Day 41

1. An ______ policy states the allowed and disallowed uses of company resources.

2. The goal of a ______ policy is to have another employee take over the responsibilities of sensitive employees roles, increasing the likelihood that any improper activity will be detected, while simultaneously discouraging these types of activities.

3. The principle of ____ privilege in data security states that each user should have the rights necessary to do all he or she is required to do, and no more.

4. The greatest additional risk with cloud computing is _______.

5. A well-implemented change management system (CMS) protects against ad-hoc configuration errors and can provide a method to roll back undesirable changes.

6. In addition to regular user rights and permissions reviews, other regular information security audits should take place.

7. For basic network forensics, any relevant videos should be regularly wiped clean.

8. Passwords should be memorized or physically secured.

9. Shoulder surfing attacks can be partially mitigated by masking passwords, a process by which the actual password displayed is a series of asterisks.

10. The length of time any particular outage renders services unavailable is known as the ______ time.

11. One of the most basic ways of increasing uptime is by removing ______.

12. RAID _ is the ultimate in redundancy. It performs a 1:1 mirroring of data from the original drive to each additional drive in the array, thus improving not only redundancy but also read times (not write times).

13. The second component of the CIA model is _______.