Podcast
Questions and Answers
True or false: The Password and Access Control Policy applies to all systems and assets owned, managed, or operated by the company?
True or false: The Password and Access Control Policy applies to all systems and assets owned, managed, or operated by the company?
True (A)
True or false: The HR role/line manager is responsible for informing IT of new employees, changes to access rights, and leavers?
True or false: The HR role/line manager is responsible for informing IT of new employees, changes to access rights, and leavers?
True (A)
True or false: The Information Security Manager approves access requests and audits user and access lists?
True or false: The Information Security Manager approves access requests and audits user and access lists?
True (A)
True or false: Systems administrators must adhere to the policy when making changes to access privileges?
True or false: Systems administrators must adhere to the policy when making changes to access privileges?
True or false: User authentication is based on business needs and access is granted on a need-to-know basis?
True or false: User authentication is based on business needs and access is granted on a need-to-know basis?
True or false: Access control systems must have a default 'deny-all' setting and non-authenticated user IDs are prohibited?
True or false: Access control systems must have a default 'deny-all' setting and non-authenticated user IDs are prohibited?
True or false: Every user must have a unique user ID and password for system access?
True or false: Every user must have a unique user ID and password for system access?
True or false: Two-factor authentication is required for remote access to the Cardholder Data Environment?
True or false: Two-factor authentication is required for remote access to the Cardholder Data Environment?
True or false: Passwords must be unique, at least 8 characters long, and include a combination of upper and lower case letters, numbers, and special characters?
True or false: Passwords must be unique, at least 8 characters long, and include a combination of upper and lower case letters, numbers, and special characters?
Study Notes
Password and Access Control Policy Summary
- The Password and Access Control Policy sets out responsibilities, conditions, and practices to protect physical assets and sensitive information.
- The policy applies to all systems and assets owned, managed, or operated by the company.
- The HR role/line manager is responsible for informing IT of new employees, changes to access rights, and leavers.
- The Information Security Manager approves access requests and audits user and access lists.
- Systems administrators must adhere to the policy when making changes to access privileges.
- User authentication is based on business needs and access is granted on a need-to-know basis.
- Access control systems must have a default "deny-all" setting and non-authenticated user IDs are prohibited.
- Every user must have a unique user ID and password for system access.
- Different authentication mechanisms are required for operating systems, web applications, voice calls, email, fax, and remote access.
- Two-factor authentication is required for remote access to the Cardholder Data Environment.
- Passwords must be unique, at least 8 characters long, and include a combination of upper and lower case letters, numbers, and special characters.
- Violation of the policy may result in disciplinary action, and deviations are only allowed with a valid business case approved by the Security Management Team or Legal Counsel.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
