3.5 Flashcards
Whats Privileged user agreement?
It’s an agreement between the company and the admin. a Network administrator has access to almost everything but hes expected to use non-privileged methods when appropriate. But admin needs to use privileged access only for assigned duties and sign an agreement.
What are password policies?
It’s a Written policy (all passwords expire every 30 days, 60 days, etc). Critical systems might change more frequently but the recovery process should not be trivial.
What is on-boarding?
It’s the policy of bringing a new person into the organization. In this process the IT agreements need to be signed. Then a new account needs to be created that associates the user with the proper groups and departments and then provide the required IT hardware.
Whats off-boarding?
These are the process to go through when someone is no longer with a company. These processes are pre-planned and usually that user gets deactivated since they might have important info under that account.
Why is licensing restriction important?
There are a lot of licenses which use different methods to renew. Everything works great until a license gets expired and sometimes that can cause issues with integrity.
What are International export controls?
These are the rules and policies set not only on shipment if physical items, but also the transfer of software or info. These laws need to be checked withe legal team.
Whats DLP?
(Data Loss Prevention) These will be policies that dictate how your organization will be handling social security numbers, credit card numbers, or any other type of personally identifiable information. Many organizations will deploy data loss prevention technologies on their servers and their networks to watch for this data going across the network.
What are remote access policies?
Policies to define the management of remote access for everyone including the third party access when they are not in the building. They require very specific technical requirements.
What are security incidents?
These are policies that specifies the following:
- how is the incident identified?(alarming, alerting, automated monitoring)
- How is the incident categorized?
- Who responds to an incident?
- What process is followed?(formal process)
Whats the BYOD policy?
(bring your own device/technology) Policies in regard to employee owns the device but that device needs to meet the company’s requirements, but its difficult to secure.
Whats AUP?
(Acceptable use policies)
- Whats acceptable use of company assets?
- Covers many topics like internet use, telephone use, computers and mobile devices.
- These policies are used by an organization to limit legal liability.
Whats NDA?
(non-disclosure agreement) It is used to prevent the use and dissemination of confidential information. It can be Internal(by the company we are working in) or external(third party).
Whats a system life cycle?
Policies that explain the management of asset disposal and it can sometimes become a legal issue. We dont want critical info. in the trash so security of recycling becomes a concern.
What are safety procedures and policies?
policies that define the following:
- Equipment safety
- Personal safety
- Handling of toxic waste
- refer to MSDS/SDS
- Local government regulations