Network Policies Flashcards

1
Q

IT Governance

A

Used to provide a comprehensive security management framework for the
organization
▪ Policies
▪ Standards
▪ Baselines
▪ Guidelines
▪ Procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Policy

A

Defines the role of security inside of an organization and establishes the desired
end state for that security program
▪ Organizational
▪ System-specific
▪ Issue-specific

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Organizational

A

o Provides framework to meet the business goals and define the roles,
responsibilities, and terms associated with it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

System-specific

A

o Addresses the security of a specific technology, application, network, or
computer system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Issue-specific

A

Addresses a specific security issue such as email privacy, employee termination
procedures, or other specific issues

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

● Standard

A

Implements a policy in an organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Baseline

A

Creates a reference point in network architecture and design

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Guideline

A

Recommended action that allows for exceptions and allowances in unique
situations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Procedure

A

Detailed step-by-step instructions created to ensure personnel can perform a
given task or series of actions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Plans and Procedures
o Change Management

A

Structured way of changing the state of a computer system, network, or
IT procedure
▪ Make sure the risks are considered prior to implementing a system or
network change
● Planned
● Approved
● Documented

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Incident Response Plan

A

▪ Contains instructions to help network and system administrators detect,
respond to, and recover from network security incidents
● Preparation
● Identification
● Containment
● Eradication
● Recovery
● Lessons learned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Disaster Recovery Plan

A

Documents how an organization can quickly resume work after an
unplanned incident
● Business Continuity Plan
o Outlines how a business will continue operating during an
unplanned disruption in service
o A disaster recovery plan will be referenced from a business
continuity plan
● System Life Cycle Plan
o Describes the approach to maintaining an asset from
creation to disposal
● Planning
o Involves the planning and requirement analysis for a given
system, including architecture outlining and risk
identification
● Design
o Outlines new system, including possible interconnections,
technologies to use, and how it should be implemented
● Transition
o Actual implementation, which could involve coding new
software, installing the systems, and network cabling and
configurations
● Operations
o Includes the daily running of the assets, as well as
updating, patching, and fixing any issues that may occur
● Retirement
o End of the lifecycle and occurs when the system or
network no longer has any useful life remaining in it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Standard Operating Procedure

A

A set of step-by-step instructions compiled by an organization to help its
employees carry out routine operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Password Policy

A

A set of rules created to improve computer security by motivating users
to create and properly store secure passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Acceptable Use Policy (AUP)

A

A set of rules that restricts the ways in which a network resource may be
used and sets guidelines on how it should be used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Bring Your Own Device (BYOD) Policy

A

Allows employees to access enterprise networks and systems using their
personal mobile devices
▪ Create a segmented network where the BYOD devices can connect to

17
Q

o Remote Access Policy

A

▪ A document which outlines and defines acceptable methods of remotely
connecting to the internal network

18
Q

Onboarding Policy

A

▪ A documented policy that describes all the requirements for integrating a
new hire into the company and its cultures

19
Q

Offboarding Policy

A

A documented policy that covers all the steps to successfully part ways
with an employee who’s leaving the company

20
Q

Security Policy

A

A document that outlines how to protect the organization’s systems,
networks, and data from threats

21
Q

Data Loss Prevention Policy

A

A document defining how organizations can share and protect data
▪ Data loss prevention policy minimizes accidental or malicious data loss
▪ Set proper thresholds for your DLP policy

22
Q
A