Disseminating Policies Flashcards

1
Q

Disseminating Policies

A
  • Policies should be promoted/supported by a security
    education, training, and awareness (SETA) programme that
    helps employees do their jobs securely
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Education:

A
  • Not everyone needs formal degree or certificate in info security
  • But some roles may require certain employees to hold/attain
    info security academic qualifications or industry certification
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Training

A
  • EVERYONE in an organisation needs to be trained and aware
    of information security
  • Provides employees with hands-on instruction and detailed
    info designed to prepare them to perform duties securely
  • Management of info security can develop customised in-house
    training or outsource training
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Awareness

A
  • keeps info security at forefront of the user’s mind
  • can be as simple as security posters, newsletters, flyers, etc
  • may include printed mouse-pads or company mugs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

NCSC Guidance:
Good security governance should:

A

Link security activities to your organisation’s goals
and priorities identify the individuals, at all levels, who are
responsible for making security decisions and empower them
to do so

  • Ensure accountability for decisions
  • Ensure that feedback is provided to decision-makers on the
    impact of their choices
  • Fit into an organisation’s wider approach to governance.
    Security needs to be considered alongside other business
    priorities, such as health and safety, or financial governance.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Incidents happen

A

Preventive activities based on the results of risk assessments
can lower the number of incidents.

  • but not all incidents can be prevented

An incident response capability is therefore necessary for:
* rapidly detecting incidents,
* minimising loss and destruction,
* mitigating the weaknesses that were exploited,
* and restoring IT services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly