Ch. 11 – Security and Personnel – Flashcards
Unlock all answers in this set
Unlock answersquestion
The System Administration, Networking, and Security Organization is better known as __________.
answer
SANS
question
The Global Information Assurance Certification is aka __________.
answer
GIAC
question
Organizations are not required by law to protect employee information that is sensitive or personal.
answer
False
question
The standard reporting structure for information security positions as defined by Schwartz, Erwin, Weafer, and Briney can be classified into one of three areas:
answer
1) Definers define information security programs. They are managers who provide policy and planning and manage risk assessment. Typically senior info security managers; have extensive & broad knowledge, but little depth. 2) Builders build the systems and create programs to implement information security controls. They create security technical solutions to protect software, systems, & networks. 3) Administrators administer info security control systems and programs that have been created. They apply the builders' tools according to the decisions ; guidance of the definers and provide day-to-day systems monitoring and use to support organization's goals & objectives.
question
The CISSP concentration concentrations are available for CISSPs to demonstrate knowledge that is already a part of the CISSP CBK.
answer
False
question
Existing information security-related certifications are typically well understood by those responsible for hiring in the organizations.
answer
False
question
In most cases, organizations look for a technically qualified information security generalist who has a solid understanding of how an organization operates.
answer
True
question
The breadth and depth covered in each of the ten domains makes the __________ one of the most difficult-to-attain certifications on the market.
answer
Certified Information Systems Security Professional (CISSP)
question
CompTIA offers a __________ certification program called the Security+ certification.
answer
Vendor-neutral
question
__________ is the requirement that every employee be able to perform the work of another employee.
answer
Job/task rotation
question
The information security function can be placed within:
answer
1) The insurance and risk management function 2) The administrative services function 3) The legal department
question
?"Know more than you say, and be more skillful than you let on" advice for information security professionals indicates the actions taken to protect information should not interfere with users' actions.
answer
False
question
The __________ credential is geared toward experienced information security managers and others who may have similar management responsibilities.
answer
Certified Information Security Manager (CISM)
question
Security managers are accountable for the day-to-day operation of the information security program.
answer
True
question
To maintain a secure facility, all contract employees should be escorted from room to room, as well as into and out of the facility.
answer
True
question
The security manager position is much more __________ than that of CISO.
answer
Specialized
question
The Information Systems Audit and Control Association and Foundation (ISACA) touts the Certified Information Systems Auditor (CISA) certification as being appropriate for __________, networking, and security professionals.
answer
Auditing
question
The __________ community of interest must plan for the proper staffing for the information security function.
answer
Information security
question
The __________ community of interest must work with the information security professionals to integrate solid information security concepts into the personnel management practices of the organization.
answer
General management
question
The three Certified Information Systems Security Professional (CISSP) concentrations (pg 563) are
answer
Information Systems Security Architecture Professional (ISSAP), Information Systems Security Engineering Professional (ISSEP), and Information Systems Security Management Professional (ISSMP)
question
Many hiring managers in information security prefer to recruit a security professional who already has proven __________ skills and professional experience, since qualified candidates with information security experience are scarce.
answer
IT
question
Many enter the field of information security from technical professionals such as __________ who find themselves working on information security applications and processes more often than traditional IT assignments.
answer
1) Networking experts or systems administrators 2) Database administrators 3) Programmers
question
In many organizations, information security teams lack established roles and responsibilities.
answer
True
question
The organization should integrate security awareness education into a new hire's ongoing job orientation and make it a part of every employee's on-the-job security training.
answer
True
question
Like the CISSP, the SSCP certification is more applicable to the security__________ than to the security __________.
answer
Manager, technican
question
A background check must always be conducted to determine the level of trust the business can place in a candidate for an information security position.
answer
False
question
The model commonly used by large organizations places the information security department within the __________ department.
answer
Information technology
question
The process of integrating information security perspectives into the hiring process begins with __________.
answer
Reviewing and updating all job descriptions
question
The position of security technician can be offered as an entry-level position.
answer
True, but candidates must have some technical skills.
question
Hostile departures include:
answer
Termination for cause, permanent downsizing, temporary layoffs, and some instances of quitting.
question
Friendly departures include:
answer
Resignation, retirement, promotion, and relocation.
question
The CISSP-ISSEP concentration focuses on the knowledge areas that are part of enterprise security management.
answer
False
question
In recent years, the __________ certification program has added a set of concentration exams.
answer
CISSP
question
Security managers accomplish objectives identified by the __________ and resolve issues identified by technicians.
answer
CISO
question
__________ should learn more about the budgetary needs of the information security function and the positions within it so as to make good fiscal decisions.
answer
Upper management
question
"Administrators" provide the policies, guidelines and standards in the Schwartz, Erwin, Weafer, and Briney classification.
answer
False
question
Many who move to business-oriented information security were formerly __________ who were often involved in national security or cybersecurity .
answer
Law enforcement or military personnel
question
The International Society of Forensic Computer Examiners (ISFCE) offers
answer
Certified Computer Examiner (CCE) and Master Certified Computer Examiner (MCCE)
question
__________ are the technically qualified individuals tasked to configure firewalls, deploy IDSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization's security technology is properly implemented.
answer
Security technicians
question
The __________ position is typically considered the top information security officer in the organization.
answer
Chief Information Security Officer (CISO)
question
__________ is a cornerstone in the protection of information assets and in the prevention of financial loss.
answer
Separation of duties
question
Many organizations use an __________ interview to remind the employee of contractual obligations, such as nondisclosure agreements, and to obtain feedback on the employee's tenure in the organization.
answer
Exit
question
__________ are hired by the organization to serve in a temporary position or to supplement the existing workforce.
answer
Temporary
