Module 11: Security Policies and Laws Flashcards

1
Q

Why are security policies important

A

It defines the rules of safeguards, which reduce the risk of personnel injury and property loss

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

TRUE or FALSE: A security policy helps preventing wastage of a company’s computing resources

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the key elements in a security policy

A
  • Clear Communication
  • Brief and Clear Information
  • Defined Scope and Applicability
  • Enforceable by Law
  • Recognizes Areas of Responsibility
  • Sufficient Guidance
  • Top Management Involvement
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Ultimately what do the security policy safeguard

A

The assets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What vital role does a security policy play

A

Improving the operational efficiency of an organizational

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

If an employee commits a violation why is it important to have a security policy

A

It becomes a point of reference

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A good security policy has characteristics that are well defined for a clear understanding. What are some such characteristics

A
  • Implemented and administered through proper channels
  • Enforced through sanctions and security tools
  • Defined areas of responsibility for users, admins, and management
  • Documented, distributed, and communicated
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

When should a security policy be implemented

A

After building, revising, and updating of policy statements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

TRUE or FALSE: The final security policy should be available to only the upper management and some parts of the organization where it will affect production

A

FALSE

It should be available to the whole organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Where should the policy be available to the organization

A

The internal network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is an Access Control Policy

A

It authorizes a group of users to perform a set of actions on a set of resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

TRUE or FALSE: Access Control Policy prevents unauthorized access through managed controls and creates a secure computing environment

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the elements of access control policy

A
  • Access group (group of users to which the policy applies)
  • Action group (group of actions performed by the user on resources)
  • Resource group (resources controlled by the policy)
  • Relationship (Resource class can have a set of relationships associated with it)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is an Acceptable Use Policy

A

A policy that defines the proper use of computing resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

According to the Acceptable Use Policy what are the responsibility of the users

A

To protect the information available in their accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is an Administrative Security Policy

A

It defines the security and protection requirements for information and information systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

How is the Administrative Security Policy important

A
  • Safeguards valuable or confidential info from unauthorized access
  • Eliminates strong legal liability from employees or third parties
  • Ensures data availability
  • Ensures data integrity and prevents information from unauthorized and undetected tampering of the information
18
Q

What is an Asset Control Policy

A

Designed to protect the organizational resources on the network by establishing the policies and procedures

19
Q

What is created to keep up with all the assets

A

A tracking database

20
Q

To track an asset what is assigned to the asset

A

ID (Internal tracking number)

21
Q

What is an Audit Trail Policy

A

A policy that collects all audit trails such as series of records of computer events, about an operating system, an application, or user activities

22
Q

TRUE or FALSE: As a support for operations, audit trails are used to help system admins ensure that the system or resources have not been harmed by attackers, insiders, or technical problems

23
Q

What are the 4 benefits of audit trails

A
  • Individual Accountability
  • Reconstructing Events
  • Problem Monitoring
  • Intrusion Detection
24
Q

What is a Logging Policy

A

Defines which set of system events needs to be logged

25
TRUE or FALSE: If there are too many logs then it becomes easier to review the logs
FALSE
26
The logging policy includes what elements in its policy
* Notification procedures * Guidelines for log review intervals * Retention standards * Response time
27
What does a Documentation Policy
Determines the requirements and procedures for documentation of organization's operations and resources such as networks and servers.
28
Why are Evidence Collection Policies important
They are required to provide a legally sound framework for collecting evidence related to a security incident
29
What is an Evidence Preservation Policy
A policy that determines how to preserve the evidence and maintain them in their original state
30
TRUE or FALSE: Two copies of the evidence must be maintained. 1 original and 2 backups for testing
TRUE
31
What type of backups are to be made as they are more through than the standard backups
Bit stream
32
Why is an Information Security Policy even needed
It lays the foundation for information security within an organization
33
How does an Information Security Policy help most of all
It helps to ensure that the company follows the CIA with regards to data
34
What does NIACAP stand for
National Information Assurance Certification & Accreditation Process
35
What does NIACAP do
Sets up a standard national process, set of activities, general tasks, and a management structure to certify and accredit systems
36
What is the Physical Security Policy
Establishes rules for granting, control, monitoring, and removal of physical access to information resources and facilities
37
What type of agreements need to be signed for physical access to information resource facilities
Access and Non-disclosure agreements
38
According to federal law what must federal agencies in regards to incidents
Federal agencies must report the incidents to the Federal Computer Incident Response Center
39
TRUE or FALSE: A procedure to monitor the efficiency of the security controls is not part of the computer risk policy
TRUE
40
TRUE or FALSE: An audit trail policy helps in calculating intangible losses to the organization due to an incident
FALSE