Page 34 - Security+ (635 notes by Nikkhah)
P. 34
Separation of duties
568- This policy ensures that critical tasks are not assigned to a single person.
569- No single person should have control over a task from beginning to end.
570- Monopolization of duties should be prevented.
571- Separation of duties makes users experts in their respective fields.
Need-to-know policy
572- This policy defines restricted access to information.
573- Users should be given permissions based on the principle of least privilege.
574- Excessive information to employees might result in inappropriate handling.
Password management policy
575- This policy describes how employees should manage their passwords.
576- A password is the employee’s key to gaining access to the organization’s resources.
577- Use of blank passwords should not be allowed.
578- Passwords should have at least eight characters.
579- A password should be made up of a combination of upper- and lowercase letters, special
characters, and numbers.
580- Employees should be forced to change their passwords regularly.
581- Employees should not be allowed to reuse old passwords.
582- Administrators should use normal user accounts when not performing any administrative
tasks.
583- Only designated IT employees should have administrative privileges.
Service Level Agreement (SLA)
584- An SLA is usually signed between the organization and a third party that is providing
critical services.
585- It can also be used inside an organization describing what the company expects from its
IT staff.
586- It describes the expected level of performance and confidentiality.
587- SLAs may also often include information on the maximum allowed downtime for computer
systems.
www.hrnikkhah.com by : Hamid Reza Nikkhah Page 32
