Security Policies

Question 1

Order of Volatility

Answer 1

Most volatile to least volatile:
Data in cache memory, data in RAM, a paging file, data stored in local disk drives, logs stored on remote systems, archive media

Question 2

IRP

Answer 2

Incidence Response Plan. Provides more detail than the Incidence Response Policy. Provides formal, coordinated plan personnel can use when responding to an incident.

Question 3

ISA

Answer 3

Interconnection Security Agreement.
Specifies technical and security requirements for planning, establishing, maintaining, and disconnecting a secure connection between two or more entities.

Question 4

SLA

Answer 4

Service Level Agreement.
Agreement between a company and a vendor that stipulates performance expectations, such as minimum uptime and maximum downtime levels.

Question 5

MOA/MOU

Answer 5

Memorandum of agreement or Memorandum of Understanding.
Expresses an understanding between two or more parties indicating their intention to work together toward a common goal. Often used to support an ISA. Doesn’t include details. Less formal than a SLA and doesn’t include monetary penalties.

Question 6

BPA

Answer 6

Business Partners Agreement.
Written agreement that details the relationship between business partners, including obligations toward the partnership. Identifies shares of profits or losses that each partner will take. What happens if a partner chooses to leave the partnership.

Question 7

AUP

Answer 7

Acceptable Use Policy.

Defines proper system usage or the rules of behavior for employees when using IT systems.

Question 8

Mandatory Vacations

Answer 8

Help detect when employees are involved in malicious activity such as fraud or embezzlement.

Question 9

Separation of Duties

Answer 9

Prevents any single person or entity from being able to complete all the functions of a critical or sensitive process. Designed to prevent fraud, theft and errors.