Network Policies

Question 1

IT Governance

Answer 1

Used to provide a comprehensive security management framework for the organization

(Policies, standards, baselines, guidelines, procedures)

Question 2

Policy

Answer 2

Defines the role of security inside of an organization & establishes the desired end state for that security program

(Operational, system-specific, issue-specific)

Question 3

Organizational

Answer 3

Provides framework to meet the business goals & define the roles, responsibilities, & terms associated with it

Question 4

System-Specific

Answer 4

Addresses the security of a specific technology, application, network, or computer system

Question 5

Issue-Specific

Answer 5

Addresses a specific security issue such as email privacy, employee termination procedures, or other specific issues

Question 6

Standard

Answer 6

Implements a policy in an organization

Question 7

Baseline

Answer 7

Creates a reference point in network architecture & design

Question 8

Guideline

Answer 8

Recommended action that allows for exceptions & allowances in unique situations

Question 9

Change Management

Answer 9

Structured way of changing the state of a computer system, network, or IT procedure (make sure risks are considered prior to implementation)

Planned, Approved, Documented

Question 10

Incident Response Plan

Answer 10

Instructions to help network & system admins detect, respond to, & recover from network security incidents

(Preparation, identification, containment, eradication, recovery, lessons learned)

Question 11

Disaster Recovery Plan

Answer 11

Documents how an organization can quickly resume work after an unplanned incident

Question 12

Disaster Recovery Plan: Business Continuity Plan

Answer 12

Outlines how a business will continue operating during an unplanned disruption in service

Disaster recovery plan is referenced from a business continuity plan

Question 13

Disaster Recovery Plan: System Life Cycle Plan

Answer 13

Describes an approach to maintaining an asset from creation to disposal

Question 14

Disaster Recovery Plan: Planning

Answer 14

Involves the planning & requirement analysis for a given system, including architecture outlining & risk identification

Question 15

Disaster Recovery Plan: Design

Answer 15

Outlines the new system, including possible interconnections, technologies to use, and how it should be implemented

Question 16

Disaster Recovery Plan: Transition

Answer 16

Actual implementation, which could involve coding new software, installing the systems, & network cabling/configurations

Question 17

Disaster Recovery Plan: Operations

Answer 17

Includes the daily running of the assets, as well as updating/patching/fixing any issues that may occur

Question 18

Disaster Recovery Plan: Retirement

Answer 18

End of the lifecycle & occurs when the system/network no longer has any useful life remaining in it

Question 19

Hardening/Security Policies: BYOD

Answer 19

Bring Your Own Device:
Allows employees to access enterprise networks/systems using their personal mobile devices

Create a segmented network where the BYOD devices can connect to

Question 20

Hardening/Security Policies: Remote Access Policy

Answer 20

A document which outlines & defines acceptable methods of remotely connecting to the internal network

Question 21

Hardening/Security Policies: DLP

Answer 21

Data Loss Prevention Policy:
A document defining how organizations can share/protect data

Minimizes accidental/malicious data loss

Question 22

Common Agreements: NDA

Answer 22

Non-Disclosure Agreement:
Defies what data is confidential & cannot be shared outside of that relationship

In administrative control: Fines, forfeiture of rights, jail time

Question 23

Common Agreements: MOU

Answer 23

Memorandum of Understanding (AKA: Letter of intent):

Non-binding agreement between two+ organizations to detail what common actions they intend to take

Question 24

Common Agreements: SLA

Answer 24

Service Level Agreement:

Documents the quality, availability, & responsibilities agreed upon by a service provider & a client