The general management community of interest must work with information security professionals to integrate solid information security concepts into the personnel management practices of the organization.
answer
true
question
The information security function cannot be placed within protective services.
answer
false
question
In many organizations, information security teams lack established roles and responsibilities.
answer
true
question
In most cases, organizations look for a technically qualified information security generalist who has a solid understanding of how an organization operates.
answer
true
question
The use of standard job descriptions can increase the degree of professionalism in the information security field.
answer
true
question
"Builders" in the field of information security provide day-to-day systems monitoring and use to support an organization's goals and objectives.
answer
false
question
Security managers are accountable for the day-to-day operation of the information security program.
answer
true
question
The security manager position is much more general than that of the CISO.
answer
false
question
The position of security technician can be offered as an entry-level position.
answer
true
question
Existing information security-related certifications are typically well understood by those responsible for hiring in organizations.
answer
false
question
The CISSP-ISSEP concentration focuses on the knowledge areas that are part of enterprise security management.
answer
false
question
The CISSP concentrations are available for CISSPs to demonstrate knowledge that is already a part of the CISSP CBK.
answer
false
question
The SSCP examination is much more rigorous than the CISSP examination.
answer
false
question
CompTIA offers a vendor-specific certification program called the Security+ certification.
answer
false
question
The advice "Know more than you say, and be more skillful than you let on" for information security professionals indicates that the actions taken to protect information should not interfere with users' actions.
answer
false
question
The process of integrating information security perspectives into the hiring process begins with reviewing and updating all job descriptions.
answer
true
question
A background check must always be conducted to determine the level of trust the business can place in a candidate for an information security position.
answer
false
question
An organization should integrate security awareness education into a new hire's ongoing job orientation and make it a part of every employee's on-the-job security training.
answer
true
question
To maintain a secure facility, all contract employees should be escorted from room to room, as well as into and out of the facility.
answer
true
question
Organizations are not required by law to protect employee information that is sensitive or personal.
answer
false
question
The general management community of interest must plan for the proper staffing of the information security function.
answer
false
question
Upper management should learn more about the budgetary needs of the information security function and the positions within it.
answer
true
question
Many hiring managers in information security prefer to recruit a security professional who already has proven HR skills and professional experience, since qualified candidates with information security experience are scarce.
answer
false
question
"Administrators" provide the policies, guidelines, and standards in the Schwartz, Erwin, Weafer, and Briney classification
answer
false
question
The most common credential for a CISO-level position is the Security+ certification.
answer
false
question
Security managers accomplish objectives identified by the CISO and resolve issues identified by technicians.
answer
true
question
GIAC stands for Global Information Architecture Certification.
answer
false
question
Friendly departures include termination for cause, permanent downsizing, temporary lay-off, or some instances of quitting
answer
false
question
A mandatory furlough provides the organization with the ability to audit the work of an individual.
answer
false
question
The model commonly used by large organizations places the information security department within the __________ department.
answer
information technology
question
Many who move to business-oriented information security were formerly__________ who were often involved in national security or cybersecurity .
answer
military personnel
question
The information security function can be placed within the __________.
answer
insurance and risk management function
administrative services function
legal department
question
Many who enter the field of information security are technical professionals such as __________ who find themselves working on information security applications and processes more often than traditional IT assignments.
answer
networking experts or systems administrators
database administrators
programmers
question
Which of the following is not one of the categories of positions defined by Schwartz, Erwin, Weafer, and Briney?
answer
user
question
Dr. Craiger holds which of the following INFOSEC certifications? (Select the BEST answer):
answer
All of these certifications
question
The __________ is typically considered the top information security officer in the organization.
answer
CISO
question
__________ are the technically qualified individuals tasked to configure firewalls, deploy IDSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization's security technology is properly implemented.
answer
security technicians
question
The breadth and depth covered in each of the domains makes the __________ one of the most difficult-to-attain certifications on the market.
answer
CISSP
question
The __________ certification program has added a number of concentrations that can demonstrate advanced knowledge beyond the basic certification's CBK.
answer
CISSP
question
Many organizations use a(n) __________ interview to remind the employee of contractual obligations, such as nondisclosure agreements, and to obtain feedback on the employee's tenure in the organization.
answer
exit
question
__________ are hired by the organization to serve in a temporary position or to supplement the existing workforce.
answer
temporary employees
question
__________ is a cornerstone in the protection of information assets and in the prevention of financial loss.
answer
separation of duties
question
__________ is the requirement that every employee be able to perform the work of another employee.
answer
task rotation
question
To assess the effect that changes will have on the organization's personnel management practices, the organization should conduct a ____________________feasibility study before the program is implemented.
answer
behavioral
question
It is important to gather employee ____________________ early about the information security program and respond to it quickly.
answer
feedback
question
Though CISOs are business managers first and technologists second, they must be conversant in all areas of information security, including the technical, planning, and ____________________ areas.
answer
policy
question
Because the goals and objectives of CIOs and CISOs tend to contradict each other, InformationWeek recommends: "The people who do and the people who watch shouldn't report to a ____________________ manager."
answer
common
question
The ____________________ acts as the spokesperson for the information security team.
answer
CISO
question
Security ____________________ are accountable for the day-to-day operation of the information security program.
answer
Manager
Haven't found what you need?
Search for quizzes and test answers now
Quizzes.studymoose.com uses cookies. By continuing you agree to our cookie policy
