Across
- 3. (6,6) policy, sets out how to remotely connect to an organization’s internal network and explains what information is remotely accessible.
- 4. (8) policy, this document addresses the constraints and behaviors of individuals within an organization and often specifies how data can be accessed, and what data is accessible by whom.
- 9. (10,3) policy, highlights a set of rules that determine access to and use of network resources.
- 10. (5) resources security, this refers to the security procedures in place that relate to employees joining, moving within, and leaving an organization.
- 12. (8,8) policy, provides guidance on how to report and respond to security-related incidents within an organization.
- 13. (8) policy, defines minimum password requirements.
- 14. (10) policy, enforces the rules for composing credentials.
Down
- 1. (4,10) this is the first step in the risk management process, which determines the quantitative and qualitative value of risk related to a specific situation or threat.
- 2. (14) and authentication policy, specifies who should be permitted access to network resources and what verification procedures are in place to facilitate this.
- 5. (11,8) incident management, this describes an organization’s approach to the anticipation of and response to information security breaches.
- 6. (4) policy, sets out measurable rules for processing data within an organization, such as specifying where data is stored, how data is classified, and how data is handled and disposed of.
- 7. (5,10) this is an inventory of and classification scheme for information assets within an organization.
- 8. (14) policy, provides guidance for how work should be carried out in an organization.
- 11. (7) maintenance policy, outlines procedures for updating an organization’s specified operating systems and end-user applications.