SlideShare a Scribd company logo

Cng 125 – chapter 12 network policies

Download as PPTX, PDF
F
Frank Victory

for Arapahoe CC class

Technology
1 of 20
CNG 125 – Network Policies and Procedures Frank Vianzon
Network Design • Conducting a needs assessment • Physical and logical topology • What services? – DHCP – DNS – Directory Services – File and Print – Database – Web Servers
Network Documentation • Policy – Document that describes the overall goals • Regulation – Requirement published by a government body • PCI DSS - https://www.pcisecuritystandards.org/security_st andards/ – Data at rest – Data in transit • HIPPA • GLBA – Gramm Leach Bliley Act
Classification of Data • Category 4: Highly sensitive corporate and customer data that if disclosed could put the organization at financial or legal risk. • Category 3: Sensitive internal data that if disclosed could negatively affect operations. • Category 2: Internal data that is not meant for public disclosure. • Category 1: Data that may be freely disclosed with the public.
Procedure • Step by Step process outlining how to implement a specific action
Network Diagram • Shows the logical and/or physical layout of your network • Also related is wiring schematic
Configuration • Identifies specific configuration information for a device.
Change / Job Logs • Logbook • Tickets • Change Management
Baseline • Snapshot of performance statistics of the network or devices
Asset Management Facts • Procurement – Who to buy it from? – Lifecycle • Deployment • Operations – AUP • Decommission • Disposal
Safety Facts • Electrical Safety • Physical Hazards • Employee and Visitor Safety • Hazardous Materials
12.2 Fire Safety Facts • Fire Safety – Portable – Fixed • Deluge (dry) • Wet Pipe
12.2.5 ESD • Electrostatic
12.2.7 Emergency Facts • Lighting • Egress • Fire Safety
12.3.2 Risk Management • Asset • Threat • Vulnerability • Threat Agent • Threat Vector • Threat Probability • Attack • Countermeasure • Exposure • Loss • Risk Residual Risk • Compensating Controls • Breach!
Risk Management • Asset Identification • Threat Identification • Risk Assessment – Where is the device located? • Risk Response
12.3.4 Business Continuity • Business Continuity Plan • Business Impact Analysis • Disaster Recovery Plan
12.4.2 Security Policy • Acceptable Use • Authorized Access • Change and Configuration Management • Code of Ethics • Human Resource Policies • Password • Privacy • User Education and Awareness Training • User Management
12.4.4 Third Party • Onboarding • Ongoing Operations • Off-Boarding
12.4.6 Security Assessment

Recommended

FireHost Webinar: HealthData Repository Deconstructed
FireHost Webinar: HealthData Repository DeconstructedFireHost Webinar: HealthData Repository Deconstructed
FireHost Webinar: HealthData Repository DeconstructedArmor
 
Regulatory Compliance and Long-Term Storage of Data
Regulatory Compliance and Long-Term Storage of DataRegulatory Compliance and Long-Term Storage of Data
Regulatory Compliance and Long-Term Storage of DataArkivum
 
Winning the war against data- Strategies to beat your arch nemesis: files - G...
Winning the war against data- Strategies to beat your arch nemesis: files - G...Winning the war against data- Strategies to beat your arch nemesis: files - G...
Winning the war against data- Strategies to beat your arch nemesis: files - G...Spiceworks
 
Cloud: Should I Stay or Should I Go?
Cloud: Should I Stay or Should I Go?Cloud: Should I Stay or Should I Go?
Cloud: Should I Stay or Should I Go?Marcelo Martins
 
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsEthyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsCillian Kieran
 
ITAMG Online Marketing Presentation
ITAMG Online Marketing PresentationITAMG Online Marketing Presentation
ITAMG Online Marketing Presentationfrankmilia
 
LuminrDRPresentation_AITP_October2014.pptx
LuminrDRPresentation_AITP_October2014.pptxLuminrDRPresentation_AITP_October2014.pptx
LuminrDRPresentation_AITP_October2014.pptxTimothy Krupinski
 
Executive Overview
Executive OverviewExecutive Overview
Executive Overviewmjordan100
 

Recommended

FireHost Webinar: HealthData Repository Deconstructed
FireHost Webinar: HealthData Repository DeconstructedFireHost Webinar: HealthData Repository Deconstructed
FireHost Webinar: HealthData Repository DeconstructedArmor
 
Regulatory Compliance and Long-Term Storage of Data
Regulatory Compliance and Long-Term Storage of DataRegulatory Compliance and Long-Term Storage of Data
Regulatory Compliance and Long-Term Storage of DataArkivum
 
