The flashcards below were created by user
on FreezingBlue Flashcards.
What is the function of program-level information security policy
- The "mission statement" for the IT security program.
- Prescribes the need for information security
- Delegates the creation and management to a role within the IT dept
What is the function of the program-framework security policy
- The IT security strategy.
- Establishes the overall approach to computer security
- Describes the elements and organization of the program
- Includes issue-specific, such as cloud computing and
- system-specific, such as payroll
What is another name for topic-specific documents that describe overall requirements for info security
What is another name for system-specific documents that describe overall requirements for info security
What are the min requirements for a strong password
- Min of 8 characters
- Contains the following 4 types of characters
- ** uppercase
- ** lowercase
- ** numeric
- ** ASCII
- Does not contain personally identifiable info
General controls to protect system info include...
- systems development standards
- security management controls
- change management procedures
- software acquisition, development, operations, and maintenance controls
The function of application-specific controls to protect system info include...
- Methods that prevent, detect, and correct transaction error and fraud
- Designed to ensure accuracy, completeness, and validity of the info entered into the application
The focus of a disaster recovery plan is to ensure...
What are the steps in developing a disaster recovery plan
- Assess the risks
- Identify mission-critical applications and data
- Develop a plan for handling the mission-critical applications
- Determine and assign the responsibilities of the personnel involved in the plan
- Test the disaster recovery plan
What is a cold site
An off-site location that has all the electrical connections and other physical requirements for data processing, but it does not have the actual equipment
What is a hot site
An off-site location that is fully-equipped to take over the company's data processing, including ready access to all back-up data