Management of Information Security Notes Chapter 11 -- Personnel and Security fully solved 2023/2024

Management of Information Security Notes Chapter 11 -- Personnel and SecurityThe ____ takes the lead in the interviewing and hiring process and screens personnel. - correct answer CISO The principle of least access infers that employees should be able to access only the information they need, and only for the period required to perform their tasks. - correct answer False ____ is a domain of the SSCP certification program. - correct answer CISO It is important to have security clauses and policies as part of employment contracts in place at the time of ____________________ because it is much more difficult to implement such documents with existing employees . - correct answer hire The checks-and-balances method that requires two or more people to conspire to commit a misadventure or theft is known as ____________________. - correct answer collusion One of the job competencies for a(n) ____________________ consists of developing appropriate security policies, standards, guidelines and procedures. - correct answer CISO One of the responsibilities of a(n) ____________________ is to manage periodical risk assessments that identify current and future security weaknesses. - correct answer CISO In addition to the responsibility of conducting investigations of information security violations, a(n) CISO has to work effectively with external law enforcement to resolve these situations. - correct answer True Security concerns associated with business partners are usually addressed in an agency contract. - correct answer False Organizations are required by LAW to protect sensitive or personal employee information, including personally identifying facts such as employee addresses, phone numbers, Social Security numbers, medical conditions, and even names and addresses of family members. - correct answer True The Certified Computer Examiner (CCE) certification is a computer forensics certification provided by the International Society of Forensic Computer Examiners. Which of the following is NOT part of the CCE certification process? - correct answer Client and server hardware construction and theory The ____ examination was developed by the International Society of Forensic Computer Examiners. - correct answer CCE The best method of preventing social engineering attacks is ____________________. - correct answer preparation The CISA certification is a security certification that is appropriate for database, programming, and other IT professionals. - correct answer False In the GIAC program, the ____ certification is considered the comprehensive technical credential, covering the entire range of GIAC technical and managerial security knowledge. - correct answer GIAC Security Engineer The ____ program offers a wide array of certification tracks and requires applicants to complete a written practical assignment that tests the application of skills and knowledge. - correct answer GIAC In the efforts to maintain effective personnel security practices, one of the threats to an organization's information is the inability to perform the tasks of an employee who is unable or unwilling to perform them. - correct answer True The checks-and-balances method of two-man control requires multiple employees to be involved in order for a crime to occur, referred to as collusion. - correct answer True In an organization, the security technician coordinates the information security efforts of all internal groups that have one or more information security-related responsibilities. - correct answer Fals