Section 18: Network Policies Flashcards
*IT Governance
Used to provide a comprehensive security management framework for the organization
▪ Policies
▪ Standards
▪ Baselines
▪ Guidelines
▪ Procedures
IT Governance Policy Definition and Types (3)
Governance Policy - Defines the role of security inside of an organization and establishes the desired end state for that security program
▪ Organizational
▪ System-specific
▪ Issue-specific
Policy - Organizational
Provides framework to meet the business goals and define the roles, responsibilities, and terms associated with it
Policy - System-specific
Addresses the security of a specific technology, application, network, or computer system
Policy - Issue-specific
Addresses a specific security issue such as email privacy, employee termination procedures, or other specific issues
Standard
A policy in an organization
Baseline
A reference point in network architecture and design
Guideline
Recommended action that allows for exceptions and allowances in unique situations
Procedure
Detailed step-by-step instructions created to ensure personnel can perform a given task or series of actions
*Change Management
▪ Structured way of changing the state of a computer system, network, or IT procedure
▪ Ensure the risks are considered prior to implementing a system or network change
● Planned
● Approved
● Documented
*Incident Response Plan
▪ Instructions to help network and system administrators detect, respond to, and recover from network security incidents
Should cover six steps/phases:
● Preparation
● Identification
● Containment
● Eradication
● Recovery
● Lessons learned
*Disaster Recovery Plan (DRP)
▪ Documents how an organization can quickly resume work after an unplanned incident
Business Continuity Plan (BCP)
▪ Outlines how a business will continue operating during an unplanned disruption in service
▪ A disaster recovery plan will be referenced from a business continuity plan
*System Life Cycle Plan (Five phases)
▪ Describes the approach to maintaining an asset from creation to disposal.
SLC Phase 1: Planning
Involves the planning and requirement analysis for a given system, including architecture outlining and risk identification
SLC Phase 2: Design
Outlines new system, including possible interconnections, technologies to use, and how it should be implemented
SLC Phase 3: Transition
Actual implementation, which could involve coding new software, installing the systems, and network cabling and configurations
SLC Phase 4: Operations
Includes the daily running of the assets, as well as updating, patching, and fixing any issues that may occur
SLC Phase 5: Retirement
End of the lifecycle and occurs when the system or network no longer has any useful life remaining
*SOP
Standard Operating Procedure - A set of step-by-step instructions compiled by an organization to help its employees carry out routine operations
*Password Policy
▪ A set of rules created to improve computer security by motivating users to create and properly store secure passwords
*Acceptable Use Policy (AUP)
▪ A set of rules that restricts the ways in which a network resource may be used and sets guidelines on how it should be used
*Bring Your Own Device (BYOD) Poli
▪ Allows employees to access enterprise networks and systems using their personal mobile devices
▪ Create a segmented network where the BYOD devices can connect to
*Remote Access Policy
▪ A document which outlines and defines acceptable methods of remotely connecting to the internal network
