LAB3 - Policy

Question 1

Why do organisations need security policies?

Answer 1

Policies define how things should be done in an organisation.

Question 2

What 9 things do security policies cover?

Answer 2

Internet usage, email, external devices, passwords, software, personal devices, disposal of equipment, backup, device hardening

Question 3

Defining reponsiblities

Answer 3

Who is reponsible for what, how to report concerns, reporting to staff/employees

Question 4

3 security parameters

Answer 4

Password policy, acceptable software/installation/usage policy, device hardening parameters

Question 5

Password policy - 3 dos

Answer 5

Create long password - harder to crack, combination of upper and lowercase letters and symbols - more complex, change password regularly - reduce the likelihood of someone working them out, limit length of access

Question 6

Password policy - 4 don’ts

Answer 6

Make the password a single word - ‘dictionary hack’ may be used, use the name of children, pets, other familiar names, write it down, share it with others

Question 7

3 disadvantages of using non-approved software

Answer 7

Deliberately or accidently be affected with malware, support issues - bugs, incompatibility, licencing issues - not have the right to use the software

Question 8

3 security parameters for acceptable software policy

Answer 8

List software applications approved for use, forbid installation on non-approved software, staff may make request for authorisation to install additional software

Question 9

Define disaster recovery policy

Answer 9

sets out how an organisation will repond to a variety of disasters to ensure staff can return to normal working as soon as possible.

Question 10

5 things to consider for disaster recovery policy

Answer 10

Who is reponsible for what, dos and don’ts for staff, defining backup process, timeline for data recovery, location alternative provision

Question 11

5 actions to take following a cyber attack

Answer 11

Investigate, respond, manage, recover, analyse

Question 12

What happens at the Investigate stage (1)

Answer 12

Identify type of attack, when did it start, severity, what parts of system affected

Question 13

What happens at the Repond stage (2)

Answer 13

Depending on severity:

• inform stakeholders
• inform appropriate authorities

Question 14

What happens at the Manage stage (3)

Answer 14

• contain the attack: disconnect/shut down infected systems to prevent attack from spreading, preserve evidence for analysis
• designated peronnel to manage the attack

Question 15

What happens at the Recover stage (4)

Answer 15

Disinfect digital systems, restore data from backups, return systems to full working order.

Question 16

What happens at the Analyse stage (5)

Answer 16

Identify source of attack, how was it able to gain access, modify procedures, policies, implement staff training