch management, document publication, document retention, development standards, and other items.
* Contracting Policy - Requires all third party contracts and services to be identified. Where third parties are used in projects, the systems engineer must be aware of this policy's requirements.
* Supplier Policy - Requires all third party contracts and services to be identified. Where third parties are used in projects, the systems engineer must be aware of this policy's requirements.
* External Requirements Policy - The systems engineer must be aware of this policy to ensure that projects comply with any external requirements depending upon the business function.
* Service Monitoring Policy - Requires services to be monitored for quality which may require modifications to systems, services, information technology functions, or business functions.
* Quality Policy - The systems engineer must help ensure quality activities are followed during project development. Some of these activities include code reviews and testing
Affects Job but Awareness not Required
* Computer Training Policy - Is trained in various technical areas.
* User Privilege Policy - May require more than basic access depending upon the organization.