1. A security policy is a document that defines how an organization deals with some aspect of security.
2. Passwords are an area of user policies.
3. A good password should have at least eight characters and use all lowercase letters.
4. An organization should not permit end users to install anything on their computer.
5. On an employee’s last day of work, his workstation hard drive should be searched.
6. Principal of least privilege means that no one person can perform critical tasks.
7. One reason allowing a user to change the desktop configuration poses a security problem is that to change a desktop the user must also be given rights to change other system settings.
8. You cannot disable some USB devices from end-user computers and allow others.
9. Standards are specific instructions on how to handle a specific issue.
10. Security policies toward programmers and web developers are developmental policies.