Tutorial 5 : Security Controls and Policies (Lecture 5)

Policy to ensure that users have access to the appropriate technology and resources

A security policy is a document that defines how an organization will deal with some

aspect of security.

Policy that defines the company’s hiring and firing procedures

Policy that governs how employees can use company vehicles

Detection of malware and viruses

Prevention of brute force attacks

Mitigating the risk of physical intrusion

Addressing human error and social engineering attacks

To ensure all employees are aware of the organization's wealth

To create a public record of the company's assets for marketing purposes

To determine the appropriate level of security controls and measures for different types of data and assets

To streamline the process of employee onboarding

To provide a comprehensive list of all employees and their roles

To identify assets that require protection and determine the level of security necessary for each

To ensure all software used in the organization is up-to-date

To outline the social media usage policy for employees

Because they are legally binding contracts with external vendors

Because they dictate the entertainment and leisure activities of employees

Because they solely focus on the technical aspects of network security

Because they help personnel understand the security requirements and provide a broad overview of the organization's security needs, as approved by senior leadership

It identifies the entertainment value of data for employee engagement.

It determines the financial cost of each data item for accounting purposes.

It identifies the value of the data to the organization, helping to protect its confidentiality and integrity.

It categorizes data based on the software used to create it.

To determine the appropriate storage size for different types of data

To categorize data based on its level of sensitivity and the necessary protections

To track the frequency of data usage by different departments

To decide which data should be made public and which should remain private

To differentiate between data that can be shared on social media and data that cannot

To identify the geographic location where the data is stored

To categorize data based on its content, purpose, and the level of restriction required for its access and distribution

To classify data based on the department that generated it

Data that is actively being processed by a computer system

Data that is in transit over a network

Data that is stored on a physical or digital storage medium and is not actively being used or moved

Data that is temporarily held in a computer's RAM