CTS chapter 11
The ISSEP allows CISSP certificate holders to demonstrate expert knowledge of all of the following except __________.
international laws
Like the CISSP, the SSCP certification is more applicable to the security__________ than to the security __________.
manager, technician
Security ____________________ are accountable for the day-to-day
managers
When new employees are introduced into the organization's culture and workflow, they should receive an extensive information security briefing as part of their employee ____________________.
orientation
Separation of ____________________ is used to reduce the chance of an individual violating information security and breaching the confidentiality, integrity, or availability of information.
duties
The CISSP certification requires both the successful completion of the examination and an ____________________
endorsement
Certifications are designed to recognize ____________________ in their respective fields.
experts
"Builders" in the field of information security provide day-to-day systems monitoring and use to support an organization's goals and objectives.
false
CompTIA offers a vendor-specific certification program called the Security+ certification
false
Many hiring managers in information security prefer to recruit a security professional who already has proven HR skills and professional experience, since qualified candidates with information security experience are scarce. _________________________
false
The CISA credential is geared toward experienced information security managers and others who may have similar management responsibilities.
false
The CISSP concentrations are available for CISSPs to demonstrate knowledge that is already a part of the CISSP CBK.
false
The general management community of interest must plan for the proper staffing of the information security function. _________________________
false
The most common credential for a CISO-level position is the Security+ certification. _________________________
false
The security manager position is much more general than that of the CISO.
false
ISSEP stands for Information Systems Security Experienced Professional. _________________________
false, engineering
ISSMP stands for Information Systems Security Monitoring Professional.
false. Management
ISACA offers the CGEIT as well as the CISA and ____________________ certifications.
CISM
The breadth and depth covered in each of the domains makes the __________ one of the most difficult-to-attain
CISSSP
The model commonly used by large organizations places the information security department within the __________ department.
Information Technology
What functions does the CISO perform?
Manages the overall information security program for the organization Drafts or approves information security policies Works on strategic plans, tactical plans, and operational plans Develops information security budgets Sets priorities for the purchase and implementation of information security projects and technology Makes decisions or recommendations for the recruiting, hiring, and firing of security staff Acts as the spokesperson for the information security team
Once a candidate has accepted a job offer, the employment ____________________ becomes an important security instrument.
contract
what tasks must be performed when an employee prepares to leave an organization?
access to organizations systems must be disables removable media must be returned hard drives must be secured file cabinet locks must be changed office door locks must be changed keycard access must be revoked personal effects must be removed from premise An exit interview should be conducted to remind employee of contractual obligations and to obtain feedback on their tenure at the organization.
The information security function can be placed within the __________.
all of the above
SANS developed a series of technical security certifications in 1999 that are known as the Global Information ____________________ Certification or GIAC family of certifications
assurance
Sometimes, contracted employees are self-employed or are employees of an organization hired for a specific, one-time purpose. These people are typically referred to as ____________________.
consultants
The International Society of Forensic Computer Examiners (ISFCE) offers which certifications?
both
According to Schwartz, Erwin, Weafer, and Briney, "__________" are the real techies who create and install security solutions.
builders
Because the goals and objectives of CIOs and CISOs tend to contradict each other, InformationWeek recommends: "The people who do and the people who watch shouldn't report to a ____________________ manager."
common
_________ is a cornerstone in the protection of information assets and in the prevention of financial loss.
separation of duties
__________ is the requirement that every employee be able to perform the work of another employee.
task rotation
ISSAP stands for Information Systems Security Architecture Professional. _________________________
true
The general management community of interest must work with information security professionals to integrate solid information security concepts into the personnel management practices of the organization.
true
Related to the concept of separation of duties is that of ____________________, the requirement that two individuals review and approve each other's work before the task is categorized as finished.
two-person/dual control
Which of the following is not one of the categories of positions defined by Schwartz, Erwin, Weafer, and Briney?
user
