Section 18: Network Policies

Question 1

*IT Governance

Answer 1

Used to provide a comprehensive security management framework for the organization
▪ Policies
▪ Standards
▪ Baselines
▪ Guidelines
▪ Procedures

Question 2

IT Governance Policy Definition and Types (3)

Answer 2

Governance Policy - Defines the role of security inside of an organization and establishes the desired end state for that security program
▪ Organizational
▪ System-specific
▪ Issue-specific

Question 3

Policy - Organizational

Answer 3

Provides framework to meet the business goals and define the roles, responsibilities, and terms associated with it

Question 4

Policy - System-specific

Answer 4

Addresses the security of a specific technology, application, network, or computer system

Question 5

Policy - Issue-specific

Answer 5

Addresses a specific security issue such as email privacy, employee termination procedures, or other specific issues

Question 6

Standard

Answer 6

A policy in an organization

Question 7

Baseline

Answer 7

A reference point in network architecture and design

Question 8

Guideline

Answer 8

Recommended action that allows for exceptions and allowances in unique situations

Question 9

Procedure

Answer 9

Detailed step-by-step instructions created to ensure personnel can perform a given task or series of actions

Question 10

*Change Management

Answer 10

▪ Structured way of changing the state of a computer system, network, or IT procedure
▪ Ensure the risks are considered prior to implementing a system or network change
● Planned
● Approved
● Documented

Question 11

*Incident Response Plan

Answer 11

▪ Instructions to help network and system administrators detect, respond to, and recover from network security incidents
Should cover six steps/phases:
● Preparation
● Identification
● Containment
● Eradication
● Recovery
● Lessons learned

Question 12

*Disaster Recovery Plan (DRP)

Answer 12

▪ Documents how an organization can quickly resume work after an unplanned incident

Question 13

Business Continuity Plan (BCP)

Answer 13

▪ Outlines how a business will continue operating during an unplanned disruption in service
▪ A disaster recovery plan will be referenced from a business continuity plan

Question 14

*System Life Cycle Plan (Five phases)

Answer 14

▪ Describes the approach to maintaining an asset from creation to disposal.

Question 15

SLC Phase 1: Planning

Answer 15

Involves the planning and requirement analysis for a given system, including architecture outlining and risk identification

Question 16

SLC Phase 2: Design

Answer 16

Outlines new system, including possible interconnections, technologies to use, and how it should be implemented

Question 17

SLC Phase 3: Transition

Answer 17

Actual implementation, which could involve coding new software, installing the systems, and network cabling and configurations

Question 18

SLC Phase 4: Operations

Answer 18

Includes the daily running of the assets, as well as updating, patching, and fixing any issues that may occur

Question 19

SLC Phase 5: Retirement

Answer 19

End of the lifecycle and occurs when the system or network no longer has any useful life remaining

Question 20

*SOP

Answer 20

Standard Operating Procedure - A set of step-by-step instructions compiled by an organization to help its employees carry out routine operations

Question 21

*Password Policy

Answer 21

▪ A set of rules created to improve computer security by motivating users to create and properly store secure passwords

Question 22

*Acceptable Use Policy (AUP)

Answer 22

▪ A set of rules that restricts the ways in which a network resource may be used and sets guidelines on how it should be used

Question 23

*Bring Your Own Device (BYOD) Poli

Answer 23

▪ Allows employees to access enterprise networks and systems using their personal mobile devices
▪ Create a segmented network where the BYOD devices can connect to

Question 24

*Remote Access Policy

Answer 24

▪ A document which outlines and defines acceptable methods of remotely connecting to the internal network

Question 25

*Onboarding Policy

Answer 25

▪ A documented policy that describes all the requirements for integrating a new hire into the company and its cultures

Question 26

*Offboarding Policy

Answer 26

▪ A documented policy that covers all the steps to successfully part ways with an employee who’s leaving the company

Question 27

*Security Policy

Answer 27

▪ A document that outlines how to protect the organization’s systems, networks, and data from threats

Question 28

*Data Loss Prevention Policy

Answer 28

▪ A document defining how organizations can share and protect data
▪ Data loss prevention policy minimizes accidental or malicious data loss
▪ Set proper thresholds for your DLP policy

Question 29

Common Agreements

Answer 29

Non-Disclosure Agreement (NDA)
▪ Defines what data is confidential and cannot be shared outside of that relationship
▪ A non-disclosure agreement is an administrative control (not a technical control)

Memorandum of Understanding (MOU)
▪ Non-binding agreement between two or more organizations to detail what common actions they intend to take
▪ Often referred to as a letter of intent
▪ Usually used internally between two business units

Service-Level Agreement (SLA)
▪ Documents the quality, availability, and responsibilities agreed upon by a service provider and a client

Question 30

Interface Statistics

Answer 30

Read an interface statistic screen and know some of the details. Specifically, should know: Link State; Speed and Duplex Status; Send and Receive Traffic Statistics; CRC Statistics; Protocol Packet and Byte Counts; CRC Errors; Giants and Runts.

Things to look at for a slow-down: Duplex, Collisons, CRC errors, …