Security Policies 5.1

Question 1

High Level Strategy for Security Policies

Answer 1

• Very broad policies
• Focuses mostly on Data Storage Requirements and Security Event Procedures.

Question 2

Detailed Security Goals

Answer 2

• These policies are focused on more smaller details
• Ex., Appropriate WiFi usage or requirements for remote access

Question 3

Primary Focus of Security Policies

Answer 3

• Answers the “What” and “Why”

Question 4

Information Security Policies

Answer 4

• A master list of all the policies to maintain the up time and security of a network.

Question 5

Security Policy

Answer 5

• Can be mandated
• Detail security procedures.
• List out the roles and responsibilities involved with security.
• It is up to organization to enforce these policies.

Question 6

Acceptable Use Policy (AUP)

Answer 6

• Outlines what the organization considers to be appropriate use of its resources.
• Can protect the organization from any legal liability.

Question 7

Business Continuity Plan (BCP)

Answer 7

• Represents the planning and advanced policy decisions to ensure the con

Question 8

Challenge of a BCP

Answer 8

• There must be planning done before the particular issue occurs.

Question 9

Disaster Recovery Plan (DRP)

Answer 9

• Defines the data, resources, and steps necessary required to restore critical organizational processes.

Question 10

Types of Disasters

Answer 10

• Natural disasters, such as weather
• Technology or system failures
• Human created disasters

Question 11

Comprehensive Plan for DRP

Answer 11

• Recovery location
• Data recovery method
• Application restoration
• IT team and employee availability

Question 12

Types of Security Incidents to Consider

Answer 12

• Malware
• DDoS attacks
• Theft of confidential information

Question 13

Incident Response Team

Answer 13

• A specialized group with knowledge in how to address the various incidents.

Question 14

Incident Response Roles - IT Security Management

Answer 14

• Corporate support
• Obtains the right people and resources to address the incident

Question 15

Incident Response Roles - Compliance Officer

Answer 15

• Intricate knowledge of compliance rules
• Makes sure that all the data and systems are compliant with the required mandates.

Question 16

Incident Response Roles - User Community

Answer 16

• Standard individuals using the system
• They can see everything that occurred during the security event.

Question 17

Incident Response Roles - Technical Staff

Answer 17

• The ones directly addressing the incident

Question 18

National Institute of Standards and Technology (NIST SP800-61)

Answer 18

• Provides recommended strategies on how to handle security incidents.
• Informs government and other organizations

Question 19

NIST Incident Response LifeCycle

Answer 19

• Preparation
• Detection and analysis
• Containment, eradication, and recovery
• Post-incident activity

Question 20

Software Development LifeCycle (SDLC)

Answer 20

• Processes and procedures employed to develop software

Question 21

Goal of SDLC

Answer 21

• Move from the idea phase to development of an application

Question 22

Ways to Get From Idea to App

Answer 22

• Customer requirements
• Keep the process on schedule
• Stay on budget

Question 23

Waterfall Lifecycle

Answer 23

• A linear lifecycle
• Designed to be a faster way of developing applications

Question 24

Agile Lifecycle

Answer 24

• A longer and slower paced lifecycle