PoIS Chapter 11 (Discussion) Flashcards

Terms in this set (20)

CISO –

Qualification, 4 year degree, communication, interpersonal, management skills.

Reqs:Manages the overall infosec program, Drafts/approves infoSec policies ,Works w/ CIO on strategic, develops tacticalDevelops infosec budgets, Sets priorities for purchase/impl of infosec projects/tech, Makes decisions/recommendations for recruiting/hiring/firing

Security Manager or Security Analyst –

Qualifications – Bachelor’s in tech, bus, or sec-related, CISSP certification, budgeting, project management, and hiring and firing, manage technicians

Reqs:Accomplish CISO objs and resolve technician issues, General understaning of tech, Ability to draft middle and lower level policies, standards and guidelines, Experience in trad, Manage technicians

[external_link_head]

[external_link offset=1]

Critical considerations include systems access, any removable media, hard drives, files, all locks, logical and keycard access, etc. when it comes to termination of an employee. There are slight changes based on the type of termination, whether it is friendly or hostile, as a friendly departure is usually planned in advance. Hostile terminations need to restrict access to all points immediately or as soon as possible once the decision is reached. Good security practices would say to treat every termination as a hostile departure in case anything may have gone awry in the employee’s psyche. The more access the employee has, the more important the termination process becomes, and the more important legal documents like Non-Disclosure Agreements come into play.

[external_link offset=2]

Overall, temporary employees, contract employees, and contractors are not subject to the same rigorous screening and contractual obligations, but they do still have access to sensitive information in the organization. Temporary employees are hired by the organization to serve in a temp position or to supplement the existing workforce. They do not actually work for the organization, rather they are employees of the temp agency and the organization pays the temp agency. Because a temp employee is often not subjected to the same contractual obligations and policies, their access to importation should be limited to only that which is absolutely necessary for their duties. An organization can also request to have the temp employee sign nondisclosure and fair use policies, however the agency may not require this. A contract employee is typically hired to perform specific services for an organization. The contract is typically between the host and parent company and not with the individual. Often contract employees need physical access to locations rather than access to information (with exceptions of technology contract positions) and to preserve security they should only have access to the places that they need, not free reign of a campus/building/office, and it is important that all restrictions and regulations be part of the initial hiring contract. Consultants are typically hired for a one time purpose. They can be self employed or with another organization. Consultants typically have their own security requirements and contractual obligations coming into the job, and all contracts need to be very specific and agreed upon before the job and before they enter the premises.

[external_footer]

Leave a Comment