5.1 Explain the importance of policies, plans and procedures related to organizational security.

Ace your homework & exams now with Quizwiz!

job rotation

Job rotation serves two functions: it provides a type of knowledge redundancy, and moving personnel around reduces the risk of fraud, data modification, theft, sabotage, and misuse of information.

mandatory vacations

Mandatory vacations of one to two weeks are used to audit and verify the work tasks and privileges of employees. This often results in detection of abuse, fraud, or negligence.

NDA

An NDA (nondisclosure agreement) is a contract that prohibits specific confidential, secret, proprietary, and/or personal information from being shared or distributed outside of a specific prescribed set of individuals or organizations.

Acceptable Use Policy

An acceptable use policy defines what is and what is not an acceptable activity, practice, or use for company equipment and resources.

exit interviews

An exit interview is a controlled and respectful process of termination or employee firing. The goal of an exit interview is to control the often emotionally charged event of a termination in order to minimize property damage, information leakage, or other unfortunate or embarrassing occurrences.

ISAs

An interconnection security agreement (ISA) is a formal declaration of the security stance, risks, and technical requirements of a link between two organizations' IT infrastructures.

security

Education means security training, usually focused on teaching a user to perform their work tasks securely. Security education is broader and has the ultimate goal of certification.

BPAs

A business partners agreement (BPA) is a contract between two entities, dictating their business relationship.

clean-desk policy

A clean-desk policy is used to instruct workers how and why to clean off their desks at the end of each work period.

MOUs

A memorandum of understanding (MOU) is an expression of agreement or aligned intent, will, or purpose between two entities.

security policy

A security policy is the overall purpose and direction of security in an environment, as well as the detailed procedural documents that indicate how various activities are to be performed in compliance with security.

SLAs

A service-level agreement (SLA) is a contract between a supplier and a customer.

SOP

A standard operating procedure (SOP) is an organizational policy that provides detailed or granular step-by-step instructions to accomplish a specific task. The goal of an SOP is to improve consistency in worker activities, especially as related to performance and security compliance.

role-based training

Role-based training involves teaching employees to per form their work tasks and to comply with the security policy.

importance of separation of duties

Separation of duties is the division of administrator or privileged tasks into distinct groupings, with each group in turn assigned to unique administrators. The application of separation of duties results in no single user having complete access to or power over an entire network, server, or system.

security implications of integrating systems and data with third parties

Whenever a third party is involved in your IT infrastructure, there is an increased risk of data loss, leakage, or compromise. The security implications of integrating systems and data with third parties need to be considered carefully before implementation.

background checks

Background checks are used to verify that a worker is qualified for a position but not disqualified.

user habits

Implementing proper security involves using technology but also mandates the modification of user behaviors. If personnel do not believe in and support security, they are often opposed to the best security efforts of the organization. This includes addressing the issues of password behaviors, data handling, clean-desk policies, preventing tailgating, and personally owned devices

interoperability agreements

Interoperability agreements are formal contracts (or at least written documents) that define some form of arrangement where two entities agree to work with each other in some capacity.

user awareness

User awareness is an effort to make security a common and regular thought for all employees. Unfortunately, user security awareness is generally the most overlooked element of security management. The lack of security awareness is the primary reason social engineering attacks succeed.


Related study sets

Interpersonal Communication Chapter 2

View Set

Chapter 4: The Visual Elements, ART 110 - Ch 4, Art Appreciation Chapter 4, Art Section II

View Set

Accounting Chapter 13 & 15 Study Guide

View Set

Sample NCLEX -RN Questions on Infection Control MCC 1155

View Set

history chapter 13 (democratic reforms in britain)

View Set

Saunders NCLEX Review OB Questions

View Set