Winning the war against data- Strategies to beat your arch nemesis: files - G...
Winning the war against data- Strategies to beat your arch nemesis: files - G...Winning the war against data- Strategies to beat your arch nemesis: files - G...
Winning the war against data- Strategies to beat your arch nemesis: files - G...Spiceworks
 
Cloud: Should I Stay or Should I Go?
Cloud: Should I Stay or Should I Go?Cloud: Should I Stay or Should I Go?
Cloud: Should I Stay or Should I Go?Marcelo Martins
 
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsEthyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsCillian Kieran
 
ITAMG Online Marketing Presentation
ITAMG Online Marketing PresentationITAMG Online Marketing Presentation
ITAMG Online Marketing Presentationfrankmilia
 
LuminrDRPresentation_AITP_October2014.pptx
LuminrDRPresentation_AITP_October2014.pptxLuminrDRPresentation_AITP_October2014.pptx
LuminrDRPresentation_AITP_October2014.pptxTimothy Krupinski
 
Executive Overview
Executive OverviewExecutive Overview
Executive Overviewmjordan100
 
Executive Overview
Executive OverviewExecutive Overview
Executive Overviewneprel
 
Executive Overview
Executive OverviewExecutive Overview
Executive Overviewaaa0
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014KBIZEAU
 
Risks and Benefits of Cloud Computing
Risks and Benefits of Cloud ComputingRisks and Benefits of Cloud Computing
Risks and Benefits of Cloud ComputingDLA Piper (Canada) LLP
 
Sensitive data
Sensitive dataSensitive data
Sensitive dataS.M. Towhidul Islam
 
CNIT 160 Ch 4c: Security Program Development (Part 3)
CNIT 160 Ch 4c: Security Program Development (Part 3)CNIT 160 Ch 4c: Security Program Development (Part 3)
CNIT 160 Ch 4c: Security Program Development (Part 3)Sam Bowne
 
Information classification
Information classificationInformation classification
Information classificationHoward Diesel (CDMP BI, DW, DBA, Msc Elec Eng)
 
CNIT 160 Ch 4 Information Security Program Development (Part 3)
CNIT 160 Ch 4 Information Security Program Development (Part 3)CNIT 160 Ch 4 Information Security Program Development (Part 3)
CNIT 160 Ch 4 Information Security Program Development (Part 3)Sam Bowne
 
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge Pereira
 
How to Automate Offline IT Asset Workflow
How to Automate Offline IT Asset WorkflowHow to Automate Offline IT Asset Workflow
How to Automate Offline IT Asset WorkflowB&L Associates
 
EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)Kimberly Simon MBA
 
Frontier Backupand Recovery Presentation 110311
Frontier Backupand Recovery Presentation 110311Frontier Backupand Recovery Presentation 110311
Frontier Backupand Recovery Presentation 110311JohnMDoe
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification PresentationDerroylo
 
Cas 4
Cas 4Cas 4
Cas 4Byju Antony
 
#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePod#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePodGaret Keller
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Kimberly Simon MBA
 
Telaid: Technology Lifecycle Solutions
Telaid: Technology Lifecycle SolutionsTelaid: Technology Lifecycle Solutions
Telaid: Technology Lifecycle Solutionsajackson88
 
Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment - Networkshop44Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment - Networkshop44Jisc
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
 
Rothke effective data destruction practices
Rothke effective data destruction practicesRothke effective data destruction practices
Rothke effective data destruction practicesBen Rothke
 
Ben Rothke - Effective Data Destruction Practices
Ben Rothke - Effective Data Destruction PracticesBen Rothke - Effective Data Destruction Practices
Ben Rothke - Effective Data Destruction PracticesBen Rothke
 
Cyber security
Cyber securityCyber security
Cyber securityPeter Henley
 

More Related Content

What's hot

Executive Overview
Executive OverviewExecutive Overview
Executive Overviewneprel
 
Executive Overview
Executive OverviewExecutive Overview
Executive Overviewaaa0
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014KBIZEAU
 
CNIT 160 Ch 4c: Security Program Development (Part 3)
CNIT 160 Ch 4c: Security Program Development (Part 3)CNIT 160 Ch 4c: Security Program Development (Part 3)
CNIT 160 Ch 4c: Security Program Development (Part 3)Sam Bowne
 
