9 Questions
Which industry standard does the Access Control Policy aim to meet?
PCI DSS
Who is responsible for informing IT about new employees, changes to access rights, and leavers?
HR role/line manager
Who approves access requests and audits user and access lists quarterly?
Information Security Manager
Who ensures system configurations are enforced and adheres to the Access Control Policy when making changes to access privileges?
Systems Administrators
What is the basis for user authentication in the Access Control Policy?
Job classification and function
Are non-authenticated or shared user IDs allowed according to the Access Control Policy?
No
What type of authentication mechanisms are required for operating system access and web applications?
Two-factor authentication
What type of authentication must be used for remote access and network device access?
Two-factor authentication
What is the purpose of the Access Control Policy?
To maximize risks and protect physical assets and sensitive information
Study Notes
Access Control Policy Summary
- The Access Control Policy is designed to minimize risks and protect physical assets and sensitive information.
- The policy is created to meet specific requirements of the Payment Card Industry Data Security Standard (PCI DSS).
- The policy applies to all systems and assets owned, managed, or operated by the organization.
- The HR role/line manager informs IT about new employees, changes to access rights, and leavers.
- The Information Security Manager approves access requests and audits user and access lists quarterly.
- Systems Administrators adhere to the policy when making changes to access privileges and ensure system configurations are enforced.
- User authentication is based on business needs, with privileges assigned based on job classification and function.
- Non-authenticated or shared user IDs are prohibited.
- Each user must have a unique user ID and personal secret password for system and network access.
- Authentication mechanisms must be appropriate for the delivery channel.
- Secure mechanisms for authentication are required for operating system access and web applications.
- Two-factor authentication must be used for remote access and network device access.
Explore key aspects of the Access Control Policy, including risk minimization, PCI DSS compliance, user authentication, and system configuration enforcement.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free