Exam 17: Human Resources Security

Employee behavior is not a critical concern in ensuring the security of computer systems.

________ need training on the development of risk management goals,means of measurement,and the need to lead by example in the area of security awareness.

_______ is a benefit of security awareness,training,and education programs to organizations.

A(n)________ is any file or object found on a system that might be involved in probing or attacking systems and networks or that is being used to defeat security measures.

The _______ category is a transitional stage between awareness and training.

The four layers of the learning continuum as summarized by NIST SP 800-16 are: security awareness,security basics and literacy,roles and responsibilities relative to IT systems,and the _________ level.

Many companies incorporate specific e-mail and Internet use policies into the organization's security policy document.

Security awareness,training,and education programs may be needed to comply with regulations and contractual obligations.

The _________ level focuses on developing the ability and vision to perform complex,multidisciplinary activities and the skills needed to further the IT security profession and to keep pace with threat and technology changes.

An employer cannot be held liable for negligent hiring if an employee causes harm to a third party while acting as an employee.

Programmers,developers,and system maintainers require less advanced security training than other employees.

Security basics and literacy is required for those employees,including contractor employees,who are involved in any way with IT systems.

________ is the process of receiving,initial sorting,and prioritizing of information to facilitate its appropriate handling.

_______ are ways for an awareness program to promote the security message to employees.

A _______ policy states that violation of this policy may result in immediate termination of employment or other discipline deemed appropriate by the company.

In general,a ________ program seeks to inform and focus an employee's attention on issues related to security within the organization.

Having all of the security functions and audit responsibilities reside in the same person is a wise decision on the part of the organization.

Employees have no expectation of ______ in their use of company-provided e-mail or Internet access,even if the communication is personal in nature.

Network and host __________ monitor and analyze network and host activity and usually compare this information with a collection of attack signatures to identify potential security incidents.

After security basics and literacy,training becomes focused on providing the knowledge,skills,and abilities specific to an individual's _______ relative to IT systems.