9 Questions
Which of the following is a primary goal of information security?
To protect information assets and prevent theft, loss, or misuse of information.
What does Requirement 9 of PCI DSS mandate?
Assigning a unique ID to each person with computer access.
What is the purpose of a DMZ (Demilitarized Zone)?
To expose an organization's external-facing services to an untrusted network.
What is the role of anti-virus software in information security?
To deploy on all systems with specific configuration requirements.
What does Requirement 11 of PCI DSS state?
All access to network resources and cardholder data must be tracked and monitored.
What is the purpose of system logging in information security?
To track and monitor access to network resources and cardholder data.
What does Requirement 12 of PCI DSS call for?
Regular testing of security systems and processes.
What does PCI DSS stand for?
Payment Card Industry Data Security Standard.
What are examples of insecure services?
Torrents, Skype, SMTP, and DNS.
Study Notes
Information Security Policy Document Control Summary
- The Information Security Policy is a draft document that sets out the high-level policy objectives for information security within an organization.
- The policy defines the expected controls for people, processes, and IT systems.
- The primary goal of information security is to protect information assets and prevent theft, loss, or misuse of information.
- The policy outlines the roles and responsibilities of personnel, line management, and senior management in ensuring information security.
- Network security is a key aspect, with requirements for firewall management, documentation, architecture, and configuration.
- System builds must adhere to configuration build standards and use secure system management services.
- Data security is emphasized, including requirements for data storage and transmission using encryption.
- Anti-virus software must be deployed on all systems, with specific configuration requirements.
- Patching and vulnerability management are important, with regular updates and vulnerability scanning.
- Software development must follow secure development practices and undergo code review.
- Access control policies and physical security measures are outlined, including site access and media security.
- System logging, network testing, and monitoring tools such as intrusion detection and file integrity monitoring are required.
PCI DSS Requirements and Glossary of Terms
- Requirement 9 of PCI DSS mandates assigning a unique ID to each person with computer access.
- Requirement 10 of PCI DSS requires restricting physical access to cardholder data.
- Requirement 11 of PCI DSS states that all access to network resources and cardholder data must be tracked and monitored.
- Requirement 12 of PCI DSS calls for regular testing of security systems and processes.
- Annex A provides a glossary of terms related to PCI DSS.
- PCI DSS stands for Payment Card Industry Data Security Standard.
- PCI DSS is a standard developed by the PCI Security Standards Council.
- The standard must be applied by entities that store, process, or transmit cardholder data.
- Insecure services are those that transmit data in an unencrypted format or are vulnerable to well-known attacks.
- Examples of insecure services include torrents, Skype, SMTP, and DNS.
- A public network refers to a network that is not managed by the organization and can be monitored or intercepted by other entities.
- A DMZ, or Demilitarized Zone, is a subnet that exposes an organization's external-facing services to an untrusted network, like the Internet.
Test your knowledge on information security policy, network security, data security, and PCI DSS requirements. Learn about system builds, access control policies, secure development practices, and more.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
