Page 765 - StudyBook.pdf
P. 765

Operational and Organizational Security: Policies and Disaster Recovery• Chapter 12  749

                       An acceptable use policy can be signed by employees, and serve as a
                         contract acknowledging how equipment and technology is to be properly
                         used.

                       Due care is the level of care that a reasonable person would exercise in a
                         given situation, and is used to address problems of negligence.

                       Privacy policies address the level of privacy that employees and clients can
                         expect, and an organization’s perspective of what is considered private
                         information.

                       Separation of duties involves each person having a different job, thus
                         allowing each to specialize in a specific area. It ensures that tasks are
                         assigned to personnel in a manner that no single employee can control a
                         process from beginning to end.

                       Need to know involves information being provided to those who need it.
                         People are only given the information or access to data that they need to
                         perform their jobs.

                       Password management involves enacting policies that control how
                         passwords are used and administered.
                       Strong passwords consist of a combination of lower case letters (a through
                         z), upper case letters (A through Z), numbers (0 through 9), and special
                         characters (({}[],.<>;:’”?/|\`~!@#$%^&*()_-+=).
                       SLAs are agreements between clients and service providers that outline
                         what services will be supplied, what is expected from the service, and who
                         will fix the service if it does not meet an expected level of performance.
                       The Number of Nines is a method of translating the expected availability
                         of a system in a percentage format to the amount of time a system may be
                         down in a year’s time.
                       Disposal and destruction policies address how data and equipment are to
                         be properly disposed of or destroyed after they are no longer of use,
                         outdated, or past a specified retention date.
                       HR policies deal with issues related to employees. HR departments
                         perform such tasks as hiring, firing, retirement, and transferring employees
                         to different locations, so it is important that policy stipulates that network
                         administrators are informed of changes so proper changes can be made to
                         user accounts.



                                                                              www.syngress.com
   760   761   762   763   764   765   766   767   768   769   770