Password and Access Control Policy Overview
9 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

The Password and Access Control Policy applies to all systems and assets owned, managed, or operated by the company.

True

The HR role/line manager is responsible for informing IT of new employees, changes to access rights, and leavers.

True

The Information Security Manager approves access requests and audits user and access lists on a quarterly basis.

True

Systems Administrators must adhere to the policy when making changes to access privileges and ensure systems enforce the configurations in the policy.

<p>True</p> Signup and view all the answers

User authentication is based on job classification and function, with the principle of least privilege and need-to-know basis.

<p>True</p> Signup and view all the answers

Non-authenticated and shared/group user IDs are allowed, and every user must have a unique user ID and personal secret password.

<p>False</p> Signup and view all the answers

Different authentication mechanisms are required for user, operating system, web, voice, email, fax, white mail, remote access, and network device authentication.

<p>True</p> Signup and view all the answers

Passwords must be at least 8 characters with a mix of upper and lower case letters, numbers, and special characters.

<p>True</p> Signup and view all the answers

Vendor remote access accounts should be monitored, passwords changed regularly, and unused accounts deactivated.

<p>True</p> Signup and view all the answers

Study Notes

Password and Access Control Policy Document Control Summary

  • The Password and Access Control Policy sets out specific responsibilities, conditions, and practices to minimize risks and protect physical assets and sensitive information.
  • The policy applies to all systems and assets owned, managed, or operated by the company.
  • The HR role/line manager is responsible for informing IT of new employees, changes to access rights, and leavers.
  • The Information Security Manager approves access requests and audits user and access lists on a quarterly basis.
  • Systems Administrators must adhere to the policy when making changes to access privileges and ensure systems enforce the configurations in the policy.
  • User authentication is based on job classification and function, with the principle of least privilege and need-to-know basis.
  • Non-authenticated and shared/group user IDs are prohibited, and every user must have a unique user ID and personal secret password.
  • Different authentication mechanisms are required for user, operating system, web, voice, email, fax, white mail, remote access, and network device authentication.
  • Passwords must not be shared, must be at least 8 characters with a mix of upper and lower case letters, numbers, and special characters.
  • Password history is maintained, password lockout and duration are set, and remote access should utilize two-factor authentication.
  • Vendor remote access accounts should be monitored, passwords changed regularly, and unused accounts deactivated.
  • Violations of the policy may result in disciplinary action, and deviations require a valid business case reviewed and approved by the Security Management Team and/or Legal Counsel.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

Description

Learn about the key points outlined in the Password and Access Control Policy Document, including responsibilities, best practices for user authentication, and consequences for violations.

More Like This

Use Quizgecko on...
Browser
Browser