Data classification important practices
Some data classification best practices include first identifying the source of data and types of the same across the organization. This helps decide which data to retain, store or delete. It also gives an insight to the access patterns of the data. Another aspect is to establish categorization of data before making any decision that is technological. Sort records depending on their category. It is also important to identify and specify access methods as well as authentication methods to the same data (Mark, 2008).
Network standard and protocols
Some of the networking standards learnt includes the OSI model which clearly defines a standard for networking implementation in any setting. The protocols learnt based on the OSI layers of Physical
Data Link, Network, Transport, Session, Presentation and Application are NNTP , SIP, SSI, DNS, FTP, Gopher, HTTP, NFS, NTP, SMPP, SMTP, SNMP, Telnet, DHCP, Netconf, RTP MIME, XDR, TLS, SSL, TCP, UDP, SCTP, DCCP, SPX among many other protocols. These protocols and standards are important in the implementation of any network and will prove valuable in the practice (Stallings, 2007).
1. What are the types of assets present in an organization?
There are tangible assets and intangible assets in any organization. Another category of fixed assets is also considered.
2. What are some of the factors to consider when determining the relative value of an asset?
Personal or organizational goal is one factor. Another is how fast can an asset be liquefied in case of an emergency. The degree of risk to which the asset is exposed to is also another factor in the determination of the relative value.
3. What does “diminish the risk” mean?
Diminish the risk refers to the art of applying proven processes and application in a veture in order to reduce or eliminate the threats are likely to be faced.
4. Briefly explain how to use outsourcing to “transfer the risk.”
Risk can be transferred by outsourcing through insuring assets. A company pays another company to insure their assets and in the process of loss or damage of the insured assets, the insurance company would take the liability.
5. What does “accept the risk” mean?
Accepting the risk implies taking ownership and responsibility of any threats that can happen in the course of a venture. It implies making a decision even though being aware of the risks associated with the made decision.
6. What are some of the states of a TCP/IP port?
Listening, Syn-Sent , Syn-Received , Established, Fin-Wait-1, Fin-Wait-2, Close-Wait , Last-Ack , Time-Wait, Closed
7. Briefly describe network mappers.
Network mappers are used identify the type of operating systems running on particular servers. They also serve to identify the kind of servers used on connected networks.
8. What are some of the common uses of protocol analyzers?
Protocol analyzer is used to decode protocol header and trailers in a network. This is important in order to understand the data in the packet. It captures a packet in real-time for analysis. Protocol analyzer can also be used for monitoring of network traffic, monitoring resource utilization, conducting forensic analysis and troubleshooting operations. It can further more be bused a hacking weapon by an intruder (Mark, 2008).
9. What are some of the tasks that a vulnerability scanner can perform?
Tasks that vulnerability scanner can perform include pinging computers in order to monitor their status as well as access information based on the computer . It also performs the task of deciding solutions based on installed antivirus on the connection. It can also be used to install OfficeScan client remotely as well as scan many ports simultaneously.
10. What are the four major access control models?
Attribute-based access control
Discretionary access control
Mandatory access control
Role-based access control
11. Briefly describe Group Policies.
Group policies are rule specifications that apply to the working environment of system user account as well as the operating systems and applications run in the system. It determines what a user has the ability to and not to do in a computer system. Basically it controls applications, operating system and user settings in an active directory (Stallings, 2007).
12. What are the types of questions that you should ask users when grouping data into categories?
What are the sources of data?
Who accesses which data?
What are the different access and retrieval methods preffered?
13. Provide an example for assigning “tiers” of storage and accessibility to data.
Create pools of data in order to achieve greater control over each pool which is characterized by a logical grouping. Assign volumes to pools and let them remain in that pool unless otherwise specified by the administrator. Load balancing is achieved automatically based on the storage resources within the pool members. This will allow accessibility of data based on a selected pool. As requirements change, data can be moved from one pool to another.
14. Explain the problems with inheritance and GPOs.
A block policy can be applied to prevent linkage to higher sites and domains. This is essential sometimes when there is need to prevent automatic inheritance by child level domains. The problem of inheritance is due to the fact that by default all children inherit GPOS from the parent. In some cases there is need to apply selective policies to a particular unit, therefore block policy becomes handy (Mark, 2008).
15. What are some of the most common types of security application logs?
Application log- has events logged by program
Security log –stores record based on resource utilization and login attempts.
System log –contains system log events
Mark, C. (2008). Security guide to network; security fundamentals. New York. NY: Cengage learning
Stallings, W. (2007). Data and computer communications. New York NY: Prentice hall