Exploring Security Policies Flashcards
Policies are brief ___ ____ statements that identify ____ based on an organization’s ______
Policies are brief HIGH LEVEL statements that identify GOALS based on an organization’s PRINCIPLES
Personnel create ____ and _____ to implement security controls
Personnel create PLANS and PROCEDURES to implement security controls
Logon banners or periodic emails help enforce what poicy?
Acceptable Use Policy
Separation of duties prevents?
Any single person from controlling all the functions of a critical or sensitive process by dividing tasks between employees. Helps to prevent fraud
In Exit Interview policies, what should ideally occur before or during the interview? Why?
The account should be disabled. Because there is a risk that after the interview they may be disgruntled and do something disruptive
Attack a site and insert an ad or pose as a fake advert agency to buy ads are two techniques used to for what?
Posting Malvertizements
Restricting P2P is done in two ways. What are they and what’s the main risk of P2P applications?
1) Blocking on the firewall
2) Port scanning to detect open P2P ports
3) Main risk is data leakage from inadvertently sharing info
What actions are carried if an employee breaches a policy violation?
Adverse Actions are taken.
If you connect a computer to a switch and do protocol analysis to look at all traffic, what do you need to be aware of to ensure you get all the traffic?
The switch port needs to be mirrored otherwise you will only see traffic for your machine and broadcast traffic - EVEN IN PROMISCUOUS MODE
a no trespassing sign is an example of what kind of control? Prevention ro Deterrent?
Deterrent
Requiring users to enter Captcha information when registering for an account is an example of a detection or deterrent control?
A deterrent control as, according to the author “it prevents bots from registering and proves this is a real person.
regarding data labels, what would apply to secret company data - top secret or proprietary?
Proprietary. Top Secret is reserved for governmental agencies/data
PII and what else need to be carefully handled and protected?
Personal electronic devices (BYOD) because they contain PII information
A ____ test can test certain systems to confirm their operation at alternative sites
A PARALLEL test can test certain systems to confirm their operation at alternative sites. (term doesn’t exist in learning books, only in the practice test book)