Managing Risk Flashcards
Security Policy
A written document that defines how an organization will protect its IT infrastructure.
AUP
Acceptable Use Policy; defines what is and what is not acceptable to do on an organization’s computers.
- Ownership
- Network Access
- Privacy/consent to Monitoring
- Illegal Use
Network Access Policy
defines who may access the network, how they may access the network, and what they can access.
- Pricileged user agreement policy
- Passwork Policy
- Data Loss PreventionPolicy
- Remote Access Policy
Change Management
The process of creating change in your infrastructure in an organized, controlled, and safe way.
Patch Management
The process of regularly updating operating systems and application to avoid security threats.
VRRP & HSRP
Virtual Router Redundancy Protocol (open standard) & Hot Standby Router Protocol (cisco)
Both protocols take multiple routers and gang them together into a single virteal router with a single virteal IP address that clients use as a default gateway
Standard Business Documents
- Service Level Agreement
- Memorandum of Understanding
- Multi-Source Agreement
- Statement of Work
- Nondisclosure Agreement
Service Level Agreement
A document between a customenr and a service provider that defines the scope. puality. and terms of the service to be proided.
A typical SLA from and ISP contains the following:
- Definition fo the service provided
- Equipment
- Technical Support
Memorandum of Understanding
A document that defines an agreement between two parties in sitiation swhere a legal contract wouldn’t be appropriate
Multi-Source Agreement
A document that details the interoperability of network hardware from a variety of manufacturers
Statment of Work
A contract that defines the services, porducts, and time frames for the vendor to achieve.
MTBF
Mean Time Between Failures:
A factor typically applied to a hardware component that represent the manufacturer’s best guess regarding how much time will pass between major failures of that component
MTTR
Mean Time To Recovery:
The estimated amount of time it takes to recover from a hardware component failure
Computer Forensics
- Secure the area
- Document the scene
- Dollect evidence
- Interface with authorities