Exam 11: Security and Personnel

The security manager position is much more general than that of the CISO.

To assess the effect that changes will have on the organization's personnel management practices, the organization should conduct a ____________________feasibility study before the program is implemented.

The ISSEP allows CISSP certificate holders to demonstrate expert knowledge of all of the following except __________.

_____________________ departures include resignation, retirement, promotion, or relocation.

An organization should integrate security awareness education into a new hire's ongoing job orientation and make it a part of every employee's on-the-job security training.

ISSEP stands for Information Systems Security Experienced Professional. _________________________

The CISA credential is geared toward experienced information security managers and others who may have similar management responsibilities._________________________

Many who move to business-oriented information security were formerly__________ who were often involved in national security or cybersecurity .

Existing information security-related certifications are typically well understood by those responsible for hiring in organizations.

The model commonly used by large organizations places the information security department within the __________ department.

The advice "Know more than you say, and be more skillful than you let on" for information security professionals indicates that the actions taken to protect information should not interfere with users' actions.

__________ are the technically qualified individuals tasked to configure firewalls, deploy IDSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization's security technology is properly implemented.

The CISSP concentrations are available for CISSPs to demonstrate knowledge that is already a part of the CISSP CBK.

GIAC stands for Global Information Architecture Certification. _________________________

Security managers are accountable for the day-to-day operation of the information security program.

Separation of ____________________ is used to reduce the chance of an individual violating information security and breaching the confidentiality, integrity, or availability of information.

Many organizations use a(n) __________ interview to remind the employee of contractual obligations, such as nondisclosure agreements, and to obtain feedback on the employee's tenure in the organization.

The International Society of Forensic Computer Examiners (ISFCE) offers two levels of certification: the Certified Computer Examiner (CCE) and the Master Certified Computer Examiner (MCCE). _________________________

What tasks must be performed when an employee prepares to leave an organization

The CISSP certification requires both the successful of the examination and an ____________________ by a qualified third party, typically another similarly certified professional, the candidate's employer, or a licensed, certified, or commissioned professional.