Principles of Information Security Chapter 11 - Security & Personnel

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

The organization of a task or process so that at least two individuals must work together to complete it. Also known as Dual-Control

Two person control

Offers CISSP, SSCP, and SCCLP

(ISC)^2

Bureau of Labor Statistics

BLS

To assess the effect that changes will have on the organization's personnel management practices, the organization should conduct a ____________________feasibility study before the program is implemented.

Behavioral

The International Society of Forensic Computer Examiners (ISFCE) offers which certifications?

Both a Certified Computer Examiner (CCE) and the Master Certified Computer Examiner (MCCE)

According to Schwartz, Erwin, Weafer, and Briney, "__________" are the real techies who create and install security solutions.

Builders

Certified Computer Examiner

CCE

Certified Cyber Forensics Professional

CCFP

Certified Cloud Security Professional

CCSP

Certified in the Governance of Enterprise IT

CGEIT

Certified Information Systems Auditor

CISA

Certified Information Security Manager

CISM

ISACA - Information Systems Audit and Control Associations offers

CISM, CISA, and CGEIT

The __________ is typically considered the top information security officer in the organization.

CISO

Certified Information System Security Professional

CISSP

In recent years, the __________ certification program has added a set of concentration exams.

CISSP

The __________ certification program has added a number of concentrations that can demonstrate advanced knowledge beyond the basic certification's CBK.

CISSP

The breadth and depth covered in each of the domains makes the __________ one of the most difficult-to-attain certifications on the market.

CISSP

Certified in Risk and Information Systems Control

CRISC

Certified Secure Software Life Cycle Professional

CSSLP

CICISO, by EC-Council

Certified CISCO

Hired to perform specific services. Host company often makes a contract with a parent org rather than with an individual employee

Contract Employee

It is important to gather employee ____________________ early about the information security program and respond to it quickly.

Feedback

Global Information Assurance Certification

GIAC

SANS - System Administration, Networking, and Security Institute Offers

GIAC certifications

Technique to restrict the flow or proprietary information when an employee leaves to join a competitor; no access to former place of employment; cant report to new employer. Sometimes required to sign CNC (compete)/NCC (non-compete clause)

Garden Leave

HealthCare Information Security and Privacy Professional

HCISPP

Offers CISM, CISA, and CGEIT

ISACA

Information Systems Security Architecture Professional

ISSAP

Information Systems Security Engineering Professional

ISSEP

Information Systems Security Management Professional

ISSMP

__________ is a cornerstone in the protection of information assets and in the prevention of financial loss.

Separation of duties

Lease PrivilegedThe data access principle that ensures no unnecessary access to data exists by regulating members so that they can perform only the minimum data manipulation needed. Least privilege implies need-to-know

Least Privelege

The former System Administration, Networking, and Security Organization is now better known as __________.

SANS

The ____ program focuses more on building trusted networks, including biometrics and PKI.

SCNA

Security Systems Certified Practitioner

SSC

Scaled down version of CISSP

SSCP

accountable for the day-to-day operation of the information security program.

Security managers

__________ are the technically qualified individuals tasked to configure firewalls, deploy IDSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization's security technology is properly implemented.

Security technicians

__________ is the requirement that every employee be able to perform the work of another employee.

Task rotation

__________ are hired by the organization to serve in a temporary position or to supplement the existing workforce.

Temporary employees

Which of the following is not one of the categories of positions defined by Schwartz, Erwin, Weafer, and Briney?

User

The CISA credential is touted by ISACA as the certification that is appropriate for all but which type of professionals?

accounting

Because the goals and objectives of CIOs and CISOs tend to contradict each other, InformationWeek recommends: "The people who do and the people who watch shouldn't report to a ____________________ manager."

common

Many organizations use a(n) __________ interview to remind the employee of contractual obligations, such as nondisclosure agreements, and to obtain feedback on the employee's tenure in the organization.

exit

The organization should conduct a behavioral feasibility study before the ____________________ phase.

implementation

The model commonly used by large organizations places the information security department within the __________ department

information technology

The information security function can be placed within the __________.

insurance and risk management function administrative services function legal department

The ISSEP allows CISSP certificate holders to demonstrate expert knowledge of all of the following except __________.

international laws

Like the CISSP, the SSCP certification is more applicable to the security__________ than to the security __________.

manager, technician

Many who move to business-oriented information security were formerly__________ who were often involved in national security or cybersecurity .

military personnel

Many who enter the field of information security are technical professionals such as __________ who find themselves working on information security applications and processes more often than traditional IT assignments.

networking experts or systems administrators database administrators or programmers

Though CISOs are business managers first and technologists second, they must be conversant in all areas of information security, including the technical, planning, and ____________________ areas.

policy

The ISSMP examination is designed to provide CISSPs with a mechanism to demonstrate competence in __________.

​Enterprise security management practices​ Security management practices Business continuity planning and disaster recovery planning


Kaugnay na mga set ng pag-aaral

Mastering Chapter 8: Intro to Metabolism

View Set