IndianOil Cyber Security and IT Policy
40 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What must a machine comply with if VPN access cannot be used?

  • It must only use outdated software for compatibility.
  • It must be restricted from accessing any external servers.
  • It must have similar applications as corporation-owned machines. (correct)
  • It must operate entirely independently of corporate policies.
  • What should be done before providing remote access to system components by vendors?

  • All vendors should have unrestricted access at all times.
  • Access should be enabled indefinitely.
  • Access should be monitored during its usage. (correct)
  • No monitoring of access is necessary.
  • What is required before sending data from IndianOil servers to external servers?

  • Proper approval and security checks must be completed. (correct)
  • Sending data externally requires no documentation.
  • Data can be sent anytime without approval.
  • Any employee can decide to send data freely.
  • Which authority must approve network changes to infrastructure?

    <p>An officer of the respective department.</p> Signup and view all the answers

    What type of connectivity can be provided if MPLS VPN is absent?

    <p>VPN connectivity with two-factor authentication.</p> Signup and view all the answers

    How should changes to network and infrastructure configurations be managed?

    <p>Changes should be approved and documented formally.</p> Signup and view all the answers

    What is required for all servers and critical network equipment in terms of power supply?

    <p>Conditioned power connection through UPS is necessary.</p> Signup and view all the answers

    Who has the authority to approve network connectivity for business partners?

    <p>Approval must come from an officer of grade 'H' or above.</p> Signup and view all the answers

    What must be done before creating a service email account for receiving legal notices?

    <p>Approval by the Head of business function and the Divisional IS In-Charge</p> Signup and view all the answers

    Which of the following statements about official email usage is correct?

    <p>All official communication must occur through official email accounts.</p> Signup and view all the answers

    What happens after 5 unsuccessful login attempts on a user account?

    <p>The account is locked for two hours.</p> Signup and view all the answers

    Which practice is explicitly prohibited concerning email usage?

    <p>Auto-saving passwords in the email service.</p> Signup and view all the answers

    What must be done if an email redirection request to an outside domain is needed?

    <p>Should be approved by Director (HR) with a specific timeframe requirement.</p> Signup and view all the answers

    What type of email content is considered inappropriate?

    <p>Harassing or threatening emails.</p> Signup and view all the answers

    Which of the following is NOT a consequence of inappropriate email usage?

    <p>Sharing business updates with colleagues.</p> Signup and view all the answers

    What should users avoid when using multi-factor authentication?

    <p>Using a code sent to their email.</p> Signup and view all the answers

    What is the primary role of the location-in-charge concerning IT equipment?

    <p>To provide safety, security, and maintenance for IT equipment.</p> Signup and view all the answers

    Which measure is NOT mentioned as a responsibility of location-in-charge?

    <p>Periodic auditing of data center facilities.</p> Signup and view all the answers

    What must be maintained when equipment belonging to the Corporation is taken off-premises?

    <p>A proper gate pass.</p> Signup and view all the answers

    Who must approve the development of any new software or applications intended for enterprise-wide deployment?

    <p>COIS.</p> Signup and view all the answers

    What is essential regarding the physical security of areas used for loading and unloading equipment?

    <p>Access is restricted to authorized personnel.</p> Signup and view all the answers

    What should be included in the development of software applications?

    <p>Mobile-friendly versions for various devices.</p> Signup and view all the answers

    What type of power generators should be deployed to maintain necessary services during outages?

    <p>Secondary and backup power generators.</p> Signup and view all the answers

    What is necessary for all equipment regarding coverage?

    <p>It must be covered under insurance as per corporate policy.</p> Signup and view all the answers

    What responsibility do users have regarding their IT system accounts and passwords?

    <p>Users must maintain security by not sharing their accounts and passwords.</p> Signup and view all the answers

    Under what condition can the IS Department deactivate a User's access?

    <p>If the User is suspected of violating the IT Policy.</p> Signup and view all the answers

    What is the primary purpose of monitoring and auditing the use of the corporate network?

    <p>To enforce corporate rules and ensure compliance with the IT Policy.</p> Signup and view all the answers

    What can happen if a User fails to comply with the corporate IT policy?

    <p>They could face disciplinary action.</p> Signup and view all the answers

    Which of the following is NOT a permitted use of IndianOil’s IT Resources?

    <p>Using IT resources for private commercial purposes.</p> Signup and view all the answers

    What must every User recognize regarding their activities on IT Resources?

