Securtiy Policy Flashcards

1
Q

Explain why the company should have a security policy?

A

Data protection act puts an onus on the company (name) to keep this information secure because of its potential for misuse.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Give examples of what security policy should contain?

A
  1. Physical security - involves protecting hardware and software using physical methods such as locks or guards.
  2. Logical methods - user ids, passwords, firewalls and encryption.
  3. Staff code of conduct and responsibilities.
  4. Disciplinary procedures.
  5. Operational procedures including disaster recovery planning and dealing with threats from virus, back up and updating antivirus.
  6. User accounts and logs.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the purpose of a disaster recovery plan?

A

The purpose of a disaster recovery plan is to ensure the availability of essential resources (staff, buildings, power, computer equipment) should a disaster occur.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Factors that need to be included in the disaster recovery plan?

A
  1. Cost - set up a budget for it, how much can the company allocate to address the issues.
  2. Risks - what problems could occur and likelihood of them occurring.
  3. Data - no business can afford to lose its data. Backups of all data should be regularly made.
  4. Hardware/software/communications - the total or partial loss of computer equipment or software.
  5. Personnel, responsibilities and training - the loss of maintenance for support.
  6. Procedures - produce procedure is for minimising the risks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Describe the use of user accounts and logs as a way of keeping confidential data secure?

A

It allows the manager or system to manage user accounts by allocating of access levels to users. Auditing is used to identify abuses of the systems by authorised staff. Auditing investigates instances of unauthorised access (hackers).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Factors that need to be included in risk analysis?

A
  1. Likelihood of the risk occurring - somethings such as power cut are inevitable but explosions much less likely.
  2. Short and long term consequences of threat- resources such as staff and equipment need to be directed towards recovering the data.
  3. How well equipped is the company to deal with the threat-what procedures are in place? Disaster recovery program? How much are they prepared to spend? (Cost).
  4. Identify potential risks- viruses / fire /natural disasters/ hacking.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly