Network Policies Flashcards
IT Governance
Used to provide a comprehensive security management framework for the
organization
▪ Policies
▪ Standards
▪ Baselines
▪ Guidelines
▪ Procedures
Policy
Defines the role of security inside of an organization and establishes the desired
end state for that security program
▪ Organizational
▪ System-specific
▪ Issue-specific
Organizational
o Provides framework to meet the business goals and define the roles,
responsibilities, and terms associated with it
System-specific
o Addresses the security of a specific technology, application, network, or
computer system
Issue-specific
Addresses a specific security issue such as email privacy, employee termination
procedures, or other specific issues
● Standard
Implements a policy in an organization
Baseline
Creates a reference point in network architecture and design
Guideline
Recommended action that allows for exceptions and allowances in unique
situations
Procedure
Detailed step-by-step instructions created to ensure personnel can perform a
given task or series of actions
Plans and Procedures
o Change Management
Structured way of changing the state of a computer system, network, or
IT procedure
▪ Make sure the risks are considered prior to implementing a system or
network change
● Planned
● Approved
● Documented
Incident Response Plan
▪ Contains instructions to help network and system administrators detect,
respond to, and recover from network security incidents
● Preparation
● Identification
● Containment
● Eradication
● Recovery
● Lessons learned
Disaster Recovery Plan
Documents how an organization can quickly resume work after an
unplanned incident
● Business Continuity Plan
o Outlines how a business will continue operating during an
unplanned disruption in service
o A disaster recovery plan will be referenced from a business
continuity plan
● System Life Cycle Plan
o Describes the approach to maintaining an asset from
creation to disposal
● Planning
o Involves the planning and requirement analysis for a given
system, including architecture outlining and risk
identification
● Design
o Outlines new system, including possible interconnections,
technologies to use, and how it should be implemented
● Transition
o Actual implementation, which could involve coding new
software, installing the systems, and network cabling and
configurations
● Operations
o Includes the daily running of the assets, as well as
updating, patching, and fixing any issues that may occur
● Retirement
o End of the lifecycle and occurs when the system or
network no longer has any useful life remaining in it
Standard Operating Procedure
A set of step-by-step instructions compiled by an organization to help its
employees carry out routine operations
Password Policy
A set of rules created to improve computer security by motivating users
to create and properly store secure passwords
Acceptable Use Policy (AUP)
A set of rules that restricts the ways in which a network resource may be
used and sets guidelines on how it should be used
Bring Your Own Device (BYOD) Policy
Allows employees to access enterprise networks and systems using their
personal mobile devices
▪ Create a segmented network where the BYOD devices can connect to
o Remote Access Policy
▪ A document which outlines and defines acceptable methods of remotely
connecting to the internal network
Onboarding Policy
▪ A documented policy that describes all the requirements for integrating a
new hire into the company and its cultures
Offboarding Policy
A documented policy that covers all the steps to successfully part ways
with an employee who’s leaving the company
Security Policy
A document that outlines how to protect the organization’s systems,
networks, and data from threats
Data Loss Prevention Policy
A document defining how organizations can share and protect data
▪ Data loss prevention policy minimizes accidental or malicious data loss
▪ Set proper thresholds for your DLP policy
