Password and Access Control Policy Summary
9 Questions
0 Views

Password and Access Control Policy Summary

Created by
@CommendableRuby

Podcast Beta

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which role is responsible for informing IT of new employees, changes to access rights, and leavers?

  • Systems administrators
  • Security Management Team
  • HR role/line manager (correct)
  • Information Security Manager

    • Who approves access requests and audits user and access lists?

  • Security Management Team
  • Information Security Manager (correct)
  • Systems administrators
  • HR role/line manager

    • What must systems administrators adhere to when making changes to access privileges?

  • Default 'deny-all' setting
  • Unique user ID and password
  • Two-factor authentication
  • Password and Access Control Policy (correct)

    • What is the basis for user authentication and access granting?

    <p>Business needs</p> Signup and view all the answers

    What is the requirement for non-authenticated user IDs in access control systems?

    <p>Prohibited</p> Signup and view all the answers

    What is the requirement for passwords in the Password and Access Control Policy?

    <p>At least 8 characters long</p> Signup and view all the answers

    What is required for remote access to the Cardholder Data Environment?

    <p>Two-factor authentication</p> Signup and view all the answers

    What is the consequence of violating the Password and Access Control Policy?

    <p>Disciplinary action</p> Signup and view all the answers

    When are deviations from the policy allowed?

    <p>With a valid business case approved by the Security Management Team or Legal Counsel</p> Signup and view all the answers

    Study Notes

    Password and Access Control Policy Summary

    • The Password and Access Control Policy sets out responsibilities, conditions, and practices to protect physical assets and sensitive information.
    • The policy applies to all systems and assets owned, managed, or operated by the company.
    • The HR role/line manager is responsible for informing IT of new employees, changes to access rights, and leavers.
    • The Information Security Manager approves access requests and audits user and access lists.
    • Systems administrators must adhere to the policy when making changes to access privileges.
    • User authentication is based on business needs and access is granted on a need-to-know basis.
    • Access control systems must have a default "deny-all" setting and non-authenticated user IDs are prohibited.
    • Every user must have a unique user ID and password for system access.
    • Different authentication mechanisms are required for operating systems, web applications, voice calls, email, fax, and remote access.
    • Two-factor authentication is required for remote access to the Cardholder Data Environment.
    • Passwords must be unique, at least 8 characters long, and include a combination of upper and lower case letters, numbers, and special characters.
    • Violation of the policy may result in disciplinary action, and deviations are only allowed with a valid business case approved by the Security Management Team or Legal Counsel.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Learn about the responsibilities, conditions, and practices outlined in the Password and Access Control Policy to protect physical assets and sensitive information. Understand the role of HR, Information Security Manager, and Systems administrators in ensuring compliance with the policy.

    More Like This

    Use Quizgecko on...
    Browser
    Open
    Browser
    Browser