9 Questions
Which role is responsible for informing IT of new employees, changes to access rights, and leavers?
HR role/line manager
Who approves access requests and audits user and access lists?
Information Security Manager
Who must adhere to the policy when making changes to access privileges?
Systems Administrator
What is the basis for user authentication?
Business needs
What is the default setting for access control systems?
Deny-all
What are the requirements for passwords?
At least 8 characters long
What is required for remote access to the Cardholder Data Environment?
Two-factor authentication
What may result in disciplinary action if violated?
Violation of the policy
When are deviations from the policy allowed?
Only with a valid business case
Study Notes
Password and Access Control Policy Summary
- The Password and Access Control Policy sets out responsibilities, conditions, and practices to protect physical assets and sensitive information.
- The policy applies to all systems and assets owned, managed, or operated by the company.
- The HR role/line manager is responsible for informing IT of new employees, changes to access rights, and leavers.
- The Information Security Manager approves access requests and audits user and access lists.
- Systems administrators must adhere to the policy when making changes to access privileges.
- User authentication is based on business needs and access is granted on a need-to-know basis.
- Access control systems must have a default "deny-all" setting and non-authenticated user IDs are prohibited.
- Every user must have a unique user ID and password for system access.
- Different authentication mechanisms are required for operating systems, web applications, voice calls, email, fax, and remote access.
- Two-factor authentication is required for remote access to the Cardholder Data Environment.
- Passwords must be unique, at least 8 characters long, and include a combination of upper and lower case letters, numbers, and special characters.
- Violation of the policy may result in disciplinary action, and deviations are only allowed with a valid business case approved by the Security Management Team or Legal Counsel.
Learn about the responsibilities, conditions, and practices outlined in a Password and Access Control Policy to protect physical assets and sensitive information within a company. Understand the roles of HR, Information Security Manager, and systems administrators in ensuring compliance with the policy.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free