As discussed several of the questions on Exam 2 relate to this real-world like small business case. You are encouraged to pre-read, print, etc. this case prior to the Exam.
2. In your company, do you use any blueprints as documentation? Why are process blueprints important in the documentation?
We use blueprint documents quite a bit. For networking, we use Visio to document all of our servers and computers (on-premis and off) and how they interact with each other. This allows us to know how our network runs from the internet demarcation point to the firewall to our DC’s etc. On top of that , the computers listed show us who uses them and what permissions they have for both our file server and our Microsoft NAV ERP. Having a baseline of what is going on security wise through a blueprint system allows for tighter security without being too secure. It also helps to look at our network and users and spoof a user to test security. For instance, a new employee is hired in marketing so I can look at a base user, bring them up in our diagrams and create the user and authorizations based off of the least privileged person, login as them and poke around. Once I am satisfied, I create the actual role based off of my testing.
Kevin Berg says
2. In your company, do you use any blueprints as documentation? Why are process blueprints important in the documentation?
We use blueprint documents quite a bit. For networking, we use Visio to document all of our servers and computers (on-premis and off) and how they interact with each other. This allows us to know how our network runs from the internet demarcation point to the firewall to our DC’s etc. On top of that , the computers listed show us who uses them and what permissions they have for both our file server and our Microsoft NAV ERP. Having a baseline of what is going on security wise through a blueprint system allows for tighter security without being too secure. It also helps to look at our network and users and spoof a user to test security. For instance, a new employee is hired in marketing so I can look at a base user, bring them up in our diagrams and create the user and authorizations based off of the least privileged person, login as them and poke around. Once I am satisfied, I create the actual role based off of my testing.