# Security Policies

Which of the following is NOT an area user policies need to cover.

> If and when to share passwords

Passwords must always be shared with any person for any reason.

> False

Always open email attachments coming from unknown sources.

> False

What is the best rule of thumb in access control?

> Allow the least access job requirements allow

Logon accounts, VPN, network and any other resources should NOT be disabled for leaving employees.

> False

Instant messaging can be used not only for business communication but also for personal communication.

> False

Which of the following is NOT an example of a user password policy?

> Users may share passwords only with their assistants

What should an employee do if she believes her password has been revealed to another party?

> Change her password immediately

Which of the following should be recommended as acceptable e-mail attachments?

> Attachments the user expected

Which of the following is the best reason users should be prohibited from installing software?

> If a user’s account does not have privileges to install, then it is likely that a Trojan horse will not be inadvertently installed under her account