Module 11: Security Policies and Laws Flashcards
Why are security policies important
It defines the rules of safeguards, which reduce the risk of personnel injury and property loss
TRUE or FALSE: A security policy helps preventing wastage of a company’s computing resources
TRUE
What are the key elements in a security policy
- Clear Communication
- Brief and Clear Information
- Defined Scope and Applicability
- Enforceable by Law
- Recognizes Areas of Responsibility
- Sufficient Guidance
- Top Management Involvement
Ultimately what do the security policy safeguard
The assets
What vital role does a security policy play
Improving the operational efficiency of an organizational
If an employee commits a violation why is it important to have a security policy
It becomes a point of reference
A good security policy has characteristics that are well defined for a clear understanding. What are some such characteristics
- Implemented and administered through proper channels
- Enforced through sanctions and security tools
- Defined areas of responsibility for users, admins, and management
- Documented, distributed, and communicated
When should a security policy be implemented
After building, revising, and updating of policy statements
TRUE or FALSE: The final security policy should be available to only the upper management and some parts of the organization where it will affect production
FALSE
It should be available to the whole organization
Where should the policy be available to the organization
The internal network
What is an Access Control Policy
It authorizes a group of users to perform a set of actions on a set of resources
TRUE or FALSE: Access Control Policy prevents unauthorized access through managed controls and creates a secure computing environment
TRUE
What are the elements of access control policy
- Access group (group of users to which the policy applies)
- Action group (group of actions performed by the user on resources)
- Resource group (resources controlled by the policy)
- Relationship (Resource class can have a set of relationships associated with it)
What is an Acceptable Use Policy
A policy that defines the proper use of computing resources
According to the Acceptable Use Policy what are the responsibility of the users
To protect the information available in their accounts
What is an Administrative Security Policy
It defines the security and protection requirements for information and information systems
How is the Administrative Security Policy important
- Safeguards valuable or confidential info from unauthorized access
- Eliminates strong legal liability from employees or third parties
- Ensures data availability
- Ensures data integrity and prevents information from unauthorized and undetected tampering of the information
What is an Asset Control Policy
Designed to protect the organizational resources on the network by establishing the policies and procedures
What is created to keep up with all the assets
A tracking database
To track an asset what is assigned to the asset
ID (Internal tracking number)
What is an Audit Trail Policy
A policy that collects all audit trails such as series of records of computer events, about an operating system, an application, or user activities
TRUE or FALSE: As a support for operations, audit trails are used to help system admins ensure that the system or resources have not been harmed by attackers, insiders, or technical problems
TRUE
What are the 4 benefits of audit trails
- Individual Accountability
- Reconstructing Events
- Problem Monitoring
- Intrusion Detection
What is a Logging Policy
Defines which set of system events needs to be logged
