Module 1 / Unit 5 Policies and Best Practices Flashcards
Summarize safe working practices and policies. Understand the importance of incident response policy. Identify appropriate policies to ensure data security, effective privilege management, and employee use of computer and network systems.
What is the difference between policy and best practice?
Policy establishes definite rules while best practice is “fuzzier” and might be demonstrated through examples or scenarios rather than explicit rules.
What are the main elements of fire safety procedures?
Fire / smoke detection and alarms plus safe escape routes from the building and emergency drills / procedures.
True or false? An ESD wrist strap is designed to provide a personal ground to protect a technician from electrocution when working on energized electrical devices.
False - a safety or utility ground is a pathway for electricity to flow in the event of a short so that it is less likely to electrocute someone touching a “live” bit of metal but the technician should NEVER be part of this grounding path. An ESD (ElectroStatic Discharge) ground equalizes the electrical potential between surfaces to reduce the chance of damage to components. Such wrist straps should have working resistors to prevent any dangerous amount of current from flowing through them but they are not safety devices.
How is the person who first receives notification of a potential security incident designated?
First Responder
How does the principle of least privilege apply to privileged users?
Privileges can be allocated by role / domain rather than creating all powerful “superusers”. Holders should only logon to privileged accounts to perform specific tasks. The accounts should be subject to auditing and oversight.
True or false? DLP technology can assist with managing PII.
True - Data Loss Prevention (DLP) software can be configured to identify Personally Identifiable Information (PII) strings or fields and prevent transfer of such data by unauthorized mechanisms or formats.
What technology provides data security assurance during the asset disposal phase of system lifecycle?
Hard drive / media sanitation, such as encryption or disk overwriting.
What are the main elements of password policy?
Ensuring strong password selection and preventing sharing of passwords. You might also mention password aging / changing passwords regularly.
What configuration request would be implemented by IT services during employee onboarding?
Account creation, issuance of user credentials, and allocation of permissions / roles.
What type of policy governs use of a VPN?
Remote access policy.
