Certified Cybersecurity Technician Exam 212-82 - Organizational Policies - PDF
Document Details
Uploaded by barrejamesteacher
null
Tags
Summary
This document discusses organizational policies related to asset management and change management. It outlines various aspects of these policies, including design considerations and procedures. The topics covered include security guidelines, procurement, BYOD, and configuration.
Full Transcript
Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 Organizational Policies: Asset Management Policy 0O An asset management policy involves developing an appropriate strategy that includes actions to be taken to protect and preserve the integrity of IT...
Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 Organizational Policies: Asset Management Policy 0O An asset management policy involves developing an appropriate strategy that includes actions to be taken to protect and preserve the integrity of IT assets Design Considerations ° What are the primary objectives of asset management? ° What are the risks and threats associated with asset management? ° Is the support of executive officials required for planning and enforcing asset management practices? ° What are the resources available to plan, implement, and apply the desired policies and procedures? ° What are the probable costs expected for the management of IT assets? Organizational Policies: Asset Mlanagement Policy An asset is referred to as any resource that is used as part of the regular operations of an organization. An asset management policy involves developing an appropriate strategy that includes actions to be taken to protect and preserve the integrity of IT assets. The asset management organization. standards. policy also describes how asset management is to be implemented within the It also defines objectives, service levels, storage guidelines, and maintenance Asset management policies provide the governing power to enforce all aspects of asset management practices. The policy specifications and norms can vary based on the organization’s requirement. These policy standards are designed around the following key elements. = Asset standards: Discover specific hardware/software assets that can be used within the = Security guidelines: organization and support their usage. Discover how logical and physical security measures should be applied to protect hardware/software assets. = Guidelines for asset procurement: Discover policies acquisition, procurement, and leasing of IT assets. = Guidelines for BYOD: Discover the methods to support bring your own device (BYOD) assets such as tablets, laptops, mobile devices, and notebooks. * Configuration standards: Discover how standard software/hardware must be configured. = Variance process: Build criteria and methods through which assets and configuration standards should be applied. Module 05 Page 601 and methods related to the Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 Guidelines for configuration management: Discover appropriate methods for change control and configuration management that ensure consistent and timely updates and configuration changes. Non-standard assets: Build services that provide support for non-standard assets and their set up. Asset inventory practices: Trace the location and placement of all the technical assets and maintain their inventory. Guidelines for software licensing: Trace the license validity of assets and ensure compliance with the given policies, norms, laws, and regulations. Technical support and maintenance practices: Discover procedures to be followed for asset-based technical support, service deployment, repairs, maintenance, and issue escalations. Asset movement practices: Oversee requests and tasks related to physical movement, replacements, and changes with respect to software/hardware assets. Guidelines for asset disposal: Discover methods to be followed for software/hardware assets that are not in service and require disposal. Design Considerations What are the primary objectives of asset management? What are the benefits expected from standard asset management? What are the risks and threats associated with asset management? Is the support of executive officials required for planning and enforcing asset management practices? How can the selected policies and procedures be implemented? What are the resources available to plan, implement, and apply the desired policies and procedures? What are the probable costs expected for the management of IT assets? What are the setbacks expected from asset management and how can they be tackled? What are the consequences of the violation of or negligence towards IT asset management? Module 05 Page 602 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 Organizational Policies: Change Management Policy O A change management policy helps minimize the disruption of services while implementing changes throughout an organization by following standard change procedures Design Considerations \ = Arequest for change should only be raised through a change management form = Every change should be approved by the change advisory board (CAB) * A CAB-approved plan of changes and standard implementation plan should be stored properly * Changes should be tested in a staged environment before real-time T implementation -. \ Q '1‘1‘1'1‘[‘1‘1‘{11I I]Hl] * Arollback plan should be prepared in case of implementation failure = Perform post-change tests and documentation to check whether the change is successful Copyright © by EC-C HL All Rights Reserved. Reproduction is Strictly Prohibited Organizational Policies: Change Management Policy Changes to IT systems are required for many reasons such as software or hardware upgrades, vendor recommendations, user/customer requests, malfunction in hardware or software, and natural disasters. Change management is the process of managing the changes made in an organization’s IT systems and infrastructure. When disruptions occur while implementing changes, the organization’s IT services and customers could be affected. Creating a change management policy and following standard change procedures will help minimize the disruption of services while implementing changes throughout the organization. The following are different types of changes involved in change management. 1. Minor change A minor change is a non-standard and non-emergency change that is important to IT services. It requires approval from the change advisory board (CAB). 2. Major change A major change the process and A major change board (CAB) and 3. in an organization poses a high risk to operations. The management of implementation of such a change depends on the size of the organization. requires approvals from all authorities, including the change advisory change management administrator (CMA). Standard change A standard change is a regularly or frequently changing process with pre-established procedures. These changes have pre-approval to ensure fast implementation. Module 05 Page 603 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Administrative Controls 4. Exam 212-82 Emergency change Emergency changes are implemented when a major incident has occurred. Assessment and implementation should be quick to resolve the problem. Emergency changes are more disruptive than the other types of changes and may lead to failure. Design Considerations = Arequest for change should only be raised through a change management form. = Every change should be approved by the change advisory board (CAB). = A CAB-approved plan of changes and standard implementation plan should be stored properly, e.g., in a shared drive. = Changes should be tested in a staged environment before real-time implementation. = Arollback plan should be prepared in case of implementation failure. = Post-change tests and documentation should be performed to check whether the change is successful. Module 05 Page 604 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.