Network Policies Flashcards
IT Governance
Used to provide a comprehensive security management framework for the
organization
▪ Policies
▪ Standards
▪ Baselines
▪ Guidelines
▪ Procedures
Policy
Defines the role of security inside of an organization and establishes the desired
end state for that security program
▪ Organizational
▪ System-specific
▪ Issue-specific
Organizational
o Provides framework to meet the business goals and define the roles,
responsibilities, and terms associated with it
System-specific
o Addresses the security of a specific technology, application, network, or
computer system
Issue-specific
Addresses a specific security issue such as email privacy, employee termination
procedures, or other specific issues
● Standard
Implements a policy in an organization
Baseline
Creates a reference point in network architecture and design
Guideline
Recommended action that allows for exceptions and allowances in unique
situations
Procedure
Detailed step-by-step instructions created to ensure personnel can perform a
given task or series of actions
Plans and Procedures
o Change Management
Structured way of changing the state of a computer system, network, or
IT procedure
▪ Make sure the risks are considered prior to implementing a system or
network change
● Planned
● Approved
● Documented
Incident Response Plan
▪ Contains instructions to help network and system administrators detect,
respond to, and recover from network security incidents
● Preparation
● Identification
● Containment
● Eradication
● Recovery
● Lessons learned
Disaster Recovery Plan
Documents how an organization can quickly resume work after an
unplanned incident
● Business Continuity Plan
o Outlines how a business will continue operating during an
unplanned disruption in service
o A disaster recovery plan will be referenced from a business
continuity plan
● System Life Cycle Plan
o Describes the approach to maintaining an asset from
creation to disposal
● Planning
o Involves the planning and requirement analysis for a given
system, including architecture outlining and risk
identification
● Design
o Outlines new system, including possible interconnections,
technologies to use, and how it should be implemented
● Transition
o Actual implementation, which could involve coding new
software, installing the systems, and network cabling and
configurations
● Operations
o Includes the daily running of the assets, as well as
updating, patching, and fixing any issues that may occur
● Retirement
o End of the lifecycle and occurs when the system or
network no longer has any useful life remaining in it
Standard Operating Procedure
A set of step-by-step instructions compiled by an organization to help its
employees carry out routine operations
Password Policy
A set of rules created to improve computer security by motivating users
to create and properly store secure passwords
Acceptable Use Policy (AUP)
A set of rules that restricts the ways in which a network resource may be
used and sets guidelines on how it should be used