Learning Outcome(s):
- Identity and understand the characteristics of a successful policy
- Distinguish between a policy, a standard, a baseline, a procedure, a guideline, and a plan.
- Writing style and technique - using PLAIN language
- PLAIN language techniques for Policy writing
- Information security framework
Policy characteristics -
Q1- There are seven successful policy characteristics, list them all and give one example from your experience for only one of these characteristics (NOT from the book).
Singular and consolidate policy -
Q2- a) What are the pros and cons of Singular and Consolidated policy format?
b) Is it necessary to include standards, baselines, guidelines or procedures in this policy document? Explain your answer.
PLAIN language -
Q3- The following table summarize changing password policy rules and related setting used in Windows Server Active Directory. Write the corresponding policy statement using PLAIN language.
|
Rule
|
Setting
|
|
Enforce password history
|
24 password remembered
|
|
Maximum password age
|
42 days
|
|
Minimum password age
|
1 day
|
|
Minimum password length
|
7
|
|
Password complexity requirement
|
Yes
|
|
Store password using reversible encryption
|
No
|
Understanding CIA -
Q4- a) Define the security term confidentiality. Provide an example of a health situation where confidentiality is required.
b) Define the security term integrity. Provide an example of a financial situation in which a loss of integrity could result in significant harm.
c) Define the security term availability. Provide an example of a business situation in which availability is more important than confidentiality.
Q5- Write the differences with an example between Policies, standers, baselines, procedures and guidelines.