Policies and Procedures Flashcards
(37 cards)
what documented procedures determines the appropriate course of action if there is a security breach?
Security Procedures
physical security, document security and network security are all covered in what Policy?
The Security Policy
What might government agencies that work with confidential information require from you before granting a contract?
Your security certified by external auditors
Which organization certifies the functionality of security products?
ICSA (Institute of Chartered Secretaries and Administrators)
Recording equipment like cell phones shouldn’t be prohibited in a security policy, TRUE or FALSE?
FALSE
ensuring that employees understand the implications of installing pirated software would be included in what policy?
Security Policy
What do international export controls ensure a company does?
1) ensure a company follows all laws and regulations regarding the import/export of software
What should a company do to ensure export controls aren’t violated?
Implement controls to ensure employees don’t accidentally violate them.
At what two points should you inform users of the security policy?
1) When they join
2) When they connect to an application/service
How should monitors be placed?
so that visitors or people looking through windows can’t see them. Use privacy screens if necessary
how often should you review and audit network security?
at least once a year
It’s ok to allow several users to share a network account to access a shared mailbox?
No. Assign each of their network accounts with the privileges to access the desired mailbox.
guards should receive periodic training to make sure they can recognize a threat and take appropriate action - TRUE or FALSE?
TRUE
What policy document would you refer an employee to if they inadvertently installed a wireless access point?
The acceptable usage policy
what does a security procedure define?
how to respond to a security event that happens on your network
What to do when someone has locked themselves out of their account.
How to properly install or remove software.
What to do if files on a server suddenly disappear.
actions to take if there is a physical emergency.
What to do when a network computer has a virus are all examples of what?
security procedures
When security training system admins, what important piece of information should they know?
understand the correct ways to escalate
What are the 3 countermeasures when it comes to dealing with data remanence (data remanence = residual data)
1) clearing
2) purging
3) destruction
Special forensic techniques can recover cleared data? TRUE or FALSE
TRUE
What countermeasure prevents data recovery even with advanced forensic techniques?
Purging/Sanitization
List 4 types of data destruction techniques
1) Overwriting
2) Degaussing
3) Encryption
4) Physical Destruction
What should security professionals research for destroying data on solid state drives?
Sanitization commands
What destruction method could you use for cloud based informatoin?
Encryption
List 6 types of motion detection
1) Infra-red - heat
2) Electromechanical - circuit break
3) Photoelectric
4) Acoustic detection (sensitive, watch for false alarms)
5) Wave motion - generates wave pattern
6) Capacitance - uses magnetic field
