Addressing Risks Associated to People Flashcards
(7 cards)
How do you address network security risks associated with people?
Network security risks from people are minimized by implementing a comprehensive security policy that defines user responsibilities and acceptable use, enforcing strong password guidelines to prevent unauthorized access, and ensuring physical security measures—such as locked computer rooms, controlled access badges, and surveillance—are in place to protect network components.
List the goals of the security policy.
- Ensuring that authorized users have appropriate access to the resources they need 2. Preventing unauthorized users from gaining access to the network, systems, programs, or data 3. Protecting sensitive data from unauthorized access, both from within and from outside the organization 4. Preventing accidental damage to hardware or software 5. Preventing intentional damage to hardware or software 6. Creating an environment where the network and systems can withstand and, if necessary, quickly respond to and recover from any type of threat 7. Communicating each employee’s responsibilities with respect to maintaining data integrity and system security
What content should be in an organization’s security policy?
An organization’s security policy should include subheadings such as Password Policy; Software Installation Policy; Confidential and Sensitive Data Policy; Network Access Policy; E-mail Use Policy; Internet Use Policy; Modem Use Policy; Remote Access Policy; Policies for Connecting to Remote Locations, the Internet, and Customers’ and Vendors’ Networks; Policies for Use of Laptops and Loaner Machines; and Computer Room Access Policy, along with clear explanations of what users can and cannot do and why those measures protect network security.
List 6 roles for good passwords
- Do not use familiar information (birth dates, pet names, etc.) 2. Do not use any word that might appear in a dictionary 3. Make the password longer than six characters—the longer, the better 4. Choose a combination of letters and numbers; add special characters, such as exclamation marks or hyphens 5. Do not write down your password or share it with others 6. Change your password at least every 90 days
What roles are involved in security policies?
- Dispatcher – The first person alerted to a problem; opens a record on the incident and notifies the technical support specialist and manager 2. Manager – Coordinates resources to solve the problem, ensures policy compliance, monitors events, and holds postmortem meetings after resolution 3. Technical Support Specialist – Focuses on resolving the breach quickly and documents what happened to prevent future incidents 4. Public Relations Specialist – Acts as the official spokesperson to the public when needed
What is physical security?
Physical security is the protection of network components, hardware, and data from physical threats such as unauthorized access, theft, or sabotage. It involves measures like locking computer rooms, securing wiring closets, using electronic badge systems or locks that require numeric codes, and deploying surveillance cameras to monitor sensitive areas.
List and explain the physical security measures to implement in a network
- Locking Computer Rooms – Ensure only authorized personnel can access server and equipment rooms to prevent theft or sabotage. 2. Securing Wiring Closets and Telecommunications Rooms – Keep hubs, switches, and cabling behind locked doors to prevent tampering or unauthorized modifications. 3. Controlled Access Badges or Electronic Locks – Use badge readers or numeric keypads to limit entry to critical areas and track who enters. 4. Surveillance Cameras – Deploy CCTV in computer rooms, networking closets, and data storage areas to monitor activity and provide evidence if a breach occurs. 5. Securing Workstations – Lock unattended workstations or require screen locks to prevent unauthorized use or data exposure. 6. Periodic Physical Security Audits – Regularly inspect all access points (doors, windows, ceilings, temporary walls) and verify that locks, codes, and badge systems are up to date and functioning correctly. 7. Environmental Protections – Implement smoke detectors, fire suppression, and climate controls in data storage and server areas to guard against natural threats.
