Deck 13: Security Policy Design and Implementation

An extranet is a backup network that you can use if the main network fails.

The first step in SNA is the survivability analysis.

Once written,a security policy should not be altered so that you can maintain consistency.

The first phase of the system development life cycle is needs assessment.

The people that manage security for the organization should not be same people that conduct risk analysis.

Your exposure to risk increases if your organization has one or more factors that increase _____________ probabilities.

MATCHING
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
a private network that a company sets up as an extension of its corporate intranet

The __________________ phase of the system development life cycle can lead you to the needs assessment phase where the cycle begins again.

VPNs create a _____________ to transport information through public communications media.

MATCHING
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
routers,cables,bastion hosts,servers,and firewall components that enable employees to communicate with one another

MATCHING
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
a document that details additional access options and responsibilities of users with privileged access to resources

________________ clauses exist in acceptable use policies so that companies can discipline employees whose computer activities interfere with productivity.

MATCHING
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
authentication that requires more than one form of verification for a user to be granted access

MATCHING
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
network protocols that encapsulate (wrap)one protocol or session inside another

____________________ risk is the amount of risk left over after countermeasures are implemented.

By providing _________________ through backup systems,you ensure information remains accessible if primary systems go offline.

MATCHING
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
situations or conditions that increase threats,which in turn increase risk

The process called _____________ analysis determines the threats an organization faces.

MATCHING
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
a method of authentication that grants users limited system access based on their assigned role in the company

The portion of a security policy that describes who responds when there has been a security breach is called the ______________ response section.

MATCHING
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
a process of analyzing the threats an organization faces

Search warrants and subpoenas were developed in response to the _____________ Amendment which protects U.S.residents against illegal search and seizure.

SNA starts with the assumption that a system or network will be ________________.

MATCHING
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
a legal document issued by a court that allows authorities to search a particular place for specific evidence

MATCHING
a.extranet
b.network assets
c.privileged access policy
d.risk management
e.role-based authentication
f.search warrant
g.subpoena
h.tunneling protocols
i.two-factor authentication
j.vulnerabilities
a legal document that requires a person to appear in court,provide testimony, or cooperate with law enforcement

What is the purpose of a privileged access policy?

When should you update the security policy?

Describe a remote access and wireless connection policy and the use of role-based authentication.Include two-factor authentication in your discussion.

What are three questions you should ask in deciding how your organization should perform risk analysis?

What points should a third-party access policy include? List at least three.

What are the three levels of escalation of threat or security incidents? Describe them.

What should you do if a security policy violation involves a criminal offense? Include the Fourth Amendment in your discussion.

What are three areas in which the use of encryption should be considered to maintain confidentiality?

What are the four steps of Threat and Risk Assessment?

What is a server security policy? List at least three areas the policy should address.