Management and Testing (part 1)

Video Activity

This module discusses policies and procedures: Change management Configuration management Capacity management Life cycle management In addition, it also teaches about systems management best practices: 1. Documentation Standardization Planning Finally, it also discusses the following testing techniques: 1. Configuration testing Security Testing R...

Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

2 hours 28 minutes
Video Description

This module discusses policies and procedures:

  1. Change management
  2. Configuration management
  3. Capacity management
  4. Life cycle management

In addition, it also teaches about systems management best practices: 1. Documentation

  1. Standardization
  2. Planning

Finally, it also discusses the following testing techniques: 1. Configuration testing

  1. Security Testing
  2. Roles and responsibilities
Video Transcription
Welcome back, Cyberia I t name CS Langham. Today we want to be talking about management and testing.
First thing we're talking about is the policy of the Procedures System management, best practices about testing techniques, toes, documentation and talk about logs that are inside of the network policies and procedures. I want to talk about Cheech management configuration capacity and lifecycle management. Change Management
Change management is set in place so that away you're able to inform the chain of command
what changes you're making to the network. Say, for instance, you want to add a new exchange server Well, this will be part of the change management. You will submit the paperwork's. That way you'll be able to add that new exchange server and be able to show the milestones and the guidelines that you're going to be performing with that
and also a changed management. If there is an outage and you need to modify a piece saying different router,
you had to go out and buy any router, but it wasn't the exact same that was still be part of a change management.
It is important for you to annotate this in case you leave and somebody else's is taking over your spot, or you need to notify your customers of what changes that are being made. Next thing we're talking about, its configuration management configuration management is set in place to improve the network.
It also improves performance inside of the computers.
It's optimizes costs and lowers risk configuration management. You might change from one thing to another because you find out that moving to this program, which of that program allows youto have better performance inside of your network and also lowers the possibility of having an outage.
For that, you had some configuration management, so that was your chain of command or your customers.
We'll be able to implement that into their routine
and capacity management. It gives the customers the best performance. Capacity management also allows you a justification for the change.
Lot cycle management is a process of process put in place by an organization. These processes allow for management, coordination, control, delivery and support.
The lifecycle management is something that the chain of command will implement, so that way they're able to be informed of the management or maybe of the delivery of the information to the other entities, Lifecycle management was created by the i. T. I L
and also
was a combination of the
Microsoft Operation Framework System Management. Best Practice won't talk about documentation. Centralization and planning documentation is for a strategic planning.
It's required for business, and it's also required for the S L A service Elections agreement. Documentation needs toe have
the incidents, problems, configuration and items recorded inside of it.
But it also has to have a
nice design so that away the other parties were able to understand it. You want to minimize how much technical job will you put inside there?
He's a regular user, doesn't understand what Ram CPU, or probably even the hard drives the different types of hard drives are. They just need to know that they're going to get what they need. So the documentation needs to match that centralization is used to make
the network as a whole the same. Also, standardization. You want to make sure you have procedures or steps set in place. This allows you to be able to know the next level that you need to move to. If the help desk is doing maintenance on a computer and they finished all their steps will. The next procedure will be for them to pass it to the network, Tex.
So that way they're able to
completed and resolve the issue. Also, a senator's a show. You want to make sure that you have a name and conviction,
for example, you want to make sure that the name of condition is the same. The computer, for example, will be called Debbie. US 0101 sang for workstation and building one computer number one or W s 0309 Many workstation and building three. Computer number nine.
Next time we won't talk about us planning
what planet you wanna make sure that your maintenance window is large enough for you to be able to do what you need to dio if backups usually take about an hour if you want to make sure you have enough time to perform. The backups were to perform the restore our to perform the upgrade or whatever improvements that you're going to be making to the network.
Also, you want to make sure you submit your plans to the C A B, the change Advisory board, so that way they can approve it and be able to get back to you in time. Your C A B might include your isis M or possibly somebody of that status that knows about the security of the network.
But then also, they're able to present it to the other departments and be able to give them proper information. So that way they can plan accordingly. Next time we will talk about its testing techniques, we're gonna talk about the configurations security roles on responsibility
with configuration testing. You want to make sure that the components are tested out properly. If you're installing new RAM into a computer, you want to make sure that
the round is proper for that computer. Or if you're insulting other components inside that computer, you want to make sure that it runs properly.
If you're replacing the nick, if you're putting in a peripheral nick inside of a computer that you want to make sure that that Nick is able to perform at the right functionality of the network if you're moving to a different application, you want to make sure that the people that are going to be affected by the application are able to do what they need to do
for instance, if you're always using Oracle 11 g, but then you decided to move to SharePoint. We want to make sure that the departments that are going to be affected by this move our syllables to perform the functions that they need to perform security testing. For legal reasons, the organizations should review the contract with the cloud provider.
Testing out your security is very important whenever it comes to a network. Most organizations perform a security test of some kind once a year. Whenever they perform a security test, they need to review their contract with the cloud provider
so that way there and guidelines with their contract. If they exceed their contract or they're doing things that they don't need or they're performing functions that are outside of the contract,
they could be a breach of contract and therefore somebody would be a fault
to relieve. He ate that
you would take her contract to the cloud provider, review it and make sure that you're able to do the test that you need to do. There are two types of security testing. You have white box and black box. Each is unique white boxes. When you give particular information to the people that are going to be performing the penetration test.
You might give them an internal I paid. You might give them a username,
or you might give them something else. Maybe the way the network is outlined Black box is whenever there you do not give them any information. Black bucks is usually associated with a real world hacker situation.
Next, we'll talk about Rose and responsibility. Rosa responsibility. Their separation of duty, separation and duty is extremely important whenever it comes in the absence of a network, you don't want to give one person every law again, an access that everything that is inside the network. You want to make sure that they have a specific job
and that you separate the rose.
For example. There are three people working at a network. One person is able to log in to everything. The other two people are only able to log into the switch or to the router or to the server or sense of that nature.
Well, if that one person is able to log into everything, goes through and delete certain information, he can go to the other systems and cover up his steps so that away his actions aren't recorded, whereas with the other people, whenever they do one thing, they would have to go to the other person to cover up their steps so forth
their actions would be recorded.
Also, somebody has all the keys to the network.
They might
perform in action and then realized after they perform the action that what they did was wrong. So therefore they would try to cover up what they could,
and if they have all the keys, then they would be able to cover this up. But if you separate the duties, then you'll be able to see what it is that they were doing.
Up Next