Best IT Blog

Sample Email Encryption approach

Posted in eMail (66) by Guest on the March 31st, 2011
Comments Off on Sample Email Encryption approach

Sample Visio – Documentum drawing

Posted in Compliances (1300),Visio Samples - Stencils (457) by Guest on the March 31st, 2011

Free sample VMWare Visio Download 




Comments Off on Sample Visio – Documentum drawing

Visio Sample – NAS drawing

Posted in Networking (340),Visio Samples - Stencils (457) by Guest on the March 30th, 2011

Free sample document NAS – Network-attached storage Visio Download



Comments Off on Visio Sample – NAS drawing

Sample Network Documentation Policy

Posted in Networking (340),Policies - Standards (600) by Guest on the March 29th, 2011

This network documentation policy is an internal IT policy and defines the requirements for network documentation This policy defines the level of network documentation required such as documentation of which switch ports connect to what rooms and computers. It defines who will have access to read network documentation and who will have access to change it. It also defines who will be notified when changes are made to the network. 

This policy is designed to provide for network stability by ensuring that network documentation is complete and current. This policy should complement disaster management and recovery by ensuring that documentation is available in the event that systems should need to be rebuilt. This policy will help reduce troubleshooting time by ensuring that appropriate personnel are notified when changes are made to the network. 

The network structure and configuration shall be documented and provide the following information: 

IP addresses of all devices on the network with static IP addresses.

Server documentation on all servers as outlined in the “Server Documentation” document. 

Network drawings showing:

The locations and IP addresses of all hubs, switches, routers, and firewalls on the network.

The various security zones on the network and devices that control access between them. 

The locations of every network drop and the associated switch and port on the switch supplying that connection. 

The interrelationship between all network devices showing lines running between the network devices. 

All subnets on the network and their relationships including the range of IP addresses on all subnets and netmask information. 

All wide area network (WAN) or metropolitan area network (MAN) information including network devices connecting them and IP addresses of connecting devices. 

Configuration information on all network devices including:




Configuration shall include but not be limited to:

IP Address


Default gateway

DNS server IP addresses for primary and secondary DNS servers.

Any relevant WINS server information.


Network connection information including:

Type of connection to the internet or other WAN/MAN including T1,T3, frame relay.

Provider of internet/WAN/MAN connection and contact information for sales and support.

Configuration information including netmask, network ID, and gateway.

Physical location of where the cabling enters the building and circuit number.


DHCP server settings showing:

Range of IP addresses assigned by all DHCP servers on all subnets.

Subnet mask, default gateway, DNS server settings, WINS server settings assigned by all DHCP servers on all subnets.

Lease duration time.


The IT networking and some enterprise security staff shall have full access to all network documentation. The IT networking staff shall have the ability to read and modify network documentation. Designated enterprise security staff shall have access to read and change network documentation but those not designated with change access cannot change it. Help desk staff shall have read access to network documentation.

Change Notification
The help desk staff, server administration staff, application developer staff, and IT management shall be notified when network changes are made including.

 Reboot of a network device including switches, routers, and firewalls.

Changes of rules or configuration of a network device including switches, routers, and firewalls.

Upgrades to any software on any network device.


Additions of any software on any network device.

Changes to any servers which perform significant network functions whether configuration or upgrade changes are made. These servers include:



Domain controllers


Notification shall be through email to designated groups of people.

Documentation Review
The network or IT manager shall ensure that network documentation is kept current by performing a monthly review of documentation or designating a staff member to perform a review. The remedy or help desk requests within the last month should be reviewed to help determine whether any network changes were made. Also any current or completed projects affecting network settings should be reviewed to determine whether there were any network changes made to support the project. 

Storage Locations

Network documentation shall be kept either in written form or electronic form in a minimum of two places. It should be kept in two facilities at least two miles apart so that if one facility is destroyed, information from the other facility may be used to help construct the IT infrastructure. Information in both facilities should be updated monthly at the time of the documentation review.


Comments Off on Sample Network Documentation Policy

Encryption Considerations

Posted in Compliances (1300) by Guest on the March 29th, 2011

At a minimum, it should include management acceptance of the solution and approval to proceed to a production state (e.g., management accreditation).

Complete informal or formal management accreditation of the encryption solution (i.e., acceptance of the solution) and obtain approval to operate

o If appropriate, perform data re-alignment activities that were not possible prior to implementation 

o Turn on the actual encryption capabilities (e.g., activate background encryption on existing data) 

o If appropriate, complete final data re-alignment activities that were not possible prior to activation of encryption 

Review the information security risk assessment and identify those items and areas classified as requiring encryption.

Evaluate the appropriateness of the criteria used to select the type of encryption/cryptographic algorithms. 

Consider if cryptographic algorithms are both publicly known and widely accepted (e.g. RSA, SHA, Triple DES, Blowfish, Twofish, etc.) or banking industry standard algorithms.

Note the basis for choosing key sizes (e.g., 40-bit, 128-bit) and key space. 

Identify management’s understanding of cryptography and expectations of how it will be   used to protect data.
Determine whether cryptographic key controls are adequate. 

o Identify where cryptographic keys are stored. 

o Review security where keys are stored and when they are used (e.g., in a hardware module). 

o Review cryptographic key distribution mechanisms to secure the keys against unauthorized disclosure, theft, and diversion.

o Verify that two persons are required for a cryptographic key to be used, when appropriate. 

Review audit and security reports that review the adequacy of cryptographic key controls. 

Determine whether adequate provision is made for different cryptographic keys for different uses and data. 

o Determine whether cryptographic keys expire and are replaced at appropriate time intervals. 

o Determine whether appropriate provisions are made for the recovery of data should a key  be unusable. 

o Determine whether cryptographic keys are destroyed in a secure manner when they are no longer required.

Comments Off on Encryption Considerations

Sample Visio – Disk Subsystem

Posted in O S (375),Visio Samples - Stencils (457) by Guest on the March 28th, 2011

Free Sample Disk Subsystem Visio Download  

Sample Vision Disk Subsystem


Comments Off on Sample Visio – Disk Subsystem
Next Page »