Unformatted text preview: re VPNs widely used? What VPNs Answer: A VPN is a private; secure network Answer: operated over a public and insecure network. It keeps the contents of messages hidden from the public thru a process called tunneling. Thus a user has access to a network from outside but it is still a secure connection. VPN usage continues to grow to support telework and telework and SOHO computer usage. SOHO 25 What attributes do organizations seek in a What candidate when hiring information security professionals? Prioritize this list of attributes and justify your ranking. attributes Answer: Experience, credentials, hiring Answer: issues, certification and background checks. Experience is the most important element with credentials being preferred, and hiring issues and background checks are important but less than experience and credentials. credentials.
26 13 W hat are the critical issues that management must What consider when dismissing an employee? Do these issues change based on whether the departure is friendly or hostile? friendly Answer: When dismissing an employee, management Answer: must consider the following: must -the former employee's access to the organization's the systems must be disabled systems -the former employee must return all removable the media media -the former employee's hard drives must be secured -file cabinet locks must be changed -office door locks must be changed 27 How do the security considerations for temporary or How contract workers differ from those for regular employees? employees? Answer: For security purposes temporary and contract Answer: employees should have limited access to information. Information access to these people should be limited to what is necessary to perform their duties. The organization can attempt to have temporary employees sign non disclosure agreement to fair use of policies. In secure facilities all contract employees should be escorted from room to room us well as into and out of the facility. W hen contract employees report for maintenance or repair services, the first step is to verify that these services are actually scheduled or called for. services
28 14 W hat functions does the CISO perform, and what are What the key qualifications and requirements for the position? position? Answer: The CISO is responsible for all security Answer: functions within an organization. They are required to write and draft policies, implement security measures, handle security-oriented budgets and measures, oriented planning. It is a more business-oriented position planning. oriented with knowledge of technology. The key qualifications for a CISO are to have a CISSP and a graduate degree in business or technology as well as having some experience as a security manager. as 29 What is least privilege? Why is What implementing least privilege important? important? Answ...
View Full Document