Podcast
Questions and Answers
True or false: The purpose of the policy is to establish specific responsibilities and practices to minimize risks and protect physical assets and sensitive information.
True or false: The purpose of the policy is to establish specific responsibilities and practices to minimize risks and protect physical assets and sensitive information.
True
True or false: The policy applies only to systems owned by the organization.
True or false: The policy applies only to systems owned by the organization.
False
True or false: HR role/line managers are responsible for informing IT of new employees, changes to access rights, and leavers.
True or false: HR role/line managers are responsible for informing IT of new employees, changes to access rights, and leavers.
True
True or false: User authentication is solely based on job classification.
True or false: User authentication is solely based on job classification.
Signup and view all the answers
True or false: Non-authenticated or shared user IDs are allowed.
True or false: Non-authenticated or shared user IDs are allowed.
Signup and view all the answers
True or false: Operating system access authentication requires a secure mechanism for remote or console access.
True or false: Operating system access authentication requires a secure mechanism for remote or console access.
Signup and view all the answers
True or false: Web authentication does not require role-based access control.
True or false: Web authentication does not require role-based access control.
Signup and view all the answers
True or false: Voice authentication does not involve verifying the identity of callers.
True or false: Voice authentication does not involve verifying the identity of callers.
Signup and view all the answers
True or false: Email authentication does not involve scanning attachments for viruses.
True or false: Email authentication does not involve scanning attachments for viruses.
Signup and view all the answers
Study Notes
Password and Access Control Policy Document
- The document is a draft version 0.1 of the Password and Access Control Policy.
- The purpose of the policy is to establish specific responsibilities and practices to minimize risks and protect physical assets and sensitive information.
- The policy applies to all systems and assets owned, managed, or operated by the organization.
- The roles and responsibilities include HR role/line managers informing IT of new employees, changes to access rights, and leavers, and the Information Security Manager approving access requests and auditing user and access lists.
- User authentication is based on job classification and function, with access privileges granted on a need-to-know basis.
- Non-authenticated or shared user IDs are prohibited, and every user must use a unique user ID and password.
- Authentication mechanisms must be suited for the delivery channel, such as automated access control systems or alternative control procedures.
- Operating system access authentication requires a secure mechanism for remote or console access, with role-based access control and password authentication.
- Web authentication requires a secure mechanism and role-based access control with password authentication.
- Voice authentication requires verifying the identity of callers and being aware of social engineering attacks.
- Email authentication involves treating incoming emails with caution, scanning attachments for viruses, and confirming sender identity.
- Access control configurations include not sharing passwords, assigning unique IDs, changing default passwords, and using strong passwords with a history and lockout policy.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
This quiz covers the key points outlined in a draft version 0.1 of the Password and Access Control Policy. It includes responsibilities, access control practices, authentication mechanisms, and access control configurations for protecting physical assets and sensitive information.
