馃攳
Agreement Types - CompTIA Security+ SY0-501 - 5.1 - YouTube
Channel: unknown
[1]
every organization has their own set of
[4]
processes and procedures for handling
[7]
their IT operations these are your
[10]
standard operating procedures and
[11]
although they're called your standard
[13]
procedures these are the important
[16]
day-to-day procedures that make sure
[18]
that all of your systems and your
[19]
applications remain secure these are
[22]
detailing things that occur every day
[24]
and they're usually a very extensive
[26]
list of processes and procedures that
[29]
you normally use on your network for
[31]
example what is the process and
[33]
procedure when a new account needs to be
[35]
made are there a set of permissions that
[38]
need to be signed off on is there a form
[40]
that needs to be filled out all of these
[42]
things should be standardized so that
[44]
every single account follows exactly the
[46]
same process there should be a standard
[49]
operating procedure for the backup and
[51]
the handling of your backup data
[53]
there should be an SOP for how you
[55]
handle encryption in your organization
[57]
and there should be standard operating
[59]
procedures for everything else that
[61]
occurs on a day to day basis usually
[64]
these are well documented and as you can
[66]
imagine they may be an extensive amount
[68]
of documentation because you have so
[70]
many different standard operating
[72]
procedures in your environment in some
[74]
cases your organization may need to
[76]
comply with important industry
[77]
regulations and these legal requirements
[80]
are built into all of your standard
[82]
operating procedure documents every
[85]
organization is going to work with a
[87]
third party to provide some type of
[89]
products and services between the two
[92]
there is a legal aspect to IT security
[95]
that revolves around these
[97]
interoperability ingredients for example
[101]
you may have a third party that provides
[102]
web hosting for your organization or
[104]
perhaps your payroll services are
[106]
outsourced to a third party so some of
[109]
your important and sensitive data may be
[111]
in the hands of someone else it may be
[114]
important to set up an agreement
[115]
beforehand so that everybody understands
[118]
the type of security that will be
[120]
required for this data and what type of
[122]
access controls may be in place to make
[124]
sure that data remains secure these are
[127]
usually legal agreements and it requires
[129]
that you bring in part of your legal
[131]
team or you have a lawyer make sure that
[134]
all of this
[134]
documentation meets the requirements for
[137]
your organization there are a number of
[139]
other common agreements that you'll find
[141]
in information technology one common one
[143]
is the SLA or service level agreement
[146]
this is an agreement between two parties
[148]
that dictates what the minimum level of
[151]
services would be required for example
[153]
if you're requiring some network access
[155]
from a third party you might want to
[157]
require a particular amount of uptime
[159]
there may be an agreement for response
[161]
time and management of any problems and
[164]
anything else that needs to be a minimum
[166]
level of service organizations that have
[169]
longer term and broader relationships
[172]
may create a business partners agreement
[174]
or a BPA this is the type of agreement
[177]
you might find for example between a
[179]
manufacturer and a reseller and if
[182]
you're part of the United States federal
[183]
government you may be required to agree
[186]
to an interconnection security agreement
[188]
or an ISA this defines security controls
[192]
especially when different departments of
[194]
the US federal government are connecting
[196]
to each other a relatively less formal
[199]
agreement is a Memorandum of
[201]
Understanding or an MOU this is a
[203]
document that details something that
[205]
both sides can agree to but it may not
[208]
necessarily be a signed contract the
[211]
next step above an MOU is a memorandum
[214]
of agreement this is where both sides
[217]
will agree to the specific information
[219]
in the memorandum of agreement this may
[222]
not be a legal document with legal
[224]
language but it's something where both
[225]
sides can agree to certain terms for
[228]
example both sides may agree to promote
[230]
and support the joint use of their
[233]
facilities that would be perfect
[234]
language to add to a memorandum of
[237]
agreement
[245]
you
Most Recent Videos:
You can go back to the homepage right here: Homepage