Security Policies Flashcards
Order of Volatility
Most volatile to least volatile:
Data in cache memory, data in RAM, a paging file, data stored in local disk drives, logs stored on remote systems, archive media
IRP
Incidence Response Plan. Provides more detail than the Incidence Response Policy. Provides formal, coordinated plan personnel can use when responding to an incident.
ISA
Interconnection Security Agreement.
Specifies technical and security requirements for planning, establishing, maintaining, and disconnecting a secure connection between two or more entities.
SLA
Service Level Agreement.
Agreement between a company and a vendor that stipulates performance expectations, such as minimum uptime and maximum downtime levels.
MOA/MOU
Memorandum of agreement or Memorandum of Understanding.
Expresses an understanding between two or more parties indicating their intention to work together toward a common goal. Often used to support an ISA. Doesn’t include details. Less formal than a SLA and doesn’t include monetary penalties.
BPA
Business Partners Agreement.
Written agreement that details the relationship between business partners, including obligations toward the partnership. Identifies shares of profits or losses that each partner will take. What happens if a partner chooses to leave the partnership.
AUP
Acceptable Use Policy.
Defines proper system usage or the rules of behavior for employees when using IT systems.
Mandatory Vacations
Help detect when employees are involved in malicious activity such as fraud or embezzlement.
Separation of Duties
Prevents any single person or entity from being able to complete all the functions of a critical or sensitive process. Designed to prevent fraud, theft and errors.