List and describe five areas to consider in User Management.

What will be an ideal response?

Acceptable Use Policy. This describes the expected behavior a user must follow while using network resources.

Logon Policy. This describes what is allowed or disallowed during the logon process.

Password Policy. Provide information on how to make a strong password, such as requiring at least 8 characters, which should be a combination of uppercase, lowercase, numeric, and special symbols, and how to keep your password private.

Access Control. Physical access control is the means by which you prevent the user from gaining access to network resources. File-level access control is provided by the operating system, together with the file system.

Security Awareness Training. Newly hired users should receive security awareness training and information as part of their orientation. In addition, all users should receive periodic security updates and reminders through seminars and meetings.

Auditing Policy. What is the user doing on their computer? Hopefully, nothing out of the ordinary. But repeated attempts to access restricted files or resources, or unauthorized changes in privilege or system configuration should be tracked and reviewed.

User Termination Policy. When a user's employment is terminated, what should be done with the user account? Change the password? Disable the account? Did the user possess the private key needed to decrypt important documents? These questions, and others, need to be asked and answered before the first employee leaves the company.