Workplace Security Policies and Examples Flashcards

1
Q

Note-worthy Premises

A

When creating an Access Control Policy, you are not only attempting to restrict the access of individuals, but services as well.

Services must access other services in order to properly function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Access Control Policy

A

Access Control Policies are instituted in regard to what personnel and which services should retain access to what information or services w/in a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Remote Access Policy

A

Defines acceptable methods of remotely connecting to the internal network.

This sort of thing is absolutely essential in large organization where networks are geographically dispersed and extend into insecure network locations (like a coffee shop’s wifi or an unmanaged home network).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Firewall Management Policy

A

Defines which personnel should monitor the firewall and the ways of which they should go about doing it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Network Connection Policy

A

ex. “when using a company laptop, you must always connect via VPN when going online”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Password Policy

A

Akin to when an organization requires that you have a password w/ 8 characters that includes letters, numbers, and symbols.
Having these sorts of requirements in place drastically decreases the likelihood of a password being cracked, being that the possible combinations become so stupidly vast.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

User Account Policy

A
  • Defines how users may be grouped up (based upon their permissions, levels of access, department, ect)
  • Defines steps and requirements regarding account creation processes (also defines what permissions a user should be allowed by default once they’ve created their account)
    (note this: default permissions can become a means of compromising security if not managed properly)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Information Protection Policy

A
  • Sets the level of sensitivity for sets of information (i.e. where it lies in a list of security priorities).
  • Dictates which personnel should have access to which sets of information
    (similar to access control policy)
    (who or what has access to what)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Special Access Policy

A

Grants waivers and creates custom rulings for specific scenarios for specific individuals or services.

You can create a general outline of policies to use throughout a system but it’s less rare than not to have a few oddities that’ll require specialized access policies in order to properly manage them and make certain that they remain efficient in their tasks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Email Security Policy

A

Defines how personnel should interact w/ Emails and how they should behave regarding them.

ex. always verify that there is an eligible signature provided when receiving an email from a colleague, never click on a link that could redirect you to an external site or source.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Acceptable Use Policy

A

Defines the maximum amount of a company resource that an individual is allowed to consume (be that server space, cafeteria food, ect).

ex. an ISP provider could say “you are allowed an infinite amount of bandwidth for the next 30 days” when in reality, there is a clause that states that you are prohibited from consuming 50% of maximum potential bandwidth.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Workspace privacy polices:

A

These policies dictate:

  • the information that is gathered in regard to employees
  • what employees may share between themselves and outside the company (and more importantly, what they cannot share)
  • how employees should behave in general

Primary Principles:

  • inform employees regarding what information is being collected on/from them and why
  • collect only necessary information
  • obtain consent before using collected employee information
  • allow employees to access their information at any time
  • keep the collected information secure

(note that you should always remain certain that the information being collected on you is not being misused.
Honestly, you can practically expect to be taken advantage of at some point, just always remain wary)

(in the US, our laws are impressively loose in regards to this subject)

(In Europe, the laws are much, much stricter. You won’t normally go to prison for breaking laws regarding information collection, but there are some pretty extreme financial fines)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly