Exam2 Flashcards
An agreement between a company and a vendor that stipulates performance expectations, such as minimum uptime and maximum downtime levels.
Service Level Agreement (SLA)
Expresses an understanding between two or more parties indicating their intention to work together toward a common goal
Memorandum of Understanding (MOU)
Evaluates the processes and tools used to make measurements. Uses various methods to identify variations within a measurement process that can result in invalid results.
Measurement System Analysis (MSA)
A written agreement that details the relationship between business partners, including their obligations toward the partnership.
Business partnership Agreement (BPA)
Refers to the date when a product will no longer be offered for sale
End of Life (EOL)
Indicates the date when you expect a lack of vendor support because vendors no longer create patches or upgrades to resolve vulnerabilities for the product.
End of Service Life (EOSL)
Used between two entities to ensure that proprietary data is not disclosed to unauthorized entities.
NDA
System of organizing data according to its sensitivity. Common classifications include public, confidential, secret, and top secret.
Data Classification
Refers to the processes an organization uses to manage, process, and protect data.
data governance
Identifies how long data is retained and sometimes specifies where it is stored
Data Retention Policy
- An account on a computer associated with
a specific person - The computer associates the user with a specific
identification number - Storage and files can be private to that user
- Even if another person is using the same computer
- No privileged access to the operating system
- Specifically not allowed on a user account
- This is the account type most people will use
- Your user community
Credential policies: personnel
- Access to external third-party systems
- Cloud platforms for payroll, enterprise resource planning, etc.
- Third-party access to corporate systems
- Access can come from anywhere
- Add additional layers of security
- 2FA (two factor authentication)
- Audit the security posture of third-parties
- Don’t allow account sharing
- All users should have their own account
Credential policies: Third-party
- Access to devices
- Mobile devices
- Local security
- Device certificate
- Require screen locks and unlocking standards
- Manage through a Mobile Device Manager (MDM)
- Add additional security
- Geography-based
- Include additional authentication factors
- Associate a device with a user
Credential policies: Devices
- Used exclusively by services running on a computer
- No interactive/user access (ideally)
- Web server, database server, etc.
- Access can be defined for a specific service
- Web server rights and permissions will be
different than a database server - Commonly use usernames and passwords
- You’ll need to determine the best policy for
password updates
Credential policies: service accounts
- Elevated access to one or more systems
- Super user access
- Complete access to the system
- Often used to manage hardware, drivers, and
software installation
- Often used to manage hardware, drivers, and
- This account should not be used for normal
administration- User accounts should be used
- Needs to be highly secured
- Strong passwords, 2FA
- Scheduled password changes
Credential policies: Administrator/Root Accounts
Process of making sure changes are made smoothly and efficiently and do not negatively affect systems reliability, security, confidentiality, integrity, and availability.
Change Management
The procedures used to identify, document, approve, and control changes to the project baselines
Change Control
The process of tracking valuable assets throughout their life cycles
Asset management
