Password and Access Control Policy Document Quiz
9 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

True or false: The Password and Access Control Policy applies to all systems and assets owned, managed, or operated by the organization.

True (A)

True or false: The HR role/line manager is responsible for informing IT of new employees, changes to access rights, and leavers.

True (A)

True or false: The Information Security Manager reviews and approves access requests and audits user and access lists monthly.

False (B)

True or false: Systems administrators must adhere to the policy when making changes to access privileges and ensure systems enforce the policy configurations.

<p>True (A)</p> Signup and view all the answers

True or false: Non-authenticated or shared user IDs are allowed according to the policy.

<p>False (B)</p> Signup and view all the answers

True or false: Every user must have a unique user ID and personal secret password.

<p>True (A)</p> Signup and view all the answers

True or false: Secure authentication mechanisms must only be implemented for operating system access.

<p>False (B)</p> Signup and view all the answers

True or false: Password lockout duration is set to 30 minutes.

<p>True (A)</p> Signup and view all the answers

True or false: Violating the policy may result in disciplinary action, and deviations are permitted without approval.

<p>False (B)</p> Signup and view all the answers

Study Notes

Password and Access Control Policy Document Control Summary

  • The Password and Access Control Policy sets out specific responsibilities, conditions, and practices to minimize risks and protect physical assets and sensitive information.
  • The policy applies to all systems and assets owned, managed, or operated by the organization.
  • The HR role/line manager is responsible for informing IT of new employees, changes to access rights, and leavers.
  • The Information Security Manager reviews and approves access requests and audits user and access lists quarterly.
  • Systems administrators must adhere to the policy when making changes to access privileges and ensure systems enforce the policy configurations.
  • User authentication is based on business needs, with access granted based on job classification and function.
  • Non-authenticated or shared user IDs are prohibited, and every user must have a unique user ID and personal secret password.
  • Authentication mechanisms must be suited for the delivery channel and implemented with appropriate strength.
  • Secure authentication mechanisms must be implemented for operating system access, web applications, voice inquiries, email, fax, white mail, remote access, and network devices.
  • Access control configurations include unique IDs, unique passwords, password changes, password history, password lockouts, and two-factor authentication for remote access.
  • Passwords must not be shared, stored in the clear, or reused. Password lockout duration is set to 30 minutes.
  • Violating the policy may result in disciplinary action, and deviations are permitted only with approval from the Security Management Team and/or Legal Counsel.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

Description

Test your knowledge of the Password and Access Control Policy which outlines responsibilities, conditions, and practices to protect physical assets and sensitive information. Covering topics such as authentication, unique IDs, password policies, and consequences for policy violations.

More Like This

Use Quizgecko on...
Browser
Open
Browser
Browser