Studied by 0 people
Network policies
Administrative controls used to secure networks, separate from technical controls like firewalls or encryption.
IT governance
A comprehensive security management framework for organizations, including policies, standards, baselines, guidelines, and procedures.
Policies
Broad statements that define the role of security in an organization and establish the desired end state for the security program.
Organizational security policies
Provide direction, goals, and a framework to meet business goals, as well as define roles, responsibilities, and terms.
System-specific policies
Address the security of specific technologies, applications, networks, or computer systems, focusing on protecting a certain piece of the system.
Issue-specific policies
Built to address specific security issues, such as email privacy or employee termination procedures.
Standards
Used to implement policies within an organization, including mandatory actions or rules needed to achieve the desired level of security.
Baselines
Used to create a reference point in network architecture and design, documenting system configurations for later analysis.
Guidelines
Recommended actions, allowing exceptions and allowances for unique situations.
Procedures
Detailed step-by-step instructions to ensure personnel can perform specific tasks or actions, transferring high-level policies into actionable steps.
Transition
The phase of the system life cycle that involves the actual implementation and moving the system from a prototype or initial build to full production and use.
Operations
The phase of the system life cycle where the system or network is used on a daily basis to do productive work, including tasks such as running the asset, updating it, patching it, and fixing any issues that may occur.
Retirement
The end of the system life cycle when the system or network no longer has any useful life remaining and is disposed of, typically after being replaced by a newer model.
Standard Operating Procedures (SOP)
Step-by-step instructions compiled by an organization to help employees carry out routine operations, aiming to achieve efficiency, quality output, and uniformity of performance while reducing misconfigurations and failure to comply with regulations.
Password Policies
Set of rules created to improve computer security by motivating users to create secure passwords and store and utilize them properly, including specifications for minimum password length, complexity requirements, periodic password changes, and limits on password reuse.
Acceptable Use Policies (AUP)
Set of rules applied by the owner, creator, or administrator of a network, website, or service that restricts the ways in which the network, website, or system may be used and sets guidelines for its proper use.
Bring Your Own Device (BYOD) Policies
Policies that allow or encourage employees to access enterprise networks and systems using their personal mobile devices, such as smartphones, tablets, and laptops.
Remote Access Policies
Policies that outline and define acceptable methods of remotely connecting to an internal network, including decisions on whether employees are allowed to connect directly to internal network resources over the internet or if alternative methods such as VPN connections or web mail servers should be used.
Onboarding Policies
Policies that describe the requirements and steps for integrating a new employee into the company and providing them with the necessary tools and information to perform their job successfully.
Offboarding Policies
Policies that cover the steps necessary to successfully part ways with an employee following their resignation or termination, including the removal of their accounts and accesses.
Offboarding Policy
A policy that outlines the procedures for handling employee departures, including account deletion, data archiving, and equipment retrieval.
Security Policy
A document that defines how to protect an organization's systems, networks, and data from threats and how to handle security incidents.
Data Loss Prevention Policy
A policy that guides how organizations can share and protect data, with the goal of minimizing accidental or malicious data loss.
Non-Disclosure Agreement (NDA)
A legally binding agreement between two parties that defines what data is considered confidential and cannot be shared outside of the relationship.
Memorandum of Understanding (MOU)
A non-binding agreement between two or more organizations that outlines common actions or responsibilities.
Service-Level Agreement (SLA)
An agreement between a service provider and a customer that defines the level of service to be provided and the metrics for measuring performance.
Memorandum of Understanding (MOU)
A non-legally binding agreement between multiple organizations that outlines a common goal or purpose, allowing partner organizations to leave without consequences.
Service-Level Agreement (SLA)
A document commitment between a service provider and a client that defines the quality, availability, and responsibilities agreed upon by both parties. SLAs primarily focus on supporting and responding to problems within a specified timeframe while providing the agreed-upon level of service.
Predictability
The ability of service-level agreements to bring stability and certainty to areas that are otherwise difficult to predict, such as device failures.
Uptime
The percentage of time that a service or system is operational and available for use. SLAs often include uptime requirements that service providers must meet, with potential penalties for failing to do so.
Refund
In some service-level agreements, if the service provider fails to meet the agreed-upon uptime requirement, the client may be entitled to a refund of the monthly service fee as a penalty for not meeting the SLA.
Network Management Agreements
The three main types of agreements used in network management are non-disclosure agreements, memorandums of understanding, and service-level agreements.
Note
Flashcard