Chapter 2 - Understanding Security Policies Using a Lifestyle Approach

Question 1

Secure Network Lifecycle - Initiation

Answer 1

Preliminary risk assessment and categorizing of risk (low, medium, high).

Question 2

Secure Network Lifecycle - Acquisition and Development

Answer 2

Detailed risk assessment, acquiring the products and tools needed to reduce risk.

Question 3

Secure Network Lifecycle - Implementation

Answer 3

When you put countermeasuers in place on the production network.

Question 4

Secure Network Lifecycle - Operations & Maintenance

Answer 4

Monitoring and care for network security devices. Also includes incident handling.

Question 5

Secure Network Lifecycle - Disposition

Answer 5

Getting rid of network equipment (including formatting / destroying media storage devices).

Question 6

What is Qualitative risk analysis?

Answer 6

Data is gathered by an individual to determine an asset’s value, it’s vulnerabilities, potential threats, and the impact or risk based on those factors.

Question 7

What is Quantitative risk analysis?

Answer 7

Uses raw data, numbers, and statistics to determine risk.

Question 8

What are the primary reasons for documenting the value of an asset, in combination with the vulnerabilities of that asset?

Answer 8

To identify risk, and possible countermeasures.

Question 9

Who is ultimately responsible for the data and security on the network?

Answer 9

Senior Management.

Question 10

What kind of policy does the senior executive team create?

Answer 10

Governing policy (high-level security policy)

Question 11

What are the 5 steps to Cisco’s Secure Network Lifecycle?

Answer 11

1. Initiation
2. Acquisition and development
3. Implementation
4. Operations and maintenance
5. Disposition