Chapter 3. Processes and Procedures

“...There’s a time for daring and there’s a time for caution, and a wise man understands which is called for....”

—Dead Poets Society

“...All he’d wanted were the same answers the rest of us want. Where did I come from? Where am I going? How long have I got?”

—Blade Runner

By the end of this chapter, you should know and be able to explain the following:

• The processes for managing and responding to security advisories within your organization

• Which organizations produce security advisories

• What a zero-day alert is and how you should respond

• Best practices for handling updates

• Define an Access Control List (ACL) and how to use one within a networking environment

Answering these key questions will enable you to understand the overall characteristics and importance of the processes and procedures used in the day-to-day life of a network security technician. By the time you finish this book, you will have a solid appreciation for network security, its issues, how it works, and why it is important.

How do you relate these quotes to security process management? Every user within an organization needs to easily see within a process where they are, how they got there, what they are supposed to do, what is going to happen next, and how long they have to complete the step. Furthermore, you need to delicately balance the implementation of the workflow (that is, processes and procedures) between being functional and secure. You could easily secure your computer systems too much, making research and development nonfunctional. You can also go the other direction and not secure your systems and be harassed by viruses and malware.

This chapter covers the options available to you as a network/technology security specialist within your organization, establishing change control boards, responding to threats, and then finally touching on some of the best practices out there in the technology field today.