EXUS IT Security Procedures: Mobile Devices
24 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is a requirement for corporate laptops?

  • They must be configured by the user.
  • They must be encrypted. (correct)
  • They must be pre-configured with personal email accounts.
  • They must not have any security software.
  • What is a requirement for corporate smartphones?

  • They must not be password or PIN protected.
  • They must have EXUS approved apps only. (correct)
  • They must have personal social media apps.
  • They must have access to personal email accounts.
  • How often should passwords be changed?

  • Every 365 days
  • Every 180 days (correct)
  • Only when required
  • Every 90 days
  • What should users do if they suspect their password has been compromised?

    <p>Change their password immediately</p> Signup and view all the answers

    What is a requirement for access to IT systems?

    <p>Based on job position</p> Signup and view all the answers

    What should be done when a user's access needs to be revoked or changed?

    <p>Inform the IT Admin team</p> Signup and view all the answers

    What is a requirement for access to third-parties?

    <p>A contractual agreement</p> Signup and view all the answers

    What is a recommended security practice for mobile devices?

    <p>Enable the Find My Device feature</p> Signup and view all the answers

    What should be reviewed periodically for all users?

    <p>Users' access rights</p> Signup and view all the answers

    What should be used to encrypt files with confidential data before sending them?

    <p>7zip</p> Signup and view all the answers

    What should be contacted when a user wants to install an application not included in the baseline configuration?

    <p>IT Admin team</p> Signup and view all the answers

    What is the primary purpose of ESET Endpoint Protection?

    <p>To protect endpoints against malware</p> Signup and view all the answers

    What is the recommended storage location for corporate files?

    <p>Respective SharePoint document library</p> Signup and view all the answers

    What is the primary purpose of KeePass?

    <p>To manage system and application passwords</p> Signup and view all the answers

    What should be done when a user wants to uninstall or disable ESET Endpoint Protection?

    <p>Contact the IT Admin team</p> Signup and view all the answers

    What is the maximum storage capacity of a OneDrive account for personal files?

    <p>10GB</p> Signup and view all the answers

    What is the primary purpose of a firewall in a network?

    <p>To control the flow of incoming and outgoing network traffic</p> Signup and view all the answers

    What is the recommended method for sharing small data files (< 25MB) externally?

    <p>Using email with 7zip encryption</p> Signup and view all the answers

    What is the recommended approach to handle email attachments?

    <p>Open only email attachments from known sources</p> Signup and view all the answers

    What is the purpose of encrypting confidential data prior to sending it via email?

    <p>To protect the data from unauthorized access</p> Signup and view all the answers

    What is the recommended approach to sharing confidential data via the same channel of communication?

    <p>Share the minimum amount possible of confidential data</p> Signup and view all the answers

    What is the purpose of the IT Admin team authorizing devices that access the EXUS network?

    <p>To restrict access to unauthorized devices</p> Signup and view all the answers

    What is the recommended method for sharing big data files (> 25MB) externally?

    <p>Using SFTP</p> Signup and view all the answers

    What is the recommended approach to handling emails asking for personal information?

    <p>Verify the authenticity of the email before responding</p> Signup and view all the answers

    Study Notes

    Mobile Devices

    • Corporate laptops are encrypted and pre-configured, with no changes allowed without prior IT approval.
    • Corporate smartphones are password or PIN protected, pre-configured with EXUS Mobiles account, and have EXUS approved apps only.
    • Personal smartphones should be password or PIN protected and have access to EXUS approved apps.
    • Immediately report loss or theft of mobile devices to the IT Admin team.

    Passwords

    • Use a mixture of lower and uppercase letters, numbers, and symbols in passwords.
    • Passwords must be at least 12 characters long and not contain usernames.
    • Change passwords every 180 days and store up to 6 passwords in history.
    • Use strong authentication (MFA/2-Way) whenever possible.
    • Never use the same password for different accounts.

    Access Management

    • Users access only what they need to access, based on job position.
    • Team Leads/Managers inform the IT Admin team of access changes or revocations.
    • Access to third-parties is provided only based on contractual agreements.
    • Access management is monitored through the EXUS Internal Helpdesk.

    Encryption and Keys Management

    • Corporate laptops are encrypted with BitLocker.
    • Users must not disable encryption without prior contact with the IT Admin team.
    • Passwords of systems and applications are managed with KeePass.
    • Encrypt files with confidential data using 7zip prior to sending.

    Endpoint Protection

    • Corporate and private workstations and specific smartphones run ESET Endpoint Protection.
    • ESET Endpoint Protection protects endpoints against malware, blocks malicious sites, and scans corporate email.

    Systems Configuration and Changes Management

    • Corporate workstations are delivered with a baseline configuration that must not be altered.
    • Contact the IT Admin team for installing applications not included in the baseline configuration.
    • Changes on IT systems are registered and monitored through Jira.

    Data Backup

    • Use SharePoint document library to store corporate files.
    • Use OneDrive for backing up local personal files (max storage capacity is 10GB).
    • Backup of IT infrastructure is based on a schedule.

    Networks

    • Firewall controls flow of incoming and outgoing network traffic.
    • Use VPN connection (with 2FA) to access EXUS network remotely.
    • EXUS network is segmented into VLANs (VPN and Infrastructure).
    • IT Admin team authorizes devices that access the EXUS network.

    Files Secure Transfer

    • Use email to share small data files (< 25MB), encrypting confidential data before sending.
    • Use SFTP to share big data files (> 25MB).
    • Use SharePoint or OneDrive to share files with sensitive or confidential information.

    Email Security

    • Never include confidential data in email bodies.
    • Always encrypt confidential data prior to sending via email (using 7zip).
    • Set built-in email permissions to “Do Not Forward” or “Encrypt-Only” to encrypt whole email messages.
    • Beware of emails asking for personal information and handle email with care.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    This quiz covers the security procedures for mobile devices in the EXUS IT environment, including laptops and smartphones. It outlines the configuration and usage guidelines for corporate devices.

    More Like This

    OWASP Mobile Security Top 10: Platform Misuse
    10 questions
    Mobile Security Risks and Mitigation
    10 questions
    ITE 115 Exam 2 Flashcards
    99 questions
    Use Quizgecko on...
    Browser
    Browser