Principles of Network Security Design Flashcards
What are the guidelines and rules set by an organization to protect its information and technology assets called?
Security Policies
What outlines the procedures and guidelines for managing and securing company data throughout its lifecycle called?
Data Handling Policy
What are the requirements for creating and managing passwords within an organization to ensure secure access to its systems and data called?
Password Policy
What is an agreement between two or more parties that outlines the appropriate use of access to a corporate network or the internet called?
Acceptable Use Policy (AUP)
What sets the rules for employees who want to use their own personal devices, like smartphones and laptops, for work purposes and covers security measures to protect company data accessible from these devices?
Bring your own device (BYOD) Policy
What document explains how an organization collects, uses, discloses, and manages both Intellectual Property (IP) and Personally Identifiable Information (PII), outlining the rights of individuals and compliance with data protection laws?
Privacy Policy
What is the principle of only giving access to the minimum amount of resources needed to do the job at that time?
Principle of Least Privilege
What design principle ensures the root problem is solved not just the symptoms, has people as the main focus of the design process, and focuses on system interactions as a whole not just individual parts?
Human-centered design
What design principle focuses on when a system does experience a failure, it should fail to a safe state and protects the integrity and confidentiality of data?
Fail-safe defaults
What design principle focuses on keeping things simple, using trusted components, and only having essential services and protocols?
Economy of Mechanism
What design principle focuses on authentication at every request not just at login, and implements timeout of sessions, and locking accounts after a certain amount of failed attempts?
Complete Mediation
What design principle focuses on the security being separate from the design, algorithm must be open and accessible, and security is not kept secret?
Open Design
What design principle focuses on having multiple people required to complete a task, making it so that a single person can’t complete a task alone, therefore, unable to misuse permissions?
Separation of Privilege
What design principle focuses on preventing unintentional information sharing, using separate devices, tools, applications, and resources for different users or activities whenever possible?
Least Common Mechanism
What design principle focuses on security designed to be psychologically acceptable to its users, meaning that security is simple and easy to use and users understand the fundamentals of why certain security measures are being implemented?
Psychological Acceptability
