Podcast
Questions and Answers
Which role is responsible for informing IT of new employees, changes to access rights, and leavers?
Which role is responsible for informing IT of new employees, changes to access rights, and leavers?
Who reviews and approves requests for system access and audits user and access lists quarterly?
Who reviews and approves requests for system access and audits user and access lists quarterly?
What must Systems Administrators adhere to when making changes to access privileges and ensuring system configurations are enforced?
What must Systems Administrators adhere to when making changes to access privileges and ensuring system configurations are enforced?
What is user authentication based on?
What is user authentication based on?
Signup and view all the answers
What type of user IDs are prohibited?
What type of user IDs are prohibited?
Signup and view all the answers
What should be used for user authentication for operating system access, web applications, voice inquiries, email, fax, and remote access?
What should be used for user authentication for operating system access, web applications, voice inquiries, email, fax, and remote access?
Signup and view all the answers
What type of authentication must network devices use, except for local console access?
What type of authentication must network devices use, except for local console access?
Signup and view all the answers
What are included in access control configurations?
What are included in access control configurations?
Signup and view all the answers
What type of authentication should be utilized for remote access to the cardholder network?
What type of authentication should be utilized for remote access to the cardholder network?
Signup and view all the answers
Study Notes
Password and Access Control Policy
- The Access Control Policy is designed to minimize risks and protect physical assets and sensitive information.
- The policy applies to all systems and assets owned, managed, or operated by the company.
- The HR role/line manager is responsible for informing IT of new employees, changes to access rights, and leavers.
- The Information Security Manager reviews and approves requests for system access and audits user and access lists quarterly.
- Systems Administrators must adhere to the policy when making changes to access privileges and ensure system configurations are enforced.
- User authentication is based on job classification and function, with access granted only on a need-to-know basis.
- Non-authenticated and shared/group user IDs are prohibited, and unique user IDs and passwords must be used.
- Authentication mechanisms must be appropriate for the delivery channel and implemented with the necessary strength.
- Secure mechanisms for user authentication are required for operating system access, web applications, voice inquiries, email, fax, and remote access.
- Network device authentication must use encrypted protocols, except for local console access.
- Access control configurations include unique IDs, unique passwords, password changes, password complexity, password history, and lockout settings.
- Remote access to the cardholder network should utilize two-factor authentication, and vendor remote access accounts should be monitored and changed regularly.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
This quiz provides an overview of the Access Control Policy designed to safeguard physical assets and sensitive information. It covers roles and responsibilities, user authentication, authentication mechanisms, secure mechanisms, network device authentication, and access control configurations.
