Managing Risk Flashcards
process for how a company deals with bad things on the network(s)
risk management
any written documente descibing how a company protects its IT infrastructure
security policy
document that explains what is and is not acceptable to do on an organization’s computers; typically describes ownership, network access, privacy/consent to monitoring, and illegal use
acceptable use policy (AUP)
document that explains who can access a company’s network, how they may access it, and what they may access on it
network access policy
company document that describes how a company addresses the risk of data loss or theft
data loss prevention (DLP) policy
provision of some security policies that restrict what hardware and software can be exported
international export controls
rules on commercial software that determine whether (and where?) that software can be taken to other countries
licensing restrictions
permission granted to data stored on a laptop or device to be taken to another country
export license
group of people in an organization in charge of investigation, testing, and implementing/authorizing all but the smallest change in the organization
change management team
process for approving a change request based on the details from a change request, management approval, and funding
approval process
in the process of making an IT infrastructure change, this is the period of time for implementing and testing a desired change
maintenance window
permission by the change management team for systems, departments, etc. to be down when implementing a change
authorize downtime
final step of an IT change, it includes documenting all changes, such as network configurations, additions to the network, and physical location changes
change management documentation
one system that, if it failes, will cause significant stoppage - bring down an entire process, workflow, or the entire organization
single point of failure
something that is critical to the operation of a company, not necessarily IT
critical assett
devices that are critical to a business’s operation, unique to IT
critical node
the making of critical nodes to be constantly working without interruption or downtime
high availability (HA)
a single IP address that is shared by multiple systems, allowing for failover
virtual IP
open standard protocol that gangs multiple routers together into a single virtual router that uses one virtual IP address as the default gateway
Virtual Router Redundancy Protocol (VRRP)
Cisco proprietary protocol that gangs multiple routers together to acts as one virtual router with one virtual IP address
Hot Standby Router Protocol (HSRP)
the combining of multiple machines to work together and share operational work; not provided by VRRP and HSRP
load balancing
having multiple pieces of equipment working together, connected, and presenting as one logical device
clustering
document between a customer and a service provider defining the scope, quality, and terms of services to be provided; common for ISPs
service-level agreement (SLA)
document that describes an agreement between two companies where a legal agreement would not be appropriate in certain situations; would define costs, contacts, logistics, etc., such as hospitals taking over another’s patients in event of a tornado
memorandum of understanding (MOU)
