Security Awareness – CompTIA A+ 220-902 – 3.2

| February 14, 2016

How can you make others in your organization aware of the challenges associated with IT security? In this video, you’ll learn about security policy training, network policies, and the principle of least privilege.

<< Previous: Digital Security Prevention MethodsNext: Windows Security Settings >>



What type of security control will limit rights and permissions to only what is required to perform a particular job?
Acceptable use
Least privilege
Access control list
Client certificate
File systems

Correct!

Wrong!

Which of the following would you expect to find in an AUP?
Specific rules for network use
A list of available files
A database of blocked and allowed URLs
A schedule for operating system updates
A consolidated set of event logs

Correct!

Wrong!

One of your employees was recently dismissed for violating company policy relating to network access. Which of the following would have documented the rules for network use?
NDA
AUP
SLA
RAID
AV

Correct!

Wrong!

Which of these would best describe the principle of least privilege?
Everyone has administrative access to the network
The human resources department can modify the passwords for corporate users
The shipping department cannot view any spreadsheets from the accounting department
Backups are stored offsite
A single public folder is used by all departments

Correct!

Wrong!

Share the quiz to show your results !

Subscribe to see your results

Review Quiz: Security Awareness

I got %%score%% of %%total%% right

%%description%%

%%description%%

Loading...


It’s very common for organizations to create comprehensive policies and procedures for the security of your environment. But if nobody knows of those policies and procedures, then you’re no more secure than you were when you started. That’s why it’s very common to have all of your security policies available for anybody to read on your intranet.

It’s very difficult, of course, to have people read this information. That’s why it’s very common also to have in-person and mandatory security training sessions. This means you get to have a very detailed overview of all of your security policies, there’s a chance for Q&A, and they get to meet you as the security professional.

This is your opportunity to explain how you deal with these common security problems. If your computer identifies a virus, what’s the next step? If you find that somebody’s inside of your environment, and they don’t have an access card, what’s the proper procedure? This is something you can do throughout all of these security sessions. If you have users that are outside of the building, you may have to set up separate security sessions for your mobile users or break out all of the training by department.

A large organization might also have a network policy. This will govern exactly what types of things are permitted across the network. Each organization has a different philosophy on what type of traffic is allowed and what type of traffic is not acceptable. The network policy is often a subset or is very closely associated with the security policy because everything going across the network is obviously a security concern as well.

These network policies are usually written together and presented as an acceptable use policy. This provides you with all of the rules and everything you’ll need to know about sending information over the network. It’s usually well-documented. And it’s very common for employees to sign a document that says that they have read and that they understand the acceptable use policies.

The types of rights and permissions that you have to the resources that are on your network are usually based on who you are and the type of job you’re doing. We call this the principle of least privilege, which means that you should only have just the rights and permissions necessary to do your job. Exactly what those rights and permissions are will depend on what your job happens to be. So the management of your company will usually determine what your job role is. And then it’s up to IT to match your job role with the rights and permissions on the network.

This principle of least privilege applies to both physical and digital controls. So you might only be limited to a number of rooms that you can enter with your access card. You might also be limited to the number of files and folders that you can access on a particular file server.

Tags: , , , , , , , , ,

Category: CompTIA A+ 220-902

Comments are closed.

X