2 cissp ® Official Study Guide Eighth Edition


Understand the security implications of hiring new employees



Download 19,3 Mb.
Pdf ko'rish
bet98/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   94   95   96   97   98   99   100   101   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Understand the security implications of hiring new employees.
To properly plan for secu-
rity, you must have standards in place for job descriptions, job classification, work tasks, 
job responsibilities, preventing collusion, candidate screening, background checks, security 
clearances, employment agreements, and nondisclosure agreements. By deploying such 
mechanisms, you ensure that new hires are aware of the required security standards, thus 
protecting your organization’s assets.
Be able to explain separation of duties.
Separation of duties is the security concept of 
dividing critical, significant, sensitive work tasks among several individuals. By separating 
duties in this manner, you ensure that no one person can compromise system security.
Understand the principle of least privilege.
The principle of least privilege states that in a 
secured environment, users should be granted the minimum amount of access necessary for 
them to complete their required work tasks or job responsibilities. By limiting user access 
only to those items that they need to complete their work tasks, you limit the vulnerability 
of sensitive information.
Know why job rotation and mandatory vacations are necessary.
Job rotation serves two 
functions. It provides a type of knowledge redundancy, and moving personnel around 
reduces the risk of fraud, data modification, theft, sabotage, and misuse of information. 

90
Chapter 2 

Personnel Security and Risk Management Concepts
Mandatory vacations of one to two weeks are used to audit and verify the work tasks and 
privileges of employees. This often results in easy detection of abuse, fraud, or negligence.
Understand vendor, consultant, and contractor controls.
Vendor, consultant, and contrac-
tor controls are used to define the levels of performance, expectation, compensation, and 
consequences for entities, persons, or organizations that are external to the primary orga-
nization. Often these controls are defined in a document or policy known as a service-level 
agreement (SLA).

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   94   95   96   97   98   99   100   101   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish