Podcast
Questions and Answers
True or false: The Password and Access Control Policy is only applicable to physical assets.
True or false: The Password and Access Control Policy is only applicable to physical assets.
False
True or false: The policy is designed to comply with the PCI DSS requirements.
True or false: The policy is designed to comply with the PCI DSS requirements.
True
True or false: The policy applies to all systems and assets owned, managed, or operated by the company.
True or false: The policy applies to all systems and assets owned, managed, or operated by the company.
True
True or false: HR Role/Line Manager is responsible for informing IT about new employees, access rights changes, and leavers.
True or false: HR Role/Line Manager is responsible for informing IT about new employees, access rights changes, and leavers.
Signup and view all the answers
True or false: The Information Security Manager reviews and approves access requests on a monthly basis.
True or false: The Information Security Manager reviews and approves access requests on a monthly basis.
Signup and view all the answers
True or false: Systems Administrators are not required to adhere to the policy when making changes to access privileges.
True or false: Systems Administrators are not required to adhere to the policy when making changes to access privileges.
Signup and view all the answers
True or false: User authentication is based solely on job classification.
True or false: User authentication is based solely on job classification.
Signup and view all the answers
True or false: Non-authenticated and shared/group user IDs are allowed.
True or false: Non-authenticated and shared/group user IDs are allowed.
Signup and view all the answers
True or false: Different authentication mechanisms are required for different delivery channels.
True or false: Different authentication mechanisms are required for different delivery channels.
Signup and view all the answers
Study Notes
Password and Access Control Policy Document Control
- The Password and Access Control Policy sets out responsibilities and practices to protect physical assets and sensitive information.
- The policy is designed to meet the requirements of the Payment Card Industry Data Security Standard (PCI DSS).
- The policy applies to all systems and assets owned, managed, or operated by the company.
- HR Role/Line Manager is responsible for informing IT of new employees, changes to access rights, and leavers.
- The Information Security Manager reviews and approves access requests and audits user and access lists on a quarterly basis.
- Systems Administrators must adhere to the policy when making changes to access privileges and ensure that systems enforce the configurations.
- User authentication is based on job classification and function, with the principle of least privilege and need-to-know basis.
- Non-authenticated and shared/group user IDs are prohibited, and every user must have a unique user ID and password.
- Different authentication mechanisms are used for different delivery channels (e.g., automated access control system or manual control procedures).
- Secure authentication mechanisms are required for operating system access, web applications, voice enquiries, email, fax, and remote access.
- Network device access must be via an encrypted protocol, except for local console access.
- Access control configurations include unique IDs, unique first-time passwords, password complexity, password history, lockout settings, and two-factor authentication for remote access.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Test your knowledge on the Password and Access Control Policy which outlines responsibilities for securing physical assets and sensitive information, meeting PCI DSS requirements, and enforcing access control measures for all company systems and assets.