CNIT 160 Ch 4 Information Security Program Development (Part 3)
CNIT 160 Ch 4 Information Security Program Development (Part 3)CNIT 160 Ch 4 Information Security Program Development (Part 3)
CNIT 160 Ch 4 Information Security Program Development (Part 3)Sam Bowne
 
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge Pereira
 
How to Automate Offline IT Asset Workflow
How to Automate Offline IT Asset WorkflowHow to Automate Offline IT Asset Workflow
How to Automate Offline IT Asset WorkflowB&L Associates
 
EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)Kimberly Simon MBA
 
Frontier Backupand Recovery Presentation 110311
Frontier Backupand Recovery Presentation 110311Frontier Backupand Recovery Presentation 110311
Frontier Backupand Recovery Presentation 110311JohnMDoe
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification PresentationDerroylo
 
#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePod#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePodGaret Keller
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Kimberly Simon MBA
 

What's hot (16)

Executive Overview
Executive OverviewExecutive Overview
Executive Overview
 
Executive Overview
Executive OverviewExecutive Overview
Executive Overview
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
 
Risks and Benefits of Cloud Computing
Risks and Benefits of Cloud ComputingRisks and Benefits of Cloud Computing
Risks and Benefits of Cloud Computing
 
Sensitive data
Sensitive dataSensitive data
Sensitive data
 
CNIT 160 Ch 4c: Security Program Development (Part 3)
CNIT 160 Ch 4c: Security Program Development (Part 3)CNIT 160 Ch 4c: Security Program Development (Part 3)
CNIT 160 Ch 4c: Security Program Development (Part 3)
 
Information classification
Information classificationInformation classification
Information classification
 
CNIT 160 Ch 4 Information Security Program Development (Part 3)
CNIT 160 Ch 4 Information Security Program Development (Part 3)CNIT 160 Ch 4 Information Security Program Development (Part 3)
CNIT 160 Ch 4 Information Security Program Development (Part 3)
 
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
 
How to Automate Offline IT Asset Workflow
How to Automate Offline IT Asset WorkflowHow to Automate Offline IT Asset Workflow
How to Automate Offline IT Asset Workflow
 
EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)
 
Frontier Backupand Recovery Presentation 110311
Frontier Backupand Recovery Presentation 110311Frontier Backupand Recovery Presentation 110311
Frontier Backupand Recovery Presentation 110311
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification Presentation
 
Cas 4
Cas 4Cas 4
Cas 4
 
#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePod#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePod
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 

Similar to Cng 125 – chapter 12 network policies

Telaid: Technology Lifecycle Solutions
Telaid: Technology Lifecycle SolutionsTelaid: Technology Lifecycle Solutions
Telaid: Technology Lifecycle Solutionsajackson88
 
Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment - Networkshop44Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment - Networkshop44Jisc
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
 
Rothke effective data destruction practices
Rothke effective data destruction practicesRothke effective data destruction practices
Rothke effective data destruction practicesBen Rothke
 
Ben Rothke - Effective Data Destruction Practices
Ben Rothke - Effective Data Destruction PracticesBen Rothke - Effective Data Destruction Practices
Ben Rothke - Effective Data Destruction PracticesBen Rothke
 
SECURITY OPERATION CENTER CONTENT.pptx
SECURITY OPERATION CENTER CONTENT.pptxSECURITY OPERATION CENTER CONTENT.pptx
SECURITY OPERATION CENTER CONTENT.pptxFarzanMansoor1
 
Ch12 records management
Ch12 records managementCh12 records management
Ch12 records managementxtin101
 
Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365Aptera Inc
 
Cyber Security - ASGFOA
Cyber Security - ASGFOACyber Security - ASGFOA
Cyber Security - ASGFOAPeter Henley
 
The Website Resiliency Imperative
The Website Resiliency ImperativeThe Website Resiliency Imperative
The Website Resiliency ImperativeDistil Networks
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsDSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsAndris Soroka
 
Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)Druva
 
CCSP Official Review Notes - 2019 version by Ben.pptx
CCSP Official Review Notes - 2019 version by Ben.pptxCCSP Official Review Notes - 2019 version by Ben.pptx
CCSP Official Review Notes - 2019 version by Ben.pptxnoob95
 
First 2015 szatmary-eric_defining-and-measuring-capability-maturity_20150625
First 2015 szatmary-eric_defining-and-measuring-capability-maturity_20150625First 2015 szatmary-eric_defining-and-measuring-capability-maturity_20150625
First 2015 szatmary-eric_defining-and-measuring-capability-maturity_20150625pladott1
 
