WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Like what you see? Get it in one document for easy printing!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Test yourself better with 300 extra Security+ questions!
Get It Here!

Google
Web CertiGuide






Table Of Contents  CertiGuide to Security+
 9  Chapter 5:  Operational/Organizational Security (Domain 5.0; 15%)

Previous Topic/Section
5.9.7  Destruction
Previous Page
Pages in Current Topic/Section
1234
5
Next Page
 5.11  Success Questions
Next Topic/Section

5.10  Summary
(Page 5 of 5)

Education



You were also made aware of the important role played by education. In order for users to follow policy, you need to communicate to them how their interests are served by those policies, and interact with them to determine how some policies may make their lives more difficult, and work with them to improve those policies. User awareness is critical, since employees need to be aware of policies and significant vulnerabilities (such as viruses and social engineering attempts) in order to best exercise “due care” in the performance of their job duties.

Documentation

Finally, you learned the importance of complete, up-to-date documentation, including:

  • Standards and Guidelines, specifying the standards and guidelines your organization/department adhere to.

  • Systems Architecture, including network maps, lists of software installed on systems, configuration printouts, etc.

  • Change Documentation, which tracks changes to system and network configuration over time; not only is this a valuable history, but it may also be useful if the most recent change “broke something” and the administrator who made the change isn’t around to explain what he did.

  • Logs and Inventories, documenting equipment maintenance, backups, etc.; inventories may include asset lists, inventories of spare parts, available backup media, etc.

  • Classification, specifying the sensitivity of particular types of data and/or systems.

  • Notification, who must be notified in the event of certain events like intrusion detection, theft, disaster, etc.

  • Retention/Storage, policies and procedures for securely storing physical and electronic records, specifying where they are stored and how long they are kept; this may be partly determined by industry regulations followed by your organization.

  • Destruction, how and when documentation and other items such as media are destroyed; for high-security installations, the procedures involved may be complex.

Previous Topic/Section
5.9.7  Destruction
Previous Page
Pages in Current Topic/Section
1234
5
Next Page
 5.11  Success Questions
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $


Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.