Staff Management

Question 1

What is Vetting?

Answer 1

Depending on the nature of the task, you might include checking employment history and criminal records

Question 2

What is Security Culture?

Answer 2

A set of attitudes that are inherent in the daily operation of an organisation

Question 3

What is Security Awareness?

Answer 3

Staff must understand the threats, not just know what to do in the case of them

Question 4

What are Codes of Conduct?

Answer 4

Codes of Conduct can specify obligations of employees for security, as well as ethics and standards

Question 5

What is an Acceptable-Use Policy?

Answer 5

How employees can use organisation information and systems

Question 6

What is Segregation of Duties?

Answer 6

Dividing the authority to perform certain sensitive tasks amongst multiple users

Question 7

Why is Segregation of Duties necessary?

Answer 7

Focusing too much authority in one person carries serious risks, and by separating the roles you also manage risks of collusion and fraud

Question 8

User authentication is obviously used for restriction, but what else is it useful for?

Answer 8

User authentication also ensures accountability by easily seeing which acts are committed by what accounts

Question 9

What is the difference between identification and authentication?

Answer 9

Identification is the act of learning an identifier for an individual e.g. a name, which authentication is verifying that identifier is in fact with said individual

Question 10

What is the purpose of security training?

Answer 10

To make sure that organisations have everyone comply with the information security policies and procedures

Question 11

What are the two approaches to security training?

Answer 11

Specific information security training, and raising awareness of information security