Section 5.3 Importance of Policies to Organizational security

Question 1

What is a basic security principle that ensures that no single person can control all the elements of a critical function or system?

Answer 1

Separation of Duties

Question 2

What is the concept that employees are rotated into different jobs, or tasks are assigned to different employees?

Answer 2

Job Rotation

Question 3

What policy increases the physical security of data by requiring employees to limit what is on their desk to what they are working on at the present time?

Answer 3

Clean Desk Policy

Question 4

What is a legal contract intended to cover confidentiality? The scope of this agreement will vary based on situation.

Answer 4

Non-Disclosure Agreement (NDA)

Question 5

What policy states that all potential employees should be thoroughly screened with an extensive background check before being hired and granted network access?

Answer 5

Background Checks

Question 6

What policy describes how the employees in an organization can use company systems and resources, including software, hardware, and access?

Answer 6

Acceptable Use Policy

Question 7

What policy does not allow one person to be in one position for a long period of time?

Answer 7

Job Rotation

Question 8

What policy requires employees (especially those in sensitive areas) to take their vacations?

Answer 8

Mandatory Vacation

Question 9

What is used in computer-based training (CBT) to provide employees with a question/challenge? Can help to gauge learner retention of the information presented.

Answer 9

Gamification

Question 10

What is a security related competition where someone is trying to hack into a resource to gain access to data?

Answer 10

Capture the flag

Question 11

What is it called when false phishing emails are sent to employees by IT using a service that measures response? (pass/fail)

Answer 11

Phishing Simulations

Question 12

What do you call self-paced training available via computer, whether for job role or skill enhancement?

Answer 12

Computer-based training

Question 13

What is it called when the company carries out related training specific to a user’s specific job role?

Answer 13

Role-based Training

Question 14

What is used between two companies who want to participate in a business venture to make a profit? Details how much each partner’s contributions, rights and responsibilities, as well as the details of operations, decision making, and sharing profits.

Answer 14

Business Partnership Agreement (BPA)

Question 15

What is a formal agreement between two or more parties indicating their intention to work together toward a common goal? More formal alternative to handshake but lacks the binding power of a contract.

Answer 15

Memorandum of Understanding (MOU)

Question 16

What is similar to an MOU but serves as a legal document and describes terms and details of the agreement?

Answer 16

Memorandum of Agreement (MOA)

Question 17

What provides a way for an organization to evaluate the quality of the process used in their measurement systems? Will assess the measurement process itself, and then calculate any uncertainty or variation in the measurement process.

Answer 17

Measurement Systems Analysis

Question 18

What is the point at which a vendor stops selling a product and may limit replacement parts and support?

Answer 18

End of Life

Question 19

What is the point at which the product is no longer sold by the manufacturer, updates cease, and support agreements are not renewed?

Answer 19

End of Service Life