Network Policies Flashcards
IT Governance
Used to provide a comprehensive security management framework for the organization
(Policies, standards, baselines, guidelines, procedures)
Policy
Defines the role of security inside of an organization & establishes the desired end state for that security program
(Operational, system-specific, issue-specific)
Organizational
Provides framework to meet the business goals & define the roles, responsibilities, & terms associated with it
System-Specific
Addresses the security of a specific technology, application, network, or computer system
Issue-Specific
Addresses a specific security issue such as email privacy, employee termination procedures, or other specific issues
Standard
Implements a policy in an organization
Baseline
Creates a reference point in network architecture & design
Guideline
Recommended action that allows for exceptions & allowances in unique situations
Change Management
Structured way of changing the state of a computer system, network, or IT procedure (make sure risks are considered prior to implementation)
Planned, Approved, Documented
Incident Response Plan
Instructions to help network & system admins detect, respond to, & recover from network security incidents
(Preparation, identification, containment, eradication, recovery, lessons learned)
Disaster Recovery Plan
Documents how an organization can quickly resume work after an unplanned incident
Disaster Recovery Plan: Business Continuity Plan
Outlines how a business will continue operating during an unplanned disruption in service
Disaster recovery plan is referenced from a business continuity plan
Disaster Recovery Plan: System Life Cycle Plan
Describes an approach to maintaining an asset from creation to disposal
Disaster Recovery Plan: Planning
Involves the planning & requirement analysis for a given system, including architecture outlining & risk identification
Disaster Recovery Plan: Design
Outlines the new system, including possible interconnections, technologies to use, and how it should be implemented
Disaster Recovery Plan: Transition
Actual implementation, which could involve coding new software, installing the systems, & network cabling/configurations
Disaster Recovery Plan: Operations
Includes the daily running of the assets, as well as updating/patching/fixing any issues that may occur
Disaster Recovery Plan: Retirement
End of the lifecycle & occurs when the system/network no longer has any useful life remaining in it
Hardening/Security Policies: BYOD
Bring Your Own Device:
Allows employees to access enterprise networks/systems using their personal mobile devices
Create a segmented network where the BYOD devices can connect to
Hardening/Security Policies: Remote Access Policy
A document which outlines & defines acceptable methods of remotely connecting to the internal network
Hardening/Security Policies: DLP
Data Loss Prevention Policy:
A document defining how organizations can share/protect data
Minimizes accidental/malicious data loss
Common Agreements: NDA
Non-Disclosure Agreement:
Defies what data is confidential & cannot be shared outside of that relationship
In administrative control: Fines, forfeiture of rights, jail time
Common Agreements: MOU
Memorandum of Understanding (AKA: Letter of intent):
Non-binding agreement between two+ organizations to detail what common actions they intend to take
Common Agreements: SLA
Service Level Agreement:
Documents the quality, availability, & responsibilities agreed upon by a service provider & a client
