Deck 11: Security and Personnel

The SSCP covers ten domains.

Information security should be visible to the users.

The organization should integrate the security awareness education into a new hire's ongoing job orientation and make it a part of every employee's on-the-job security training.

The use of standard job descriptions can increase the degree of professionalism in the information security field.

In many organizations,information security teams lacks established roles and responsibilities.

Organizations are not required by law to protect employee information that is sensitive or personal.

To maintain a secure facility,all contract employees should be escorted from room to room,as well as into and out of the facility.

All of the existing certifications are fully understood by hiring organizations.

The process of integrating information security perspectives into the hiring process begins with reviewing and updating all job descriptions.

The position of security technician can be offered as an entry-level position.

The general management community of interest must work with the information security professionals to integrate solid information security concepts into the personnel management practices of the organization.

Builders operate and administrate the security tools and the security monitoring function and continuously improve the processes,performing all the day-to-day work.

ISSEP was developed under a joint agreement between the FBI and the United States National Security Agency,Information Assurance Directorate.

The security manager position is much more general than that of CISO.

In most cases,organizations look for a technically qualified information security generalist who has a solid understanding of how an organization operates.

The information security function cannot be placed within protective services.

Security managers are accountable for the day-to-day operation of the information security program.

The SCNA track focuses on firewalls and intrusion detection.

In the business world,background checks determine the individual's level of security classification,a requirement for many positions.

ISACA stands for Information Systems Automation and Control Association._________________________

GIAC stands for Global Information Architecture Certification._________________________

ISSAP stands for Information Systems Security Architecture Professional._________________________

The CISA certification is for information security management professionals._________________________

Friendly departures include termination for cause,permanent downsizing,temporary lay-off,or some instances of quitting._________________________

ISSMP stands for Information Systems Security Monitoring Professional._________________________

The general management community of interest must plan for the proper staffing for the information security function._________________________

Administrators provide the policies,guidelines and standards in the Schwartz,Erwin,Weafer,and Briney classification._________________________

ISSEP stands for Information Systems Security Expert Professional._________________________

Upper management should learn more about the budgetary needs of the information security function and the positions within it._________________________

Many hiring managers in the information security field prefer to recruit a security professional who has already proven HR skills._________________________

A mandatory furlough provides the organization with the ability to audit the work of an individual._________________________

SCP stands for Security Certified Program._________________________

Security managers accomplish objectives identified by the CISO and resolve issues identified by technicians._________________________

The most common qualification for the CISO type of position is the SSCP accreditation._________________________

CISOs are ____________________ managers first.

The __________________________________________________ acts as the spokesperson for the information security team.

It is important to gather employee ____________________ early about the information security program and respond to it quickly.

Once an information security function's organizational position has been determined,the challenge is to design a(n)____________________ structure for the information security function that balances the competing needs of each of the communities of interest.

The organization should conduct a behavioral feasibility study before the ____________________ phase.

Separation of ____________________ is used to reduce the chance of an individual violating information security and breaching the confidentiality,integrity,or availability of information.

What tasks must be performed when an employee prepares to leave an organization?

What functions does the CISO perform?

Job ____________________ can greatly increase the chance that an employee's misuse of the system or abuse of the information will be detected by another.

Related to the concept of separation of duties is that of ____________________,the requirement that two individuals review and approve each other's work before the task is categorized as finished.

The SCP certification provides three tracks: the SCNS (Security Certified Network Specialist);the SCNP (Security Certified Network Professional);and the SCNA (Security Certified Network ____________________).

____________________ departures include resignation,retirement,promotion,or relocation.

Employees should be provided access to the minimal amount of information for the minimal amount of time necessary for them to perform their duties.This is referred to as the principle of ____________________.

The ____________________________________________________________ certification requires both the successful completion of the examination and an endorsement by a qualified third party,typically another CISSP-certified professional,the candidate's employer,or a licensed,certified,or commissioned professional.

SANS developed a series of technical security certifications in 1999 that are known as the Global Information ____________________ Certification or GIAC family of certifications.

Describe the concept of separation of duties.

Sometimes onsite contracted employees are self-employed or are employees of an organization hired for a specific,one-time purpose.These people are typically referred to as ____________________.

Security ____________________ are accountable for the day-to-day operation of the information security program.

The ____________________ of (ISC)² program is geared toward those who want to take the CISSP or SSCP exams before obtaining the requisite experience for certification.

Once a candidate has accepted a job offer,the ____________________ becomes an important security instrument.

The Information Systems ____________________ and Control Association offers the CISA certification for auditing,networking,and security professionals.

A(n)"____________________ agency" is an agency that provides specifically qualified individuals at the paid request of another company.

When new employees are introduced into the organization's culture and workflow,they should receive as part of their ____________________ an extensive information security briefing.