Deck 17: Human Resources Security

Awareness is used to explain the rules of behavior for using an
agency's information systems and information and establishes a level of expectation on the acceptable use of the information and information systems.

The education and experience learning level provides the foundation
for subsequent training by providing a universal baseline of key security terms and concepts.

Employee behavior is not a critical concern in ensuring the security of
computer systems.

Security basics and literacy is required for those employees,including
contractor employees,who are involved in any way with IT systems.

To emphasize the importance of security awareness,an organization
should have a security awareness policy document that is provided to all employees.

An employer cannot be held liable for negligent hiring if an
employee causes harm to a third party while acting as an employee.

Many companies incorporate specific e-mail and Internet use policies
into the organization's security policy document.

Security awareness,training,and education programs may be needed to
comply with regulations and contractual obligations.

Security education is most often taught by outside sources.

Programmers,developers,and system maintainers require less
advanced security training than other employees.

Employees cannot be expected to follow policies and procedures of
which they are unaware.

Awareness only communicates information security policies and
procedures that need to be followed and does not provide the foundation for any sanctions or disciplinary actions imposed for noncompliance.

Having all of the security functions and audit responsibilities reside in
the same person is a wise decision on the part of the organization.

Complying with regulations and contractual obligations is a benefit of
security awareness,training,and education programs.

In general,a(n)________ program seeks to inform and focus an employee's attention on issues related to security within the organization.

The principles that should be followed for personnel security are: limited reliance on key employees,separation of duties,and _______.

There is a need for a continuum of learning programs that starts with _______,builds to training,and evolves into education.

________ lists the following security objective with respect to current employees: "to ensure that employees,contractors,and third-party users are aware of information security threats and concerns and their responsibilities and liabilities with regard to information security and are equipped to support organizational security policy in the course of their normal work and to reduce the risk of human error".

After security basics and literacy,training becomes focused on providing the knowledge,skills,and abilities specific to an individual's _______ relative to IT systems.

In large and medium-sized organizations,a(n)_________ is responsible for rapidly detecting incidents,minimizing loss and destruction,mitigating the weaknesses that were exploited,and restoring computing services.

Any action that threatens one or more of the classic security services of confidentiality,integrity,availability,accountability,authenticity,and reliability in a system constitutes a(n)________.

A(n)_______ is a characteristic of a piece of technology that can be exploited to perpetrate a security incident.

The four layers of the learning continuum as summarized by NIST SP 800-16 are: security awareness,security basics and literacy,roles and responsibilities relative to IT systems,and the _________ level.

The principal problems associated with employee behavior are errors and omissions,_______,and actions by disgruntled employees.

Employees have no expectation of ______ in their use of company-provided e-mail or Internet access,even if the communication is personal in nature.

The group of users,sites,networks,or organizations served by the CSIRT is a(n)_______.

A(n)________ is any file or object found on a system that might be involved in probing or attacking systems and networks or that is being used to defeat security measures.

Network and host __________ monitor and analyze network and host activity and usually compare this information with a collection of attack signatures to identify potential security incidents.

The goal of the _______ function is to ensure that all information destined for the incident handling service is channeled through a single focal point regardless of the method by which it arrives for appropriate redistribution and handling within the service.