Principles of Information Security Chapter 11 - Security & Personnel
The organization of a task or process so that at least two individuals must work together to complete it. Also known as Dual-Control
Two person control
Offers CISSP, SSCP, and SCCLP
(ISC)^2
Bureau of Labor Statistics
BLS
To assess the effect that changes will have on the organization's personnel management practices, the organization should conduct a ____________________feasibility study before the program is implemented.
Behavioral
The International Society of Forensic Computer Examiners (ISFCE) offers which certifications?
Both a Certified Computer Examiner (CCE) and the Master Certified Computer Examiner (MCCE)
According to Schwartz, Erwin, Weafer, and Briney, "__________" are the real techies who create and install security solutions.
Builders
Certified Computer Examiner
CCE
Certified Cyber Forensics Professional
CCFP
Certified Cloud Security Professional
CCSP
Certified in the Governance of Enterprise IT
CGEIT
Certified Information Systems Auditor
CISA
Certified Information Security Manager
CISM
ISACA - Information Systems Audit and Control Associations offers
CISM, CISA, and CGEIT
The __________ is typically considered the top information security officer in the organization.
CISO
Certified Information System Security Professional
CISSP
In recent years, the __________ certification program has added a set of concentration exams.
CISSP
The __________ certification program has added a number of concentrations that can demonstrate advanced knowledge beyond the basic certification's CBK.
CISSP
The breadth and depth covered in each of the domains makes the __________ one of the most difficult-to-attain certifications on the market.
CISSP
Certified in Risk and Information Systems Control
CRISC
Certified Secure Software Life Cycle Professional
CSSLP
CICISO, by EC-Council
Certified CISCO
Hired to perform specific services. Host company often makes a contract with a parent org rather than with an individual employee
Contract Employee
It is important to gather employee ____________________ early about the information security program and respond to it quickly.
Feedback
Global Information Assurance Certification
GIAC
SANS - System Administration, Networking, and Security Institute Offers
GIAC certifications
Technique to restrict the flow or proprietary information when an employee leaves to join a competitor; no access to former place of employment; cant report to new employer. Sometimes required to sign CNC (compete)/NCC (non-compete clause)
Garden Leave
HealthCare Information Security and Privacy Professional
HCISPP
Offers CISM, CISA, and CGEIT
ISACA
Information Systems Security Architecture Professional
ISSAP
Information Systems Security Engineering Professional
ISSEP
Information Systems Security Management Professional
ISSMP
__________ is a cornerstone in the protection of information assets and in the prevention of financial loss.
Separation of duties
Lease PrivilegedThe data access principle that ensures no unnecessary access to data exists by regulating members so that they can perform only the minimum data manipulation needed. Least privilege implies need-to-know
Least Privelege
The former System Administration, Networking, and Security Organization is now better known as __________.
SANS
The ____ program focuses more on building trusted networks, including biometrics and PKI.
SCNA
Security Systems Certified Practitioner
SSC
Scaled down version of CISSP
SSCP
accountable for the day-to-day operation of the information security program.
Security managers
__________ are the technically qualified individuals tasked to configure firewalls, deploy IDSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization's security technology is properly implemented.
Security technicians
__________ is the requirement that every employee be able to perform the work of another employee.
Task rotation
__________ are hired by the organization to serve in a temporary position or to supplement the existing workforce.
Temporary employees
Which of the following is not one of the categories of positions defined by Schwartz, Erwin, Weafer, and Briney?
User
The CISA credential is touted by ISACA as the certification that is appropriate for all but which type of professionals?
accounting
Because the goals and objectives of CIOs and CISOs tend to contradict each other, InformationWeek recommends: "The people who do and the people who watch shouldn't report to a ____________________ manager."
common
Many organizations use a(n) __________ interview to remind the employee of contractual obligations, such as nondisclosure agreements, and to obtain feedback on the employee's tenure in the organization.
exit
The organization should conduct a behavioral feasibility study before the ____________________ phase.
implementation
The model commonly used by large organizations places the information security department within the __________ department
information technology
The information security function can be placed within the __________.
insurance and risk management function administrative services function legal department
The ISSEP allows CISSP certificate holders to demonstrate expert knowledge of all of the following except __________.
international laws
Like the CISSP, the SSCP certification is more applicable to the security__________ than to the security __________.
manager, technician
Many who move to business-oriented information security were formerly__________ who were often involved in national security or cybersecurity .
military personnel
Many who enter the field of information security are technical professionals such as __________ who find themselves working on information security applications and processes more often than traditional IT assignments.
networking experts or systems administrators database administrators or programmers
Though CISOs are business managers first and technologists second, they must be conversant in all areas of information security, including the technical, planning, and ____________________ areas.
policy
The ISSMP examination is designed to provide CISSPs with a mechanism to demonstrate competence in __________.
Enterprise security management practices Security management practices Business continuity planning and disaster recovery planning