Security Policies 5.1 Flashcards
1
Q
High Level Strategy for Security Policies
A
- Very broad policies
- Focuses mostly on Data Storage Requirements and Security Event Procedures.
2
Q
Detailed Security Goals
A
- These policies are focused on more smaller details
- Ex., Appropriate WiFi usage or requirements for remote access
3
Q
Primary Focus of Security Policies
A
- Answers the “What” and “Why”
4
Q
Information Security Policies
A
- A master list of all the policies to maintain the up time and security of a network.
5
Q
Security Policy
A
- Can be mandated
- Detail security procedures.
- List out the roles and responsibilities involved with security.
- It is up to organization to enforce these policies.
6
Q
Acceptable Use Policy (AUP)
A
- Outlines what the organization considers to be appropriate use of its resources.
- Can protect the organization from any legal liability.
7
Q
Business Continuity Plan (BCP)
A
- Represents the planning and advanced policy decisions to ensure the con
8
Q
Challenge of a BCP
A
- There must be planning done before the particular issue occurs.
9
Q
Disaster Recovery Plan (DRP)
A
- Defines the data, resources, and steps necessary required to restore critical organizational processes.
10
Q
Types of Disasters
A
- Natural disasters, such as weather
- Technology or system failures
- Human created disasters
11
Q
Comprehensive Plan for DRP
A
- Recovery location
- Data recovery method
- Application restoration
- IT team and employee availability
12
Q
Types of Security Incidents to Consider
A
- Malware
- DDoS attacks
- Theft of confidential information
13
Q
Incident Response Team
A
- A specialized group with knowledge in how to address the various incidents.
14
Q
Incident Response Roles - IT Security Management
A
- Corporate support
- Obtains the right people and resources to address the incident
15
Q
Incident Response Roles - Compliance Officer
A
- Intricate knowledge of compliance rules
- Makes sure that all the data and systems are compliant with the required mandates.