7. Security Operations
7. Security Operations7. Security Operations
7. Security OperationsSam Bowne
 
CNIT 125 Ch 8. Security Operations
CNIT 125 Ch 8. Security OperationsCNIT 125 Ch 8. Security Operations
CNIT 125 Ch 8. Security OperationsSam Bowne
 
CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsSam Bowne
 

Similar to Cng 125 – chapter 12 network policies (20)

Telaid: Technology Lifecycle Solutions
Telaid: Technology Lifecycle SolutionsTelaid: Technology Lifecycle Solutions
Telaid: Technology Lifecycle Solutions
 
Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment - Networkshop44Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment - Networkshop44
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and Production
 
Rothke effective data destruction practices
Rothke effective data destruction practicesRothke effective data destruction practices
Rothke effective data destruction practices
 
Ben Rothke - Effective Data Destruction Practices
Ben Rothke - Effective Data Destruction PracticesBen Rothke - Effective Data Destruction Practices
Ben Rothke - Effective Data Destruction Practices
 
Cyber security
Cyber securityCyber security
Cyber security
 
It security
It securityIt security
It security
 
SECURITY OPERATION CENTER CONTENT.pptx
SECURITY OPERATION CENTER CONTENT.pptxSECURITY OPERATION CENTER CONTENT.pptx
SECURITY OPERATION CENTER CONTENT.pptx
 
Ch12 records management
Ch12 records managementCh12 records management
Ch12 records management
 
Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365
 
Cyber Security - ASGFOA
Cyber Security - ASGFOACyber Security - ASGFOA
Cyber Security - ASGFOA
 
The Website Resiliency Imperative
The Website Resiliency ImperativeThe Website Resiliency Imperative
The Website Resiliency Imperative
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsDSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
 
Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)Security and privacy of cloud data: what you need to know (Interop)
Security and privacy of cloud data: what you need to know (Interop)
 
CCSP Official Review Notes - 2019 version by Ben.pptx
CCSP Official Review Notes - 2019 version by Ben.pptxCCSP Official Review Notes - 2019 version by Ben.pptx
CCSP Official Review Notes - 2019 version by Ben.pptx
 
WK10Section 3
WK10Section 3WK10Section 3
WK10Section 3
 
First 2015 szatmary-eric_defining-and-measuring-capability-maturity_20150625
First 2015 szatmary-eric_defining-and-measuring-capability-maturity_20150625First 2015 szatmary-eric_defining-and-measuring-capability-maturity_20150625
First 2015 szatmary-eric_defining-and-measuring-capability-maturity_20150625
 
7. Security Operations
7. Security Operations7. Security Operations
7. Security Operations
 
CNIT 125 Ch 8. Security Operations
CNIT 125 Ch 8. Security OperationsCNIT 125 Ch 8. Security Operations
CNIT 125 Ch 8. Security Operations
 
CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security Operations
 

More from Frank Victory

Container security Familiar problems in new technology
Container security Familiar problems in new technologyContainer security Familiar problems in new technology
Container security Familiar problems in new technologyFrank Victory
 
Kealy OWASP interactive_artifacts
Kealy OWASP interactive_artifactsKealy OWASP interactive_artifacts
Kealy OWASP interactive_artifactsFrank Victory
 
Automation and open source turning the tide on the attackers
Automation and open source turning the tide on the attackersAutomation and open source turning the tide on the attackers
Automation and open source turning the tide on the attackersFrank Victory
 
CNG 256 cloud computing
CNG 256 cloud computingCNG 256 cloud computing
CNG 256 cloud computingFrank Victory
 
CNG 256 wireless wi-fi and bluetooth
CNG 256 wireless wi-fi and bluetoothCNG 256 wireless wi-fi and bluetooth
CNG 256 wireless wi-fi and bluetoothFrank Victory
 
Differential learning SnowFROC 2017
Differential learning SnowFROC 2017Differential learning SnowFROC 2017
Differential learning SnowFROC 2017Frank Victory
 
Phishing Forensics - SnowFROC - Denver Chapter of OWASP
Phishing Forensics - SnowFROC - Denver Chapter of OWASP Phishing Forensics - SnowFROC - Denver Chapter of OWASP
Phishing Forensics - SnowFROC - Denver Chapter of OWASP Frank Victory
 
Active defensecombo clean
Active defensecombo cleanActive defensecombo clean
Active defensecombo cleanFrank Victory
 
