Infosec Chapter 9

Common types of background checks include:

Identity Education/Credential Previous employment verification References Worker's comp history Motor vehicle records Drug history Medical history Credit history Civil court history Criminal court history

Best Practices Security Considerations for using Best Practices -Is the practice similar to your ___? -Is the best practice from a similar ___? -Are your ___ the same as the practices? -Is your ___ similar? -Do you have the resources to ___ the recommendations -Is the ___ similar?

Needs Industry Challenges Organizational Structure Implement Threat Environment

PCI-DSS: ___ Used as best practices for handling credit cards

Payment Card Industry Data Security Standard

Other items from PCI standards council

Payment application data security standards (PA-DSS) PCI Pin Transaction Security (PCI PTS)

Organizations that provide complete job descriptions when advertising open positions should omit the elements of the job description that describe ___ or the ___ and ___ of information to which the position would have access

access priveleges type sensitivity

Temporary workers' ___ should be very limited, and ___ should expire on the end date of the job

access to information accounts

New employees should recieve, as port of their orientation, an extensive ___

information security briefing

Integrating InfoSec into the hiring process begins with reviewing and updating ____ to include infosec responsibilities and screen for unwanted ____

job descriptions disclosures

Hostile departure: -Security cuts off all ___ and ___ access, before the employee is terminated -The employee reports for work, is escored into the supervisor's office, and then escorted to their office, to collect ___ under supervision, or informed that their personal property will be ___ -The employee is asked to surrender all ___ , and is then ___

logical and keycard access personal effects sent to them company property escorted from the building

Employees pay close attention to job __________, and including InfoSec tasks in them will motivate employees to take more care when performing these tasks.

performance evaluations

To highten information security awareness and change workplace behavior, organizations should incorporate information security components into employee ___

performance evaluations

Organizations should conduct ___ and ___ to keep security at the forefront of employees' minds and minimize employee mistakes

periodic security awareness training activities

Always remember to apply the ___ when working with consultants

principle of least privelege

Job candidates can be offered ___, whereby they are not offered a position unless they agree to the binding organizational policies

"employment contingent upon agreement"

Continuous Improvement Performance Measurements -Employees - ___ training, employee use of ___, ___ understanding, etc. -Business Processes - protecting ___, ___ of information through the process -Security Controls - ___ and ___ security items like firewalls, access controls, breaches, etc.

ATE training, security, policy understanding information, accuracy logging and monitoring

Hiring Practices

Background Checks Certifications Policies Contracts Covenants and Agreements

Benchmarking: measurement of ___ - Benchmarks measure ___ during ___ - How can i understand ___ if ___ is not known - How can I know something has ___ i don't know ___ - Take measurements of ___

Change systems, normal function abnormal, normal changed, what i had previouly security

Personnel Security Considerations ___ - two or more employees working together to circumvent security ___ - used to cross-train staff for availability and to lower risk of alteration or disclosure from an employee in a position ___ - uses a break to help detect employee breach of security ___ - breaking responsibility into pieces to lower the possibility of a security breach ___ - having multiple employees validate and review the work product. (for example - programmers must demonstrate and explain their code)

Collusion Job rotation Vacation Policy Separation of Duty Two-Person Control

Before beginning the process of designing, collecting, and using measures, the CISO should be prepared to answer the following questions:

Why, What, How, When, Who, where (at what point in the function's process?)

When an employee leaves an organization, the following tasks must be performed: the former employee's ___ must be disabled, the former employee must ___ all removable media,technology, and data, the former employee's ___ must be secured, ___ must be changed, ___ must be changed, The former employee's ___ access must be revoked, The former employee's ___ must be removed from the premises, The former employee should be ___, once keys, keycards, and other business property have been turned over

access to organization systems return hard drives file cabinet locks office door locks keycard access personal effects escorted from the premises

A ___ should be conducted before the organization extends an offer to any candidate, regardless of job level

background check

Measurement Factors NIST SP800-55 - providing success - Upper management ___ - __ and ___ support for measurement practices - ___ results- collecting is no good if it isn't useful - result oriented ___ - results must be usable to provide for continuous improvement

buy-in policy, procedure quantifiable analysis

Once a candidate has accepted a job offer, the employment ____________________ becomes an important security instrument.

contract

Temporary workers may not be subject to ___ or ___ that govern other employee

contractural obligations general policies

Performance LifeCycle *Yes - one more cycle -Identify ___ for collection and why it is needed -Collect the ___ and ___ the results -Identify any ___ and ___ -Develop a ___ for changes -Obtain ___ needed for the changes -___ the changes -Repeat the process for ___

data data, analyze issues, corrective measures business case resources implement continuous improvement

Principle of least privelege

employees should only be able to access information they need, and only for the period required to perform tasks

Many organizations conduct an ___ to remind the employee of any contractual obligations, such as ___, and to obtain feedback on the employee's tenure in the organization

exit interview

Two methods for handling employee outprocessing, depending on the employee's reasons for leaving, are ___ and ___ departures

hostile friendly

Specialty Workers -Consultants -often ___ - like penetration testing, incident response, auditing -___ contracts are common -Business partners -Specific content must be ___ for the project -___ are a necessity

project specific non-disclosure shared non-disclosures

Performance measurements *NIST SP800-55 -Attributes for success -measurements are ___ -measurements should be ___ -measurements should be ___ -information gathered should be ___

quantifiable obtainable repeatable useful

Baselining: ___ measurements for benchmarking - take a measurement of ___ - Take a measurement of ___ - What is difference - Are those differences ___ (confidentiality, integrity, availabillity)

specific normal systems system today important

INTERVIEWS: In general, information security should advise human resources to limit the information provided to the candidates on the access rights of the position

yeaah