Exam 17: Human Resources Security

Employee behavior is not a critical concern in ensuring the security of computer systems.

The education and experience learning level provides the foundation for subsequent training by providing a universal baseline of key security terms and concepts.

An employer cannot be held liable for negligent hiring if an employee causes harm to a third party while acting as an employee.

_______ are ways for an awareness program to promote the security message to employees.

After security basics and literacy,training becomes focused on providing the knowledge,skills,and abilities specific to an individual's _______ relative to IT systems.

A capability set up for the purpose of assisting in responding to computer security-related incidents that involve sites within a defined constituency is called a ______.

Complying with regulations and contractual obligations is a benefit of security awareness,training,and education programs.

________ need training on the development of risk management goals,means of measurement,and the need to lead by example in the area of security awareness.

From a security point of view,which of the following actions should be done upon the termination of an employee?

In large and medium-sized organizations,a(n)_________ is responsible for rapidly detecting incidents,minimizing loss and destruction,mitigating the weaknesses that were exploited,and restoring computing services.

In general,a(n)________ program seeks to inform and focus an employee's attention on issues related to security within the organization.

Many companies incorporate specific e-mail and Internet use policies into the organization's security policy document.

Security awareness,training,and education programs may be needed to comply with regulations and contractual obligations.

Any action that threatens one or more of the classic security services of confidentiality,integrity,availability,accountability,authenticity,and reliability in a system constitutes a(n)________.

Awareness only communicates information security policies and procedures that need to be followed and does not provide the foundation for any sanctions or disciplinary actions imposed for noncompliance.

A(n)_______ is a characteristic of a piece of technology that can be exploited to perpetrate a security incident.

________ is the process of receiving,initial sorting,and prioritizing of information to facilitate its appropriate handling.

As part of their contractual obligation,employees should agree and sign the terms and conditions of their employment contract,which should state their and the organization's responsibilities for information security.

________ is explicitly required for all employees.

_______ is a benefit of security awareness,training,and education programs to organizations.