(8) Policies

Question 1

What are policies?

Answer 1

Policies are high level statements of management intent

Question 2

What is an information security policy?

Answer 2

An information security policy provides a high level authority and guidance for the security system of the company

Question 3

What is an acceptable use policy (AUP)?

Answer 3

AUP provides network and system users with clear direction of useful and allowed action with information resources

Question 4

What is a data ownership policy?

Answer 4

Data ownership states that ownership of information created or used is owned by the company

Question 5

What is a data classification policy?

Answer 5

Data classification is one that describes how the company classifies data and the process that properly assigns data classification

Question 6

What is a data retention policy?

Answer 6

The data retention policy lays out what info the org will maintain and the length of time different categories of work will be retained prior to destruction

Question 7

What is an account management policy?

Answer 7

An account management policy is about the account life cycle starting from provisioning, to active use, and decommissioning

Question 8

What is a password policy?

Answer 8

A password policy puts forth requirements for password length, how complex they are, how they are reused (not reused), etc

Question 9

What is a continuous monitoring policy?

Answer 9

Continuous monitoring policy describes the orgs approach to monitoring and informs employees that their activity will be tracked

Question 10

What is a code of conduct policy?

Answer 10

Code of conduct policy describes how employees are expected to behave and it serves as a structure for situations not addressed as well