Password and Access Control Policy Overview
9 Questions
0 Views
3.8 Stars

Password and Access Control Policy Overview

Created by
@CommendableRuby

Questions and Answers

Which role is responsible for informing IT of new employees, changes to access rights, and leavers?

HR role/line manager

Who reviews and approves requests for system access and audits user and access lists quarterly?

Information Security Manager

What must Systems Administrators adhere to when making changes to access privileges and ensuring system configurations are enforced?

Access Control Policy

What is user authentication based on?

<p>Job classification and function</p> Signup and view all the answers

What type of user IDs are prohibited?

<p>Non-authenticated and shared/group user IDs</p> Signup and view all the answers

What should be used for user authentication for operating system access, web applications, voice inquiries, email, fax, and remote access?

<p>Secure mechanisms</p> Signup and view all the answers

What type of authentication must network devices use, except for local console access?

<p>Encrypted protocols</p> Signup and view all the answers

What are included in access control configurations?

<p>All of the above</p> Signup and view all the answers

What type of authentication should be utilized for remote access to the cardholder network?

<p>Two-factor authentication</p> Signup and view all the answers

Study Notes

Password and Access Control Policy

  • The Access Control Policy is designed to minimize risks and protect physical assets and sensitive information.
  • The policy applies to all systems and assets owned, managed, or operated by the company.
  • The HR role/line manager is responsible for informing IT of new employees, changes to access rights, and leavers.
  • The Information Security Manager reviews and approves requests for system access and audits user and access lists quarterly.
  • Systems Administrators must adhere to the policy when making changes to access privileges and ensure system configurations are enforced.
  • User authentication is based on job classification and function, with access granted only on a need-to-know basis.
  • Non-authenticated and shared/group user IDs are prohibited, and unique user IDs and passwords must be used.
  • Authentication mechanisms must be appropriate for the delivery channel and implemented with the necessary strength.
  • Secure mechanisms for user authentication are required for operating system access, web applications, voice inquiries, email, fax, and remote access.
  • Network device authentication must use encrypted protocols, except for local console access.
  • Access control configurations include unique IDs, unique passwords, password changes, password complexity, password history, and lockout settings.
  • Remote access to the cardholder network should utilize two-factor authentication, and vendor remote access accounts should be monitored and changed regularly.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

Description

This quiz provides an overview of the Access Control Policy designed to safeguard physical assets and sensitive information. It covers roles and responsibilities, user authentication, authentication mechanisms, secure mechanisms, network device authentication, and access control configurations.

More Quizzes Like This

Use Quizgecko on...
Browser
Browser