Podcast
Questions and Answers
True or false: The Password and Access Control Policy applies to all systems and assets owned, managed, or operated by the organization.
True or false: The Password and Access Control Policy applies to all systems and assets owned, managed, or operated by the organization.
True (A)
True or false: HR role/line managers inform IT of new employees, changes to access rights, and leavers.
True or false: HR role/line managers inform IT of new employees, changes to access rights, and leavers.
True (A)
True or false: The Information Security Manager approves access requests and audits user and access lists quarterly.
True or false: The Information Security Manager approves access requests and audits user and access lists quarterly.
True (A)
True or false: Systems administrators are not required to adhere to the policy when making changes to access privileges.
True or false: Systems administrators are not required to adhere to the policy when making changes to access privileges.
True or false: User authentication is based on job classification and function, with access granted on a need-to-know basis.
True or false: User authentication is based on job classification and function, with access granted on a need-to-know basis.
True or false: Non-authenticated and shared/group user IDs are allowed.
True or false: Non-authenticated and shared/group user IDs are allowed.
True or false: Every user must have a unique user ID and personal secret password.
True or false: Every user must have a unique user ID and personal secret password.
True or false: Secure mechanisms for user authentication are required only for web applications.
True or false: Secure mechanisms for user authentication are required only for web applications.
True or false: Access control configurations include unique passwords, password complexity requirements, password history, lockout settings, and two-factor authentication for remote access.
True or false: Access control configurations include unique passwords, password complexity requirements, password history, lockout settings, and two-factor authentication for remote access.
Study Notes
Password and Access Control Policy Summary
- The Password and Access Control Policy sets out specific responsibilities, conditions, and practices to minimize risks and protect physical assets and sensitive information.
- The policy applies to all systems and assets owned, managed, or operated by the organization.
- HR role/line managers inform IT of new employees, changes to access rights, and leavers.
- The Information Security Manager approves access requests and audits user and access lists quarterly.
- Systems administrators must adhere to the policy when making changes to access privileges and ensure systems enforce the configurations.
- User authentication is based on job classification and function, with access granted on a need-to-know basis.
- Access control systems must have a default "deny-all" setting.
- Non-authenticated and shared/group user IDs are prohibited.
- Every user must have a unique user ID and personal secret password.
- Authentication mechanisms must be appropriate for the delivery channel.
- Secure mechanisms for user authentication are required for operating systems, web applications, voice calls, email, faxes, and remote access.
- Access control configurations include unique passwords, password complexity requirements, password history, lockout settings, and two-factor authentication for remote access.
Note: The remaining sections of the document were not included in the text provided.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
