CST339 - Ch 09

Detailed job descriptions that include information that describes access privileges grant to the (successful) applicant

Avoiding secure and restricted sites during interview sessions that includes a tour

Background check conducted after extending an offer to a candidate

Not requiring any periodic security awareness training

Employee return all removable media

Keycard access be revoked

Business cards returned

Personal effects be removed from the premise

Nature of new company they joining

Nature job of last job/role in the current company

Relationship with the HR/Management

Random

To prevent accidental/intentional leaks of information

To ensure more jobs for the citizens

Double up staff count for a department/task

HR Officers

Temporary Workers

Top Management

CEO

True

False

Those that determine the effectiveness of the execution of InfoSec policy

Those that determine the effectiveness of the design of InfoSec policy

Those that determine the effectiveness of the delivery of InfoSec services

Those that assess the impact of an incident

True

False

Determine how controls from another similar organization should be implemented in own organization

Look at paths taken by similar organizations in deriving own security blueprint

Generate security blueprint by drawing from established security models and frameworks

Offload the security risks to a third-party

Adherence to the minimal level of security to establish a future legal defence

Adherence to implemented standards that meet the required level of protection

Being diligents in all aspects of setting up a standard