1. CNG 125 – Network
Policies and
Procedures
Frank Vianzon
2. Network Design
• Conducting a needs assessment
• Physical and logical topology
• What services?
– DHCP
– DNS
– Directory Services
– File and Print
– Database
– Web Servers
3. Network Documentation
• Policy
– Document that describes the overall goals
• Regulation
– Requirement published by a government body
• PCI DSS -
https://www.pcisecuritystandards.org/security_st
andards/
– Data at rest
– Data in transit
• HIPPA
• GLBA – Gramm Leach Bliley Act
4. Classification of Data
• Category 4: Highly sensitive corporate and customer
data that if disclosed could put the organization at
financial or legal risk.
• Category 3: Sensitive internal data that if disclosed
could negatively affect operations.
• Category 2: Internal data that is not meant for public
disclosure.
• Category 1: Data that may be freely disclosed with the
public.
5. Procedure
• Step by Step process outlining how to implement a
specific action
6. Network Diagram
• Shows the logical and/or physical layout of your network
• Also related is wiring schematic
18. 12.4.2 Security Policy
• Acceptable Use
• Authorized Access
• Change and Configuration Management
• Code of Ethics
• Human Resource Policies
• Password
• Privacy
• User Education and Awareness Training
• User Management