Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
48 views2 pages

Key Terms & Concepts: Shakir Goldsmith

The document defines key terms used in information security: policies outline specific rules for an area like acceptable use; standards provide requirements that must be followed, like how to harden a workstation; guidelines provide best practice suggestions. It also defines network security as protecting a network from unauthorized access through authorization, authentication, and assigning unique IDs/passwords. Finally, it lists the five domains of COBIT5: plan and organize, acquire and implement, deliver and support, monitor and evaluate, with security and risk management falling under domain 1.

Uploaded by

shakir ahmed
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
48 views2 pages

Key Terms & Concepts: Shakir Goldsmith

The document defines key terms used in information security: policies outline specific rules for an area like acceptable use; standards provide requirements that must be followed, like how to harden a workstation; guidelines provide best practice suggestions. It also defines network security as protecting a network from unauthorized access through authorization, authentication, and assigning unique IDs/passwords. Finally, it lists the five domains of COBIT5: plan and organize, acquire and implement, deliver and support, monitor and evaluate, with security and risk management falling under domain 1.

Uploaded by

shakir ahmed
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

9/30/2018 KEY TERMS & CONCEPTS

Shakir Goldsmith
CISSP Notes

A policy is typically a document that outlines specific requirements or rules that must be
met. In the information/network security realm, policies are usually point-specific,
covering a single area. For example, an "Acceptable Use" policy would cover the rules
and regulations for appropriate use of the computing facilities.

A standard is typically a collection of system-specific or procedural-specific requirements


that must be met by everyone. For example, you might have a standard that describes
how to harden a Windows 8.1 workstation for placement on an external (DMZ) network.
People must follow this standard exactly if they wish to install a Windows 8.1 workstation
on an external network segment. In addition, a standard can be a technology selection,
e.g. Company Name uses Tenable Security Center for continuous monitoring, and
supporting policies and procedures define how it is used.

A guideline is typically a collection of system specific or procedural specific "suggestions"


for best practice. They are not requirements to be met, but are strongly recommended.
Effective security policies make frequent references to standards and guidelines that exist
within an organization.

Network security consists of the policies and practices adopted to prevent and monitor
unauthorized access, misuse, modification, or denial of a computer network and
network-accessible resources.

Network security involves the authorization of access to data in a network, which is


controlled by the network administrator.

Users choose or are assigned an ID and password or other authenticating information


that allows them access to information and programs within their authority.

The most common and simple way of protecting a network resource is by assigning it a
unique name and a corresponding password.

Domains of COBIT5

1. Plan & Organize


2. Acquire & Implement
3. Deliver and Support
4. Monitor & Evaluate

Domain 1: Security and Risk Management


1.1 Security Governance P a g e 1|1

You might also like