Podcast
Questions and Answers
Which role is responsible for informing IT of new employees, changes to access rights, and leavers?
Which role is responsible for informing IT of new employees, changes to access rights, and leavers?
- HR role/line manager (correct)
- Systems Administrator
- IT Manager
- Information Security Manager
Who reviews and approves requests for system access and audits user and access lists quarterly?
Who reviews and approves requests for system access and audits user and access lists quarterly?
- HR role/line manager
- Systems Administrator
- IT Manager
- Information Security Manager (correct)
What must Systems Administrators adhere to when making changes to access privileges and ensuring system configurations are enforced?
What must Systems Administrators adhere to when making changes to access privileges and ensuring system configurations are enforced?
- Information Security Policy
- IT Policy
- Password Policy
- Access Control Policy (correct)
What is user authentication based on?
What is user authentication based on?
What type of user IDs are prohibited?
What type of user IDs are prohibited?
What should be used for user authentication for operating system access, web applications, voice inquiries, email, fax, and remote access?
What should be used for user authentication for operating system access, web applications, voice inquiries, email, fax, and remote access?
What type of authentication must network devices use, except for local console access?
What type of authentication must network devices use, except for local console access?
What are included in access control configurations?
What are included in access control configurations?
What type of authentication should be utilized for remote access to the cardholder network?
What type of authentication should be utilized for remote access to the cardholder network?
Flashcards are hidden until you start studying
Study Notes
Password and Access Control Policy
- The Access Control Policy is designed to minimize risks and protect physical assets and sensitive information.
- The policy applies to all systems and assets owned, managed, or operated by the company.
- The HR role/line manager is responsible for informing IT of new employees, changes to access rights, and leavers.
- The Information Security Manager reviews and approves requests for system access and audits user and access lists quarterly.
- Systems Administrators must adhere to the policy when making changes to access privileges and ensure system configurations are enforced.
- User authentication is based on job classification and function, with access granted only on a need-to-know basis.
- Non-authenticated and shared/group user IDs are prohibited, and unique user IDs and passwords must be used.
- Authentication mechanisms must be appropriate for the delivery channel and implemented with the necessary strength.
- Secure mechanisms for user authentication are required for operating system access, web applications, voice inquiries, email, fax, and remote access.
- Network device authentication must use encrypted protocols, except for local console access.
- Access control configurations include unique IDs, unique passwords, password changes, password complexity, password history, and lockout settings.
- Remote access to the cardholder network should utilize two-factor authentication, and vendor remote access accounts should be monitored and changed regularly.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
This quiz provides an overview of the Access Control Policy designed to safeguard physical assets and sensitive information. It covers roles and responsibilities, user authentication, authentication mechanisms, secure mechanisms, network device authentication, and access control configurations.
