Chapter 11: Security Administration Flashcards
Transitioning
This is when you begin or terminate close business relations with a new partner.
What do you need to think about when transitioning?
Whether your policies work together, what your interoperability policies look like, and whether your security requirements mesh
-Who owns the data? How will it be backed up and managed?
Service Level Agreement (SLA)
Defines the level of service that’s going to be provided. How long will response time be for an on site tech?
SLA will typically have a technical definition in terms of mean time between failures (MTBF), mean time to repair or mean time to recovery (MTTR)
Blanket Purchase Order (BPO)
An ongoing agreement between the government and a private company in which the government agrees to keep purchasing materials, equipment, or services from a company.
The Memorandum of Understanding (MOU)
Summarizes which party is responsible for what part of the work
Interconnection Security Agreement (ISA)
Documents the technical requirements for interconnected infrastructure
Clean Desk Policy
Training Topics
Make sure employees won’t leave important information out in the open
Compliance with laws, best practices, and standards
Training Topics
Keep your users educated on which rules they must follow
Data Handling
Training Topics
Only let those who need data access it. Least Privilege.
Personally Owned Devices
Training Topics
Don’t let employees use flash drives, DVDs, cell phones, laptops, whatever. Just don’t.
Prevent tailgating
Training Topics
Tell people to be aware of what’s going on around them
Safe Internet Habits
Training Topics
Training users to avoid malicious sites and only visit trusted web servers
Public Information
Information available to the public or certain external entities.
<b>Limited Distribution</b>
-Private information, but it is shared with outside entities like a bank or something
<b>Full Distribution</b>
-Available to everyone!
Private Information
Could embarrass the company, disclose trade secrets, or worse
<b>Internal Information</b>
-Personnel records, customer lists, medical records, etc.
<b>Restricted Information</b>
-could destroy the company. Proprietary protocols, trade secrets, strategic info, marketing plans, etc.
CIA
Confidentiality, Integrity, Availability