Organizational and Security Concepts

Question 1

Service Assets

Answer 1

• Things processses or people that contribute to delivery of services
• Each must identifies with label

Question 2

CI

Answer 2

Configuration Item

• Asset that requires specific management procedrues to be used to deliver service
• Defined by their attributes

Question 3

Baseline

Answer 3

• Documents approved state of a CI
• Allows auditing to detect changes
• Can be performance or configuration

Question 4

CMS

Answer 4

Configuration Management System

• Tools and Databases that collect, store manage and present information about CIs
• Might be spreadsheet for smalled orgs or applications for larger

Question 5

Change Management Process

Answer 5

• Minimized risk of unscheduled downtime
• Changes are made in planned and conrolled way
• Changes can be reactive or proactive
• Also categorized by level of risk
• Reason for change and procedure is captued in Request for Change (RFC) document

Question 6

SOP

Answer 6

• Sets out principal goals and concsiderations, like budget, security, customer contact standards for performing a task
• Identifies responsibility and authorization for performing it.
• May contain detailed steps for completing a task

Question 7

Audit Report

Answer 7

• Identifies and records assets
• Many software suites available to assist with asset tracking
• ## Often would contain info on type, model, serial number, asset Id, location, users etc.

Question 8

Assessment Report

Answer 8

• Evaluates configuration and deployment of assets
• Records deviations from baseline
• Used to recommend improvements and goals

Question 9

Floor Plan

Answer 9

• Diagram of wiring and port locations

Question 10

Wiring Diagram

Answer 10

• shows information on terminations of RJ45 and RJ-48C jacks

- Could also include fiber optic

Question 11

Port location Diagram

Answer 11

• identifies how wall ports connect to ports on patch panel or dist frame and then to switch ports

Question 12

MDF

Answer 12

Main Distribution Frame

• Location ofr Distribution/core internal switching
• Terminates trunk lines form multiple IDFs (Intermediate Distribution Frames)
• Also where WAN circuits terminate

Question 13

IDF

Answer 13

Intermediate Distrubiton Frame

• Termination for access layer switches that serve a given area
• Each has trunk link to MDF

Question 14

Rack

Answer 14

• Specially configured steel shelving system for patch panels, switches and server devices

Question 15

Rack Diagram

Answer 15

• Records positions of each appliance in Rack
• Should also record key configruation information for each item
• You should identify which powers are UPSs

Question 16

Incident Response Plan

Answer 16

• Sets out procedures and guidelines for dealing with security incident
• Multiple Aims are present at once
• Protecting confidential data and minimizing impact
• Preserving evidence for prosecuting perpetrators
• Follow up and lessons to prevent reoccurence

Question 17

DRP

Answer 17

Disaster recovery Plan
- Address large scale performance or security incidents
- Focuses on switches to fail over systems or restoring backups
Should address:
- Identify scenarios for natural and non-natural disasters and options for protecting systems
- Identify tasks, resources and responsibilities when responding to distaster
- Train staff in response procedures

Question 18

BCP

Answer 18

Business Continuity Plan

• Collection of processes and resources to enable org to maintain business operations in face of adverse event
• Focuses on Business Impact Analysis (BIA) to identify mission-critical functions
• Supporting those processes with resilient systems

Question 19

Security Policy

Answer 19

• Establishes duty for each employee to ensure CIA

Question 20

Onboarding

Answer 20

• Welcoming a new employee to org
• Background Check
• Identify and Access management (IAM) Creating accounts and privileges for employee
• Asset allocation
• Training and policies

Question 21

Offboarding

Answer 21

• IAM, Disabling user accounts and privileges
• Retrieving company assets
• Returning personal assets and removing any org data from user devices

Question 22

Password Policy

Answer 22

• Rules on how users can set up passwords

- Can be system enforced

Question 23

AUP

Answer 23

Acceptable Use Policy

• Permitted uses of product or service
• May also state prohibited uses
• Could apply to employees or vendors

Question 24

BYOD

Answer 24

Bring your own device

- Often users must install enterprise management software on devices

Question 25

DLP

Answer 25

Data Loss Prevention

• Products that scan content in structured formats (databases) or unstructured formats (email, word docs)
• Blocks or alerts when confidential material is being used inappropriately

Question 26

SLA

Answer 26

Service Level Agreement

• Agreement on detailed terms of how an ongoing service is provided
• Can be contractual or less formal between departments

Question 27

NDA

Answer 27

non-disclosure agreement

• Protects information assets
• Between org and employees and between vendors as well

Question 28

MOU

Answer 28

Memorandum of Understanding

• Preliminary agreement to express interest to work together
• Usually informal and not binding
• Usually include confidentiality agreements