Policies and best practices Flashcards
Which is one of the most commonly applied standards for information security?
ISO/IEC 27002
note - IEC = International Electrotechical Commission
List the 4 types of networks that should be segmented
Industrial Control Systems (SCADA)
Medianets
Legacy Systems
Testing Labs
What are 6 segmentation tactics?
Using NAT Using ACLs on routers or firewalls Using Honeynet/Honeypot Using DMZ Using VLANS Virtualization (good for Testing labs)
What do you implement for Layer 2 segmentation?
VLANs and port security
What do you implement for Layer 3 segmentation
Access Control Lists on Routers or Firewalls
Why is it a good idea to segment part of your network controlling payment card information?
If you don’t you have to ensure your whole network complies with PCI DSS
BYOD initiatives can be successfully implemented by ensuring what type of security measure is used?
Network Access Control (Cisco) or Network Access Protection (Microsoft)
What is the main goal of Network Access Control when someone wants to connect their personal device to the company WLAN?
The main goal is to allow people to connect their personal devices to the network that will not introduce a security threat by:
1) Examining the device for malware
2) Examining the device for missing security updates
What security policies should be discussed with a new user during onboarding?
Password policy
BYOD policy
Acceptable Use Policy
If a software license defines the name of the user what type of license is this?
Per User license aka concurrent license
What is a per seat user license typically used for?
For shift working employees using the same seat and therefore not having to be in at the same time.
To keep track of concurrent users of software, what service is employed?
Licensing service for centralized licensing.
When would something be deemed an export control?
If it serves as a defense system, national security, foreign policy or interest of a company.
an outbound email filter is a procedural example of what security policy?
Data Loss Prevention. It prevents loss of sensitive documents.
regards to employees working remotely. defining who has access, why they have access as it pertains to their job function is an example of ‘soft’ controls for what facet of security policy?
Remote access policy
What is a network policy server and what security policy does it support?
an NPS is the Microsoft equivalent of RADIUS and performs authentication and authorization for users connecting via VPN. It supports the remote access policy
What software supports the BYOD policy?
Mobile Device Management software. For example, when employees leave, it allows a secure remote wipe of any company data on the device.
What security policy should be developed by the organizations legal counsel, HR and IT department?
Acceptable Usage Policy
What the two main goals of asset disposal?
1) preventing data loss
2) ethical/legal disposal of the equipment
In what document can you find information about the safe handling of materials? Where should it be stored?
Materials Safety Data Sheet (MSDS).
They should be stored next to the first aid kit
What is a Class C fire and what type of fire extinguisher is used to put them out?
Class C fire is electric. Class C fire extinguishers using dry chemicals like Halon
At what temperature does damage start to occur to magnetic media?
100 degrees
At what temperature does damage start occurring to computers and peripherals
175 degrees
At what temperature does damage start occuring to paper products (surprising this one)
350 degrees
What should you consider if you have a fail-lock door system?
The effect it may have during an evacuation.
What type of fire suppressant do most companies today use?
Halon
What are the two methods of content filtering?
1) content based filtering using heuristic rules
2) URL based
What layer does content filtering occur at?
Layer 7
