Podcast
Questions and Answers
Which of the following is true about the Password and Access Control Policy?
Which of the following is true about the Password and Access Control Policy?
- It applies to systems and assets operated by the organization
- It applies to systems and assets managed by the organization (correct)
- It applies to all systems and assets owned by the organization
- It applies only to physical assets
Who is responsible for informing IT about new employees, changes to access rights, and leavers?
Who is responsible for informing IT about new employees, changes to access rights, and leavers?
- User authentication mechanisms
- Systems administrators
- Information Security Manager
- HR role/line managers (correct)
Who approves access requests and audits user and access lists quarterly?
Who approves access requests and audits user and access lists quarterly?
- User authentication mechanisms
- Information Security Manager (correct)
- HR role/line managers
- Systems administrators
What must systems administrators adhere to when making changes to access privileges?
What must systems administrators adhere to when making changes to access privileges?
How is user authentication determined?
How is user authentication determined?
What setting must access control systems have by default?
What setting must access control systems have by default?
Which of the following is prohibited?
Which of the following is prohibited?
What must every user have?
What must every user have?
For which channels are secure mechanisms for user authentication required?
For which channels are secure mechanisms for user authentication required?
Flashcards are hidden until you start studying
Study Notes
Password and Access Control Policy Summary
- The Password and Access Control Policy sets out specific responsibilities, conditions, and practices to minimize risks and protect physical assets and sensitive information.
- The policy applies to all systems and assets owned, managed, or operated by the organization.
- HR role/line managers inform IT of new employees, changes to access rights, and leavers.
- The Information Security Manager approves access requests and audits user and access lists quarterly.
- Systems administrators must adhere to the policy when making changes to access privileges and ensure systems enforce the configurations.
- User authentication is based on job classification and function, with access granted on a need-to-know basis.
- Access control systems must have a default "deny-all" setting.
- Non-authenticated and shared/group user IDs are prohibited.
- Every user must have a unique user ID and personal secret password.
- Authentication mechanisms must be appropriate for the delivery channel.
- Secure mechanisms for user authentication are required for operating systems, web applications, voice calls, email, faxes, and remote access.
- Access control configurations include unique passwords, password complexity requirements, password history, lockout settings, and two-factor authentication for remote access.
Note: The remaining sections of the document were not included in the text provided.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
This quiz covers the key points of a Password and Access Control Policy, detailing responsibilities, practices, and access control configurations necessary to protect physical assets and sensitive information within an organization.
