2 - Personnel Security and Risk Management Flashcards
What is the weakest link of any security solution?
Humans
What is the difference between job description and a role description?
Roles typically align a rank or level of privilege. Job descriptions map to specifically assigned responsibilities and tasks.
What is Separation of Duties?
Where critical tasks are divided among several individual administrators. Prevents one person from having the ability to undermine security mechanisms
What are Job Responsibilities?
The specific work tasks an employee is required to perform on a regular basis.
What is Job Rotation?
Rotating employees amomg multiple positions. Provides knowledge redundancy and reduces risk of fraud, data misuse of information, etc.
What is Privilege creep?
The continued collection of privileges, permissions, etc. without the removal unncessary rights along the way.
What is a Background Check?
Obtaining a candidate’s work, educational history, checking references, interviewing people in their lives, checking for a record, etc.
What is an NDA?
A document used to protect the confidential information within an organization from being disclosed by a former employee. Violations are met with strict penalties.
Why are Mandatory Vacations necessary/important?
It allows an audit of work tasks and privileges of eomployees.
What is Onboarding?
The process of adding new employees to the identity and access management system. Also used when when an employee’s role changes.
What is Offboarding?
The removal of an employee’s identity from an IAM system once they leave the organization.
What is the proper procedure for Terminations?
They should take place with at least one witness (manager or security), terminated person needs to be escorted off the premises immediately, and all access related materials need to be collected and revoked.
What is an Exit Interview?
To review the liabilities and restrictions placed on the former based on employee agreement, NDA, and other security related docs.
What is a Service Level Agreement?
The levels of performance, expectation, compensation, and consequences for entities, persons, or organizations that are external to the primary organization.
What are the commonly adressed issues in SLA’s?
- System Uptime
- Maximum Consecutive Downtime
- Peak Load
- Average Load
- Responsibility for Diagnostics
- Failover Time
- Financial and/or contractual remedies that kick in if agreement is not maintained.