Question

What principles should the information security analyst apply in order to develop appropriate acceptable use policies for the client? Make sure you address confidentiality, integrity, and availability of information, as well as each of the following questions:

1-What should users generally be allowed to do with their computing and network resources? When and why would each example be allowable?

2-What should users generally be prohibited from doing with their computing and network resources? When and why would each example require prohibition?

3-When and why should users be aware of acceptable use policies and how can organizations keep track of these policies?

Answer 1

Ans A

Standard: No trust

approach for secret key

1)Password ought to be put away in scrambled structure in information base.

2)client should utilize solid password(a irregular mix of digits,alphabets,special characters capitalized and lower case)

3)there ought to be one time passwords (whenever required)

4)client should change his/her secret word often.

5)client ought not share his/her secret phrase with companions/kinfolks/Colleagues

Ans B

Guideline: protection (duplicate right(ownership))

arrangement for worthy use

1)client should utilize just authorized adaptation of programming.

2)client isn't permitted to speak to the association's item on his/her own.

3)in instance of any issue with respect to association's item/administration , customer should contact to the organization(product producer/administration provider),not to other outsider.

Ans C

client preparing strategies for the customer

Rule :security (duplicate right(ownership))

1)organization gives a client manual to the client.client ought not adjust the manual

2)client can utilize this manual to educate others.

3)client ought to spend his/her time in preparing program directed by the association.

4)client should show up in the assessment directed by the association.

Ans D

fundamental client strategies for the customer

1)client should utilize just authorized form of item.

2)client should contact just to client care division of the association in the event of any question.

3)client should utilize the item in a way referenced in the item's manual.

4)client ought to follow the set of principles.