Page 769 - StudyBook.pdf
P. 769
Operational and Organizational Security: Policies and Disaster Recovery• Chapter 12 753
High availability is provided through redundant systems and fault
tolerance.
There are different levels of RAID that can be implemented, each with
unique characteristics that provide increased performance and/or fault
tolerance
Exam Objectives
Frequently Asked Questions
The following Frequently Asked Questions, answered by the authors of this
book, are designed to both measure your understanding of the Exam Objectives
presented in this chapter, and to assist you with real-life implementation of
these concepts.
Q: I’m concerned about racism and sexism within the company, and want new
employees to be aware of the standards our company expects from them. I’m
concerned that if we implement a policy, those who violate it may claim they
did not know about its existence.What can we do?
A: Policies can be used as a contract or understanding between employees and the
company. By implementing a code of ethics, you can have employees sign it to
show they have read and understand the policy.This can also be done with an
acceptable use policy, which can address ethical issues as they relate to company
e-mail and other services.
Q: I’m concerned that a user may be using e-mail for non-work related use, and
may be sending confidential information over the Internet.What policy would
allow me to audit the content of his e-mail?
A: A privacy policy can stipulate that corporate e-mail accounts are the property
of the company, and any e-mail sent or received with these accounts can be
audited at any time.
Q: I want to implement access control for a system that needs to be extremely
secure, and includes mission critical applications.What should I use, MAC,
DAC, or RBAC?
www.syngress.com
