Page 719 - StudyBook.pdf
P. 719
Operational and Organizational Security: Policies and Disaster Recovery• Chapter 12 703
sary procedures involved to deal with the issues being pre-
sented.
■ Finally, the Responsibilities section is used to identify the per-
sons or departments accountable for various tasks relating to
the document. Specify who you want to be responsible for
dealing with enforcing, investigating, and resolving incidents
related to your policy.
TEST DAY TIP
The Security+ exam expects you to have an understanding of the dif-
ferent types of policies, procedures, and documentation used in
designing security. The types of policies you may see in questions on the
Security+ exam will include:
■ Security policies, which address the need to protect data and
systems within an organization.
■ Acceptable use policies, which establish guidelines on the
appropriate use of technology.
■ Due care, which refers to the level of care that a reasonable
person would exercise, and is used to address problems of negli-
gence.
■ Privacy policies, which outline the level of privacy that
employees and clients can expect, and the organization’s per-
spective on what is considered private information.
■ Separation of duties, which ensure that tasks are assigned to
personnel in a manner that no single employee can control a
process from its beginning to its end.
■ Need to know, which refers to people only being given the
information, or access to data, that they need in order to per-
form their jobs.
■ Password management, which involves enacting policies that
control how passwords are used and administered.
■ SLAs, which are agreements between clients and service
providers that outline what services will be supplied, what is
expected from the service, and who will fix the service if it does
not meet an expected level of performance.
■ HR policies, which outline the procedures involving changes in
an individual’s employment status as they relate to security.
www.syngress.com
