Network Policies Flashcards

1
Q

IT Governance

A

Used to provide a comprehensive security management framework for the organization

(Policies, standards, baselines, guidelines, procedures)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Policy

A

Defines the role of security inside of an organization & establishes the desired end state for that security program

(Operational, system-specific, issue-specific)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Organizational

A

Provides framework to meet the business goals & define the roles, responsibilities, & terms associated with it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

System-Specific

A

Addresses the security of a specific technology, application, network, or computer system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Issue-Specific

A

Addresses a specific security issue such as email privacy, employee termination procedures, or other specific issues

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Standard

A

Implements a policy in an organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Baseline

A

Creates a reference point in network architecture & design

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Guideline

A

Recommended action that allows for exceptions & allowances in unique situations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Change Management

A

Structured way of changing the state of a computer system, network, or IT procedure (make sure risks are considered prior to implementation)

Planned, Approved, Documented

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Incident Response Plan

A

Instructions to help network & system admins detect, respond to, & recover from network security incidents

(Preparation, identification, containment, eradication, recovery, lessons learned)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Disaster Recovery Plan

A

Documents how an organization can quickly resume work after an unplanned incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Disaster Recovery Plan: Business Continuity Plan

A

Outlines how a business will continue operating during an unplanned disruption in service

Disaster recovery plan is referenced from a business continuity plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Disaster Recovery Plan: System Life Cycle Plan

A

Describes an approach to maintaining an asset from creation to disposal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Disaster Recovery Plan: Planning

A

Involves the planning & requirement analysis for a given system, including architecture outlining & risk identification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Disaster Recovery Plan: Design

A

Outlines the new system, including possible interconnections, technologies to use, and how it should be implemented

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Disaster Recovery Plan: Transition

A

Actual implementation, which could involve coding new software, installing the systems, & network cabling/configurations

17
Q

Disaster Recovery Plan: Operations

A

Includes the daily running of the assets, as well as updating/patching/fixing any issues that may occur

18
Q

Disaster Recovery Plan: Retirement

A

End of the lifecycle & occurs when the system/network no longer has any useful life remaining in it

19
Q

Hardening/Security Policies: BYOD

A

Bring Your Own Device:
Allows employees to access enterprise networks/systems using their personal mobile devices

Create a segmented network where the BYOD devices can connect to

20
Q

Hardening/Security Policies: Remote Access Policy

A

A document which outlines & defines acceptable methods of remotely connecting to the internal network

21
Q

Hardening/Security Policies: DLP

A

Data Loss Prevention Policy:
A document defining how organizations can share/protect data

Minimizes accidental/malicious data loss

22
Q

Common Agreements: NDA

A

Non-Disclosure Agreement:
Defies what data is confidential & cannot be shared outside of that relationship

In administrative control: Fines, forfeiture of rights, jail time

23
Q

Common Agreements: MOU

A

Memorandum of Understanding (AKA: Letter of intent):

Non-binding agreement between two+ organizations to detail what common actions they intend to take

24
Q

Common Agreements: SLA

A

Service Level Agreement:

Documents the quality, availability, & responsibilities agreed upon by a service provider & a client