1. Policies vs Procedures
- Policies: Define behavior, access levels, and network configurations.
- Procedures: Step-by-step instructions to implement policies.
2. Change Management
| Step | Description |
|---|
| Document Reason | Explain why the change is needed |
| Change Request | Submit request to change advisory board |
| Configuration Procedure | Detailed steps and hardware/software involved |
| Rollback Plan | Ensure recovery path if issues arise |
| Impact Assessment | Identify affected systems |
| Notifications | Inform stakeholders before and after change |
| Approval | Technical and management review |
| Maintenance Window | Execute changes during low-traffic periods |
| Final Documentation | Update network configuration records |
3. Incident Response
- Identification: Recognize threat
- Containment: Isolate affected systems
- Analysis: Investigate logs and trace source
- Recovery: Restore services and operations
- Reporting: Document and evaluate for future prevention
4. Disaster Recovery Plan (DRP)
- Disaster Types: Natural, Human-made, Technical
- Actions: Offsite backups, infrastructure restoration, testing
5. Business Continuity Plan (BCP)
- BIA: Identify critical business functions and resources
- Goal: Maintain operations during/after disruption
6. System Lifecycle
- Acquisition → Implementation → Maintenance → Decommissioning
- Secure asset disposal (data wiping, hardware recycling)
7. Standard Operating Procedures (SOPs)
Department-specific tasks with approved workflows, authorization, and record-keeping.
8. Hardening Techniques
- Remove unused software/services
- Disable unnecessary ports
- Restrict external storage device access
9. Security Policies
- AUP: Acceptable resource usage standards
- Password Policy: Complexity, expiration, history control
- BYOD Policy: Protect personal devices via MDM/MAM
- Remote Access Policy: VPN standards, NAC enforcement
- Onboarding/Offboarding: Account creation, access revocation
- General Security Policy: Physical and digital protection measures
10. Security Audits & Clean-Desk Policy
- Audits: Internal or third-party assessments
- Desk Policy: No sensitive data left unattended
11. Device Restrictions & Physical Security
| Policy | Action |
|---|
| Unauthorized Recording | Ban cameras, USB drives |
| ID Badges & Logging | Track server room access |
| CCTV | Monitor entrances and parking areas |
| Locking Doors | Use access cards and PIN codes |
12. Data Loss Prevention (DLP)
- Function: Block sensitive data transmission
- Deployment: Endpoint and network-level solutions
13. Network Documentation
| Type | Description |
|---|
| Physical Diagrams | Hardware layout and connections |
| WLAN Maps | Signal coverage and rogue AP detection |
| Logical Diagrams | Protocols, VLANs, IP addresses |
| MDF/IDF Details | Main and intermediate distribution frames |
| Site Surveys | Performance analysis before/after installation |
14. Common Agreements
| Agreement | Purpose |
|---|
| NDA | Protect confidential data |
| SLA | Service delivery standards |
| MOU | Non-binding collaboration terms |
15. Policy Violations
- Consistent enforcement across all users
- Proportional response to severity
- Example: Dismissal for storing prohibited content
16. Network+ Study Tips
- Policy vs Procedure distinctions
- Change management phases
- Incident and disaster handling
- Documentation essentials
Written & researched by Dr. Shahin Siami
