What is an EISP and what purpose does it serve quizlet?

Something you know [such as a password]:
The something you know factor is the most common factor used and can be a password or a simple personal identification number [PIN]. However, it is also the easiest to beat.
When using passwords, it's important to use strong passwords. A strong password has a mixture of upper case, lower case, numbers, and special characters.

Something you have [such as a smart card]:
The something you have factor refers to items such as smart cards. A smart card is a credit-card sized card that has an embedded certificate used to identify the holder. The user can insert the card into a smart card reader to authenticate the individual. Smart cards are commonly used with a PIN providing multi-factor authentication. In other words, the user must have something [the smart card] and know something [the PIN].

Something you are [such as a fingerprint]: Some of the methods that can be used are fingerprints, hand geometry, retinal or iris scans, handwriting, and voice analysis. Fingerprints and handprints are the most widely used method in use. Many laptops include fingerprint readers. Handprints are used with many amusement parks that sell season passes, or multi-day passes.

Terms in this set [37]

Step-by-step instructions designed to assist employees in following policies, standards and guidelines. If the policy states to "use strong passwords, frequently changed," the procedure might advise that "in order to change your password, first click on the Windows Start button, then...." standard: A detailed statement of what must be done to comply with policy, sometimes viewed as the rules governing policy compliance. If the policy states that employees must "use strong passwords, frequently changed," the standard might specify that the password "must be at least 8 characters, with at least one number, one letter, and one special character."

Three approaches to policy are the enterprise information security policy, issue- specific security policy, and the system-specific policy. The EISP is broad-based, encompassing and defining large areas of responsibility and implementation. The ISSP is tailored toward the organization's intent for how a certain technology-based system is to be used. The system-specific policy is written more as a standard and procedure to be used in the configuration of a system. A large organization would need a policy written along the lines of an EISP in order to cover all of the various systems and information security needs. For instance, a government contractor might have a very detailed policy to protect confidential information when it is required by the customer, the federal government. A smaller company, say a restaurant, might only need a system to help track its daily sales, inventory, and labor records. All of these records may be confidential, but could easily be handled by a policy like the SysSP.

What is the purpose of a SysSP?

What are the components of an effective EISP?

What is the purpose of a security policy quizlet?

What is EISP and ISSP?