BEC 4.3 Flashcards
Security
Why is it important to safeguard files and records?
Inadequate protection may result in loss or damage that might drive an organization out of business; hardware can always be replaced, but data often cannot be
What is encryption?
Using a password or a digital key to scramble a readable (plaintext) message into an unreadable (ciphertext message).
The intended recipient of the message then uses either the same or another digital key (depending on the encyrption method) to conver the ciphertext message back into plaintext
What characteristics should a password management policy address?
- Password length: longer the better. Should be greater than seven characters. Many organizations standardize on eight characters
- Password complexity: features 3 of the following 4 characteristics: uppercase, lowercase, numeric, and ASCII characters (e.g., ! @ # $ % ^ & * or ?)
- Password age: National Security Agency (NSA) recommends that passwords be changed every 90 days. Administrative passwords should be changed more frequently
- Password reuse: The NSA recommends that password reuse of the previous 24 passwords be restricted. The goal is to prevent users from alternating between their favorite two or three passwords.
What are the 4 types of computer securities policies?
- Program-level policy
- Program-framework policy
- Issue-specific policy
- System-specific policy
Distinguish between digital signatures and e-signatures
Digital signatures - use asymmetric encryption to create legally binding electronic documents.
Web-based e-signatures are an alternative mechanism for accomplishing same objective.
An e-signature is a cursive-style imprint of a person’s name that is applied to an electronic document and is also considered legally binding.
What defines an information security policy?
States how an organization plans to protect its tangible and intangible information assets
