Network Policies (3.2) Flashcards
(31 cards)
IT Governance
o Used to provide a comprehensive security management framework for the organization ▪ Policies ▪ Standards ▪ Baselines ▪ Guidelines ▪ Procedures
Policy
o Defines the role of security inside of an organization and establishes the desired end state for that security program ▪ Organizational ▪ System-specific ▪ Issue-specific
Organizational
o Provides framework to meet the business goals and define the roles,
responsibilities, and terms associated with it
System-specific
o Addresses the security of a specific technology, application, network, or
computer system
Issue-specific
o Addresses a specific security issue such as email privacy, employee termination
procedures, or other specific issues
Standard
o Implements a policy in an organization
Baseline
o Creates a reference point in network architecture and design
Guideline
o Recommended action that allows for exceptions and allowances in unique
situations
Procedure
o Detailed step-by-step instructions created to ensure personnel can perform a
given task or series of actions
Change Management
▪ Structured way of changing the state of a computer system, network, or
IT procedure
▪ Make sure the risks are considered prior to implementing a system or
network change
● Planned
● Approved
● Documented
Incident Response Plan
▪ Contains instructions to help network and system administrators detect, respond to, and recover from network security incidents ● Preparation ● Identification ● Containment ● Eradication ● Recovery ● Lessons learned
Disaster Recovery Plan
▪ Documents how an organization can quickly resume work after an
unplanned incident
Business Continuity Plan
o Outlines how a business will continue operating during an
unplanned disruption in service
o A disaster recovery plan will be referenced from a business
continuity plan
System Life Cycle Plan
o Describes the approach to maintaining an asset from
creation to disposal
Planning
o Involves the planning and requirement analysis for a given
system, including architecture outlining and risk
identification
Design
o Outlines new system, including possible interconnections,
technologies to use, and how it should be implemented
Transition
o Actual implementation, which could involve coding new
software, installing the systems, and network cabling and
configurations
Operations
o Includes the daily running of the assets, as well as
updating, patching, and fixing any issues that may occur
Retirement
o End of the lifecycle and occurs when the system or
network no longer has any useful life remaining in it
Standard Operating Procedure
▪ A set of step-by-step instructions compiled by an organization to help its
employees carry out routine operations
Password Policy
▪ A set of rules created to improve computer security by motivating users
to create and properly store secure passwords
Acceptable Use Policy (AUP)
▪ A set of rules that restricts the ways in which a network resource may be
used and sets guidelines on how it should be used
Bring Your Own Device (BYOD) Policy
▪ Allows employees to access enterprise networks and systems using their
personal mobile devices
▪ Create a segmented network where the BYOD devices can connect to
Remote Access Policy
▪ A document which outlines and defines acceptable methods of remotely
connecting to the internal network
