Ch11: Implementing Policies to Mitigate Risks Flashcards
Written security policies are
administrative controls that identify a security plan
Personnel create plans and procedures to
implement security controls and enforce the security policies
Mandatory vacation policies
require employees to take time away from their job to help deter fraud and discover malicious activities while the employee is away
Separation of duties
prevents any single person or entity from controlling all the functions of a critical or sensitive process by dividing the tasks between employees. This helps prevent potential fraud (e.g. single person prints and signs checks)
Job rotation policies
require employees to change roles on a regular basis. This helps ensure that employees cannot continue with fraudulent activity indefinitely
Clean desk policy
requires users to organize their areas to reduce the risk of possible data theft. Reminds users to secure sensitive data and may include a statement about not writing down passwords
Background checks
investigate the history of an individual prior to employment
When an individual departs an organization, sometimes a _ is conducted
exit interview
Improper use of social networking can result in…
inadvertent information disclosure
_ occurs when users install P2P software and unintentionally share files
Data leakage
Organizations often block P2P software…
at the firewall
MOU/MOA
Memorandum of understanding or memorandum of agreement defines responsibilities of each party, but is not as strict as a SLA (service level agreement) or ISA (interconnection security agreement)
If the parties will be handling sensitive data, they should include a…
ISA to ensure strict guidelines are in place to protect the data while in transit
A MOU/MOA often supports a..
ISA
Public data…
is available to anyone