Network Security Controls - Admin Controls Flashcards
Describe these regulatory frameworks:
1) HIPAA
2) Sarbanes Oxley Act
3) FISMA
4) GLBA
5) PCI-DSS
1) Any company that deals with healthcare.
2) U.S. public companies, management and accounting firms.
3) Refers to federal agency information systems.
4) Refers to banks or institutions that offer loans, investment advice or insurance.
5) Companies that handle payment systems
What is a Security Policy?
Is a well-documented set of plans, processes, procedures, standards and guidelines to establish an ideal information security system.
Describe these types of Internet Access Policies:
1) Promiscuous
2) Permissive
3) Paranoid
4) Prudent
1) No restrictions on Internet access.
2) Known dangerous services and attacks are blocked.
3) Everything is forbidden.
4) Allowing known but necessary dangers.
Describe these types of policies:
1) Acceptable Use
2) User Account
3) Remote Access
4) Information Protection
5) Firewall Management
1) Defines the proper use of organizations information.
2) Defines the process of creating user accounts.
3) Defines who can have remotes access.
4) Defines guidelines for processing, storing and transmitting information.
5) Defines access, management, and monitoring of firewalls.
Describe these types of policies:
1) Network Connection
2) Business Partner
3) Password
4) Physical Security
5) Information System Security
1) Standards for the connection of computers, servers and other devices.
2) The agreements, guidelines, and responsibilities for business partners.
3) Provides guidelines for using strong passwords.
4) Ensures adequate physical security measures are in place.
5) The guidelines to safeguard an organizations information systems.
Describe these types of policies:
1) BYOD
2) Software/Application Security
3) Data Backup
4) Data Retention
5) Internet Usage
1) Guidelines to use employee devices to organizational tasks.
2) Meaures to enhance the security of in-house and purchased applications.
3) Helps an organization to recover and safeguard information in the event of network incident/failure.
4) Rules for preserving and maintaining data for operational of compliance requirements.
5) Governs the way that the organizations Internet connection is used by every device on the network.
Describe these types of policies:
1) User Access Control
2) Privilege Management
3) Account Audit
4) Account Restriction
5) Third Party Risk Management
1) Gives the organization the ability to to control, restrict, monitor and protect corporate resource availability, integrity and confidentiality.
2) Helps organizations decide what user can and cannot do.
3) Defines the type of user actions or events to be recorded in security logs.
4) Grant permission or restrict user based on parameters like location and time.
5) Identifies suppliers vulnerable to attacks and defines the controls to mitigate these attacks.
Describe these types of policies:
1) Asset Management Policy
2) Change Management
1) Actions to preserve the integrity of IT assets.
2) Minimize the disruption of changes throughout an organization.