    <p>They are accountable for their activities on the system.</p> Signup and view all the answers

    What is an important measure Users must take to protect their data?

    <p>Recognize the criticality of their data and take appropriate measures.</p> Signup and view all the answers

    What should Users do if requested by the IS Department?

    <p>Provide valid identification as required.</p> Signup and view all the answers

    What requirement is stated regarding the use of passwords on devices accessing the corporate network?

    <p>Devices shall be password protected with strong passwords as per corporate policy.</p> Signup and view all the answers

    What should happen to a device if it remains idle for an extended period?

    <p>It shall lock itself with a password or PIN.</p> Signup and view all the answers

    Which type of devices are strictly forbidden from accessing the corporate network?

    <p>Devices that have been rooted or jailbroken.</p> Signup and view all the answers

    What is essential before integrating open-source technology with existing infrastructure?

    <p>Thorough evaluation for security vulnerabilities and compliance.</p> Signup and view all the answers

    What should be done with open-source products that are currently in use?

    <p>They should be secured and kept updated with the latest patches.</p> Signup and view all the answers

    What is a requirement for new domain name registration?

    <p>It requires in-principal approval from COIS.</p> Signup and view all the answers

    Which guidelines must be followed when hosting websites?

    <p>CERT-In guidelines and GoI guidelines on security.</p> Signup and view all the answers

    What should be conducted before a website becomes operational or after a major change?

    <p>Application security audit by CERT-In empaneled vendors.</p> Signup and view all the answers

    Study Notes

    VPN Access Control

    • Provisions must be established to manage network resource access via VPN, allowing or denying as necessary.
    • If VPN is unavailable, devices must join IndianOil Active Directory (AD) and comply with IT requirements regarding Cyber Security and Software Compliance.
    • Devices require necessary applications like Anti-Virus and Auto-Patching consistent with corporate machines.

    Remote Access for Vendors

    • Vendor access for support/maintenance is allowed only during necessary periods, which must be monitored.
    • Access should be disabled immediately when not in use.

    Data Transfer Protocol

    • Transfer of data from IndianOil network to external servers requires prior approval and security assessments from responsible business heads.

    Infrastructure Change Management

    • Any changes to network configuration must be approved by the appropriate authority and documented formally.

    Business Partner Connectivity

    • Connectivity to business partners requires approval from department heads (Grade ‘H’ or above) and the Divisional IS head.
    • Secured connectivity must be ensured; if MPLS VPN is not available, a temporary VPN with two-factor authentication may be used.

    Electrical Security

    • Critical network equipment must have conditioned power through Uninterruptible Power Supply (UPS).
    • Security responsibilities include protecting user accounts and data backups.

    User Responsibilities

    • Users must maintain the security of their accounts and passwords and avoid sharing them.
    • Users are responsible for backing up data on devices.
    • Identification must be produced upon request by the IS Department.

    IT Resource Usage

    • The corporation reserves the right to access IT systems without user notification.
    • Usage of IT resources is a privilege that requires responsible and efficient use.
    • Personal use is permitted as long as it does not impact work performance or incur additional costs.

    Application Development and Security

    • Approval from COIS is necessary for any new application intended for enterprise or that requires additional resources.
    • Applications must facilitate access from varied devices (e.g., mobile, tablets).
    • Email communication must be conducted through official accounts only, ensuring security through protocols like multi-factor authentication.

    Open-Source Technology

    • Integration of open-source technology should be evaluated for security vulnerabilities.
    • Open-source products must be kept updated and secured, with audits conducted periodically.

    Web Hosting Guidelines

    • Websites must be hosted on in-house or government-approved servers.
    • New domain registration requires COIS approval, following guidelines for security audits and compliance.

    Security Audits and Compliance

    • Application security audits by CERT-In approved vendors are mandatory before operational deployment or after significant changes.

    Equipment Security and Monitoring

    • Data center facilities must have periodic tests and audits, with physical security controls in place to monitor equipment loading/unloading.
    • Only authorized personnel can remove equipment from premises, ensuring proper documentation.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    This quiz covers the key provisions of the IndianOil IT Policy concerning VPN access control and compliance with cyber security standards. Participants will learn about necessary measures for network resource access and the implications of software compliance. Test your knowledge on these essential IT protocols.

    More Like This

    Authentication Factors Quiz
    30 questions
    VPN Basics: Encryption and Remote Access
    24 questions
    VPN Security and Remote Access
    24 questions
    Use Quizgecko on...
    Browser
    Browser