Cng 125 – chapter 12 network policies
-
Upload
frank-vianzon -
Category
Technology
-
view
230 -
download
2
Transcript of Cng 125 – chapter 12 network policies
CNG 125 – Network Policies and Procedures
Frank Vianzon
Network Design• Conducting a needs assessment • Physical and logical topology • What services?
– DHCP– DNS– Directory Services – File and Print – Database – Web Servers
Network Documentation • Policy
– Document that describes the overall goals • Regulation
– Requirement published by a government body• PCI DSS -
https://www.pcisecuritystandards.org/security_standards/
– Data at rest – Data in transit
• HIPPA• GLBA – Gramm Leach Bliley Act
Classification of Data • Category 4: Highly sensitive corporate and
customer data that if disclosed could put the organization at financial or legal risk.
• Category 3: Sensitive internal data that if disclosed could negatively affect operations.
• Category 2: Internal data that is not meant for public disclosure.
• Category 1: Data that may be freely disclosed with the public.
Procedure • Step by Step process outlining how to implement
a specific action
Network Diagram • Shows the logical and/or physical layout of your
network• Also related is wiring schematic
Configuration • Identifies specific configuration information for a
device.
Change / Job Logs• Logbook • Tickets • Change Management
Baseline • Snapshot of performance statistics of the network
or devices
Asset Management Facts• Procurement
– Who to buy it from? – Lifecycle
• Deployment • Operations
– AUP • Decommission • Disposal
Safety Facts • Electrical Safety • Physical Hazards • Employee and Visitor Safety • Hazardous Materials
12.2 Fire Safety Facts • Fire Safety
– Portable – Fixed
• Deluge (dry)• Wet Pipe
12.2.5 ESD • Electrostatic
12.2.7 Emergency Facts• Lighting • Egress• Fire Safety
12.3.2 Risk Management• Asset• Threat• Vulnerability• Threat Agent • Threat Vector • Threat Probability • Attack• Countermeasure • Exposure • Loss• Risk Residual Risk
• Compensating Controls • Breach!
Risk Management • Asset Identification • Threat Identification • Risk Assessment
– Where is the device located? • Risk Response
12.3.4 Business Continuity • Business Continuity Plan• Business Impact Analysis • Disaster Recovery Plan
12.4.2 Security Policy• Acceptable Use • Authorized Access • Change and Configuration Management • Code of Ethics • Human Resource Policies • Password • Privacy• User Education and Awareness Training • User Management
12.4.4 Third Party• Onboarding • Ongoing Operations • Off-Boarding
12.4.6 Security Assessment