question
The general management community of interest must work with information security professionals to integrate solid information security concepts into the personnel management practices of the organization.
question
The information security function cannot be placed within protective services.
question
In many organizations, information security teams lack established roles and responsibilities.
question
In most cases, organizations look for a technically qualified information security generalist who has a solid understanding of how an organization operates.
Don’t waste time
You can get a custom paper by one of our expert writers.
Get your custom essay
Helping students since 2015
question
The use of standard job descriptions can increase the degree of professionalism in the information security field.
question
Builders in the field of information security provide day-to-day systems monitoring and use to support an organization's goals and objectives.
question
Security managers are accountable for the day-to-day operation of the information security program.
question
The security manager position is much more general than that of the CISO.
question
The position of security technician can be offered as an entry-level position.
question
Existing information security-related certifications are typically well understood by those responsible for hiring in organizations.
question
The CISSP-ISSEP concentration focuses on the knowledge areas that are part of enterprise security management.
question
The CISSP concentrations are available for CISSPs to demonstrate knowledge that is already a part of the CISSP CBK.
question
The SSCP examination is much more rigorous than the CISSP examination.
question
CompTIA offers a vendor-specific certification program called the Security+ certification.
question
The advice Know more than you say, and be more skillful than you let on for information security professionals indicates that the actions taken to protect information should not interfere with users' actions.
question
The process of integrating information security perspectives into the hiring process begins with reviewing and updating all job descriptions.
question
A background check must always be conducted to determine the level of trust the business can place in a candidate for an information security position.
question
An organization should integrate security awareness education into a new hire's ongoing job orientation and make it a part of every employee's on-the-job security training.
question
To maintain a secure facility, all contract employees should be escorted from room to room, as well as into and out of the facility.
question
Organizations are not required by law to protect employee information that is sensitive or personal.
question
The general management community of interest must plan for the proper staffing of the information security function.
question
Upper management should learn more about the budgetary needs of the information security function and the positions within it.
question
Many hiring managers in information security prefer to recruit a security professional who already has proven HR skills and professional experience, since qualified candidates with information security experience are scarce.
question
Administrators provide the policies, guidelines, and standards in the Schwartz, Erwin, Weafer, and Briney classification
question
The most common credential for a CISO-level position is the Security+ certification.
question
Security managers accomplish objectives identified by the CISO and resolve issues identified by technicians.
question
GIAC stands for Global Information Architecture Certification.
question
Friendly departures include termination for cause, permanent downsizing, temporary lay-off, or some instances of quitting
question
A mandatory furlough provides the organization with the ability to audit the work of an individual.
question
The model commonly used by large organizations places the information security department within the __________ department.
answer
information technology
question
Many who move to business-oriented information security were formerly__________ who were often involved in national security or cybersecurity .
answer
military personnel
question
The information security function can be placed within the __________.
answer
insurance and risk management function administrative services function legal department
question
Many who enter the field of information security are technical professionals such as __________ who find themselves working on information security applications and processes more often than traditional IT assignments.
answer
networking experts or systems administrators database administrators programmers
question
Which of the following is not one of the categories of positions defined by Schwartz, Erwin, Weafer, and Briney?
question
Dr. Craiger holds which of the following INFOSEC certifications? (Select the BEST answer):
answer
All of these certifications
question
The __________ is typically considered the top information security officer in the organization.
question
__________ are the technically qualified individuals tasked to configure firewalls, deploy IDSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization's security technology is properly implemented.
answer
security technicians
question
The breadth and depth covered in each of the domains makes the __________ one of the most difficult-to-attain certifications on the market.
question
The __________ certification program has added a number of concentrations that can demonstrate advanced knowledge beyond the basic certification's CBK.
question
Many organizations use a(n) __________ interview to remind the employee of contractual obligations, such as nondisclosure agreements, and to obtain feedback on the employee's tenure in the organization.
question
__________ are hired by the organization to serve in a temporary position or to supplement the existing workforce.
answer
temporary employees
question
__________ is a cornerstone in the protection of information assets and in the prevention of financial loss.
answer
separation of duties
question
__________ is the requirement that every employee be able to perform the work of another employee.
question
To assess the effect that changes will have on the organization's personnel management practices, the organization should conduct a ____________________feasibility study before the program is implemented.
question
It is important to gather employee ____________________ early about the information security program and respond to it quickly.
question
Though CISOs are business managers first and technologists second, they must be conversant in all areas of information security, including the technical, planning, and ____________________ areas.
question
Because the goals and objectives of CIOs and CISOs tend to contradict each other, InformationWeek recommends: The people who do and the people who watch shouldn't report to a ____________________ manager.
question
The ____________________ acts as the spokesperson for the information security team.
question
Security ____________________ are accountable for the day-to-day operation of the information security program.