Deck 11: Personnel and Security

Most hiring organizations are aware of the precise value of information security certifications because these programs have been in existence for a long time.

ISACA offers the CGEIT certification that is targeted at upper-level executives such as CISOs and CIOs,directors,and consultants with knowledge and experience in IT operations..____________

A(n)credit check can uncover past criminal behavior or other information that suggests a potential for future misconduct or a vulnerability that might render a candidate susceptible to coercion or blackmail..____________

Integrating InfoSec into the hiring process begins with reviewing and updating job descriptions to include InfoSec responsibilities.____________

A conspiracy or cooperation between two or more individuals or groups to commit illegal or unethical actions is known as racketeering.____________

The SSCP certification is more applicable to the security manager than the security technician.

InfoSec is a profession with little personnel turnover - most InfoSec professionals stay in their positions for a very long time.

Maintaining a secure environment requires that the information security (InfoSec)department be carefully structured and staffed with appropriately skilled and screened personnel..____________

A technically qualified individual who may configure firewalls and IDPSs, implement security software,diagnose and troubleshoot problems,and coordinate with systems and network administrators to ensure that security technical controls are properly implemented is known as a security architect.____________

The most common qualification for a CISO includes the CISSP and CISM certifications.

A requirement that all employees take time off from work,which allows the organization to audit the individual's areas of responsibility is known as a mandatory vacation policy.____________

​Temporary workers-often called temps-may not be subject to the contractual obligations or general policies that govern other employees.

A security manager is accountable for the day-to-day operation of all or part of the InfoSec program..____________

A security ____________________ is the typical information security entry-level position.

Ultimately,the _______________________ is the spokesperson for the security team and is responsible for the overall InfoSec program.

In the classification of information security positions,senior people with a lot of broad knowledge,but often not a lot of depth,fall under the category of those that ____________________.

The CompTIA ____________________ certification tests an individual's security knowledge mastery and requires two years on-the-job networking experience,with emphasis on security.

It is the responsibility of a _______________________ to develop appropriate InfoSec policies,standards,guidelines,and procedures.

a. Definers
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
provide the policies,guidelines,and standards,performing conulting and risk assessment and develop technical architectures

Describe the certifications developed by SANS. How are they different from InfoSec certifications like CISSP and SSCP?

a. Definers
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
a technically qualified individual who may configure firewalls and IDPSs,implement security software,diagnose and troubleshoot problems,and coordinate with systemsand network administrators to ensure that security technical controls are properly implemented

Briefly describe at least five types of background checks.

Describe the position of security manager.

What is the Security+ certification and who is a typical candidate for this certification?

Briefly describe the two outprocessing methods of handling employees who leave their positions at a company.

a. Definers
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
computer forensics certification from ISFCE

What are the qualifications and position requirements of a typical security technician?

a. Definers
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
a member of the general business community having an information security related role

Briefly describe the classifications of InfoSec positions as defined by Schwartz et al.

a. Definers
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
accountable for the day-to-day operation of all or part of the InfoSec program and assigned objectives identified by the CISO

a. Definers
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
an ISC2 certificate that is often considered to be the most prestigious certification for security managers

a. Definers
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
create and install security solutions

List the six key principles that should shape the career of a CISO.

Describe the SSCP certification. How does it compare to the CISSP?

What are some of the common qualifications for a CISO?

a. Definers
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
an organization  that developed a series of technical security certifications such as the GIAC

a. Definers
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
an ISC2 certification that focuses on practices,roles,and responsibilities as defined by experts

a. Definers
b. Builders
c. security manager
d. security technician
e. systems programmer
f. ethics officer
g. CISSPh. SSCP
i. SANSj. CCE
a member of the IT community often responsible for complex operating system programs