10: 4 Security Policies

Question 1

Security Policy Framework (4)

Answer 1

Policies, Standards, Guidelines, Procedures

Question 2

Security Policies

Answer 2

Provide foundation for a security program, carefully written, require compliance from all employees, are approved at the highest levels of the org

Question 3

Security Standards

Answer 3

Provide specific details of security controls, derive authority from policies, require compliance from all employees

Question 4

Security Guidelines

Answer 4

Provide security advice to the organization, follow best practices from industry, not mandatory

Question 5

Security Procedures

Answer 5

Outline a step-by-step process for an activity, may require compliance

Question 6

Data Security Policy Criteria

Answer 6

Foundational Authority for Data Security Efforts, Clear Expectations for data security responsibilities, guidance for requesting access to information, process for granting policy exceptions

Question 7

Data Storage Policies

Answer 7

Appropriate locations, access control requirements, encryption requirements,

Question 8

Data Transmission Policies

Answer 8

Protect data in motion, covering encryption requirements and acceptable transmission mechanisms

Question 9

Data lifecycle policies

Answer 9

Describe end of life for data (data retention policies - how long data elements are kept, data disposal policies - how to destroy data that’s no longer needed)