Dns security threats and solutions
Dns security threats and solutionsDns security threats and solutions
Dns security threats and solutionsFrank Victory
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorizationFrank Victory
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacksFrank Victory
 

More from Frank Victory (12)

Container security Familiar problems in new technology
Container security Familiar problems in new technologyContainer security Familiar problems in new technology
Container security Familiar problems in new technology
 
Kealy OWASP interactive_artifacts
Kealy OWASP interactive_artifactsKealy OWASP interactive_artifacts
Kealy OWASP interactive_artifacts
 
Automation and open source turning the tide on the attackers
Automation and open source turning the tide on the attackersAutomation and open source turning the tide on the attackers
Automation and open source turning the tide on the attackers
 
CNG 256 cloud computing
CNG 256 cloud computingCNG 256 cloud computing
CNG 256 cloud computing
 
CNG 256 wireless wi-fi and bluetooth
CNG 256 wireless wi-fi and bluetoothCNG 256 wireless wi-fi and bluetooth
CNG 256 wireless wi-fi and bluetooth
 
Differential learning SnowFROC 2017
Differential learning SnowFROC 2017Differential learning SnowFROC 2017
Differential learning SnowFROC 2017
 
Phishing Forensics - SnowFROC - Denver Chapter of OWASP
Phishing Forensics - SnowFROC - Denver Chapter of OWASP Phishing Forensics - SnowFROC - Denver Chapter of OWASP
Phishing Forensics - SnowFROC - Denver Chapter of OWASP
 
Active defensecombo clean
Active defensecombo cleanActive defensecombo clean
Active defensecombo clean
 
Dns security threats and solutions
Dns security threats and solutionsDns security threats and solutions
Dns security threats and solutions
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorization
 
9.0 security (2)
9.0 security (2)9.0 security (2)
9.0 security (2)
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacks
 

Recently uploaded

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 

Recently uploaded (20)

DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 

Cng 125 – chapter 12 network policies

  • 1. CNG 125 – Network Policies and Procedures Frank Vianzon
  • 2. Network Design • Conducting a needs assessment • Physical and logical topology • What services? – DHCP – DNS – Directory Services – File and Print – Database – Web Servers
  • 3. Network Documentation • Policy – Document that describes the overall goals • Regulation – Requirement published by a government body • PCI DSS - https://www.pcisecuritystandards.org/security_st andards/ – Data at rest – Data in transit • HIPPA • GLBA – Gramm Leach Bliley Act
  • 4. Classification of Data • Category 4: Highly sensitive corporate and customer data that if disclosed could put the organization at financial or legal risk. • Category 3: Sensitive internal data that if disclosed could negatively affect operations. • Category 2: Internal data that is not meant for public disclosure. • Category 1: Data that may be freely disclosed with the public.
  • 5. Procedure • Step by Step process outlining how to implement a specific action
  • 6. Network Diagram • Shows the logical and/or physical layout of your network • Also related is wiring schematic
  • 7. Configuration • Identifies specific configuration information for a device.
  • 8. Change / Job Logs • Logbook • Tickets • Change Management
  • 9. Baseline • Snapshot of performance statistics of the network or devices
  • 10. Asset Management Facts • Procurement – Who to buy it from? – Lifecycle • Deployment • Operations – AUP • Decommission • Disposal
  • 11. Safety Facts • Electrical Safety • Physical Hazards • Employee and Visitor Safety • Hazardous Materials
  • 12. 12.2 Fire Safety Facts • Fire Safety – Portable – Fixed • Deluge (dry) • Wet Pipe
  • 14. 12.2.7 Emergency Facts • Lighting • Egress • Fire Safety
  • 15. 12.3.2 Risk Management • Asset • Threat • Vulnerability • Threat Agent • Threat Vector • Threat Probability • Attack • Countermeasure • Exposure • Loss • Risk Residual Risk • Compensating Controls • Breach!
  • 16. Risk Management • Asset Identification • Threat Identification • Risk Assessment – Where is the device located? • Risk Response
  • 17. 12.3.4 Business Continuity • Business Continuity Plan • Business Impact Analysis • Disaster Recovery Plan
  • 18. 12.4.2 Security Policy • Acceptable Use • Authorized Access • Change and Configuration Management • Code of Ethics • Human Resource Policies • Password • Privacy • User Education and Awareness Training • User Management
  • 19. 12.4.4 Third Party • Onboarding • Ongoing Operations • Off-Boarding