CHAPTER 14

Memorandum of Understanding (MOU)

An agreement between two or more parties to enable them to work together that is not legally enforceable but is more formal than an unwritten agreement.

You are discussing a legally binding document that organizations might require of both their own employees and anyone else who comes into contact with confidential information. What is this document called?

NDA

You have created written instructions that detail organizational procedures to be followed when an employee leaves the organization or is terminated. What type of document is this?

Offboarding procedures.

Which agreement would need to be read carefully and signed by an end user in the sales department regarding the technology they were granted access to?

PUA

Change Management

Process of making sure changes are made smoothly and efficiently and do not negatively affect systems reliability, security, confidentiality, integrity, and availability.

An incident response policy often ends with which phase?

Review

Data Loss Prevention (DLP)

Software which works like antivirus programs in reverse, blocking outgoing messages (e-mail, instant messages, etc.) that contain key words or phrases associated with intellectual property or other sensitive data the organization wants to protect.

Which of the following is not an area typically targeted by a data loss prevention policy?

Cloud level

What is often the last stage of a system life cycle used in a network?

Disposal

intermediate distribution frame (IDF)/main distribution frame (MDF) documentation

Documentation specific to the IDF and MDF facilities of an organization. These distribution and core facilities house critical network data and devices, and proper documentation can aid in all forms of maintenance and security.

System Life Cycle

The course of development changes through which a system passes from its conception to the termination of its use; for example, the phases and activities associated with the analysis, acquisition, design, development, testing, integration, operation, maintenance, and modification of a system.

non-disclosure agreement

This is a contract between an employer and an employee that states that the employee will net reveal the employer's trade secrets to future employers.

Which of the following is not a typical best practice in a password policy?

Use of uppercase and lowercase letters only in passwords

Onboarding/Offboarding

Users should have a clear understanding of what's acceptable, allowed, and expected Companies should ensure they take possession of all company assets when an employee leaves

Acceptable Use Policy

a policy that a user must agree to follow in order to be provided access to a network or to the internet

BYOD policy

allows employees to use their personal mobile devices and computers to access enterprise data and applications

Site Survey Report

attempt to describe the Wi-Fi capabilities and potential risk points in a given installation.

Service Level Agreement (SLA)

formal contract between customers and their service providers that defines the specific responsibilities of the service provider and the level of service expected by the customer

Audit and assessment report

helps you identify and address critical issues that might be occurring in your network infrastructure. This report often identifies performance and security issues that need to be addressed in order to help ensure the network continues to function as desired.

incident response policy

1. preparation 2. identification 3. containment 4. eradication 5. recovery 6. follow-up

Baseline Configuration

A collection of security and configuration settings that are to be applied to a particular system or network in the organization.

disaster recovery plan

A detailed process for recovering information or an IT system in the event of a catastrophic disaster such as a fire or flood

security policy

A document or series of documents that clearly define the defense mechanisms an organization will employ to keep information secure.

wiring diagram

A key piece of documentation that details wiring and port locations. This documentation makes it possible to track cable runs from switches and map them to a wall jack where users connect to the network; these connections might also represent trunks to additional network devices such as wireless access points.

logical network diagram

A network diagram that documents the protocols and applications that control the flow of network traffic.

physical network diagram

A pictorial representation of the location of all network devices and endpoints, it depicts their connections to one another.

Business Continuity Plan

A plan for how an organization will recover and restore partially or completely interrupted critical function(s) within a predetermined time after a disaster or extended disruption

Password Policy

A series of Group Policy settings that determine password security requirements, such as length, complexity, and age.

Standard Operating Procedures (SOPs)

A step-by-step instruction complied by an organization to help workers carry out routine operations.

rack diagram

A two-dimensional drawing showing the organization of specific equipment on a rack. It is often drawn to scale and typically shows the layout of components from both the front and back of the rack.

What should you follow closely when installing new network equipment?

Installation and maintenance guides

Remote Access Policy

It defines who can have remote access, and defines access medium and remote access security controls